استخدام آلية التواجد الجغرافي في التجارة الإلكترونية...
Post on 04-Jan-2016
44 Views
Preview:
DESCRIPTION
TRANSCRIPT
آلية آلية استخدام استخدامالجغرافي الجغرافي التواجد التواجد
التجارة التجارة في فيلمنع لمنع اإللكترونية اإللكترونية
في في االحتيال االحتيالاالئتمان االئتمان بطاقات بطاقات
Preventing Credit Card Preventing Credit Card Fraud in E-Commerce Fraud in E-Commerce
Using the Geo-location, Using the Geo-location, Credit Card Number and Credit Card Number and
Type Validations and Type Validations and Address Verification Service Address Verification Service
TechniquesTechniques
A Thesis submitted to King A Thesis submitted to King Abdul Aziz University, in partial Abdul Aziz University, in partial fulfillment of the requirements fulfillment of the requirements
for the degree of Master of for the degree of Master of science in Computer Science.science in Computer Science.
AgendaAgenda1.1. IntroductionIntroduction
2.2. ObjectivesObjectives
3.3. Geo-location TechniqueGeo-location Technique
4.4. Credit Card Number ValidationCredit Card Number Validation
5.5. Credit Card Type ValidationCredit Card Type Validation
6.6. Address Verification Service (AVS)Address Verification Service (AVS)
7.7. Implementation ModelImplementation Model
8.8. Conclusion Conclusion
9.9. Future WorkFuture Work
10.10. AcknowledgementAcknowledgement
IntroductionIntroduction Since 1995, online credit card fraud has Since 1995, online credit card fraud has
increased by 369%.increased by 369%. In 2001, 61.8$ billion were spent on online In 2001, 61.8$ billion were spent on online
sales, 1.4% of it (about 700,000,000$) was lost sales, 1.4% of it (about 700,000,000$) was lost to fraud.to fraud.11
History of Online FraudHistory of Online Fraudo Use of Famous NamesUse of Famous Nameso Credit Card GeneratorsCredit Card Generatorso Order HijackingOrder Hijackingo 1998 – Dummy Websites1998 – Dummy Websiteso Consumer AccountsConsumer Accountso 2000 – Online Gangs and Fraud Rings2000 – Online Gangs and Fraud Rings
1 1 Credit Card Fraud Prevention using .NET Framework in C# or VB.NET, Credit Card Fraud Prevention using .NET Framework in C# or VB.NET, by Ivy Tang January 16,2006by Ivy Tang January 16,2006
The True Cost of FraudThe True Cost of Fraud
ObjectivesObjectives Understand the scope of e-commerce crime Understand the scope of e-commerce crime
and security problems.and security problems. Reduce online credit card fraud.Reduce online credit card fraud.
1 Investigate and identify the techniques 1 Investigate and identify the techniques used for preventing online credit card used for preventing online credit card fraud fraud
2 Design card fraud model2 Design card fraud model 2.1 Locating site (Detecting)2.1 Locating site (Detecting) 2.2 Validate card number2.2 Validate card number 2.3 Validate card type2.3 Validate card type 2.4 AVS2.4 AVS3 Implement card fraud model 3 Implement card fraud model 3.1 Locating site (Detecting)3.1 Locating site (Detecting) 3.2 Validate card number3.2 Validate card number 3.3 Validate card type3.3 Validate card type 3.4 AVS3.4 AVS
Geo-location Geo-location TechniqueTechnique
Geo-location TechniqueGeo-location Technique
IntroductionIntroduction
o According to Cyber Source, e-retail merchants According to Cyber Source, e-retail merchants have lost over 2.6$ billion dollars to online have lost over 2.6$ billion dollars to online payment fraud, and this loss will increase by payment fraud, and this loss will increase by 37% in the year 2007.37% in the year 2007.
o Geo-location Service was found in January Geo-location Service was found in January 2000 by Quova, Inc., which is a solution for 2000 by Quova, Inc., which is a solution for online fraud.online fraud.
Geo-location TechniqueGeo-location Technique
What is Geo-location ?What is Geo-location ?A web geography technology that instantly A web geography technology that instantly
determines an online customer’s geographic determines an online customer’s geographic location- from country level down to city location- from country level down to city precision.precision.
Geo-location BenefitsGeo-location Benefits1- Effectiveness1- Effectiveness
2- Fraud Detection2- Fraud Detection
3- Digital Rights Management3- Digital Rights Management
4- Regulatory Compliance4- Regulatory Compliance
Geo-location TechniqueGeo-location Technique
Applications that uses Geo-location Applications that uses Geo-location Technique:Technique:1- Financial Services1- Financial Services
2- E-Commerce2- E-Commerce
3- Government3- Government
4- Media Distribution4- Media Distributiona- Live Sports Web Castsa- Live Sports Web Casts
b- Digital Moviesb- Digital Movies
c- Digital Musicc- Digital Music
5- Online Gaming5- Online Gaming
Geo-location TechniqueGeo-location Technique
Geo-location StudiesGeo-location Studieso The most recent study was done in 2004 by a The most recent study was done in 2004 by a
leading provider of automated identity verification, leading provider of automated identity verification, called LexisNexis RiskWise.called LexisNexis RiskWise.
o LexisNexis RiskWise analyzed tens of thousands of LexisNexis RiskWise analyzed tens of thousands of online credit card purchase using the geo-location online credit card purchase using the geo-location technology, and found that :technology, and found that :o 75% of all fraudulent online orders originated outside the 75% of all fraudulent online orders originated outside the
US.US.o 97.9% of all transactions originating in Africa were 97.9% of all transactions originating in Africa were
fraudulent.fraudulent.o 74.8% of all transactions originating in Asia (including 74.8% of all transactions originating in Asia (including
Russia) were fraudulent.Russia) were fraudulent.o 64.4% of all transactions routed via satellite were 64.4% of all transactions routed via satellite were
fraudulent.fraudulent.
Geo-location TechniqueGeo-location Technique
Geo-location Studies – (continued)Geo-location Studies – (continued)o In over 85% of all fraudulent orders, the In over 85% of all fraudulent orders, the
customer’s billing address did not match the customer’s billing address did not match the state from which the order was actually state from which the order was actually placed, while only 28% of legitimate orders placed, while only 28% of legitimate orders displayed a state-level mismatch.displayed a state-level mismatch.
o Another study done by Experian have found Another study done by Experian have found that when the IP origination point of an that when the IP origination point of an online order is in a different state from the online order is in a different state from the customer’s billing address, the transaction customer’s billing address, the transaction turns out to be fraudulent 68% of the time.turns out to be fraudulent 68% of the time.
Geo-location TechniqueGeo-location Technique
Geo-location technique Types:Geo-location technique Types:1 Quova Technique.1 Quova Technique.
2 IP2Location Technique.2 IP2Location Technique.
Quova TechniqueQuova Technique
Quova’s Geo-location Quova’s Geo-location Architecture OverviewArchitecture Overview
1- Global Data Collection Network (DCN).1- Global Data Collection Network (DCN).
2- Geo-Point Data Delivery Server (DDS).2- Geo-Point Data Delivery Server (DDS).
3- Closed Loop Methodolgy.3- Closed Loop Methodolgy.
Quova TechniqueQuova Technique
Global Data Collection Network Global Data Collection Network (DCN)(DCN)
o Largest IP geo-location data collection Largest IP geo-location data collection network in the world.network in the world.
o Collects 1.4 billion active IP addresses.Collects 1.4 billion active IP addresses.o There are 16 agents which are globally There are 16 agents which are globally
distributed around the world.distributed around the world.
Quova TechniqueQuova Technique
GeoPoint Data Delivery Server GeoPoint Data Delivery Server (DDS)(DDS)
o Collected data are passed to the DDS, which Collected data are passed to the DDS, which allows integration of real-time geo-location allows integration of real-time geo-location information with any online web-based information with any online web-based application.application.
o Applications have access to the GeoPoint DDS Applications have access to the GeoPoint DDS geo-location information, to provide geo-geo-location information, to provide geo-location information about an IP address location information about an IP address (Web visitor).(Web visitor).
Quova TechniqueQuova Technique
GeoPoint Data Delivery Server GeoPoint Data Delivery Server (DDS)-(Continued)(DDS)-(Continued)
o Each GeoPoint DDS contains a local copy of the Each GeoPoint DDS contains a local copy of the IP geo-location data, which is automatically IP geo-location data, which is automatically updated on a regular basis from the data updated on a regular basis from the data center.center.
o GeoPoint DDS automatically sends the received GeoPoint DDS automatically sends the received geol-location information back to Quova in geol-location information back to Quova in order to improve the quality of Quova’s services order to improve the quality of Quova’s services and to enable additional research.and to enable additional research.
