Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
استخدام آلية التواجد الجغرافي في التجارة اإللكترونية لمنع االحتيال في بطاقات االئتمان Preventing Credit Card Fraud in E-Commerce Using the Geo-location, Credit Card Number and Type Validations and Address Verification Service Techniques A Thesis submitted to King Abdul Aziz University, in partial fulfillment of the requirements for the degree of Master of science in Computer Science. Agenda 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Introduction Objectives Geo-location Technique Credit Card Number Validation Credit Card Type Validation Address Verification Service (AVS) Implementation Model Conclusion Future Work Acknowledgement Introduction Since 1995, online credit card fraud has increased by 369%. In 2001, 61.8$ billion were spent on online sales, 1.4% of it (about 700,000,000$) was lost to fraud.1 History of Online Fraud o Use of Famous Names o Credit Card Generators o Order Hijacking o 1998 – Dummy Websites o Consumer Accounts o 2000 – Online Gangs and Fraud Rings 1 Credit Card Fraud Prevention using .NET Framework in C# or VB.NET, by Ivy Tang January 16,2006 The True Cost of Fraud Objectives 1 2 3 Understand the scope of e-commerce crime and security problems. Reduce online credit card fraud. Investigate and identify the techniques used for preventing online credit card fraud Design card fraud model 2.1 Locating site (Detecting) 2.2 Validate card number 2.3 Validate card type 2.4 AVS Implement card fraud model 3.1 Locating site (Detecting) 3.2 Validate card number 3.3 Validate card type 3.4 AVS Geo-location Technique Geo-location Technique Introduction o According to Cyber Source, e-retail merchants have lost over 2.6$ billion dollars to online payment fraud, and this loss will increase by 37% in the year 2007. o Geo-location Service was found in January 2000 by Quova, Inc., which is a solution for online fraud. Geo-location Technique What is Geo-location ? A web geography technology that instantly determines an online customer’s geographic location- from country level down to city precision. Geo-location Benefits 1- Effectiveness 2- Fraud Detection 3- Digital Rights Management 4- Regulatory Compliance Geo-location Technique Applications that uses Geo-location Technique: 1- Financial Services 2- E-Commerce 3- Government 4- Media Distribution a- Live Sports Web Casts b- Digital Movies c- Digital Music 5- Online Gaming Geo-location Technique Geo-location Studies o The most recent study was done in 2004 by a leading provider of automated identity verification, called LexisNexis RiskWise. o LexisNexis RiskWise analyzed tens of thousands of online credit card purchase using the geo-location technology, and found that : o o o o 75% of all fraudulent online orders originated outside the US. 97.9% of all transactions originating in Africa were fraudulent. 74.8% of all transactions originating in Asia (including Russia) were fraudulent. 64.4% of all transactions routed via satellite were fraudulent. Geo-location Technique Geo-location Studies – (continued) o In over 85% of all fraudulent orders, the customer’s billing address did not match the state from which the order was actually placed, while only 28% of legitimate orders displayed a state-level mismatch. o Another study done by Experian have found that when the IP origination point of an online order is in a different state from the customer’s billing address, the transaction turns out to be fraudulent 68% of the time. Geo-location Technique 1 2 Geo-location technique Types: Quova Technique. IP2Location Technique. Quova Technique Quova’s Geo-location Architecture Overview 1- Global Data Collection Network (DCN). 2- Geo-Point Data Delivery Server (DDS). 3- Closed Loop Methodolgy. Quova Technique Global Data Collection Network (DCN) o Largest IP geo-location data collection network in the world. Collects 1.4 billion active IP addresses. There are 16 agents which are globally distributed around the world. o o Quova Technique GeoPoint Data Delivery Server (DDS) o Collected data are passed to the DDS, which allows integration of real-time geo-location information with any online web-based application. o Applications have access to the GeoPoint DDS geo-location information, to provide geo-location information about an IP address (Web visitor). Quova Technique GeoPoint Data Delivery Server (DDS)(Continued) o Each GeoPoint DDS contains a local copy of the IP geolocation data, which is automatically updated on a regular basis from the data center. o GeoPoint DDS automatically sends the received geollocation information back to Quova in order to improve the quality of Quova’s services and to enable additional research. IP2Location Technique Current Study in Geo-location IP2Location Algorithm IP2Location Technique Algorithm Steps: 1 Detect IP Address. Convert IP Address to IP Number. Search by IP Number Credit Card Number validation. Credit Card Type Validation. AVS 2 3 4 5 6 IP2Location Database Format COULMN NUMBER COULMN DESCRIPTION 1 Beginning IP number 2 Ending IP number 3 Country Code (ISO 3166) (2 characters) 4 Full Country name 5 Region 6 City 7 Latitude 8 Longitude 9 Zip Code 10 ISP 11 Domain Name IP2Location Database Example COULMN NUMBER COULMN DESCRIPTION COLUMN VALUES 1 Beginning IP number 67297944 2 Ending IP number 67297951 3 Country Code (ISO 3166) (2 characters) 4 Full Country name 5 Region 6 City 7 Latitude 33.4905 8 Longitude 79.2882 9 Zip Code 29440 10 ISP 11 Domain Name US UNITED STATES SOUTH CAROLINA GEORGETOWN CITY OF GEORGETOWN CITYOFGEORGETO WN.COM IP2Location Database Specification FIELD # FIELD NAME DATA TYPE FIELD DESCRIPTION 1 IP_FROM NUMERICAL (DOUBLE) Beginning of IP address range. The data is represented in IP number format 2 IP_TO NUMERICAL (DOUBLE) Ending of IP address range. The data is represented in IP number format. 3 COUNTRY_CODE CHAR(2) Two-character country code based on ISO 3166. 4 COUNTRY_NAME VARCHAR(64) Country name based on ISO 3166 5 REGION VARCHAR(128) Region name 6 CITY VARCHAR(128) City name IP2Location Database Specification FIELD # FIELD NAME DATA TYPE FIELD DESCRIPTION 7 LATITUDE NUMERICAL (DOUBLE) City latitude. Default to capital city latitude if city is unknown. 8 LONGITUDE NUMERICAL (DOUBLE) City longitude. Default to capital city longitude if city is unknown. 9 ZIPCODE CHAR(5) Five-digit ZIP codes for US cities only. 10 ISP_NAME VARCHAR(256) Internet Service Provider registered under the IP address range. 11 DOMAIN_NAME VARCHAR(128) Domain name assigned to Internet network. Method of Converting IP Address into IP Number IP Number = (256)3 * W + (256)2 * X + 256 * Y + Z Where: W: the first block of numbers in the IP address. X: the second block of numbers in the IP address. Y: the third block of numbers in the IP address. Z: the forth block of numbers in the IP address. Example of Converting IP Address into IP Number IP Address = 4.2.226.135 IP Number = (256)3 * 4 + (256)2 * 2 + 256 * 226 + 135 = 67297927 Credit Card Number Validation Credit Card Number Validation Validation Algorithm o In order to validate and verify the credit card number, a special algorithm called (MOD 10 Check) or (LUHN Formula) is used. o The MOD 10 Check takes the provided credit card number from the customer and validates that the number is in the correct range and format to be a credit card number and it is the type of credit card the customer says it is. Credit Card Number Validation o MOD 10 Check does not tell if the credit card number is active or not, just that it is in the correct format. o This test is used on websites to validate that the credit card submitted is a recognizable credit card number. o It helps preventing processing credit card authorizations on numbers that could not possibly be credit cards. Credit Card Number Validation Credit Card Number Validation Algorithm Step 1. Double the value of alternating digits, starting from the second to last digit of the credit card number. Step 2. Add the separate digits of the product from the previous step. Step 3. Add the uneffected digits of the credit card number. Step 4. Add the results from step2 and step3 and divide the total by 10, if the remainder was zero, then it’s a valid number Credit Card Number Validation o Example Step1: Starting with the second to last digit and moving left, Double the value of all alternating digits. For example: if we have a credit card with the following number 1234 5678 1234 5670. we will do the following: 1234 5678 1234 5670 7 x 2 = 14 5 x 2 = 10 3x2= 6 1x2= 2 7 x 2 = 14 5 x 2 = 10 3x2=6 1x2=2 Credit Card Number Validation Step2: Add the separate digits of the products from step1. (1+4) + (1+0) + (6) + (2) + (1+4) + (1+0) + (6) + (2) = 28 Step3: Add all the unaffected digits (the digits that we did not double). 1234 5678 1234 5670 0 + 6 + 4 + 2 + 8 + 6 + 4 + 2 = 32 Step4: Add the results from step 2 and step3, and divide by 10. 28 + 32 = 60 If the result is divisible by 10, then the credit card number is valid. Credit Card Number Validation Sequence Diagram Credit Card Type Validation Credit Card Type Validation o o It verifies whether that the customer has provided the correct credit card type All Credit Cards have specific number length and numerical prefix. Card Type Prefix Number Length 51-55 16 4 13 or 16 34 or 37 15 300-305, 36, 38 14 enRoute 2014, 2149 15 Discover 6011 16 JCB 3 16 JCB 2131, 1800 15 Master Card VISA American Express Diners Club/Carte Blanche Credit Card Type Validation Credit Card Type Validation Algorithm Credit Card Type Validation Sequence Diagram Credit Card Type and Number Validations Model Activity Diagram