Advertisement

A Layered Approach to Fraud Analytics for NFC-Enabled Mobile Payment System

  • Pinki Prakash Vishwakarma
  • Amiya Kumar Tripathy
  • Srikanth Vemuru
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10722)

Abstract

Near Field Communication is the technology that will remain widespread in continual with the growth of smart phone influx [1, 10, 12, 15]. Moreover, people use smart phone’s to imperforate their mobile banking activities which in turn results in fraudulent activities. The fast growing use of electronic payments has increased the demand for emphatic, decisive and real time based method for fraud detection and prevention. To prevent fraudulent transaction a layered approach for NFC-enabled mobile payment system is proposed. The layered approach for fraud analytic will provide a solution based on transaction risk-modeling, business rule-based, and cross-field referencing.

Keywords

Near Field Communication Mobile payment Fraud analytics 

1 Introduction

Mobile payment is the means of exchanging financial value between two parties using mobile devices. The amalgamation of the mobile device with the Near Field Communication technology makes payment process possible. NFC-enabled mobile payment is an emanate industry [7]; mobile payments have leading-edge. In the fast emerging modern technologies and global communications, increase in fraud has foisted huge loss to the financial businesses [14]. Therefore, it is an essential affair to identify fraud. Near Field Communication is the technology that will remain widespread in continual with the growth of smart phone influx [10, 12, 15]. Nevertheless, how secure is the mobile payment system still, there will be fraud attacks hence fraud detection measures have to be enforced. Moreover, fraud prevention measures should be associated with fraud detection.

The fast growing use of electronic payments has increased the demand for emphatic, decisive and real time based method for fraud detection and prevention [13, 14]. A NFC mobile phone can communicate with the backend server with secure financial transaction service. In fraud detection location information [4] is vital to detect and prevent frauds. However, it is substantial to fathom that fraudsters have no scope and they can attack the mobile payment system from any angle. Alluding the consumer transaction history and the spending pattern will curtail the risk of fraudulent transaction [3].
Fig. 1.

Layered approach for NFC-enabled mobile payment system

1.1 Our Contribution

The intention is to impart a layered approach for an NFC payment system that identifies fraudulent transactions. The layered approach to fraud analytic provides mastery in each layer. Each layer provides utility to the next higher layer. In this article, following research question has been addressed:

What are the facial characteristics to abate transaction fraud in mobile payment system?

There is a need to identify and position the solution plan for fraud in mobile payment system. The primary countenance to abate transaction fraud in our proposal is:

Real-time transaction monitoring - Monitoring payment transaction across the mobile banking channel, processing payment transaction in real-time. The post-facto monitoring comprehends real time transaction monitoring and step-up alert if any suspicious transaction identified.

Consumer behavioral patterns - The consumer behavior analysis is performed to identify normal and abnormal patterns. The authentication of a transaction using mobile device is based on the consumer behavior pattern.

Multifactor authentication - The countermeasure of the mobile payment process to fraud analytic is multifactor authentication. In fraud prevention, it is required to integrate the prevention system with two factor authentication system.

The remainder of this paper is organized as follows: Sect. 2 is the Motivation and Related Work description. Then the proposed system is described in Sect. 3 which comprises Layered Approach for NFC-enabled mobile payment system and finally conclusion is concluded in Sect. 4.

2 Motivation and Related Work

The layered approach scheme is proposed to abate transaction fraud in NFC-enabled mobile payment system. Nonetheless, with a NFC-enabled mobile payment fraud analytic ecosystem, it provides an opportunity to identify fraudulent pattern and endorse prevention actions. As a result of growing ramification in mobile payment solutions and increase in fraudulent patterns, using only rule-based method for identifying fraud is not competent [8]. Therefore, a solution required which constitutes fraud analytic system with has real-time transaction monitoring, consumer behavior patterns and multifactor authentication for processing payment transactions. Also, there is necessary to entrust the consumers performing mobile payments by proving the consumer rest on their behavior. However, ensuing behavioral patterns enables you to imbibe who the real consumer is in the mobile payment process [12].

The behavior and impingement of feature selection techniques for fraud detection in web payment systems was evaluated [2], the work limited to fraudulent behavior in web transaction scenario. Moreover, using multifactor authentication in NFC-enabled mobile payments is a padding security bestowed in the payment system [11]. Fraud detection and prevention technique which works in backend avails data mining techniques adamantine to secure the facts. The online banking fraud detection framework comprise contrast pattern mining, cost-sensitive neural network and decision forest all these models are combined to generate risk score of an online transaction [5]. The numbers of fraudulent transactions should be less bringing together to number of genuine transactions [6].

3 Description of the Proposed System

In this section the layered approach for NFC-enabled mobile payment system; fraud detection and prevention is bestowed in Sect. 3.1 in detail.

3.1 Layered Approach for NFC-Enabled Mobile Payment System

To attenuate financial losses in mobile payment system institutions ought to take layered approach to fraud analytic.

Layer 1 - Access authorization - It encompasses user authentication and device authentication. Layer 1 necessitates access authorization for the consumer. To assist the progress of user authentication a personal identification number (PIN), user ID and password is required. To facilitate device authentication, consumer device is registered using IMEI and device ID [9].

Layer 2 - Input data attributes - Layer 2 includes the attributes for data analysis, which is used to build a consumer behavior profile, that determines normal or abnormal pattern. The attributes for data analysis are velocity, geolocation, IP address, device fingerprint and transaction details which is real-time and dynamic acquisition of consumer information.

Layer 3 - Consumer behavior analytic - Layer 3 presents an image of consumer behavior profile. Based on layer 2 data analysis it identifies normal or abnormal pattern. The consumer behavior profile is a prosperous knowledge and a base for making real-time decisions. The behavior profile acquires real-time data from the mobile device application while performing payment process.

Layer 4 - Fraud analytic engine - Layer 4 provides solution to the payment transaction request which is transaction risk-modeling, business rule-based, cross-field referencing, transaction monitoring and transaction scoring. Layer 4 does thorough transaction monitoring and cross-field referencing to expose sophisticated fraud faster. Originally the transactions that look impeccable may appear fraudulent when attributes are correlated using cross-field referencing. The business rules are defined to percolate fraudulent pattern and suspicious behavior and transaction scoring is done based on the cross-field referencing. Fraud analytic presents an exquisite opportunity to identify fraudulent pattern and endorse prevention actions.

Layer 5 - Decision action - Layer 5 gives the output of the transaction execution. The decision action can be legitimate or fraudulent or suspicious. When the decision is suspicious it enforces second factor authentication like SMS, Email or OTP send to the mobile combined with a transaction pin.

The growth in the modern technology, complexity in fraud management requires a booming approach with mastery in the layers of fraud detection and prevention. Start of an event in NFC-enabled mobile payment system is the user and device authentication which facilitates the user and the device for payment process (Fig. 1). Ensuing user and device authorization the input data attributes are captured for data analysis in real-time and further processes it to build consumer behavior profile. The consumer behavior profile determines the user performing payment process in real-time is a normal or abnormal user. Forthwith the fraud analytic engine impels solution for the payment request from the consumer. The fraud analytic engine identifies fraudulent pattern based on business rules, cross-field referencing, real-time transaction monitoring and transaction scoring thereby recommending fraud prevention actions. Transaction scoring method would determine whether the transaction payment request is from a legitimate user, or fraudulent user. Conclusively the decision action gives the output of the payment transaction execution.

4 Conclusion

The fortuity in mobile payment industry along with growth in smart phones commutes the finance industry towards mobility. The primary countenance to abate transaction fraud in the proposed system is addressed. The proposed and the ongoing work target the user and device authentication, performs fraud analytic thereby maneuvering secure mobile payment. Whither and howbeit the transaction is initiated, the real time transaction monitoring identifies the fraudulent or suspicious payments. However, the multifactor authentication in fraud analytic lead to better accuracy in mobile payment system. It is critical to identify the fraudulent transaction more precisely than the legitimate transactions.

Notes

Acknowledgments

The authors thank our colleagues from K L University who provided knowledge and encouragement that eminently assisted the research carried by us.

