Final presentation
Download
Report
Transcript Final presentation
استخدام آلية
التواجد الجغرافي في التجارة
اإللكترونية لمنع االحتيال في
بطاقات االئتمان
Preventing Credit Card Fraud
in E-Commerce
Using the Geo-location, Credit Card
Number and Type Validations and
Address Verification Service
Techniques
A Thesis submitted to King Abdul Aziz
University, in partial fulfillment of the
requirements for the degree of Master of
science in Computer Science.
Agenda
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Introduction
Objectives
Geo-location Technique
Credit Card Number Validation
Credit Card Type Validation
Address Verification Service (AVS)
Implementation Model
Conclusion
Future Work
Acknowledgement
Introduction
Since 1995, online credit card fraud has increased by 369%.
In 2001, 61.8$ billion were spent on online sales, 1.4% of it
(about 700,000,000$) was lost to fraud.1
History of Online Fraud
o Use of Famous Names
o Credit Card Generators
o Order Hijacking
o 1998 – Dummy Websites
o Consumer Accounts
o 2000 – Online Gangs and Fraud Rings
1 Credit
Card Fraud Prevention using .NET Framework in C# or VB.NET, by Ivy Tang
January 16,2006
The True Cost of Fraud
Objectives
1
2
3
Understand the scope of e-commerce crime and security
problems.
Reduce online credit card fraud.
Investigate and identify the techniques used for
preventing online credit card fraud
Design card fraud model
2.1 Locating site (Detecting)
2.2 Validate card number
2.3 Validate card type
2.4 AVS
Implement card fraud model
3.1 Locating site (Detecting)
3.2 Validate card number
3.3 Validate card type
3.4 AVS
Geo-location
Technique
Geo-location Technique
Introduction
o
According to Cyber Source, e-retail merchants have lost over
2.6$ billion dollars to online payment fraud, and this loss will
increase by 37% in the year 2007.
o
Geo-location Service was found in January 2000 by Quova,
Inc., which is a solution for online fraud.
Geo-location Technique
What is Geo-location ?
A web geography technology that instantly determines an
online customer’s geographic location- from country level
down to city precision.
Geo-location Benefits
1- Effectiveness
2- Fraud Detection
3- Digital Rights Management
4- Regulatory Compliance
Geo-location Technique
Applications that uses Geo-location Technique:
1- Financial Services
2- E-Commerce
3- Government
4- Media Distribution
a- Live Sports Web Casts
b- Digital Movies
c- Digital Music
5- Online Gaming
Geo-location Technique
Geo-location Studies
o
The most recent study was done in 2004 by a leading
provider of automated identity verification, called
LexisNexis RiskWise.
o
LexisNexis RiskWise analyzed tens of thousands of online
credit card purchase using the geo-location technology,
and found that :
o
o
o
o
75% of all fraudulent online orders originated outside the US.
97.9% of all transactions originating in Africa were fraudulent.
74.8% of all transactions originating in Asia (including Russia) were
fraudulent.
64.4% of all transactions routed via satellite were fraudulent.
Geo-location Technique
Geo-location Studies – (continued)
o
In over 85% of all fraudulent orders, the customer’s billing
address did not match the state from which the order was
actually placed, while only 28% of legitimate orders
displayed a state-level mismatch.
o
Another study done by Experian have found that when the
IP origination point of an online order is in a different state
from the customer’s billing address, the transaction turns
out to be fraudulent 68% of the time.
Geo-location Technique
1
2
Geo-location technique Types:
Quova Technique.
IP2Location Technique.
Quova Technique
Quova’s Geo-location Architecture Overview
1- Global Data Collection Network (DCN).
2- Geo-Point Data Delivery Server (DDS).
3- Closed Loop Methodolgy.
Quova Technique
Global Data Collection Network (DCN)
o
Largest IP geo-location data collection network in the
world.
Collects 1.4 billion active IP addresses.
There are 16 agents which are globally distributed around
the world.
o
o
Quova Technique
GeoPoint Data Delivery Server (DDS)
o
Collected data are passed to the DDS, which allows
integration of real-time geo-location information with any
online web-based application.
o
Applications have access to the GeoPoint DDS geo-location
information, to provide geo-location information about an
IP address (Web visitor).
Quova Technique
GeoPoint Data Delivery Server (DDS)(Continued)
o
Each GeoPoint DDS contains a local copy of the IP geolocation data, which is automatically updated on a regular
basis from the data center.
o
GeoPoint DDS automatically sends the received geollocation information back to Quova in order to improve the
quality of Quova’s services and to enable additional
research.
IP2Location Technique
Current Study
in
Geo-location
IP2Location Algorithm
IP2Location Technique
Algorithm Steps:
1
Detect IP Address.
Convert IP Address to IP Number.
Search by IP Number
Credit Card Number validation.
Credit Card Type Validation.