IP2Location TechniqueIP2Location Technique
Current StudyCurrent Studyinin
Geo-location Geo-location
IP2Location AlgorithmIP2Location Algorithm
IP2Location TechniqueIP2Location Technique
Algorithm Steps:Algorithm Steps:
11 Detect IP Address.Detect IP Address.
22 Convert IP Address to IP Number.Convert IP Address to IP Number.
33 Search by IP NumberSearch by IP Number
44 Credit Card Number validation.Credit Card Number validation.
55 Credit Card Type Validation.Credit Card Type Validation.
66 AVSAVS
IP2Location Database IP2Location Database FormatFormat
COULMN NUMBER COULMN DESCRIPTION
1 Beginning IP number
2 Ending IP number
3 Country Code (ISO 3166) (2 characters)
4 Full Country name
5 Region
6 City
7 Latitude
8 Longitude
9 Zip Code
10 ISP
11 Domain Name
IP2Location Database IP2Location Database ExampleExample
COULMN NUMBER
COULMN DESCRIPTION COLUMN VALUES
1 Beginning IP number 67297944
2 Ending IP number 67297951
3 Country Code (ISO 3166) (2 characters) US
4 Full Country name UNITED STATES
5 Region SOUTH CAROLINA
6 City GEORGETOWN
7 Latitude 33.4905
8 Longitude 79.2882
9 Zip Code 29440
10 ISP CITY OF GEORGETOWN
11 Domain Name CITYOFGEORGETOWN.COM
IP2Location Database IP2Location Database SpecificationSpecification
FIELD # FIELD NAME DATA TYPE FIELD DESCRIPTION
1 IP_FROM NUMERICAL(DOUBLE)
Beginning of IP address range. The data is represented in IP number format
2 IP_TO NUMERICAL(DOUBLE)
Ending of IP address range. The data is represented in IP number format.
3 COUNTRY_CODE CHAR(2) Two-character country code based on ISO 3166.
4 COUNTRY_NAME VARCHAR(64) Country name based on ISO 3166
5 REGION VARCHAR(128) Region name
6 CITY VARCHAR(128) City name
FIELD # FIELD NAME DATA TYPE FIELD DESCRIPTION
7 LATITUDE NUMERICAL(DOUBLE)
City latitude. Default to capital city latitude if city is unknown.
8 LONGITUDE NUMERICAL(DOUBLE)
City longitude. Default to capital city longitude if city is unknown.
9 ZIPCODE CHAR(5) Five-digit ZIP codes for US cities only.
10 ISP_NAME VARCHAR(256) Internet Service Provider registered under the IP address range.
11 DOMAIN_NAME VARCHAR(128) Domain name assigned to Internet network.
IP2Location Database IP2Location Database SpecificationSpecification
Method of Converting IP Method of Converting IP Address into IP NumberAddress into IP Number
IP Number = (256)IP Number = (256)3 3 * W + (256)* W + (256)22 * X + 256 * Y + Z * X + 256 * Y + Z
Where: Where:
W: the first block of numbers in the IP address.W: the first block of numbers in the IP address.
X: the second block of numbers in the IP address.X: the second block of numbers in the IP address.
Y: the third block of numbers in the IP address.Y: the third block of numbers in the IP address.
Z: the forth block of numbers in the IP address.Z: the forth block of numbers in the IP address.
IP Address = 4.2.226.135IP Address = 4.2.226.135
IP Number = (256)IP Number = (256)3 3 * 4 + (256)* 4 + (256)22 * 2 + 256 * 226 * 2 + 256 * 226
+ 135 = 67297927+ 135 = 67297927
Example of Converting IP Example of Converting IP Address into IP NumberAddress into IP Number
Credit Card Credit Card Number Number
ValidationValidation
Credit Card Number Credit Card Number ValidationValidation
Validation AlgorithmValidation Algorithmo In order to validate and verify the credit In order to validate and verify the credit
card number, a special algorithm called card number, a special algorithm called (MOD 10 Check) or (LUHN Formula) is used.(MOD 10 Check) or (LUHN Formula) is used.
o The MOD 10 Check takes the provided The MOD 10 Check takes the provided credit card number from the customer and credit card number from the customer and validates that the number is in the correct validates that the number is in the correct range and format to be a credit card number range and format to be a credit card number and it is the type of credit card the customer and it is the type of credit card the customer says it is.says it is.
