Detecting Credit Card Fraud

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Detecting Credit Card Fraud"

Transcription

1 Case Study Detecting Credit Card Fraud Analysis of Behaviometrics in an online Payment environment

2 Introduction BehavioSec have been conducting tests on Behaviometrics stemming from card payments within a Payment Service Provider (PSP). The live data was recorded when payers entered the standard credit card number, name and additional information. The request came from a customer based in the Nordics looking for additional technologies to enhance its Web Fraud Detection (WFD) offering. In a card-not-present situation Behaviometrics offers a new approach that existing fraud checks have failed to identify; the human behind the payment and whether or not it is the right cardholder conducting the transaction. BehavioSec supplied the customer with BehavioWeb to integrate into an existing customer s payment page. The merchant collected Behaviometrics from 2371 individuals which generated four transactions in average total records reaching Nearly all users had two or more data records which are the minimum amount of records required to be able to build a behavioral profile and be able to perform a test. One fifth of the users had five or more transaction records. Five transactions is a good trade off point between learning time and the accuracy of the investigation and the average amount of transactions conducted in one month by Internet bankers. The system accurately detects the payer 4,5 out of the 5 times just by the way the person types their card information. The system becomes better over time and around 20 times equal to 4 months usage the system reaches 97% accuracy. Card payers have flexibility in where to spend their money and complete transaction at other services before returning to the merchant. Therefore identification of just not the correct user is of interest but also detection of suspicious usage to spot fraudsters between different accounts. For detection mode the system was able to reach 87% accuracy in recognizing the person attempting to use another person s card. The results clearly show that there is divergence between how users interact with the merchant s check-out page and entering payment information and a possibility to combat fraud by user behavior. 100,00% 80,00% 60,00% 40,00% 20,00% 0,00% 0,00 0,10 0,20 0,30 0,40 0,50 0,60 0,70 0,80 0,90

3 Contents 1 Background Intended audience Definitions How the results are calculated Overlapping behavioral patterns Measuring the accuracy Cross examination to simulate impostors Analysis Dataset statistics Observations and delimitations Results and conclusion Authentication Accuracy based on empiric data (for authentication purposes) Usability analysis List of suspicious transactions Investigation / Forensics Usability analysis Conclusions Summary Further reading... 11

4 1 Background BehavioSec is the innovator in Continuous Verification of end users through Behaviometrics (behavioral biometrics). Our on-line offering, BehavioWeb, is a solution to monitor and analyze behavior based on the interactions with a web page to enhance trustworthy communications. By timing each key press and analyzing the timing deltas to subsequent key action (up & down) for each key pair, the software builds up a profile of the user to be used in order to detect consistency. Through this analysis the software collects Behaviometrics of the user s normal usage patterns via this small statistical data on any transaction. The server side software will perform a risk analysis on the data and gives a scoring that is the similarity to the correct user. By looking at user s various Behaviometrics the software can determine the transactional risk level, send alarms to alert investigators and, if existing infrastructure is in place, take steps to prevent fraudulent usage by requesting additional authentication to take place. A detailed forensic trail of the events and a comparison against specific fraud profiles identified is presented in the management dashboard to allow thorough investigations and speed up the fraud case management. BehavioWeb evaluates an individual s typing behavior against their and all other individuals history. The software is constantly adapting to the end user s changes in behavior and is updating its risk evaluations without manual configuration. The purpose of this document is to illustrate how BehavioWeb would perform in a live payment environment. 1.1 Intended audience This report is designed for people responsible for e-commerce Payment, Risk Assessment & Management, System Design, Fraud Management and Transaction Monitoring as well as IT and/or Security personnel. This document does not require specific technology knowledge, but it refers to many concepts without providing explanation to the terminology. These terms are used in their industry-standard meaning, and their definitions can be found in various sources, including the definition list in this document. 1

5 2 Definitions Record/Sample Profile Insertion/Update Score Threshold A record/sample is the blob of behavioral data that is collected when typing in a text field. The profile is much like a fingerprint of the behavior which is unique for each individual user. The fingerprint is built by collecting and analyzing samples. Insertions/updates is a measurement of how many times that a profile has been updated with data from new samples. When comparing a collected sample against a profile a score between 0.0 and 1.0 is calculated. The higher the score, the more probable it is that the sample comes from the correct person. A threshold can be used to separate the impostor from the correct user and have a direct link to the False Accept Ratio (FAR) and False Reject Ratio (FRR). If the score is above the threshold it is considered to be the correct user, if the score is below the threshold it is considered to be an impostor. The threshold can be set on a range between 0.0 and 1.0. False Accept Ratio (FAR) The statistical ratio (%) of samples that incorrectly scores above the threshold. E.g. the percentage of patterns that we know belong to an incorrect user and that is falsely accepted as the correct user. A high threshold makes it less likely for incorrect samples to be accepted. False Reject Ratio (FRR) The statistical ratio (%) of samples that incorrectly scores below the threshold. E.g. the percentage of patterns that we know belong to the correct user and that is falsely rejected as the correct user. A low threshold makes it less likely for the correct samples to be rejected. Equal Error Rate (ERR) Equal Error Rate the point (threshold) at which the curves for FAR and FRR intersects. It is the point on which FAR and FRR is equal. It is used to determine the accuracy of a system. 2

6 3 How the results are calculated Biometrical systems generally separate impostors from a correct user by matching a score against a threshold. The score is how similar a sample and a template is; the higher score the more similar they are. The threshold is a line that says that all scores above this line is considered to be the correct user while all scores that are below the threshold is considered to be an impostor. Looking at the figure below, the samples 1, 2 and 3 would be considered to be from the correct user while sample 3 and 4 would be considered as impostors Score Sample 1 Sample 2 Sample 3 Sample 4 Sample 5 The false accept rate (FAR) is the percentage of samples that are incorrectly accepted (match between input and a non-matching template). The false reject rate (FRR) is the percentage of samples that are incorrectly rejected (fails to detect a match between input and matching template). 3.1 Overlapping behavioral patterns In general, the matching algorithm performs a decision based on a threshold which determines how close to a template the input needs to be for it to be considered a match. If the threshold is reduced, there will be less false rejects but more false accepts. Correspondingly, a higher threshold will reduce the false accept rating but increase the false reject rating. In some cases it is possible that the impostor patterns generate scores that are higher than the patterns from the user which leads to classification errors. Depending on the threshold, a range between all and none of the impostor patterns are falsely accepted by the system. The choice of threshold value is a problem if the scoring distribution of the correct user and impostor overlap. 3

7 User scores Impostor scores Frequency Score In theory, the correct users should always score higher than the impostors. A single threshold could then be used to separate the correct user from the impostors. 3.2 Measuring the accuracy The Equal Error Rate (EER) indicates the accuracy of the system. The EER is calculated by studying where the FAR and FRR intersect (the threshold level in which the FAR and FRR have the same value). The lower the EER, the more accurate the system is considered to be. The relationship between False Accepts and False Rejects in contrast of threshold levels is best described with a Receiver Operating Characteristic (ROC) curve. An ROC curve is a graphical representation of the tradeoff between the false negative and false positive rates for every possible threshold level. If the threshold is reduced there will be less false rejects but more false accepts. A higher threshold will reduce the FAR but increase the FRR. Accept / Reject Ratio (%) Example ROC Curve FAR FRR EER Threshold level 3.3 Cross examination to simulate impostors In order to calculate the FRR we can simply compare samples from a user with its own profile and counting all the false rejects. To calculate the FAR we need to simulate intrusion attempts, this is done by comparing against records from a user that we know belong to another. 4

8 4 Analysis Below is a summary of the dataset that has been analyzed. The distribution of records indicates the number of users that have the exact number (==) of records as well as how many of the users that have more or equal (>=) to the specified number of records. 4.1 Dataset statistics Number of users 2371 Number of records 9736 Average number of samples Input fields 4.10 CreditCardHolder CreditCardNumber CreditCardCCV Anonymous Anonymous Distribution of records # Records # Users (%) More or equal 1 15 (0.63%) 100.0% ,99% 30,92% 20,79% 15,61% 11,89% 9,41% 7,84% 5,82% 2,83% 1,69% 1,10% 100,00% 99,37% (48.38%) 99.37% (20.08%) 50.99% (10.12%) 30.92% (5.19%) 20.79% 6 88 (3.71%) 15.61% 7 59 (2.49%) 11.89% 8 37 (1.56%) 9.41% (7.85%) 7.84% (0,81%) 5.82% 15 8 (0.34%) 2.83% 20 2 (0.08%) 1.69% (1.10%) 1.10% 5

9 4.2 Observations and delimitations 99.37% of the users had two or more data records which are the minimum amount of records required to be able to build a behavioral profile and be able to perform a test % of the users had 5 or more transaction records. 5 transactions is a good trade off point between learning time and the accuracy of the investigation. To calculate False Reject Rating (FRR) we assume that it is the correct person that has accessed the account. The False Accept Rates (FAR) are for forensic/investigation mode (the ability to pin out the correct user from the entire user base based on the transaction record). Profiles built over a longer period of time and over different input fields will be more complete (statistics of more key combinations), making investigation mode more accurate. o The accuracy of the investigation mode would greatly benefit from collecting keystroke records from more fields and forms. It is not possible to calculate the False Accept Rate (FAR) for authentication purposes using this dataset because: o For example, the names Anders and Felix only have one common letter (e). Depending on the type of field and environment that Behavio is deployed in this can negatively impact the results in investigation mode. For authentication it would be different. If Felix would impersonate Anders and try to make a transaction as Anders; then Felix would enter Anders as his name which would enable Behavio to compare the entire key sequence. o To achieve higher accuracy on anonymous fields the user has to type the same thing every time. If the user changes for example password, then the profile should be cleared. This is linked to the situation above. 6

10 5 Results and conclusion Below are the results from the dataset. The results are split into two different running modes to illustrate the different use scenarios and what can be expected from them. 5.1 Authentication When running BehavioWeb in authentication mode the system will compare the keystroke record collected during the transaction with the behavioral profile that is associated with the user (1:1 match) Accuracy based on empiric data (for authentication purposes) The following accuracy calculations are based on data where the users have been participating in a controlled test environment. The updates column the training level of the behavioral profile and the second column is the accuracy for BehavioWeb at that training level. Updates Accuracy (1-EER) 0 Not possible 1 ~ 70% 2 ~ 75% 3 ~ 80% 4 ~ 91% 5 ~ 92% 10 ~ 95% 20 ~ 97% By looking at the table above we can see that starting from the first profile update the accuracy of the system is 70%. After 5 updates the accuracy starts to pan out and is fairly consistent at around 97% after 20 updates Usability analysis To achieve accuracy over 90% a training history of 5 transaction records are desirable but already after 3 transactions we see a significant difference between users (with a ~80% accuracy). Only 20.79% of the user base in the retrieved dataset fulfills the desirable amount but over half of the users fulfill the 3 transaction threshold. 7

11 Training level Accuracy % of user base 1 ~ 70% 100% 2 ~ 75% 99.37% 3 ~ 80% 50.99% 4 ~ 91% 30.92% 5 ~ 92% 20.79% 10 ~ 95% 5.82% 20 ~ 97% 4.93% List of suspicious transactions Out of all transaction a shortlist of suspicious transactions was presented in which roughly 6 % were marked for further investigation. The criterion to be listed is that the user should have made at least 5 transactions and below get a score below 10%. 5.2 Investigation / Forensics When running BehavioWeb in authentication mode the system will compare and rank the results against a selected range of behavioral profiles (1:n match) Usability analysis Below is the RoC curve for investigation mode illustrating the FAR and FRR over different threshold and training levels. It clearly shows that there is a significant difference between the users and should be able to single out the correct user from a bigger set by comparing a single keystroke record. 100,00% 75,00% RoC Ratio 50,00% 25,00% 0,00% 0,00 0,10 0,20 0,30 0,40 0,50 0,60 0,70 0,80 0,90 Threshold The accuracy of the system is the likelihood that it is the correct user that comes out on top in an investigation. To analyze the accuracy the Equal Error Rates (where the FAR and FRR intersect) for different training levels are calculated, results are shown in the graphs below. 8

12 Equal Error Rate 25,00% 20,00% 15,00% 10,00% 5,00% 0,00% Equal Error Rate Number of samples With the current setup of one regular form field and two anonymized we can see that the accuracy peak is just above 87% for investigation/forensic mode. This is achievable if the user has around 10 previous keystroke records from which BehavioWeb have learnt the behavior. This applies for 5.82% of the user base in the data set. Accuracy 90,00% 85,00% 80,00% 75,00% Accuracy Number of samples 99.37% of the user base has two or more records which would guarantee that the minimum achievable accuracy is 80% across all users. Approximately 20% of the users would be able to achieve ~85% accuracy (based on 5 keystroke records). 5.3 Conclusions For authentication/verification purposes BehavioWeb over 50% of the users would have ~80% accuracy, meaning that the system would classify the user correctly 80% of the times. Accuracy at 90% is desirable and that would address ~31% of the data set user base. Optimal amount of training is 10 keystroke records which results in over 95% accuracy (and pan out around 97%). Using an approach that allows the user to try again after a failed verification before the transaction is flagged as fraudulent would increase the overall accuracy of the system (false reject rate is lower exponentially). For investigation/forensics purposes scenarios it is possible, with the current set up to reach 87% accuracy. Investigation mode would greatly benefit from not using anonymous fields and/or collecting keystroke records from other forms/fields. Since a lot of users only had one or two keystroke records in the dataset collecting more data over a longer period would enable the higher accuracy levels for more users. 9

13 6 Summary There is no silver bullet to solve the identity problem on the Internet. Concerned parties need to enlist every tool in their arsenal to stay ahead of fraud and identity attacks. To secure transactions one must implement the security pillars of something you have, something you know and something you are to create a nonrepudiate session. Our technology helps in such a multi-layered authentication approach. With Behaviometrics you can reach the trustworthiness of knowing that it is the correct user without having to sacrifice the comfort of using knowledge based and strong authentication i.e. a password and a hardware/software token. Looking at behavior is not new. Card issuers looking for strange usage to determine risk is common place. This manifests itself with cards being blocked when used in strange locations for odd purchases. Using our technology to determine risk is this approach applied to the Internet. The technology also has applications in detecting human access vs. automated (bots), detecting multiple account registrations, and in forensics where transactions determined to be fraudulent can be examining not for not being the correct user but who that user is likely to be. We can match transaction profiles against known fraudster profiles in a central database to help fraud case management and speed up investigations. In comparison to traditional authentication and biometrics that offer a one-off approach, either yes or no, a Behaviometric solution gives a similarity to the known behavior. Couple that with existing risk engines prediction of how accurate the scoring is based on multiple variables it gives a confidence in the identity of a user without impacting the end user experience. Compare it to swiping a fingerprint whenever a transaction occurs but without the hassle of additional hardware or requiring intrusive information. 10

14 7 Further reading BehavioWeb Product sheet BehavioWeb - A paradigm shift in internet security Whitepaper Mouse Dynamics Whitepaper Behaviometrics - A paradigm shift in computer security Whitepaper Behavio Enterprise Product sheet 11

BehavioSec participation in the DARPA AA Phase 2

BehavioSec participation in the DARPA AA Phase 2 BehavioSec participation in the DARPA AA Phase 2 A case study of Behaviometrics authentication for mobile devices Distribution Statement A (Approved for Public Release, Distribution Unlimited) 1 This paper

More information

Personal Identification Techniques Based on Operational Habit of Cellular Phone

Personal Identification Techniques Based on Operational Habit of Cellular Phone Proceedings of the International Multiconference on Computer Science and Information Technology pp. 459 465 ISSN 1896-7094 c 2006 PIPS Personal Identification Techniques Based on Operational Habit of Cellular

More information

Measuring Performance in a Biometrics Based Multi-Factor Authentication Dialog. A Nuance Education Paper

Measuring Performance in a Biometrics Based Multi-Factor Authentication Dialog. A Nuance Education Paper Measuring Performance in a Biometrics Based Multi-Factor Authentication Dialog A Nuance Education Paper 2009 Definition of Multi-Factor Authentication Dialog Many automated authentication applications

More information

ADVANTAGES OF A RISK BASED AUTHENTICATION STRATEGY FOR MASTERCARD SECURECODE

ADVANTAGES OF A RISK BASED AUTHENTICATION STRATEGY FOR MASTERCARD SECURECODE ADVANTAGES OF A RISK BASED AUTHENTICATION STRATEGY FOR MASTERCARD SECURECODE Purpose This document explains the benefits of using Risk Based Authentication (RBA) a dynamic method of cardholder authentication

More information

ARMORVOX IMPOSTORMAPS HOW TO BUILD AN EFFECTIVE VOICE BIOMETRIC SOLUTION IN THREE EASY STEPS

ARMORVOX IMPOSTORMAPS HOW TO BUILD AN EFFECTIVE VOICE BIOMETRIC SOLUTION IN THREE EASY STEPS ARMORVOX IMPOSTORMAPS HOW TO BUILD AN EFFECTIVE VOICE BIOMETRIC SOLUTION IN THREE EASY STEPS ImpostorMaps is a methodology developed by Auraya and available from Auraya resellers worldwide to configure,

More information

User Authentication Methods for Mobile Systems Dr Steven Furnell

User Authentication Methods for Mobile Systems Dr Steven Furnell User Authentication Methods for Mobile Systems Dr Steven Furnell Network Research Group University of Plymouth United Kingdom Overview The rise of mobility and the need for user authentication A survey

More information

Sage Pay Fraud Prevention Guide

Sage Pay Fraud Prevention Guide Sage Pay Fraud Prevention Guide April 2014 Table of Contents 1.0 Introduction to fraud prevention 3 1.1 What are the fraud prevention tools 3 2.0 AVS/CV2 4 2.1 What is AVS/CV2 4 2.2 How it works 5 2.3

More information

Biometric Authentication using Online Signature

Biometric Authentication using Online Signature University of Trento Department of Mathematics Outline Introduction An example of authentication scheme Performance analysis and possible improvements Outline Introduction An example of authentication

More information

Mitigating Fraud Risk Through Card Data Verification

Mitigating Fraud Risk Through Card Data Verification Risk Management Best Practices 11 September 2014 Mitigating Fraud Risk Through Card Data Verification AP, Canada, CEMEA, LAC, U.S. Issuers, Processors With a number of cardholder payment options (e.g.,

More information

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

More information

MASTERCARD SECURECODE ISSUER BEST PRACTICES

MASTERCARD SECURECODE ISSUER BEST PRACTICES MASTERCARD SECURECODE ISSUER BEST PRACTICES Minimize Abandonment in Authorization and Maximize Fraud Reduction with an Optimal Implementation of SecureCode Best Practices The explosive growth of e-commerce

More information

Signature Verification Why xyzmo offers the leading solution.

Signature Verification Why xyzmo offers the leading solution. Dynamic (Biometric) Signature Verification The signature is the last remnant of the hand-written document in a digital world, and is considered an acceptable and trustworthy means of authenticating all

More information

Fraud Prevention and Program Security Gord Jamieson Director Risk Management & Security Visa Canada Association

Fraud Prevention and Program Security Gord Jamieson Director Risk Management & Security Visa Canada Association Fraud Prevention and Program Security Gord Jamieson Director Risk Management & Security Visa Canada Association Evolution of Risk Management Controls Presentation text goes here. Presentation text goes

More information

Using Voice Biometrics in the Call Center. Best Practices for Authentication and Anti-Fraud Technology Deployment

Using Voice Biometrics in the Call Center. Best Practices for Authentication and Anti-Fraud Technology Deployment Using Voice Biometrics in the Call Center Best Practices for Authentication and Anti-Fraud Technology Deployment This whitepaper is designed for executives and managers considering voice biometrics to

More information

Catching Fraudsters In Real Time

Catching Fraudsters In Real Time Catching Fraudsters In Real Time Aaron Tietz aaron.tietz@tufts.edu Mentor: Ming Chow Abstract Unlike physical store retailers, e-retailers are responsible to repay customers for money lost due to fraudulent

More information

Biometrics in Physical Access Control Issues, Status and Trends White Paper

Biometrics in Physical Access Control Issues, Status and Trends White Paper Biometrics in Physical Access Control Issues, Status and Trends White Paper Authored and Presented by: Bill Spence, Recognition Systems, Inc. SIA Biometrics Industry Group Vice-Chair & SIA Biometrics Industry

More information

Ventura County Credit Union Online Banking User Guide

Ventura County Credit Union Online Banking User Guide Ventura County Credit Union Online Banking User Guide 1 Table of Contents Registration... Log-in.... 7 Profile Page....... 8 Accounts Tab..... 9 Account Summary Page... 9 Transaction History.... 10 Change

More information

ecommerce Stages of Authentication Dynamic Factor Authentication

ecommerce Stages of Authentication Dynamic Factor Authentication ecommerce Stages of Authentication Dynamic Factor Authentication Card Data, name & Password MagnePrint Score card swipe Password Name Hardware authentication Mutual device authentication Single factor

More information

Recommendations for improving European online payments regulation

Recommendations for improving European online payments regulation Recommendations for improving European online Ecommerce Europe Annual Conference Barcelona, 30 may 2016 Marco Fava marco.fava@cleveradvice.eu Copyright CleverAdvice No part of this publication may be reproduced,

More information

White Paper. Managing Risk to Sensitive Data with SecureSphere

White Paper. Managing Risk to Sensitive Data with SecureSphere Managing Risk to Sensitive Data with SecureSphere White Paper Sensitive information is typically scattered across heterogeneous systems throughout various physical locations around the globe. The rate

More information

one admin. one tool. Providing instant access to hundreds of industry leading verification tools.

one admin. one tool. Providing instant access to hundreds of industry leading verification tools. 2 7 12 14 11 15 8 16 10 41 40 42 19 49 45 44 50 48 47 51 46 52 53 55 54 56 57 67 68 1 5 39 43 58 71 81 82 69 70 88 25 29 23 26 22 3 21 28 4 6 32 30 38 33 31 37 34 35 36 63 59 64 60 62 61 65 72 73 66 74

More information

Visa Debit processing. For ecommerce and telephone order merchants

Visa Debit processing. For ecommerce and telephone order merchants Visa Debit processing For ecommerce and telephone order merchants Table of contents About this guide 3 General procedures 3 Authorization best practices 3 Status check transactions 4 Authorization reversals

More information

IDRBT Working Paper No. 11 Authentication factors for Internet banking

IDRBT Working Paper No. 11 Authentication factors for Internet banking IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased

More information

Alternative authentication what does it really provide?

Alternative authentication what does it really provide? Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies

More information

A CHASE PAYMENTECH WHITE PAPER. Expanding internationally: Strategies to combat online fraud

A CHASE PAYMENTECH WHITE PAPER. Expanding internationally: Strategies to combat online fraud A CHASE PAYMENTECH WHITE PAPER Expanding internationally: Strategies to combat online fraud Fraud impacts nearly eight in every ten international online retailers 1. It hampers prospects for growth, restricts

More information

Biometrics for Payment Applications. The SPA Vision on Financial Match-on-Card

Biometrics for Payment Applications. The SPA Vision on Financial Match-on-Card Biometrics for Payment Applications The SPA Vision on Financial Match-on-Card November 2013 Table of Contents 1. Introductory Remarks... 3 2. The Use of Biometrics for Personal Authentication... 5 2.1.

More information

FFIEC CONSUMER GUIDANCE

FFIEC CONSUMER GUIDANCE FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their

More information

Risk Management Service Guide. Version 4.2 August 2013 Business Gateway

Risk Management Service Guide. Version 4.2 August 2013 Business Gateway Risk Management Service Guide Version 4.2 August 2013 Business Gateway This page is intentionally blank. Table Of Contents About this Guide... 1 Change History... 1 Copyright... 1 Introduction... 3 What

More information

Five Steps Towards Effective Fraud Management

Five Steps Towards Effective Fraud Management Five Steps Towards Effective Fraud Management Merchants doing business in a card-not-present environment are exposed to significantly higher fraud risk, costly chargebacks and the challenge of securing

More information

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 On 5 th March 2010, The Association of Banks in Singapore announced key measures to adopt a holistic

More information

A multi-layered approach to payment card security.

A multi-layered approach to payment card security. A multi-layered approach to payment card security. CARD-NOT-PRESENT 1 A recent research study revealed that Visa cards are the most widely used payment method at Canadian websites, on the phone, or through

More information

Blackbaud Merchant Services Web Portal Guide

Blackbaud Merchant Services Web Portal Guide Blackbaud Merchant Services Web Portal Guide 06/11/2015 Blackbaud Merchant Services Web Portal US 2015 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any

More information

Biometrics and Cyber Security

Biometrics and Cyber Security Biometrics and Cyber Security Key Considerations in Protecting Critical Infrastructure Now and In The Future Conor White, Chief Technology Officer, Daon Copyright Daon, 2009 1 Why is Cyber Security Important

More information

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login

More information

BIOMETRIC AUTHENTICATION SECURITY AND USABILITY

BIOMETRIC AUTHENTICATION SECURITY AND USABILITY BIOMETRIC AUTHENTICATION SECURITY AND USABILITY Václav Matyáš and Zdeněk Říha Faculty of Informatics, Masaryk University Brno, Czech Republic {matyas, zriha} @fi.muni.cz Abstract We would like to outline

More information

BEHAVIOR BASED CREDIT CARD FRAUD DETECTION USING SUPPORT VECTOR MACHINES

BEHAVIOR BASED CREDIT CARD FRAUD DETECTION USING SUPPORT VECTOR MACHINES BEHAVIOR BASED CREDIT CARD FRAUD DETECTION USING SUPPORT VECTOR MACHINES 123 CHAPTER 7 BEHAVIOR BASED CREDIT CARD FRAUD DETECTION USING SUPPORT VECTOR MACHINES 7.1 Introduction Even though using SVM presents

More information

Development of Attendance Management System using Biometrics.

Development of Attendance Management System using Biometrics. Development of Attendance Management System using Biometrics. O. Shoewu, Ph.D. 1,2* and O.A. Idowu, B.Sc. 1 1 Department of Electronic and Computer Engineering, Lagos State University, Epe Campus, Nigeria.

More information

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know Whitepaper Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know Phone (0) 161 914 7798 www.distology.com info@distology.com detecting the unknown Integrity

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

FeedZai Fraud Prevention - Demo Instructions

FeedZai Fraud Prevention - Demo Instructions FeedZai Fraud Prevention - Demo Instructions Access Information URL: Username: Password: http://teched2013.feedzai.com/ pulse pulseadmin Overview of the Product and Scope FeedZai's Fraud Prevention, based

More information

RSA Adaptive Authentication For ecommerce

RSA Adaptive Authentication For ecommerce RSA Adaptive Authentication For ecommerce Risk-based 3D Secure for Credit Card Issuers SOLUTION BRIEF RSA FRAUD & RISK INTELLIGENCE The Threat of ecommerce Fraud ecommerce fraud is a threat to both issuers

More information

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 4, April 2014,

More information

An Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus

An Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus An Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus Tadashi Ogino* Okinawa National College of Technology, Okinawa, Japan. * Corresponding author. Email: ogino@okinawa-ct.ac.jp

More information

WHITE PAPER Moving Beyond the FFIEC Guidelines

WHITE PAPER Moving Beyond the FFIEC Guidelines WHITE PAPER Moving Beyond the FFIEC Guidelines How Device Reputation Offers Protection Against Future Security Threats Table of Contents Introduction 1 The FFIEC Guidelines 2 Why Move Beyond Complex Device

More information

Powering e-commerce Globally. What Can I Do to Minimize E-Commerce Chargebacks?

Powering e-commerce Globally. What Can I Do to Minimize E-Commerce Chargebacks? Powering e-commerce Globally What Can I Do to Minimize E-Commerce Chargebacks? Chargebacks are not going away. And now there are new rules. Selling products and services online and using credit cards for

More information

Report & Survey Methodology. Summary of Participants Profiles Online Fraud Survey Wave 2004 2005 2006 2007 2008 2009

Report & Survey Methodology. Summary of Participants Profiles Online Fraud Survey Wave 2004 2005 2006 2007 2008 2009 Report & Survey Methodology This report is based on a survey of U.S. and Canadian online merchants. Decision makers who participated in this survey represent a blend of small, medium and large-sized organizations

More information

The State of Play in Cyber Payments Fraud Improving Security for Online & Card Not Present Transactions

The State of Play in Cyber Payments Fraud Improving Security for Online & Card Not Present Transactions The State of Play in Cyber Payments Fraud Improving Security for Online & Card Not Present Transactions Mark Greene, Ph.D CEO, FICO Federal Reserve Bank of Chicago 26 September 2011 Cybercrime Costs 431

More information

fraud prevention solutions tougher on fraudsters, simpler for you DOCUMENT D EXECUTION INGENICO_PAYMENT_CMJN.ai

fraud prevention solutions tougher on fraudsters, simpler for you DOCUMENT D EXECUTION INGENICO_PAYMENT_CMJN.ai DOCUMENT D EXECUTION INGENICO_PAYMENT_CMJN.ai INFORMATIONS GENERALES COULEURS UTILISEES APPROBATION Client: INGENICO Date : 03 MAI 2014 Utilisation: Impression quadri. Ne pas utiliser pour application

More information

Automatic Speaker Verification (ASV) System Can Slash Helpdesk Costs

Automatic Speaker Verification (ASV) System Can Slash Helpdesk Costs Solutions White Paper Automatic Speaker Verification (ASV) System Can Slash Helpdesk Costs Table of Contents Executive Summary............................. 1 Business Challenge.............................

More information

Evaluation & Validation: Credibility: Evaluating what has been learned

Evaluation & Validation: Credibility: Evaluating what has been learned Evaluation & Validation: Credibility: Evaluating what has been learned How predictive is a learned model? How can we evaluate a model Test the model Statistical tests Considerations in evaluating a Model

More information

User Behaviour Analytics

User Behaviour Analytics User Behaviour Analytics How do they know its really you? White Paper Sept 2015 Ezmcom Inc. 4701 Patrick Henry Drive BLDG 7, Santa Clara, CA, 95054, US Executive Summary Authentication has traditionally

More information

Support Vector Machines for Dynamic Biometric Handwriting Classification

Support Vector Machines for Dynamic Biometric Handwriting Classification Support Vector Machines for Dynamic Biometric Handwriting Classification Tobias Scheidat, Marcus Leich, Mark Alexander, and Claus Vielhauer Abstract Biometric user authentication is a recent topic in the

More information

Payflow Fraud Protection Services User s Guide

Payflow Fraud Protection Services User s Guide Payflow Fraud Protection Services User s Guide For Professional Use Only Currently only available in English. A usage Professional Uniquement Disponible en Anglais uniquement pour l instant. Last updated:

More information

Integrating Biometrics into the Database and Application Server Infrastructure. Shirley Ann Stern Principal Product Manager Oracle Corporation

Integrating Biometrics into the Database and Application Server Infrastructure. Shirley Ann Stern Principal Product Manager Oracle Corporation Integrating Biometrics into the Database and Application Server Infrastructure Shirley Ann Stern Principal Product Manager Oracle Corporation 1 Agenda! Introduction Importance of the infrastructure Role

More information

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing

More information

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper Spotting ID Theft Red Flags A Guide for FACTA Compliance An IDology, Inc. Whitepaper With a November 1 st deadline looming for financial companies and creditors to comply with Sections 114 and 315 of the

More information

Biometric Authentication using Online Signatures

Biometric Authentication using Online Signatures Biometric Authentication using Online Signatures Alisher Kholmatov and Berrin Yanikoglu alisher@su.sabanciuniv.edu, berrin@sabanciuniv.edu http://fens.sabanciuniv.edu Sabanci University, Tuzla, Istanbul,

More information

Global Visa Card-Not-Present Merchant Guide to Greater Fraud Control. Protect Your Business and Your Customers with Visa s Layers of Security

Global Visa Card-Not-Present Merchant Guide to Greater Fraud Control. Protect Your Business and Your Customers with Visa s Layers of Security Global Visa Card-Not-Present Merchant Guide to Greater Fraud Control Protect Your Business and Your Customers with Visa s Layers of Security Millions of Visa cardholders worldwide make one or more purchases

More information

White paper. Biometrics and the mitigation of card-related fraud

White paper. Biometrics and the mitigation of card-related fraud White paper Biometrics and the mitigation of card-related fraud The Aadhaar scheme, primarily envisaged to provide every resident proof of identity, holds a great deal of promise for other applications

More information

The In-Depth Guide to Fraud Prevention in International E-commerce

The In-Depth Guide to Fraud Prevention in International E-commerce The In-Depth Guide to Fraud Prevention in International E-commerce The Evolution of Fraud Cyberattacks are not a new threat, yet the rise in high-profile hacking cases has merchants rightfully concerned

More information

Configuration and Management of Speaker Verification Systems

Configuration and Management of Speaker Verification Systems Configuration and Management of Speaker Verification Systems Chuck Johnson Architect ibiometrics, Inc. Introduction For peak performance of a Speaker Verification solution, the VoiceXML client (voice application)

More information

An effective approach to preventing application fraud. Experian Fraud Analytics

An effective approach to preventing application fraud. Experian Fraud Analytics An effective approach to preventing application fraud Experian Fraud Analytics The growing threat of application fraud Fraud attacks are increasing across the world Application fraud is a rapidly growing

More information

Advanced Authentication

Advanced Authentication White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is

More information

My Sage Pay User Manual

My Sage Pay User Manual My Sage Pay User Manual Page 1 of 32 Contents 01. About this guide..4 02. Getting started.4 Online help Accessing My Sage Pay Test Servers Live Servers The Administrator account Creating user accounts

More information

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation Your Single Source for credit, debit and pre-paid services Fraud Risk and Mitigation Agenda Types of Fraud Fraud Identification Notifications Next Steps 11/8/2013 2 Types of Fraud Lost and Stolen Cards

More information

CA Viewpoint. Meeting the European Banking Authority Guidelines and EU Payment Security Directive for Secure Authentication

CA Viewpoint. Meeting the European Banking Authority Guidelines and EU Payment Security Directive for Secure Authentication EXECUTIVE BRIEF AUGUST 2015 CA Viewpoint Summary of European Banking Authority Guidelines and How CA Can Help Meeting the European Banking Authority Guidelines and EU Payment Security Directive for Secure

More information

Fraud Detection. Configuration Guide for the Fraud Detection Module v.4.2.0. epdq 2014, All rights reserved.

Fraud Detection. Configuration Guide for the Fraud Detection Module v.4.2.0. epdq 2014, All rights reserved. Configuration Guide for the Fraud Detection Module v.4.2.0 Table of Contents 1 What is the... Fraud Detection Module? 4 1.1 Benefits 1.2 Access 1.3 Contents... 4... 4... 4 2 Fraud detection... activation

More information

Ciphire Mail. Abstract

Ciphire Mail. Abstract Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the

More information

How Secure are Contactless Payment Systems?

How Secure are Contactless Payment Systems? SESSION ID: HT-W01 How Secure are Contactless Payment Systems? Matthew Ngu Engineering Manager RSA, The Security Division of EMC Chris Scott Senior Software Engineer RSA, The Security Division of EMC 2

More information

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication CUSTOMER SUCCESS STORY JULY 2015 Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication CLIENT PROFILE Company: Global Bank Industry: Financial Services

More information

The Development of a Pressure-based Typing Biometrics User Authentication System

The Development of a Pressure-based Typing Biometrics User Authentication System The Development of a Pressure-based Typing Biometrics User Authentication System Chen Change Loy Adv. Informatics Research Group MIMOS Berhad by Assoc. Prof. Dr. Chee Peng Lim Associate Professor Sch.

More information

Merchant Account Service

Merchant Account Service QuickBooks Online Edition Feature Guide Merchant Account Service C o n t e n t s Introduction............................. 2 What is a merchant account?.................. 2 What types of credit cards can

More information

Layered security in authentication. An effective defense against Phishing and Pharming

Layered security in authentication. An effective defense against Phishing and Pharming 1 Layered security in authentication. An effective defense against Phishing and Pharming The most widely used authentication method is the username and password. The advantages in usability for users offered

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Voice Authentication for ATM Security

Voice Authentication for ATM Security Voice Authentication for ATM Security Rahul R. Sharma Department of Computer Engineering Fr. CRIT, Vashi Navi Mumbai, India rahulrsharma999@gmail.com Abstract: Voice authentication system captures the

More information

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Briefing W. Frisch 1 Outline Digital Identity Management Identity Theft Management

