Security for Credit Card Fraud in E-commerce - Essay Example

Security for Credit Card Fraud in E-commerce Abstract The invention of internet bears its merits and demerits; it has provided man with a vast ocean of knowledge and content on any subject but has also created numerous means of criminal activities. This literature survey discusses such an activity which has become one of the major fears across the globe; credit card fraud. Many technologies have been devised to tackle this problem; one of the most effective ones is geo-location technology [29]. This technology has numerous uses and advantages which shall also be discussed in the report. 1. Introduction Internet can be termed as the largest carrier of information and content. It has provided the world with innovative modes of communication from one end of the globe to the other [7]. Another area which has witnessed ground-breaking revolution is the conception of e-commerce; an idea which would have seemed unattainable for a man in the past. E-commerce encapsulates the concept of buying and selling products online, which involves money transactions from around the world. Since these transactions are usually done through credit cards, therefore this raises a need to authenticate and verify the customers who are involved in purchasing goods online. Their location, personal information and account information need to be verified so that the chances of fraud can be minimized [2]. 2. Overview There are over 1.2 billion internet users all over the world [14]; Cheskin Research & Studio Archetype/Sapient concludes some internet users pose threats and some pose opportunities [3]. One of the major threats prevailing in the modern age is the validity of the transactions that take place online [16]. This mistrust in business owners is the product of the thousands of fraud cases witnessed in the past and this has led the companies to deploy extreme security measures to tackle this threat [4]. The goal of e-commerce sites is as follows; one is to reduce the degree of fraudulent activities, try to lower the number of rejections for legitimate orders as much as possible and minimize the number of manual reviews of transactions which prove to be costly for the company [5]. From these three objectives, it can be seen that fraud is their top most concern and due to this they spend a large part of their resources in overcoming this challenge. There have been many approaches devised over the years to make e-commerce transactions more secure. One of the technologies that has gained a name over the past years is “geo-location”. 3. System Background The mode of payment in e-commerce transactions is through ‘credit cards’; which have established more opportunities for businessmen but at the same time introduced new problems in the whole process of selling goods [10]. Things were much simpler for business owners (also called merchants) to keep track of the money flow. With the emergence of credit cards, the owner is dependant on a number of entities to make the transaction possible for e.g., bank, card issuer etc [1]. A credit card transaction goes through the following steps and entities for its authentication; when a merchant swipes the credit card, necessary information from the card is sent to the merchant’s bank (also called an acquirer). This is a request for authorization of the respective sale. The acquirer transfers this request to the card-issuing bank; the card will either be authorized or denied at this step and the information will be sent back to the acquirer. Hence the merchant is dependant on many entities; due to this the chances of fraud and discrepancy are possible at several points in the process [6]. 4. Problem Identification Due to the advancement in the field of e-commerce, it became more desirable for a fraudster to use the illegal credit cards for purchasing goods online [11], [13], [24]. According to a research by Javelin Strategy and Research in 2008 [8]; it was found that credit card fraud cost consumers and merchants billions of dollars annually $48 billion. According to another survey by Unisys, an information technology company [9]; it was found that credit card fraud is considered to be the No.1 fear for Americans, superseding the fears of terrorism and health viruses. Therefore, numerous aspects have to be considered before authenticating a customer and permitting the transaction: - Is the card real? - Is there enough money available on the card? - Is the customer authorized to use the card? - Have the goods or services been delivered to the customer? [1]. Most of the credit card frauds begin with the identity theft where the identity of some person will be used to perform the transaction and commit fraud [11]. It is not an easy job to find an occurrence of credit card fraud in e-shopping nowadays as the fraudsters are also technology savvy; therefore identifying credit card fraud requires expertise and much research has been done in this field. 