E-commerce transactions involve multiple security layers to ensure the protection of customers' sensitive financial information. The correct answer is D, as payment gateways serve as intermediaries that authorize online credit card transactions by securely transmitting the payment details to the bank or card networks for approval. Let’s examine each option carefully:
Option A: HTTP sites provide sufficient security to protect customers' credit card information.
Incorrect. HyperText Transfer Protocol (HTTP) does not provide encryption, meaning that data transmitted over an HTTP connection can be intercepted by malicious actors. Instead, Secure HTTP (HTTPS), which uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS), is required to encrypt the data.
IIA Reference: Internal auditors evaluating e-commerce security should verify that organizations use HTTPS for secure transactions. (IIA GTAG: Information Security Governance)
Option B: Web servers store credit cardholders' information submitted for payment.
Incorrect. While web servers may temporarily process customer data, they should not store sensitive credit card information due to security risks. Instead, organizations follow the Payment Card Industry Data Security Standard (PCI DSS), which mandates secure storage and encryption protocols.
IIA Reference: IIA Standards recommend compliance with PCI DSS to protect sensitive payment information. (IIA Practice Guide: Auditing IT Governance)
Option C: Database servers send cardholders’ information for authorization in clear text.
Incorrect. Transmitting cardholder data in clear text is a severe security vulnerability. Secure encryption protocols such as SSL/TLS or tokenization must be used to protect data in transit.
IIA Reference: Internal auditors should ensure encryption measures are in place for financial transactions. (IIA GTAG: Auditing Cybersecurity Risk)
Correct. Payment gateways act as secure intermediaries between merchants and payment processors, verifying the transaction details before authorization. This ensures a secure transaction by encrypting sensitive data before transmitting it for approval.
IIA Reference: IIA guidance on IT controls emphasizes the importance of secure payment processing through payment gateways. (IIA GTAG: Managing and Auditing IT Vulnerabilities)
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit