The power of credit card numbers and enhanced CVVs

O roubo de informação respeitante a cartões de crédito é uma ameaça ao comércio electrónico. Os sistemas de pagamento introduziram o conceito do CVV2 como forma de mitigar o risco baseado no princípio de que estes valores não deveriam ser armazenados uma vez completa a transação. Sistemas, comunicações e bases de dados comprometidos resultam na captura ilícita desta credencial de autenticação frustrando assim o seu propósito inicial. Este estudo propõe a criação de CVVs dinâmicos (enhanced CVVs) como forma de contrariar estes ataques. Desta forma, o compromisso de todos os elementos presentes numa ou mais transações não são suficientes para garantir o sucesso na autenticação de transações subsequentes. É essencial que qualquer novo método de pagamento tome em conta os factores determinantes para que seja aceite por todas entidades participantes. Este estudo propõe dois métodos de CVVs dinâmicos: Matriz de CVVs e CVVs Longos. Os métodos propostos baseiam-se na infraestrutura atual de pagamentos baseados em cartões, com o objectivo de mitigar as maiores ameaças atuais, tendo o cuidado de manter o delicado equilíbrio dos factores determinantes para todos os participantes. Ambos os métodos são analisados na vertente da segurança de forma a avaliar, e comparar, o nível de resistência perante situações de compromisso de transações. Questões relativas à implementação e à migração são igualmente analisadas de forma a determinar os impactos respeitantes à adoção dos métodos propostos.Theft of credit card information is an increasing threat to e-commerce. Payment systems introduced CVV2 as a method to mitigate the threat based on the principle that these values would not be stored once the transaction has completed. Compromised systems, communications and databases result in the unlawful capture of this authentication credential and therefore thwart its initial purpose. This study proposes the creation of dynamic CVVs (enhanced CVV2s) in order to counter these attacks. Thus a compromise of all the elements in one or more transactions will not be sufficient to guarantee successful authentication of subsequent payments. It is essential for success, that any new payment scheme take into account the key factors determinant for the acceptance of each of the participating parties. Two implementation schemes of enhanced CVVs are proposed: Matrix CVVs and Long CVVs. The proposed methods build upon the current card based e-payment infrastructure with the objective of mitigating present day threats whilst maintaining the delicate equilibrium of key factors for all participating parties. Both schemes are analysed at a security level so as to evaluate, and compare, the level of resistance function of the number of previously compromised transactions. Implementation and migration issues are equally analysed so as to determine the impacts of adoption of the proposed schemes

An intelligent payment card fraud detection system

This is the author accepted manuscript. The final version is available from Springer via the DOI in this recordPayment cards offer a simple and convenient method for making purchases. Owing to the increase in the usage of payment cards, especially in online purchases, fraud cases are on the rise. The rise creates financial risk and uncertainty, as in the commercial sector, it incurs billions of losses each year. However, real transaction records that can facilitate the development of effective predictive models for fraud detection are difficult to obtain, mainly because of issues related to confidentially of customer information. In this paper, we apply a total of 13 statistical and machine learning models for payment card fraud detection using both publicly available and real transaction records. The results from both original features and aggregated features are analyzed and compared. A statistical hypothesis test is conducted to evaluate whether the aggregated features identified by a genetic algorithm can offer a better discriminative power, as compared with the original features, in fraud detection. The outcomes positively ascertain the effectiveness of using aggregated features for undertaking real-world payment card fraud detection problems

Phishing Detection: Analysis of Visual Similarity Based Approaches

Phishing is one of the major problems faced by cyber-world and leads to financial losses for both industries and individuals. Detection of phishing attack with high accuracy has always been a challenging issue. At present, visual similarities based techniques are very useful for detecting phishing websites efficiently. Phishing website looks very similar in appearance to its corresponding legitimate website to deceive users into believing that they are browsing the correct website. Visual similarity based phishing detection techniques utilise the feature set like text content, text format, HTML tags, Cascading Style Sheet (CSS), image, and so forth, to make the decision. These approaches compare the suspicious website with the corresponding legitimate website by using various features and if the similarity is greater than the predefined threshold value then it is declared phishing. This paper presents a comprehensive analysis of phishing attacks, their exploitation, some of the recent visual similarity based approaches for phishing detection, and its comparative study. Our survey provides a better understanding of the problem, current solution space, and scope of future research to deal with phishing attacks efficiently using visual similarity based approaches

The Elasticity of a Random Variable as a Tool for Measuring and Assessing Risks

Elasticity is a very popular concept in economics and physics, recently exported and reinterpreted in the statistical field, where it has given form to the so-called elasticity function. This function has proved to be a very useful tool for quantifying and evaluating risks, with applications in disciplines as varied as public health and financial risk management. In this study, we consider the elasticity function in random terms, defining its probability distribution, which allows us to measure for each stochastic process the probability of finding elastic or inelastic situations (i.e., with elasticities greater or less than 1). This new tool, together with new results on the most notable points of the elasticity function covered in this research, offers a new approach to risk assessment, facilitating proactive risk management. The paper also includes other contributions of interest, such as new results that relate elasticity and inverse hazard functions, the derivation of the functional form of the cumulative distribution function of a probability model with constant elasticity and how the elasticities of functionally dependent variables are related. The interested reader can also find in the paper examples of how elasticity cumulative distribution functions are calculated, and an extensive list of probability models with their associated elasticity functions and distributions

Improving China’s regional financial center modernization development using a new hybrid MADM model

The regional financial center is the propeller of regional economic development. Regional financial center modernization, however, has been the predominant propulsion of economic sustainability. Decisions related to regional financial center modernization development are in­herent problems of multiple attribute decision-making (MADM), and strategically important to the government. The purpose of this paper is to set up a regional financial center improvement model for modernization development, as based on a hybrid MADM model, which addresses the main causal-effect factors and amended priorities in order to strengthen ongoing planning. This paper adopts a new hybrid MADM model combined with the DEMATEL technique to construct an influential network relationship map (INRM) and determined the influential weights of DANP. Then, a modified VIKOR method using influential weights is applied to measure and integrate the performance gaps from each criterion into dimensions, as well as the overall criterion for evaluating and improving the modernization development of the regional financial center, as based on INRM. Finally an empirical case study using data from the Guangzhou regional financial center is carried out as an example to demonstrate the suitability of the proposed hybrid MADM model for solving real-world problems. The results show the priorities for improvement, as based on the degree of the effect and impact of the dimensions, as follows: first is making “government policy”, second is enforcing “financial infrastructure and safety”, next is formulating “financial institutions and human resources”, and finally “financial service”. First published online: 22 Mar 201

Legal Risk Associated with Electronic Funds Transfer

The past thirty years have seen rapid advances in the technological component of banking services and as a consequence new legal issues have come to the fore, especially with regard to Electronic Fund Transfers (EFTs) which are now used to transfer money around the world, and have made fund transactions between payers and payees easier, faster and more secure. The method involves risks for both banks and customers, due to the possibility of unauthorized payments risks, credit and insolvency problems, and confidentiality issues. Most contracts and obligations now depend on the new technology, although there is a variety of methods for dealing with the concomitant risks. EFTs share a number of similarities with paper-based funds transfers in regard to methods of regulation, and the careful observer can identify patterns and themes. Today, the business world depends heavily on EFT systems for its procedures; and government and academia have also taken a keen interest in EFTs. This thesis reviews and examines the existing legal position of liability of banks and customers for risks associated with EFT transactions: unauthorized EFT instruction and the problem of customer identity, credit risk and privacy, especially, the systems employed for safeguarding the customer’s transactions and data. The thesis also makes recommendations for change. The rules for the allocation of risk are based on the various mechanisms used to access the account. Also, due to the complexities of EFT, consumer protection becomes a paramount goal and is a subject of much concern, particularly when it comes to determining liability for losses. The UK government implemented the Payment Services Directive 2007 by adopting the Payment Services Regulations 2009, to regulate the system. However, such Regulations do not constitute a comprehensive regime that applies to all legal issues arising in the context of the EFT system. This study argues the necessity for a re-examination of existing laws and proposes a model for the future approach to the issues associated with EFT payment. Different approaches to EFT will be assessed, and the comparative and contrasting elements will be analysed in order to propose a comprehensive solution to the deficiencies in the current framework. Central to the problem is the absence of any uniform standard: individual banks offer differing contractual terms and conditions and different means of accessing accounts. Consequently it is time to formulate new and comprehensive rules for the allocation of liability of risks associated with EFT transactions.Ministry of higher education and scientific Research/Republic of Ira

Selected Computing Research Papers Volume 5 June 2016

An Analysis of Current Computer Assisted Learning Techniques Aimed at Boosting Pass Rate Level and Interactivity of Students (Gilbert Bosilong) ........................................ 1 Evaluating the Ability of Anti-Malware to Overcome Code Obfuscation (Matthew Carson) .................................................................................................................................. 9 Evaluation of Current Research in Machine Learning Techniques Used in Anomaly-Based Network Intrusion Detection (Masego Chibaya) ..................................................... 15 A Critical Evaluation of Current Research on Techniques Aimed at Improving Search Efficiency over Encrypted Cloud Data (Kgosi Dickson) ........................................ 21 A Critical Analysis and Evaluation of Current Research on Credit Card Fraud Detection Methods (Lebogang Otto Gaboitaolelwe) .......................................................... 29 Evaluation of Research in Automatic Detection of Emotion from Facial Expressions (Olorato D. Gaonewe) ......................................................................................................... 35 A Critical Evaluation on Methods of Increasing the Detection Rate of Anti-Malware Software (Thomas Gordon) ................................................................................................ 43 An Evaluation of the Effectiveness of the Advanced Intrusion Detection Systems Utilizing Optimization on System Security Technologies (Carlos Lee) ............................ 49 An Evaluation of Current Research on Data Mining Techniques in Decision Support (Keamogetse Mojapelo) ...................................................................................................... 57 A Critical Investigation of the Cognitive Appeal and Impact of Video Games on Players (Kealeboga Charlie Mokgalo) ................................................................................ 65 Evaluation of Computing Research Aimed at Improving Virtualization Implementation in the Cloud (Keletso King Mooketsane) ................................................. 73 A Critical Evaluation of the Technology Used In Robotic Assisted Surgeries (Botshelo Keletso Mosekiemang) ....................................................................................... 79 An Evaluation of Current Bio-Metric Fingerprint Liveness Detection (George Phillipson) ........................................................................................................................... 85 A Critical Evaluation of Current Research into Malware Detection Using Neural-Network Classification (Tebogo Duduetsang Ramatebele) ................................................ 91 Evaluating Indirect Detection of Obfuscated Malware (Benjamin Stuart Roberts) ......... 101 Evaluation of Current Security Techniques for Online Banking Transactions (Annah Vickerman) ....................................................................................................................... 10

Correlation of affiliate performance against web evaluation metrics

Affiliate advertising is changing the way that people do business online. Retailers are now offering incentives to third-party publishers for advertising goods and services on their behalf in order to capture more of the market. Online advertising spending has already over taken that of traditional advertising in all other channels in the UK and is slated to do so worldwide as well [1]. In this highly competitive industry, the livelihood of a publisher is intrinsically linked to their web site performance.Understanding the strengths and weaknesses of a web site is fundamental to improving its quality and performance. However, the definition of performance may vary between different business sectors or even different sites in the same sector. In the affiliate advertising industry, the measure of performance is generally linked to the fulfilment of advertising campaign goals, which often equates to the ability to generate revenue or brand awareness for the retailer.This thesis aims to explore the correlation of web site evaluation metrics to the business performance of a company within an affiliate advertising programme. In order to explore this correlation, an automated evaluation framework was built to examine a set of web sites from an active online advertising campaign. A purpose-built web crawler examined over 4,000 sites from the advertising campaign in approximately 260 hours gathering data to be used in the examination of URL similarity, URL relevance, search engine visibility, broken links, broken images and presence on a blacklist. The gathered data was used to calculate a score for each of the features which were then combined to create an overall HealthScore for each publishers. The evaluated metrics focus on the categories of domain and content analysis. From the performance data available, it was possible to calculate the business performance for the 234 active publishers using the number of sales and click-throughs they achieved.When the HealthScores and performance data were compared, the HealthScore was able to predict the publisher’s performance with 59% accuracy