Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

A Comprehensive Exploration of Privacy and Security Mechanisms in E-commerce

This research is all about making online shopping, or e-commerce, safer. We know that buying and selling things on the internet is easy, but we need to make sure our information stays safe. The study looks at the problems we face, like attacks that try to make websites stop working, unauthorized access to our information, and stealing or fraud. It talks about how important it is to have strong security measures to deal with these risks. It suggests different safety measures like improving how websites talk to each other using SSL/TLS, using strong encryption to protect user information, adding an extra layer of verification (Two-Factor Authentication), and making sure online transactions are secure. It also looks at protecting against specific types of attacks like SQL injection, which is when unauthorized individuals try to mess with a website's database. The study talks about how important it is for online stores to have clear privacy rules, let people shop without giving away too much personal information, and make sure payments are safe. It wants to give practical advice to online stores to make their privacy and security better. The research knows that security problems keep changing, so it says online stores should keep updating how they protect themselves. The primary inquiry it seeks to address is how to make the e-commerce experience safer for all users

HF-SCA: Hands-Free Strong Customer Authentication Based on a Memory-Guided Attention Mechanisms

Strong customer authentication (SCA) is a requirement of the European Union Revised Directive on Payment Services (PSD2) which ensures that electronic payments are performed with multifactor authentication. While increasing the security of electronic payments, the SCA impacted seriously on the shopping carts abandonment: an Italian bank computed that 22% of online purchases in the first semester of 2021 did not complete because of problems with the SCA. Luckily, the PSD2 allows the use of transaction risk analysis tool to exempt the SCA process. In this paper, we propose an unsupervised novel combination of existing machine learning techniques able to determine if a purchase is typical or not for a specific customer, so that in the case of a typical purchase the SCA could be exempted. We modified a well-known architecture (U-net) by replacing convolutional blocks with squeeze-and-excitation blocks. After that, a memory network was added in a latent space and an attention mechanism was introduced in the decoding side of the network. The proposed solution was able to detect nontypical purchases by creating temporal correlations between transactions. The network achieved 97.7% of AUC score over a well-known dataset retrieved online. By using this approach, we found that 98% of purchases could be executed by securely exempting the SCA, while shortening the customer’s journey and providing an elevated user experience. As an additional validation, we developed an Alexa skill for Amazon smart glasses which allows a user to shop and pay online by merely using vocal interaction, leaving the hands free to perform other activities, for example driving a car

Machine Learning Techniques for Credit Card Fraud Detection

The term “fraud”, it always concerned about credit card fraud in our minds. And after the significant increase in the transactions of credit card, the fraud of credit card increased extremely in last years. So the fraud detection should include surveillance of the spending attitude for the person/customer to the determination, avoidance, and detection of unwanted behavior. Because the credit card is the most payment predominant way for the online and regular purchasing, the credit card fraud raises highly. The Fraud detection is not only concerned with capturing of the fraudulent practices, but also, discover it as fast as they can, because the fraud costs millions of dollar business loss and it is rising over time, and that affects greatly the worldwide economy. . In this paper we introduce 14 different techniques of how data mining techniques can be successfully combined to obtain a high fraud coverage with a high or low false rate, the Advantage and The Disadvantages of every technique, and The Data Sets used in the researches by researcher

An Examination of E-Banking Fraud Prevention and Detection in Nigerian Banks

E-banking offers a number of advantages to financial institutions, including convenience in terms of time and money. However, criminal activities in the information age have changed the way banking operations are performed. This has made e-banking an area of interest. The growth of cybercrime – particularly hacking, identity theft, phishing, Trojans, service denial attacks and account takeover– has created several challenges for financial institutions, especially regarding how they protect their assets and prevent their customers from becoming victims of cyber fraud. These criminal activities have remained prevalent due to certain features of cyber, such as the borderless nature of the internet and the continuous growth of the computer networks. Following these identified challenges for financial institutions, this study examines e-banking fraud prevention and detection in the Nigerian banking sector; particularly the current nature, impacts, contributing factors, and prevention and detection mechanisms of e-banking fraud in Nigerian banking institutions. This study adopts mixed research methods with the aid of descriptive and inferential analysis, which comprised exploratory factor analysis (EFA) and confirmatory factor analysis (CFA) for the quantitative data analysis, whilst thematic analysis was used for the qualitative data analysis. The theoretical framework was informed by Routine Activity Theory (RAT) and Fraud Management Lifecycle Theory (FMLT). The findings show that the factors contributing to the increase in e-banking fraud in Nigeria include ineffective banking operations, internal control issues, lack of customer awareness and bank staff training and education, inadequate infrastructure, presence of sophisticated technological tools in the hands of fraudsters, negligence of banks’ customers concerning their e-banking account devices, lack of compliance with the banking rules and regulations, and ineffective legal procedure and law enforcement. In addition, the enforcement of rules and regulations in relation to the prosecution of financial fraudsters has been passive in Nigeria. Moreover, the findings also show that the activities of each stage of fraud management lifecycle theory are interdependent and have a collective and considerable influence on combating e-banking fraud. The results of the findings confirm that routine activity theory is a real-world theoretical framework while applied to e-banking fraud. Also, from the analysis of the findings, this research offers a new model for e-banking fraud prevention and detection within the Nigerian banking sector. This new model confirms that to have perfect prevention and detection of e-banking fraud, there must be a presence of technological mechanisms, fraud monitoring, effective internal controls, customer complaints, whistle-blowing, surveillance mechanisms, staff-customer awareness and education, legal and judicial controls, institutional synergy mechanisms of in the banking systems. Finally, the findings from the analyses of this study have some significant implications; not only for academic researchers or scholars and accounting practitioners, but also for policymakers in the financial institutions and anti-fraud agencies in both the private and public sectors

A Comprehensive Survey of Data Mining-based Fraud Detection Research

This survey paper categorises, compares, and summarises from almost all published technical and review articles in automated fraud detection within the last 10 years. It defines the professional fraudster, formalises the main types and subtypes of known fraud, and presents the nature of data evidence collected within affected industries. Within the business context of mining the data to achieve higher cost savings, this research presents methods and techniques together with their problems. Compared to all related reviews on fraud detection, this survey covers much more technical articles and is the only one, to the best of our knowledge, which proposes alternative data and solutions from related domains.Comment: 14 page

Security challenges and solutions for e-business

The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyber attacks. This paper outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are: (1) biometrics for authentication; parallel processing to increase power and speed of defenses; (2) data mining and machine learning to identify attacks; (3) peer-to-peer security using blockchains; 4) enterprise security modelling and security as a service; and (5) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated

Improving the robustness and privacy of HTTP cookie-based tracking systems within an affiliate marketing context : a thesis presented in fulfilment of the requirements for the degree of Doctor of Philosophy at Massey University, Albany, New Zealand

E-commerce activities provide a global reach for enterprises large and small. Third parties generate visitor traffic for a fee; through affiliate marketing, search engine marketing, keyword bidding and through organic search, amongst others. Therefore, improving the robustness of the underlying tracking and state management techniques is a vital requirement for the growth and stability of e-commerce. In an inherently stateless ecosystem such as the Internet, HTTP cookies have been the de-facto tracking vector for decades. In a previous study, the thesis author exposed circumstances under which cookie-based tracking system can fail, some due to technical glitches, others due to manipulations made for monetary gain by some fraudulent actors. Following a design science research paradigm, this research explores alternative tracking vectors discussed in previous research studies within a cross-domain tracking environment. It evaluates their efficacy within current context and demonstrates how to use them to improve the robustness of existing tracking techniques. Research outputs include methods, instantiations and a privacy model artefact based on information seeking behaviour of different categories of tracking software, and their resulting privacy intrusion levels. This privacy model provides clarity and is useful for practitioners and regulators to create regulatory frameworks that do not hinder technological advancement, rather they curtail privacy-intrusive tracking practices on the Internet. The method artefacts are instantiated as functional prototypes, available publicly on Internet, to demonstrate the efficacy and utility of the methods through live tests. The research contributes to the theoretical knowledge base through generalisation of empirical findings and to the industry by problem solving design artefacts

Technology Assessment for Cybersecurity Organizational Readiness: Case of Airlines Sector and Electronic Payment

Payment processing systems have advanced significantly in the airline business. Because e-payments are easy, they have captured the attention of many companies in the aviation industry and are quickly becoming the dominant means of payment. However, as technology advances, fraud grows at a comparable rate. Over the years, there has been a surge in payment fraud incidents in the airline sector, reducing the platform\u27s trustworthiness. Despite attempts to eliminate epayment fraud, decision-makers lack the technical expertise required to use the finest fraud detection and prevention assessments. This research recognizes the lack of an established decision model as a hurdle and seeks to fix the problem. In response, this research aims to develop a decision model for the airline industry to evaluate the e-payment fraud detection and prevention capabilities of airlines. The literature examines the scope of airline payment fraud to formulate the optimal framework to handle the problem. Guided by the results, the study proceeds to develop an HDM model from experts’ validation, quantification, and desirability inputs. The results of the factors’ validation and quantification show that the Economic and Financial, and the Security perspectives have the most impact on decision-making. Airline companies can use the developed framework to examine whether they are ready to adopt online fraud prevention technologies to increase their success rate. To measure payment organizations\u27 readiness for digital payment fraud protection technologies, a scoring methodology was developed in this research and applied to two case studies