AVS
2
3
4
5
6
IP2Location Database Format
COULMN NUMBER
COULMN DESCRIPTION
1
Beginning IP number
2
Ending IP number
3
Country Code (ISO 3166) (2 characters)
4
Full Country name
5
Region
6
City
7
Latitude
8
Longitude
9
Zip Code
10
ISP
11
Domain Name
IP2Location Database Example
COULMN
NUMBER
COULMN DESCRIPTION
COLUMN VALUES
1
Beginning IP number
67297944
2
Ending IP number
67297951
3
Country Code (ISO 3166) (2 characters)
4
Full Country name
5
Region
6
City
7
Latitude
33.4905
8
Longitude
79.2882
9
Zip Code
29440
10
ISP
11
Domain Name
US
UNITED STATES
SOUTH CAROLINA
GEORGETOWN
CITY OF
GEORGETOWN
CITYOFGEORGETO
WN.COM
IP2Location Database
Specification
FIELD #
FIELD NAME
DATA TYPE
FIELD DESCRIPTION
1
IP_FROM
NUMERICAL
(DOUBLE)
Beginning of IP address range. The
data is represented in IP number
format
2
IP_TO
NUMERICAL
(DOUBLE)
Ending of IP address range. The data
is represented in IP number format.
3
COUNTRY_CODE
CHAR(2)
Two-character country code based on
ISO 3166.
4
COUNTRY_NAME
VARCHAR(64)
Country name based on ISO 3166
5
REGION
VARCHAR(128)
Region name
6
CITY
VARCHAR(128)
City name
IP2Location Database
Specification
FIELD #
FIELD NAME
DATA TYPE
FIELD DESCRIPTION
7
LATITUDE
NUMERICAL
(DOUBLE)
City latitude. Default to capital
city latitude if city is unknown.
8
LONGITUDE
NUMERICAL
(DOUBLE)
City longitude. Default to capital
city longitude if city is unknown.
9
ZIPCODE
CHAR(5)
Five-digit ZIP codes for US cities
only.
10
ISP_NAME
VARCHAR(256)
Internet Service Provider
registered under the IP address
range.
11
DOMAIN_NAME
VARCHAR(128)
Domain name assigned to
Internet network.
Method of Converting IP Address
into IP Number
IP Number = (256)3 * W + (256)2 * X + 256 * Y + Z
Where:
W: the first block of numbers in the IP address.
X: the second block of numbers in the IP address.
Y: the third block of numbers in the IP address.
Z: the forth block of numbers in the IP address.
Example of Converting IP Address
into IP Number
IP Address = 4.2.226.135
IP Number = (256)3 * 4 + (256)2 * 2 + 256 * 226 + 135 = 67297927
Credit Card
Number
Validation
Credit Card Number Validation
Validation Algorithm
o
In order to validate and verify the credit card number, a
special algorithm called (MOD 10 Check) or (LUHN
Formula) is used.
o
The MOD 10 Check takes the provided credit card
number from the customer and validates that the
number is in the correct range and format to be a credit
card number and it is the type of credit card the
customer says it is.
Credit Card Number Validation
o
MOD 10 Check does not tell if the credit card number is
active or not, just that it is in the correct format.
o
This test is used on websites to validate that the credit
card submitted is a recognizable credit card number.
o
It helps preventing processing credit card authorizations
on numbers that could not possibly be credit cards.
Credit Card Number Validation
Credit Card Number Validation Algorithm
Step 1. Double the value of alternating digits, starting from the
second to last digit of the credit card number.
Step 2. Add the separate digits of the product from the
previous step.
Step 3. Add the uneffected digits of the credit card number.
Step 4. Add the results from step2 and step3 and divide the
total by 10, if the remainder was zero, then it’s a valid
number
Credit Card Number Validation
o
Example
Step1: Starting with the second to last digit and moving
left, Double the value of all alternating digits.
For example: if we have a credit card with the following
number 1234 5678 1234 5670. we will do the following:
1234 5678 1234 5670
7 x 2 = 14
5 x 2 = 10
3x2= 6
1x2= 2
7 x 2 = 14
5 x 2 = 10
3x2=6
1x2=2
Credit Card Number Validation
Step2: Add the separate digits of the products from step1.
(1+4) + (1+0) + (6) + (2) + (1+4) + (1+0) + (6) + (2) = 28
Step3: Add all the unaffected digits (the digits that we did
not double).
1234 5678 1234 5670
0 + 6 + 4 + 2 + 8 + 6 + 4 + 2 = 32
Step4: Add the results from step 2 and step3, and divide
by 10.
28 + 32 = 60
If the result is divisible by 10, then the credit card number
is valid.
Credit Card Number Validation
Sequence Diagram
Credit Card
Type Validation
Credit Card Type Validation
o
o
It verifies whether that the customer has provided the correct
credit card type
All Credit Cards have specific number length and numerical
prefix.
Card Type
Prefix
Number Length
51-55
16
4
13 or 16
34 or 37
15
300-305, 36, 38
14
enRoute
2014, 2149
15
Discover
6011
16
JCB
3
16
JCB
2131, 1800
15
Master Card
VISA
American Express
Diners Club/Carte Blanche
Credit Card Type Validation
Credit Card Type Validation Algorithm
Credit Card Type Validation
Sequence Diagram
Credit Card Type and Number
Validations
Model Activity Diagram