Are you studying for the CISA certification?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Which of the following the most effective control to apply to a web-based banking application to address the risk of internal fraud?
Transactions should be rejected if they exceed a predefined amount limit preset by the customer.
Financial transactions should require an additional one-time password generated by a token in the possession of authorized customers only.
Transactions should be processed only if they are signed with the customer private key issued by a third-party certificate authority.
Enhanced encryption should be used for client-server communication.
A. Fraud can be committed through exploiting registration process vulnerabilities, such as lack of authorization and verification of customers' requests for service. Users with administrative rights might also commit internal fraud by generating unauthorized payment messages. If the application validates the transactions based on the customer public key issued by a third party, the risk of internal fraud is mitigated because the private key is not available to internal personnel. B. Tokens are assigned to Internet banking accounts by account offices and do not prevent internal fraud. C. Encrypting the client-server communication will not prevent internal fraud because encryption can be done at the application level. D. Fraud can be committed within the amount limit, or the limit can be changed by the application administrators prior to committing the fraud.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.