5. Solution 5.1 Geo-location Technology Geo-location is one of the most reliable technologies to handle the credit card fraud as it is used to identify the key factors which lead to this crime [15]. James A. Muir et al. states in his paper “Internet Geolocation and Evasion” in April 2006 that it determines the physical location of the internet user, no matter where he is on the globe [12]. It is also called IP geo-location as it looks up for the unique IP address possessed by every host connected to the internet [28], [31]. A large number of companies maintain licensed databases that keep track of the geographic locations mapped with the IP addresses [20], [30]. The following figure explains the process of geo-location: Fig.1: The process of Geo-Technology [1] 5.2 Usage of Geo-location Technology Security check on the basis of location: It has a number of uses in the modern world of internet but its primary use is to assess if users are really present at the place that they claim to be at [19]. This can be very helpful in detecting a fraudulent act by finding a mismatch between the geographical location of the person purchasing the commodity and the address that is stated on the credit card [17]. Restricted Content: Bamba Gueye et al. also explains in one of his papers that regional policies can dictate which client will have access to a specific content and localized regulations can also be enabled [19]. Targeted advertising: With the help of geo-location; digital content or advertisements can be restricted from a certain place if they are considered inappropriate for e.g. alcoholic beverages advertisements can be restricted to be displayed in Saudi Arabia as alcohol is prohibited by their religion [18], [27]. On the contrary, advertisements specific to that place can be shown which can serve as a good source for more business. Fig.2: IP addresses corresponding to different countries gives the viewer different web pages. [26] 5.3 Advantages of Geo-location Geo-location is very accurate for country level performance as the providers claim its accuracy level to be 99% [2]. Taxes can be correctly implied on purchasing activities with respect to different places [21], [25]. Terrorist organization’s content can be prohibited so that people cannot interact or be influenced by them. 5.4 Disadvantages of Geo-location It proves to be a valuable tool for fraud detection but cannot depend on this single entity for making any final decisions [1]. With the emergence of this technology; it is argued by some that the greatness of “World Wide Web” concept is becoming less worldwide and more local [23]. The main problem is experienced during the process of building up the geo-location relevant data for e.g.; There are no address registers containing physical addresses with respect to IP addresses. Therefore the ones responsible for creating the databases have to depend on less straightforward modes [22]. 6. Further Reading After this literature survey; it can be concluded that geographical boundaries have travelled from our real lives into the cyberspace. Geo-technology has given a new definition to the way internet can be utilized. Only few aspects of geo-location technology could be stated in this survey in detail. More literature shall be studied on the mechanism and procedure by which geo-location technology works. References [1] David. A. Montague, Fraud Prevention Techniques: Credit Card Fraud, Trafford Publishing, Canada, 2004. [2] Dan Svantesson, How The Taxman Brought Geography To The ‘Borderless’ Internet, 2007. [Online]. Available: http://epublications.bond.edu.au/erahca/57/ [3] Cheskin Research & Studio Archetype/Sapient, eCommerce Trust Study, 1999. [Online]. Available: http://www.sapient.com/cheskin/. [4] Fukuyama. F, Trust: The Social Virtues and the Creation of Prosperity, The Free Press, [Online]. Available: New York, 1995. [5] Riva Richmond, WeKnowWhereYouAre, Dow Jones & Company, Inc, 2008. [Online]. Available: http://online.wsj.com/article/SB122227759888771725.html [6] Tyler Metzger, How credit card transactions work, CreditCards.com, 2009. [Online]. Available: http://www.creditcards.com/credit-card-news/how-a-credit-card-is-processed-1275.php [7] Graeme. R. Newman, Ronald V. Clarke, Superhighway robbery: Preventing E-commerce