More information

Cardholder Authentication Guide. Version 4.3 August 2013 Business Gateway

Cardholder Authentication Guide. Version 4.3 August 2013 Business Gateway Cardholder Authentication Guide Version 4.3 August 2013 Business Gateway ii This page is intentionally blank Table of Contents About this Guide... 1 History... 1 Copyright... 2 Introduction... 3 What is

More information

Streamline Cardholder Authentication. Avoid being the target of online fraud

Streamline Cardholder Authentication. Avoid being the target of online fraud Streamline Cardholder Authentication Avoid being the target of online fraud Streamline Cardholder Authentication helps protect your business and your customers Streamline Cardholder Authentication shifts

More information

Electronic Fraud Awareness Advisory

Electronic Fraud Awareness Advisory Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved

More information

Device-Centric Authentication and WebCrypto

Device-Centric Authentication and WebCrypto Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, balfanz@google.com A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

A puzzle based authentication method with server monitoring

A puzzle based authentication method with server monitoring A puzzle based authentication method with server monitoring GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus

More information

Device Fingerprinting and Fraud Protection Whitepaper

Device Fingerprinting and Fraud Protection Whitepaper Device Fingerprinting and Fraud Protection Whitepaper 1 of 6 Table Of Contents 1 Overview... 3 2 What is Device Fingerprinting?... 3 3 Why is Device fingerprinting necessary?... 3 4 How can Device Fingerprinting

More information

Online Payment Fraud. IP Intelligence is one of the top five techniques used to detect and prevent online fraud

Online Payment Fraud. IP Intelligence is one of the top five techniques used to detect and prevent online fraud Online Payment Fraud IP Intelligence is one of the top five techniques used to detect and prevent online fraud Online Payment Fraud 2 Contents IP Intelligence is one of the top five fraud tools 3 Not all

More information

CyberSource and NetSuite Getting Started Guide

CyberSource and NetSuite Getting Started Guide CyberSource and NetSuite Getting Started Guide Abstract A comprehensive guide to setting up CyberSource and NetSuite to accept payments Table of Contents This document explains the different steps to set

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit

More information

UPCOMING SCHEME CHANGES

UPCOMING SCHEME CHANGES UPCOMING SCHEME CHANGES MERCHANTS/PARTNERS/ISO COPY Payvision Ref: Payvision-Upcoming Scheme Changes (v1.0)-march 2016 1 Rights of use: COMPLYING WITH ALL APPLICABLE COPYRIGHT LAWS IS THE RESPONSABILITY

More information

PCI Data Security and Classification Standards Summary

PCI Data Security and Classification Standards Summary PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers

More information

Tokenization: FAQs & General Information. www.tsys.com BACKGROUND. GENERAL INFORMATION What is Tokenization?

Tokenization: FAQs & General Information. www.tsys.com BACKGROUND. GENERAL INFORMATION What is Tokenization? FAQ Tokenization: FAQs & General Information BACKGROUND As technology evolves, consumers are increasingly making their purchases online or through mobile devices and digital wallet applications and their

More information

Fraud Minimisation Guide ANZ Merchant Business Solutions

Fraud Minimisation Guide ANZ Merchant Business Solutions Fraud Minimisation Guide ANZ Merchant Business Solutions INTRODUCTION Fraud can occur in and is a risk for any business that accepts credit cards and it can have a significant financial impact on your

More information

Authentication Solutions Through Keystroke Dynamics

Authentication Solutions Through Keystroke Dynamics Objective: The objective of this paper is to provide a basic understanding of the biometric science of keystroke dynamics, and how BioPassword is using keystroke dynamics technology to deliver enterprise

More information

Solving Online Credit Fraud Using Device Identification and Reputation

Solving Online Credit Fraud Using Device Identification and Reputation Solving Online Credit Fraud Using Device Identification and Reputation White Paper July 2007 Solving Online Credit Fraud Using Device Identification and Reputation About this White Paper iovation has pioneered

More information

with CO-OP Total Revelation.

with CO-OP Total Revelation. CO-OP Total Revelation Understand and influence debit behavior with CO-OP Total Revelation. Improve the profitability of your debit and ATM portfolios by uncovering hidden opportunities right in your own

More information

Yahoo! Merchant Solutions. Order Processing Guide

Yahoo! Merchant Solutions. Order Processing Guide Yahoo! Merchant Solutions Order Processing Guide Credit Card Processing How It Works The following charts provide an overview of how online credit card processing works. Credit Card processing for Yahoo!

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

BIG DATA IN THE FINANCIAL WORLD

BIG DATA IN THE FINANCIAL WORLD BIG DATA IN THE FINANCIAL WORLD Predictive and real-time analytics are essential to big data operation in the financial world Big Data Republic and Dell teamed up to survey financial organizations regarding

More information

May 2010. For other information please contact:

May 2010. For other information please contact: access control biometrics user guide May 2010 For other information please contact: British Security Industry Association t: 0845 389 3889 f: 0845 389 0761 e: info@bsia.co.uk www.bsia.co.uk Form No. 181.

More information

SAS. Fraud Management. Overview. Real-time scoring of all transactions for fast, accurate fraud detection. Challenges PRODUCT BRIEF

SAS. Fraud Management. Overview. Real-time scoring of all transactions for fast, accurate fraud detection. Challenges PRODUCT BRIEF PRODUCT BRIEF SAS Fraud Management Real-time scoring of all transactions for fast, accurate fraud detection Overview Organizations around the globe lose approximately 5 percent of annual revenues to fraud,

More information