Professional Documents
Culture Documents
86
card number and its cvv number.They use these data for analyzing
customer trends and to customize the online experience of the
customer. Hence it becomes imperative for them to either have a
foolproof mechanism to protect this data or avoid collecting such
sensitive data.
B. Access of customer data:
The customer records and data stored on the website should be
accessible by only the authorized personnel of the service provider and
system administrator. It should be secured from unauthorized access by
third parties or individuals. Above all the database information must be
properly encrypted to prevent illegal elements from accessing such data
C. Vulnerability analysis tools:
A lot of open source and free cyber security and penetration testing
tools are freely available in the internet. While the purpose of these
tools is to detect and expose vulnerabilities and loopholes in the
integrity of a system they can also be used by hackers to scan system
and websites which are vulnerable and can be easily exploited. Hence
service providers and e-commerce companies must periodically test and
analyze their websites and systems for security loopholes and find ways
to plug it. Such tools can also be used by hackers to perform credit
fraud by stealing customer data from websites which they found to be
vulnerable in their tests. So either the service provider had to do the
integrity test else an hacker will save him the trouble.
87
D.
Authentication mechanisms:
E.
for their customers also have some loopholes which can be exploited by
a hacker once he gets access to sensitive customer data of the ecommerce website. Most of the prominent e-commerce sites do not
verify whether the shipping and billing address are same when a
customer places an order. This gives leeway to a hacker impersonating
as a customer to get away with goods purchased with the customers id
and credit card. A proper layer of authentication layers would be
essential to prevent such frauds apart from securing customer data.
88
89
CUST_DETAILS
,CUST
PAYMENTS,
CUST
90
G.
and password and credit card number ...the hacker can use it to
impersonate the customer and place orders online. Since most of the
websites do not check whether the billing and shipping address are the
same it forms a loophole for the hacker to exploit ...its applicable to
great websites The hacker after extracting the customer data will know
where the customer is from and what his preferences are.
the hacker can match credit card location and vpn location ,
so that it would easy for him to purchase
the hacker clear all his cookies and remove all blacklisted ip
and so that he can get a fresh vpn so match this
91
all the websites should have good ssl verification to stop illegal
ip access and also it should have good certificate verification
92
J.
Authentication mechanism to fix loop holes in payment
gateways :
The e-commerce websites must have a proper authentication
mechanism to make sure whether the order is placed by the original
customer and not by an impersonator.
after this it should verify the card ip address when it was first
accessed and the user ip who is placing the order
Basic algorithm :
if user enters the website and processed for checkout and
entering his card information
then
93
94
# illegal ip
then
print failed
else
ip.sucess
if
ipEntered.match
a = s.split()
match.credit card details
return True
else
payment.failed
its not a brief coding , its a basic authentication for the
payments gateways , if the websites fix some open source coding
to verify untrusted connection and also to match ip ..illegal
access can be reduced
Comparing with existing payment gateways :
existing system using just normal php code to accept the card
details
95
New solution:
mostly all users use credit cards from own location then this
method would be very useful
even if the hacker uses high encrypted vpn the exact location
will not acquired , if it also matches then the ip authentication
with bank database can find this illegal access
96
Conclusion:
Thus if we maintain good encrypted records and good payment
gateway with trusted ssl connection then the illegal access will be
stopped
References
1. S. Ghosh and D.L. Reilly, Credit Card Fraud Detection with a
Neural-Network, Proc. 27th Hawaii Intl Conf. System
Sciences: Information Systems: Decision Support and
Knowledge-Based Systems,vol. 3, pp. 621-630, 1994.
2. M. Syeda, Y.Q. Zhang, and Y. Pan, Parallel Granular Networks
for Fast Credit Card Fraud Detection, Proc. IEEE Intl Conf.
Fuzzy Systems, pp. 572-577, 2002.
3. Organism Information Visualization Technology Editing
Committee Edition: Organism Information Visualization
Technology. (in Japanese), Corona Publication Co., Ltd., p.235
(1997).
4. The Federation of Bankers Associations of Japan: Statistics
from the Questionnaire on the Number of Withdrawals and the
Amount of Money Withdrawn Using Stolen Passbooks.
http://www.zenginkyo.or.jp/en/news/index.html
5. Palm Vein Authentication Technology white paper, Bioguard,
Innovative Biometric Solutions, March, 2007.
6. Yuhang Ding, Dayan Zhuang and Kejun Wang, A Study of
Hand Vein Recognition Method, The IEEE International
Conference on Mechatronics & Automation Niagara Falls,
Canada, July 2005.
7. Shi Zhao, Yiding Wang and Yunhong Wang, Extracting Hand
Vein Patterns from Low-Quality Images: A New Biometric
Technique Using Low-Cost Devices, Fourth International
Conference on Image and Graphics, 2007.
97