Crime, Willan Publishing, USA, 2003 [Online] Available:http://books.google.com.sa/books?id=YSL_oq2AB10C&printsec=frontcover&dq=fraud+prevention+techniques+for+credit+card+fraud+2004&source=gbs_similarbooks_s&cad=1#v=onepage&q=&f=false [8] Cindy Waxer, Cell phones become fraud-fighting tools, CreditCards.com, 2009. [Online] Available: http://www.stretcher.com/stories/CC/09/09sep11a.cfm [9] Lieberman Research Group, UNISYS Security Index: United States 4 March 2009 (Wave 4), UNISYS, 2009. [Online] Available:http://www.unisyssecurityindex.com/resources/reports/Security%20Index%20Wave%204%20US%20Mar%203-09%20_2_.pdf [10] Manas Ratha, The Credit Card Model, MIT System Dynamics in Education Project, 1997. [Online] Available:http://ocw.mit.edu/NR/rdonlyres/Sloan-School-of-Management/15-988Fall-1998-Spring-1999/999C7C12-4DF7-4B15-BAF4-CC4CD7A63505/0/creditcardmodel.pdf [11] John Cacavias, Anita Lugonja, Michael Messa, Dan Zhanbekov, Internet Security: Internet Fraud and Identity Theft, April 12, 2006, [Online] Available:http://www.cc.gatech.edu/classes/AY2006/cs4235_spring/CS4235%20-%20Internet%20Security%201%20-%20Internet%20Fraud.pdf [12] James A. Muir P. C. van Oorschot, Internet Geolocation and Evasion, April 2006. [Online] Available:www.idtrail.org/files/jm-id-trail.pdf [13] Eric Altendorf, Peter Brende, Josh Daniel, Laurent Lessard, Fraud Detection for Online Retail using Random Forests. 2005. [Online] Available:www.stanford.edu/.../AltendorfBrendeDanielLessard-FraudDetectionForOnlineRetailUsingRandomForests.pdf [14] John Yunker, Going Global with Geolocation, Byte Level Research, 2008 [Online] Available:http://www.google.com.pk/search?hl=en&rlz=1T4ADFA_enPK352&q=Going+Global+with+geolocation+john+yunker&meta=&aq=f&oq= [15] Dan Jerker B. Svantesson, How does the accuracy of geo-location technologies affect the law?, HERDC submission, 2008. [Online] Available:http://works.bepress.com/dan_svantesson/23/ [16] U.S. Department of Justice: Criminal Division, Internet Fraud, U.S. Department of Justice. Apr. 2006. [Online] Available:http://www.usdoj.gov/criminal/fraud/text/Internet.htm#What%20Are%20the%20Major%20Types%20of%20Internet [17] Duffy, Daintry. “I know where you shopped last night.” CSO Online Sept. 2004. [Online] Available:http://www.csoonline.com/read/090104/briefing_fraud.html [18] Ben Laurie, Geolocation of Web Users, United States District Court Southern District of NY, 2005. [Online] Available:http://www.apache-ssl.org/nitke.pdf [19] Bamba Gueye, Artur Ziviani, Mark Crovella, Serge Fdida, Constraint-Based Geolocation of Internet Hosts, 2004. [Online] Available:http://www.imconf.net/imc-2004/papers/p288-gueye.pdf [20] Federal Financial Institutions Examination Council, Authentication in an Internet Banking Environment. [Online] Available:http://www.ffiec.gov/pdf/authentication_guidance.pdf [21] Information Technology Association of America, ECommerce Taxation and the Limitations of Geolocation Tools, 2004. [Online] Available:http://www.itaa.org/taxfinance/docs/geolocationpaper.pdf [22] Dan Svantesson, Geo-location Technologies – A Brief Overview, Bond University (Australia), 2004. [Online] Available:http://www.docstoc.com/docs/13548237/Geo-location-Technologies---A-Brief-Overview [23] Associated Press of TechBiz IT, Geolocation: Don't Fence Web In, WIRED, 2004. [Online] Available:http://wired-vig.wired.com/techbiz/it/news/2004/07/64178 [24] Fraud labs. 10 Measures to Reduce Credit Card Fraud for Internet Merchants, [Online] Available:http://www.fraudlabs.com/fraudLabswhitepaperpg1.htm [25] Expert Report of Seth Finkelstein, 2003, [Online] Available:http://www.sethf.com/nitke/ashcroft.php [26] Patricia Jacobus, Building fences, one by one, CNET News.com, 2001. [Online] Available:http://news.cnet.com/2009-1023-255774-2.html [27] Stefanie Olsen, Geographic tracking raises opportunities, fears, CNET News.com, 2000. [Online] Available:http://news.cnet.com/Geographic-tracking-raises-opportunities,-fears/2100-1023_3-248274.html [28] A. Ziviani, S. Fdida, J. F. de Rezende, O. C. M. B. Duarte, Toward a measurement-based geographic location service, Proc. Passive and Active MeasurementWorkshop (PAM 2004), April 2004. [29] Larry Greenemeier, New Geo-Location Service Could Help Track Cyber Thieves, InformationWeek, June 2007. [Online] Available:http://www.informationweek.com/story/showArticle.jhtml?articleID=199903929 [30] EduCause, 7 things you should know about Geolocation, Aug 2008. [Online] Available:http://net.educause.edu/ir/library/pdf/ELI7040.pdf [31] IP, How to geographically locate an IP Address, [Online] Available:http://ipinfo.info/html/geolocation.php Read More