IT 204: E-Commerce
By the end of this case study, you will be able to:
A leading digital wallet provider faced a sharp increase in successful fraud attempts.
How to stop fraudsters without frustrating legitimate users?
This connects directly to our study of the Threat Landscape (Ch. 4.2).
Read each scenario and select the correct fraud type, then check your answers.
Key Concept (Ch. 4.3): Instead of a single rule, the system calculates a risk score for every transaction in real-time.
Adjust the transaction parameters below and see the risk level update in real time.
The provider moved away from vulnerable SMS One-Time Passwords (OTPs) for high-risk actions.
Walk through a transaction scenario step by step to determine the correct authentication outcome.
Technology alone isn't enough. The solution required strong internal policies.
Recognizing that social engineering bypasses technical controls, the wallet provider focused on user education.
Prominent warnings about common scams displayed within the app.
Contextual advice during checkout or profile changes.
A streamlined process for users to report scams, enabling fast response.
Click a Threat, then click the Control that best mitigates it.
Threats
Controls
60% reduction in fraud loss rate within the first 3 months.
Checkout success rates for low-risk transactions remained unchanged.
This demonstrates a successful balance: security friction was only applied when genuinely needed.
Vote on whether adding authentication friction is worth it for each scenario, then reveal what this case study's system actually decided.
Consider popular digital wallets in Nepal like eSewa or Khalti.
Lesson 1: Defense-in-Depth is Critical
A single control (like just having a password) is insufficient. Layering technical and policy-based controls creates a much stronger defense.
Lesson 2: Security Must be Adaptive
Fraud tactics evolve. Security thresholds and rules must be continuously tuned based on market behavior and emerging threats.
Lesson 3: Don't Forget the User
User education is a vital security layer. An informed user is less likely to fall for social engineering, which no technology can fully prevent.
This case study illustrates the dynamic interplay of technology, policy, and user behavior in securing e-commerce platforms.