Credit Card Fraud Detection System using Hidden Markov Model

Submitted By:

Priyanka Sharma

Credit card Information

• The PCI DSS is the security standard issued by The Payment Card Industry Security Standards Council. • The numbers found on credit cards have a certain amount of internal structure, and share a common numbering scheme.

• Card Verification Value

Credit Card System
• • • • • • Cardholder Card-issuing bank Merchant Acquiring bank Credit Card association Transaction network

Risks Associated with Online Credit Card Transactions
• Neither party can be certain of the other’s identity • The goods ordered may take some time to be delivered. • On delivery, the buyer may discover that the merchandise does not match his expectations. • Losses due to fraud are usually absorbed by merchants, whose burden it is to prevent fraudulent use. • In online payment mode, attackers need only little information for doing fraudulent transaction (secure code, card number, expiration date etc.).

Problems in Online Credit Card Transaction
• • • • • • • Merchant Fraud Individual Fraud Identity theft Skimming Internet Fraud Site cloning Credit card generators

Security Mechanism used in Credit Card Transaction
• Internet Keyed Payment (iKP) is a family of online payment protocols built on existing Authorization and clearing system of credit cards. • iKP allows someone to transmit his credit card number securely over Internet. For this, it uses public key cryptography, which involves public/ private key pairs. iKP uses RSA as public key signature and encryption algorithm. • iKP assumes a Central Certification authority (CCA) to authenticate the public keys of customers, merchants, and the acquirer. • The CCA certifies Alice’s public key by signing her public key, along with information about Alice’s identity, with CCA’s own secret key.

3-D Secure
• 3-D Secure is an XML-based protocol designed to be an added layer of security for online credit and debit card transactions. • It was developed by Visa with the intention of improving the security of Internet payments and offered to customers as the Verified by Visa service. • The protocol uses XML messages sent over SSL connections with client authentication. • A transaction using Verified by Visa/SecureCode will initiate a redirect to the website of the card issuing bank to authorize the transaction. • The Verified by Visa protocol recommends the bank's verification page to load in an inline frame session. In this way, the bank's systems can be held responsible for most security breaches. • In its initial form, 3DS would pop up a password entry form to a bank customer who attempted an online card payment; she would enter a password and, if it was correct, would be returned to the merchant website to complete the transaction.

Need for Fraud Detection System
• Credit card fraud cases are increasing every year. • The only way to detect this kind of fraud is to analyze the spending patterns on every card and to figure out any inconsistency with respect to the “usual” spending patterns. • Since humans tend to exhibit specific behaviorist profiles, every cardholder can be represented by a set of patterns containing information about the typical purchase category, the time since the last purchase, the amount of money spent, etc. • Deviation from such patterns is a potential threat to the system.

Use of HMM for Credit Card Fraud Detection

Existing Fraud Prevention Methods
• Simple Authentication and Detection • Online merchants typically require some additional information to verify credit cards. • The most common is the purchaser’s billing address, which can be verified against the billing address on record with the issuing bank. • Another heuristic is checking to see if the shipping and billing addresses match.

SET and Its Derivatives
• The Secure Electronic Transaction specification16, created jointly by Visa and MasterCard, was developed to facilitate secure online transactions. • It aimed to solve one of the fundamental underlying problems of e-commerce: lack of authentication. • It assigns digital certificates to each participant: consumer, merchant, and banks, using these for mutual authentication at each step.

Single-use Card Number
• The one-time numbers are generated by the bank on behalf of cardholders to be used for a single purchase, after which time the number cannot be reused. • Cardholders can substitute the single-use number for the number on their physical card and hence keep the physical card number secret from on-line merchants. • It limits the damage caused by databases being hacked.

Hidden Markov Model
• A Hidden Markov Model is a finite set of states • Each state is linked with a probability distribution. • Transitions among these states are governed by a set of probabilities called transition probabilities. • It is only the outcome, not the state that is visible to an external observer.

• Hidden Markov Model (HMM)-based credit card FDS, which does not require fraud signatures and yet is able to detect frauds by considering a cardholder’s spending habit. • The details of items purchased in individual transactions are usually not known to an FDS running at the bank that issues credit cards to the cardholders. • This can be represented as the underlying finite Markov chain, which is not observable.

