1. By Brad Lonergan and Bryn Lindsay
Past paper questions and answersMay/June 2009 Scenario 1

2. Scenario 1
Questions 1 and 2
Midtown Bank in the UK operates an online banking system. Some customers have had difficulties when using this system and so the bank has introduced phone banking. The bank has a call centre in Mumbai, India. When using phone banking, customers are asked to provide the same personal details as when using the online system. Customers are asked to provide three characters from their password. These are never the same three characters in successive logins. The bank stores a lot of personal information about its customers.
Tl;dr: Bank stores personal info for online banking
3. Question 1a
Identify two items of information, other than their password that customers might be asked to provide when using the systems.
[2]
4. Answer 1a:
Two from:
User name/account number/credit card number/user id
Mothers maiden name
Favourite place
Date of birth
PIN
email address
5. Examiners comment 1a:
Many candidates managed to gain at least onemark for user name/account number.
Many candidates were unaware of alternatives such as mothers maiden name, date of birth etc
6. Question 1b:
Give two reasons why customers are asked to type in only three characters from their password
[2]
7. Answer 1b:
Two from:
Hacker can only get hold of three characters in one go
Hacker might need to know the whole password to get into account
Will probably be different three characters asked for at next log in
Hackers would need to intercept password several times to get into account
8. Examiners comment 1b:
A large number of candidates thought that the password was only three characters long and gave answers such as it would be faster to input or easier to remember.A number repeated the scenario in their answer rather than addressing it.
9. Question 1c:
Explain why the company has its call centre in Mumbai and not in the UK
[2]
10. Answer 1c
Two from:
Phone operators will be paid less
Buildings needed to house call centres will be cheaper to buy/rent
Call centre opening during normal hours in India would be unsociable hours in UK leading to a lower wage bill
Operators would be better qualified
Operators would be more motivated
Large population to choose from
11. Examiners comment 1c:
Many candidates gained marks for mentioning cheap labour costs.Many others lost marks for saying it would be cheaper but failing to explain in what way.Many thought that the call Centre was targeted at Indian customer
12. Question 1d:
Explain why a customer might be frustrated when using an overseas call centre
[2]
13. Answer 1d:
Two from:
The operator might not understand UK dialects
The customer might not understand operators accent
Operators might have difficulty with UK culture
Operators may be inclined to stick to script/may be unable to answer out of the ordinary
questions
Bad connection resulting in poor quality of communication
14. Examiners comment 1d:
A reasonable number of candidates identified the potential problems with accents but a surprising number thought that non-English speakers would be employed at acall Centre for a UK bank.Many thought that customers would be paying international call rates every time they phoned the bank and a number thought that there would be less security.
15. Question 2a:
Discuss the effects that the introduction of online banking has had on the banks employees
[6]
16. Answer 2a:
Five from:
Increased unemployment for cashier staff/security staff
Increased employment for technical staff/programmers
Increased employment for call centre operators
Some workers have had to/had the opportunity to go part time
The opportunity to job share might have been provided
Flexible working hours may have been made available
Technical staff may be able to work from home
Some workers needed to retrain
Managers could be relocated
+1 for reasoned conclusion
17. Examiners comment 2a:
Most candidates scored well, however, this question was one of many that differentiated between IGCSE candidates and AS level candidates.Itis important that stock phrases such as unemployment are clarified and that candidatesidentify the groups most at risk from this.Candidates did reasonably well on other answersbut, again, learning by rote does not help with this type of question.Some candidates did not appear to realise that only certain types of bank job can be done by working from home.
18. Question 2b:
Call centre operators sit at computer terminals for long periods of time. Describe how health problems result from this computer use.
[5]
19. Answer 2b:
Five from:
Typing at a keyboard continuously can cause RSI/wrist problems/finger problems
Gripping a mouse and repetitive clicking can cause RSI/wrist problems/finger problems/carpal tunnel syndrome
Sitting in the same position all day can cause lower back pain
Sitting in the same position all day can cause deep vein thrombosis
Staring at a computer screen all day can cause eye strain/headaches
Poor positioning of screen can cause upper back/neck/shoulder pain
Glare from screen can cause eye strain/headaches
20. Examiners comment 2b:
Too many candidates rephrased the question for their answers without going into sufficient detail about what types of action cause RSI etc. A worrying number wrote about safety problems.
Several answers were at a very basic IGCSE level by suggesting that users get RSI, headaches, sight problems and backache without saying how.
21. Question 2c:
Explain the social and ethical implications of bank workers being able to access customerspersonal information.
[6]
22. Answer 2c:
Six from:
Bank workers have a personal duty of confidence to individuals whose data is stored
Bank workers should have a personal duty of confidence to their employer
Workers must not tell any unauthorised person about personal data which is held
Bank must not use information for any reason except with the permission of the individual
Workers must be asked to treat the information as confidential/it must be obvious to them that the information is given in confidence
Employer should ask employee to sign a confidentiality agreement
Bank should take responsibility for any information which is passed on
Only the least amount of information that could identify the individual should be used
Online services allow organisations to have access to the most private of data
Examples names, addresses, phone numbers, financial situation
Information should not be passed on from organisation to organisation without authorisation
from the individual
Anonymised information should always omit personal details wherever possible
Aggregated information should never identify individuals
Companies/workers must ensure the security of customer data
Workers must ensure only relevant data is used
Workers should ensure they only use up to date/accurate information
23. Examiners comment 2c:
Candidates struggled with this question quite often writing about how employees would rob/defraud the customers.Many just quoted the Data Protection Act principles.There were very few high scores.
24. Question 2d:
Describe some of the security threats that the bank and customers must guard against when using online banking
[4]
25. Answer 2d:
Four from:
Call centres employees may copy data to pass on to criminals
who use the data to make illegal transactions
Phishing email appears to be from customer's bank
asks for customers details password, card/account number, other security details
email makes up plausible reason
includes a website address for customer to go to which looks just like the actual banks
website but is a fake website
Pharming fraudster redirects genuine websites traffic to own website
customer is now sending personal details to fraudsters website
Spyware is downloaded/software used to gather user's personal details
Software detects key presses of user logging on to bank site
Hacking to get customer personal information to use against the individual/to commit fraud
Hacking in order to transmit viruses
26. Examiners comment 2d:
A large number of candidates wrote about how to combat the threats without going into any detail about the threats themselves.A number only wrote single word answers such as hacking or viruses.Some wrote down pharming and/or phishing without describing these in any detail.