Credit Card Number Credit Card Number ValidationValidation
o MOD 10 Check does not tell if the credit MOD 10 Check does not tell if the credit card number is active or not, just that it is card number is active or not, just that it is in the correct format.in the correct format.
o This test is used on websites to validate This test is used on websites to validate that the credit card submitted is a that the credit card submitted is a recognizable credit card number.recognizable credit card number.
o It helps preventing processing credit card It helps preventing processing credit card authorizations on numbers that could not authorizations on numbers that could not possibly be credit cards.possibly be credit cards.
Credit Card Number Credit Card Number ValidationValidation
Credit Card Number Validation AlgorithmCredit Card Number Validation AlgorithmStep 1.Step 1. Double the value of alternating digits, Double the value of alternating digits,
starting from the second to last digit of the starting from the second to last digit of the credit card number.credit card number.
Step 2.Step 2. Add the separate digits of the product from Add the separate digits of the product from the previous step.the previous step.
Step 3.Step 3. Add the uneffected digits of the credit card Add the uneffected digits of the credit card number.number.
Step 4.Step 4. Add the results from step2 and step3 and Add the results from step2 and step3 and divide the total by 10, if the remainder was zero, divide the total by 10, if the remainder was zero, then it’s a valid number then it’s a valid number
Credit Card Number Credit Card Number ValidationValidation
o ExampleExampleStep1:Step1: Starting with the second to last digit Starting with the second to last digit
and moving left, Double the value of all and moving left, Double the value of all alternating digits.alternating digits.
For example: if we have a credit card with For example: if we have a credit card with the following number 1234 5678 1234 the following number 1234 5678 1234 5670. we will do the following:5670. we will do the following:
1234 5678 1234 56701234 5678 1234 56707 x 2 = 147 x 2 = 145 x 2 = 105 x 2 = 103 x 2 = 63 x 2 = 61 x 2 = 21 x 2 = 27 x 2 = 147 x 2 = 145 x 2 = 105 x 2 = 103 x 2 = 63 x 2 = 61 x 2 = 21 x 2 = 2
Credit Card Number Credit Card Number ValidationValidation
Step2:Step2: Add the separate digits of the products Add the separate digits of the products from step1.from step1.
(1+4) + (1+0) + (6) + (2) + (1+4) + (1+0) + (6) + (1+4) + (1+0) + (6) + (2) + (1+4) + (1+0) + (6) + (2) = 28 (2) = 28
Step3:Step3: Add all the unaffected digits (the digits Add all the unaffected digits (the digits that we did not double).that we did not double).
1234 5678 1234 56701234 5678 1234 5670
0 + 6 + 4 + 2 + 8 + 6 + 4 + 2 = 320 + 6 + 4 + 2 + 8 + 6 + 4 + 2 = 32
Step4:Step4: Add the results from step 2 and step3, and Add the results from step 2 and step3, and divide by 10.divide by 10.
28 + 32 = 6028 + 32 = 60
If the result is divisible by 10, then the credit card If the result is divisible by 10, then the credit card number is valid.number is valid.
Credit Card Number Credit Card Number ValidationValidation
Sequence DiagramSequence Diagram
Credit Card Credit Card Type Type
ValidationValidation
Credit Card Type Credit Card Type ValidationValidation
o It verifies whether that the customer has It verifies whether that the customer has provided the correct credit card typeprovided the correct credit card type
o All Credit Cards have specific number length All Credit Cards have specific number length and numerical prefix.and numerical prefix.
Card Type Prefix Number Length
Master Card 51-55 16
VISA 4 13 or 16
American Express 34 or 37 15
Diners Club/Carte Blanche 300-305, 36, 38 14
enRoute 2014, 2149 15
Discover 6011 16
JCB 3 16
JCB 2131, 1800 15
Credit Card Type Credit Card Type ValidationValidation
Credit Card Type Validation AlgorithmCredit Card Type Validation Algorithm
Credit Card Type Credit Card Type ValidationValidation
Sequence DiagramSequence Diagram
Credit Card Type and Credit Card Type and Number ValidationsNumber Validations
Model Activity DiagramModel Activity Diagram
top related