• Hidden Markov Model will be helpful to find out the fraudulent transaction by using spending profiles of user. • It works on the user spending profiles which can be divided into major three types such as: Lower profile; Middle profile; and Higher profile. • For every credit card, the spending profile is different, so it can figure out an inconsistency of user profile and try to find fraudulent transaction.

An HMM can be characterized [1] by the following:
• N is the number of states in the model. • M is the number of distinct observation symbols per state. The observation symbols correspond to the physical output of the system being modeled. • The state transition probability matrix A = [aij], where aij=P(qt+1=Sj|qt=Si), • The observation symbol probability matrix B =[bj(k)], where bj(k)= P(Vk|Sj) • The initial state probability vector π=[πi], where πi = P(q1 = Si) 1 ≤ i ≤ N • The observation sequence O = O1,O2,O3, . . .OR, where each observation Ot is one of the symbols from V, and • R is the number of observations in the sequence.

• Every user represented by specific patterns of set which containing information about last 10 transaction using credit card. • The set of information contains spending profile of card holder, money spent in every transaction, the last purchase time, category of purchase etc. • In initial stage, model does not have data of last 10 transactions, in that case, model will ask to the cardholder to feed basic information during transaction about the cardholder such as mother name, place of birth, mailing address, email id etc. • Due to feeding of information, HMM model acquired relative data of transaction for further verification of transaction on spending profile of cardholder.

• As business processing of credit card fraud detection system runs on a credit card issuing bank site or merchant site. • Each arriving transaction is submitted to the fraud detection system for verification purpose. • The fraud detection system accept the card details such as credit card number, CVV number, card type, expiry date and the amount of items purchase to validate, whether the transaction is genuine or not

HMM for Credit Card Transaction Processing
• The implementation techniques of Hidden Markov Model in order to detect fraud transaction through credit cards, creates clusters of training set and identify the spending profile of cardholder. • These price ranges can be determined dynamically by applying a clustering algorithm on the values of each cardholder’s transactions. • The sequence of types of purchase is more stable compared to the sequence of transaction amounts. • The reason is that, a cardholder makes purchases depending on his need for procuring different types of items over a period of time. • This, in turn, generates a sequence of transaction amounts. Each individual transaction amount usually depends on the corresponding type of purchase.

Dynamic Generation of Observation Symbols
• For each cardholder, we train and maintain an HMM. • we use K-means clustering algorithm [11, 12] to determine the clusters. K-means is an unsupervised learning algorithm for grouping a given set of data based on the similarity in their attribute (often called feature) values.

Spending Profile of Cardholders
• The spending profile of a cardholder suggests his normal spending behavior. • Cardholders can be broadly categorized into three groups based on their spending habits, namely, high-spending (hs) group, medium-spending (ms) group, and low-spending (ls) group. • Cardholders, who belong to the hs group, normally use their credit cards for buying high priced items. • Then, the spending profile (SP) of the cardholder [26] u is determined as follows: • SP(u)= arg maxi(pi)

• If transaction may be concluded as fraudulent transaction then user must enter security information. • This information is related with credit card (like account number, security question and answer which are provided at the time of registration). • If user entered information will be matched with database information, then transaction will be done securely. • Or else user transaction will be terminated and transferred to online shopping website.

Problems with Secure Socket Layer
• Expired Certificates • Name Mismatches • HTML Frames

Disadvantages of Fraud Prevention Methods
• The Disadvantage of SET is drawback is that additional infrastructure is required at the server and client sides. • Indeed, the additional requirements have led to the de facto death of the SET standard. • Merchants were unwilling to take the financial risk of implementing the new architecture when they were being offered no reduction in liability.

Requirements Specifications
• • • • • Hardware Specification SYSTEM : Pentium IV 2.4 GHz HARD DISK : 120 GB MONITOR : 15 VGA colour RAM : 512 MB

• • • • •

Software Specification Operating system :- Windows XP Professional Front End : - XHTML and CSS Coding Language :- php 4.0 Back-End : - MySql 5.3


• Hidden Markov Model (HMM)-based credit card FDS, which does not require fraud signatures and yet is able to detect frauds by considering a cardholder’s spending habit. • The Fraud Detection System is also scalable for handling vast volumes of transactions processing. The HMM based credit card fraud detection system does not takes long time neither has complex process to perform fraud check like the existing system and it gives better and fast result than existing system. • The relative studies show that the correctness and effectiveness of the proposed system is secure to 80 percent over a broad deviation in the input data.