以詐騙集團攻擊國內購物平台業者個案，探討企業危機管理──以PayEasy的防詐措施為例

Abstract

企業處於現今如此多元且遽變的社會環境中，隨時可能面臨危機的考驗及挑戰；所以，如何適時有效的面對與因應危機，實為企業當前重要課題之一。2007年12月，PayEasy第一次遭遇詐騙集團資料拼圖攻擊，IT部門、客服部門、營運部門、公關部門和行銷部門大家並肩作戰。當時PayEasy與會員利用首頁保持對話，請客戶接獲詐騙電話立即回撥給客服，接著客服、行銷每天聯手更新歹徒最新話術，就掛在首頁連結上。跟同業不同的是，PayEasy在2007年面對相同的資安威脅時，採衝突對峙的賽局策略「囚犯困境」中的「弱雞賽局」、「邊緣人理論」，將入侵的駭客視為競合的對象。為了使客戶提早警覺，因應詐騙集團的詐騙手法，PayEasy正視危機的方式，短時間內成立應變小組，通知所有用戶迅速更改密碼，防止對岸IP登入等危機處理方式，保護客戶，避免受害人數增加。

Every crisis caused by information security breaches presents challenges for enterprises in modern days. To cope with the increasing needs of enterprises and their clients, we have seen an emergence of complex information systems. But, in fact, the attempt of developing a perfect information system for managing varieties of threats is nearly impossible. The data merger attacks confronted by PayEasy exemplify a case that even a well-managed information system could unexpectedly being hacked. Moreover, this event pinpoints the importance of the elaboration of a crisis management procedure and a security management framework that is essential for preventing and confronting crises. The account hacking crisis of PayEasy in December 2007 had put its clients into the risk of being fraud. In the face of a dilemma of assuring the safety of clients’ properties or maintaining the credibility of the company, PayEasy adopted the strategy of disclosing the crisis to the public. A multilevel analysis reveals two benefits of such crisis disclosure strategy. One is, honestly informing the customers who undergo the crisis regains their trust and wins back PayEasy’s reputation. Second, based on the Chicken’s Game theory, the best strategy to prevent continuing threat from both hackers and fraud gangs is to confront them and directly fight against them since this kind of direct confrontations achieves the best payoff in comparison with evasion (swerve). Lastly, since there exists no information system that is perfectly designed to secure the attack. All related enterprises should work together and share the responsibility in fighting against the online gangsters. In such cases, a win-win situation can be created between customers and sellers. That is, the customersl have strong faith in the online shopping companies and the companies increase their market share in e-commerce business.