400 likes | 507 Views
استخدام آلية التواجد الجغرافي في التجارة الإلكترونية لمنع الاحتيال في بطاقات الائتمان. Preventing Credit Card Fraud in E-Commerce Using the Geo-location, Credit Card Number and Type Validations and Address Verification Service Techniques.
E N D
استخدام آلية التواجد الجغرافي في التجارة الإلكترونية لمنع الاحتيال في بطاقات الائتمان
Preventing Credit Card Fraud in E-Commerce Using the Geo-location, Credit Card Number and Type Validations and Address Verification Service Techniques
A Thesis submitted to King Abdul Aziz University, in partial fulfillment of the requirements for the degree of Master of science in Computer Science.
Agenda • Introduction • Objectives • Geo-location Technique • Credit Card Number Validation • Credit Card Type Validation • Address Verification Service (AVS) • Implementation Model • Conclusion • Future Work • Acknowledgement
Introduction • Since 1995, online credit card fraud has increased by 369%. • In 2001, 61.8$ billion were spent on online sales, 1.4% of it (about 700,000,000$) was lost to fraud.1 • History of Online Fraud • Use of Famous Names • Credit Card Generators • Order Hijacking • 1998 – Dummy Websites • Consumer Accounts • 2000 – Online Gangs and Fraud Rings 1 Credit Card Fraud Prevention using .NET Framework in C# or VB.NET, by Ivy Tang January 16,2006
Objectives • Understand the scope of e-commerce crime and security problems. • Reduce online credit card fraud. 1 Investigate and identify the techniques used for preventing online credit card fraud 2 Design card fraud model 2.1 Locating site (Detecting) 2.2 Validate card number 2.3 Validate card type 2.4 AVS 3 Implement card fraud model 3.1 Locating site (Detecting) 3.2 Validate card number 3.3 Validate card type 3.4 AVS
Introduction According to Cyber Source, e-retail merchants have lost over 2.6$ billion dollars to online payment fraud, and this loss will increase by 37% in the year 2007. Geo-location Service was found in January 2000 by Quova, Inc., which is a solution for online fraud. Geo-location Technique
Geo-location Technique • What is Geo-location ? A web geography technology that instantly determines an online customer’s geographic location- from country level down to city precision. • Geo-location Benefits 1- Effectiveness 2- Fraud Detection 3- Digital Rights Management 4- Regulatory Compliance
Geo-location Technique • Applications that uses Geo-location Technique: 1- Financial Services 2- E-Commerce 3- Government 4- Media Distribution a- Live Sports Web Casts b- Digital Movies c- Digital Music 5- Online Gaming
Geo-location Technique • Geo-location Studies • The most recent study was done in 2004 by a leading provider of automated identity verification, called LexisNexis RiskWise. • LexisNexis RiskWise analyzed tens of thousands of online credit card purchase using the geo-location technology, and found that : • 75% of all fraudulent online orders originated outside the US. • 97.9% of all transactions originating in Africa were fraudulent. • 74.8% of all transactions originating in Asia (including Russia) were fraudulent. • 64.4% of all transactions routed via satellite were fraudulent.
Geo-location Technique • Geo-location Studies – (continued) • In over 85% of all fraudulent orders, the customer’s billing address did not match the state from which the order was actually placed, while only 28% of legitimate orders displayed a state-level mismatch. • Another study done by Experian have found that when the IP origination point of an online order is in a different state from the customer’s billing address, the transaction turns out to be fraudulent 68% of the time.
Geo-location Technique • Geo-location technique Types: 1 Quova Technique. 2 IP2Location Technique.
Quova Technique • Quova’s Geo-location Architecture Overview 1- Global Data Collection Network (DCN). 2- Geo-Point Data Delivery Server (DDS). 3- Closed Loop Methodolgy.
Quova Technique • Global Data Collection Network (DCN) • Largest IP geo-location data collection network in the world. • Collects 1.4 billion active IP addresses. • There are 16 agents which are globally distributed around the world.
Quova Technique • GeoPoint Data Delivery Server (DDS) • Collected data are passed to the DDS, which allows integration of real-time geo-location information with any online web-based application. • Applications have access to the GeoPoint DDS geo-location information, to provide geo-location information about an IP address (Web visitor).
Quova Technique • GeoPoint Data Delivery Server (DDS)-(Continued) • Each GeoPoint DDS contains a local copy of the IP geo-location data, which is automatically updated on a regular basis from the data center. • GeoPoint DDS automatically sends the received geol-location information back to Quova in order to improve the quality of Quova’s services and to enable additional research.
IP2Location Technique • Algorithm Steps: • Detect IP Address. • Convert IP Address to IP Number. • Search by IP Number • Credit Card Number validation. • Credit Card Type Validation. • AVS
Method of Converting IP Address into IP Number IP Number = (256)3 * W + (256)2 * X + 256 * Y + Z Where: W: the first block of numbers in the IP address. X: the second block of numbers in the IP address. Y: the third block of numbers in the IP address. Z: the forth block of numbers in the IP address.
Example of Converting IP Address into IP Number IP Address = 4.2.226.135 IP Number = (256)3 * 4 + (256)2 * 2 + 256 * 226 + 135 = 67297927
Credit Card Number Validation • Validation Algorithm • In order to validate and verify the credit card number, a special algorithm called (MOD 10 Check) or (LUHN Formula) is used. • The MOD 10 Check takes the provided credit card number from the customer and validates that the number is in the correct range and format to be a credit card number and it is the type of credit card the customer says it is.
Credit Card Number Validation • MOD 10 Check does not tell if the credit card number is active or not, just that it is in the correct format. • This test is used on websites to validate that the credit card submitted is a recognizable credit card number. • It helps preventing processing credit card authorizations on numbers that could not possibly be credit cards.
Credit Card Number Validation • Credit Card Number Validation Algorithm Step 1. Double the value of alternating digits, starting from the second to last digit of the credit card number. Step 2. Add the separate digits of the product from the previous step. Step 3. Add the uneffected digits of the credit card number. Step 4. Add the results from step2 and step3 and divide the total by 10, if the remainder was zero, then it’s a valid number
Credit Card Number Validation • Example Step1: Starting with the second to last digit and moving left, Double the value of all alternating digits. For example: if we have a credit card with the following number 1234 5678 1234 5670. we will do the following: 1234 5678 1234 5670 7 x 2 = 14 5 x 2 = 10 3 x 2 = 6 1 x 2 = 2 7 x 2 = 14 5 x 2 = 10 3 x 2 = 6 1 x 2 = 2
Credit Card Number Validation Step2: Add the separate digits of the products from step1. (1+4) + (1+0) + (6) + (2) + (1+4) + (1+0) + (6) + (2) = 28 Step3: Add all the unaffected digits (the digits that we did not double). 1234 5678 1234 5670 0 + 6 + 4 + 2 + 8 + 6 + 4 + 2 = 32 Step4: Add the results from step 2 and step3, and divide by 10. 28 + 32 = 60 If the result is divisible by 10, then the credit card number is valid.
Credit Card Number Validation • Sequence Diagram
Credit Card Type Validation • It verifies whether that the customer has provided the correct credit card type • All Credit Cards have specific number length and numerical prefix.
Credit Card Type Validation Algorithm Credit Card Type Validation
Credit Card Type Validation • Sequence Diagram
Model Activity Diagram Credit Card Type and Number Validations