請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/9007
標題: | 以詐騙集團攻擊國內購物平台業者個案,探討企業危機管理──以PayEasy的防詐措施為例 Using a Case of Fraud Gangs Attacking Online Shopping Site to Investigate Corporate Crisis Management -The Anti-fraud Procedures of PayEasy |
作者: | Kun-Cheng Lin 林坤正 |
指導教授: | 戚樹誠 |
關鍵字: | 危機管理,賽局,詐騙集團, Crisis management,game theory,fraud gangs, |
出版年 : | 2009 |
學位: | 碩士 |
摘要: | 企業處於現今如此多元且遽變的社會環境中,隨時可能面臨危機的考驗及挑戰;所以,如何適時有效的面對與因應危機,實為企業當前重要課題之一。2007年12月,PayEasy第一次遭遇詐騙集團資料拼圖攻擊,IT部門、客服部門、營運部門、公關部門和行銷部門大家並肩作戰。當時PayEasy與會員利用首頁保持對話,請客戶接獲詐騙電話立即回撥給客服,接著客服、行銷每天聯手更新歹徒最新話術,就掛在首頁連結上。跟同業不同的是,PayEasy在2007年面對相同的資安威脅時,採衝突對峙的賽局策略「囚犯困境」中的「弱雞賽局」、「邊緣人理論」,將入侵的駭客視為競合的對象。為了使客戶提早警覺,因應詐騙集團的詐騙手法,PayEasy正視危機的方式,短時間內成立應變小組,通知所有用戶迅速更改密碼,防止對岸IP登入等危機處理方式,保護客戶,避免受害人數增加。 Every crisis caused by information security breaches presents challenges for enterprises in modern days. To cope with the increasing needs of enterprises and their clients, we have seen an emergence of complex information systems. But, in fact, the attempt of developing a perfect information system for managing varieties of threats is nearly impossible. The data merger attacks confronted by PayEasy exemplify a case that even a well-managed information system could unexpectedly being hacked. Moreover, this event pinpoints the importance of the elaboration of a crisis management procedure and a security management framework that is essential for preventing and confronting crises. The account hacking crisis of PayEasy in December 2007 had put its clients into the risk of being fraud. In the face of a dilemma of assuring the safety of clients’ properties or maintaining the credibility of the company, PayEasy adopted the strategy of disclosing the crisis to the public. A multilevel analysis reveals two benefits of such crisis disclosure strategy. One is, honestly informing the customers who undergo the crisis regains their trust and wins back PayEasy’s reputation. Second, based on the Chicken’s Game theory, the best strategy to prevent continuing threat from both hackers and fraud gangs is to confront them and directly fight against them since this kind of direct confrontations achieves the best payoff in comparison with evasion (swerve). Lastly, since there exists no information system that is perfectly designed to secure the attack. All related enterprises should work together and share the responsibility in fighting against the online gangsters. In such cases, a win-win situation can be created between customers and sellers. That is, the customersl have strong faith in the online shopping companies and the companies increase their market share in e-commerce business. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/9007 |
全文授權: | 同意授權(全球公開) |
顯示於系所單位: | 商學組 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-98-1.pdf | 3.87 MB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。