References

  1. 1.
    Bangdao, C., Roscoe, A.W.: Mobile electronic identity: securing payment on mobile phones. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 22–37. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21040-2_2 CrossRefGoogle Scholar
  2. 2.
    Lima, R.F., Pereira, A.C.M.: A fraud detection model based on feature selection and undersampling applied to web payment systems. In: 2015 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT), Singapore, 6–9 December 2015, pp. 219–222 (2015)Google Scholar
  3. 3.
    Almuairf, S., Veeraraghavan, P., Chilamkurti, N., Park, D.-S.: Anonymous proximity mobile payment (APMP). Peer-to-Peer Netw. Appl. 7(4), 620–627 (2014)CrossRefGoogle Scholar
  4. 4.
    Demiriz, A., Ekizoğlu, B.: Using location aware business rules for preventing retail banking frauds. In: 2015 First International Conference on Anti-Cybercrime (ICACC), Riyadh, Saudi Arabia, 10–12 November 2015, pp. 1–6 (2015)Google Scholar
  5. 5.
    Wei, W., Li, J., Cao, L., Yuming, O., Chen, J.: Effective detection of sophisticated online banking fraud on extremely imbalanced data. World Wide Web 16(4), 449–475 (2013)CrossRefGoogle Scholar
  6. 6.
    Dal Pozzolo, A., Caelen, O., Le Borgne, Y.-A., Waterschoot, S., Bontempi, G.: Learned lessons in credit card fraud detection from a practitioner perspective. Expert Syst. Appl. 41(10), 4915–4928 (2014)CrossRefGoogle Scholar
  7. 7.
    Mehrnezhad, M., Hao, F., Shahandashti, S.F.: Tap-Tap and Pay (TTP): preventing the mafia attack in NFC payment. In: Chen, L., Matsuo, S. (eds.) SSR 2015. LNCS, vol. 9497, pp. 21–39. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-27152-1_2 CrossRefGoogle Scholar
  8. 8.
    Preuveneers, D., Goosens, B., Joosen, W.: Enhanced fraud detection as a service supporting merchant-specific runtime customization. In: Proceedings of the Symposium on Applied Computing, Marrakech, Morocco, 03–07 April 2017, pp. 72–76. ACM (2017)Google Scholar
  9. 9.
    Vishwakarma, P., Tripathy, A.K., Vemuru, S.: A hybrid security framework for near field communication driven mobile payment model. Int. J. Comput. Sci. Inf. Secur. 14(12), 337–348 (2016)Google Scholar
  10. 10.
    Coskun, V., Ozdenizci, B., Ok, K.: A survey on near field communication (NFC) technology. Wirel. Pers. Commun. 71(3), 2259–2294 (2013)CrossRefGoogle Scholar
  11. 11.
    Wang, Y., Hahn, C., Sutrave, K.: Mobile payment security, threats, and challenges. In: 2016 Second International Conference on Mobile and Secure Services (MobiSecServ), Gainesville, FL, USA, 26–27 February 2016, pp. 1–5 (2016)Google Scholar
  12. 12.
    Cai, C., Weng, J., Liu, J.: Mobile authentication system based on national regulation and NFC technology. In: 2016 IEEE First International Conference on Data Science in Cyberspace (DSC), Changsha, 2016, pp. 590–595 (2016)Google Scholar
  13. 13.
    Van Damme, G., Wouters, K.M., Karahan, H., Preneel, B.: Offline NFC payments with electronic vouchers. In: MobiHeld 2009, Proceedings of the 1st ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds, Barcelona, Spain, 17 August 2009, pp. 25–30 (2009)Google Scholar
  14. 14.
    Edge, M.E., Sampaio, P.R.F., Choudhary, M.: Towards a proactive fraud management framework for financial data streams. In: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC 2007), Columbia, MD, pp. 55–64 (2007)Google Scholar
  15. 15.
    Htat, K.K., Williams, P.A.H., McCauley, V.: Security of ePrescriptions: data in transit comparison using existing and mobile device services. In: ACSW 2017, Proceedings of the Australasian Computer Science Week Multiconference, Article no. 56, Geelong, Australia, 30 January–3 February 03 (2017)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Pinki Prakash Vishwakarma
    • 1
  • Amiya Kumar Tripathy
    • 2
    • 3
  • Srikanth Vemuru
    • 1
  1. 1.Department of Computer Science and EngineeringK L UniversityGunturIndia
  2. 2.Department of Computer EngineeringDon Bosco Institute of TechnologyMumbaiIndia
  3. 3.School of ScienceEdith Cowan UniversityPerthAustralia

Personalised recommendations