past paper questions and answers

Category: Education

Presentation Description

No description available.


Presentation Transcript

Past paper questions and answers May/June 2009 Scenario 1:

By Brad Lonergan and Bryn Lindsay (Size of person’s name is proportional to amount of work done on this presentation) Past paper questions and answers May/June 2009 Scenario 1

Slide 2:

Scenario 1 Questions 1 and 2 Midtown Bank in the UK operates an online banking system. Some customers have had difficulties when using this system and so the bank has introduced phone banking. The bank has a call centre in Mumbai, India. When using phone banking, customers are asked to provide the same personal details as when using the online system. Customers are asked to provide three characters from their password. These are never the same three characters in successive logins. The bank stores a lot of personal information about its customers. Tl;dr : Bank stores personal info for online banking

Slide 3:

Question 1a Identify two items of information, other than their password that customers might be asked to provide when using the systems. [2]

Slide 4:

Answer 1a: Two from: User name/account number/credit card number/user id Mother’s maiden name Favourite place Date of birth PIN email address

Slide 5:

Examiner’s comment 1a: Many candidates managed to gain at least one mark for user name/account number. Many candidates were unaware of alternatives such as mother’s maiden name, date of birth etc

Slide 6:

Question 1b: Give two reasons why customers are asked to type in only three characters from their password [2]

Slide 7:

Answer 1b: Two from: Hacker can only get hold of three characters in one go Hacker might need to know the whole password to get into account Will probably be different three characters asked for at next log in Hackers would need to intercept password several times to get into account

Slide 8:

Examiner’s comment 1b: A large number of candidates thought that the password was only three characters long and gave answers such as ‘it would be faster to input’ or ‘easier to remember’. A number repeated the scenario in their answer rather than addressing it.

Slide 9:

Question 1c: Explain why the company has its call centre in Mumbai and not in the UK [2]

Slide 10:

Answer 1c Two from: Phone operators will be paid less Buildings needed to house call centres will be cheaper to buy/rent Call centre opening during normal hours in India would be unsociable hours in UK leading to a lower wage bill Operators would be better qualified Operators would be more motivated Large population to choose from

Slide 11:

Examiner’s comment 1c: Many candidates gained marks for mentioning cheap labour costs. Many others lost marks for saying it would be cheaper but failing to explain in what way. Many thought that the call Centre was targeted at Indian customer

Slide 12:

Question 1d: Explain why a customer might be frustrated when using an overseas call centre [2]

Slide 13:

Answer 1d: Two from: The operator might not understand UK dialects The customer might not understand operator’s accent Operators might have difficulty with UK culture Operators may be inclined to stick to script/may be unable to answer out of the ordinary questions Bad connection resulting in poor quality of communication

Slide 14:

Examiner’s comment 1d: A reasonable number of candidates identified the potential problems with accents but a surprising number thought that non-English speakers would be employed at a call Centre for a UK bank. Many thought that customers would be paying international call rates every time they phoned the bank and a number thought that there would be less security.

Slide 15:

Question 2a: Discuss the effects that the introduction of online banking has had on the bank’s employees [6]

Slide 16:

Answer 2a: Five from: Increased unemployment for cashier staff/security staff Increased employment for technical staff/programmers Increased employment for call centre operators Some workers have had to/had the opportunity to go part time The opportunity to job share might have been provided Flexible working hours may have been made available Technical staff may be able to work from home Some workers needed to retrain Managers could be relocated +1 for reasoned conclusion

Slide 17:

Examiner’s comment 2a: Most candidates scored well, however, this question was one of many that differentiated between IGCSE candidates and AS level candidates. It is important that stock phrases such as ‘unemployment’ are clarified and that candidates identify the groups most at risk from this. Candidates did reasonably well on other answers but, again, learning by rote does not help with this type of question. Some candidates did not appear to realise that only certain types of bank job can be done by working from home.

Slide 18:

Question 2b: Call centre operators sit at computer terminals for long periods of time. Describe how health problems result from this computer use. [5]

Slide 19:

Answer 2b: Five from: Typing at a keyboard continuously can cause RSI/wrist problems/finger problems Gripping a mouse and repetitive clicking can cause RSI/wrist problems/finger problems/carpal tunnel syndrome Sitting in the same position all day can cause lower back pain Sitting in the same position all day can cause deep vein thrombosis Staring at a computer screen all day can cause eye strain/headaches Poor positioning of screen can cause upper back/neck/shoulder pain Glare from screen can cause eye strain/headaches

Slide 20:

Examiner’s comment 2b: Too many candidates rephrased the question for their answers without going into sufficient detail about what types of action cause RSI etc. A worrying number wrote about safety problems. Several answers were at a very basic IGCSE level by suggesting that users get RSI, headaches, sight problems and backache without saying how.

Slide 21:

Question 2c: Explain the social and ethical implications of bank workers being able to access customers’ personal information. [6]

Slide 22:

Answer 2c: Six from: Bank workers have a personal duty of confidence to individuals whose data is stored Bank workers should have a personal duty of confidence to their employer Workers must not tell any unauthorised person about personal data which is held Bank must not use information for any reason except with the permission of the individual Workers must be asked to treat the information as confidential/it must be obvious to them that the information is given in confidence Employer should ask employee to sign a confidentiality agreement Bank should take responsibility for any information which is passed on Only the least amount of information that could identify the individual should be used Online services allow organisations to have access to the most private of data Examples – names, addresses, phone numbers, financial situation Information should not be passed on from organisation to organisation without authorisation from the individual Anonymised information should always omit personal details wherever possible Aggregated information should never identify individuals Companies/workers must ensure the security of customer data Workers must ensure only relevant data is used Workers should ensure they only use up to date/accurate information

Slide 23:

Examiner’s comment 2c: Candidates struggled with this question quite often writing about how employees would rob/defraud the customers. Many just quoted the Data Protection Act principles. There were very few high scores.

Slide 24:

Question 2d: Describe some of the security threats that the bank and customers must guard against when using online banking [4]

Slide 25:

Answer 2d: Four from: Call centres employees may copy data to pass on to criminals… …who use the data to make illegal transactions Phishing – email appears to be from customer's bank… …asks for customer’s details – password, card/account number, other security details …email makes up plausible reason …includes a website address for customer to go to which looks just like the actual bank’s website but is a fake website Pharming – fraudster redirects genuine website’s traffic to own website… …customer is now sending personal details to fraudster’s website Spyware is downloaded/software used to gather user's personal details Software detects key presses of user logging on to bank site Hacking to get customer personal information to use against the individual/to commit fraud Hacking in order to transmit viruses

Slide 26:

Examiner’s comment 2d: A large number of candidates wrote about how to combat the threats without going into any detail about the threats themselves. A number only wrote single word answers such as hacking or viruses. Some wrote down pharming and/or phishing without describing these in any detail.

authorStream Live Help