• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.25-38
• /
• 2022

With the diversification of payment methods and games, related financial accidents are causing serious problems for users and game companies. Recently, game companies have introduced an Fraud Detection System (FDS) for game payment systems to prevent financial incident. However, FDS is ineffective and cannot provide major evidence based on judgment results, as it requires constant change of detection patterns. In this paper, we analyze abnormal transactions among payment log data of real game companies to generate related features. One of the unsupervised learning models, Autoencoder, was used to build a model to detect abnormal transactions, which resulted in over 85% accuracy. Using X-FDS (Explainable FDS) with XAI-SHAP, we could understand that the variables with the highest explanation for anomaly detection were the amount of transaction, transaction medium, and the age of users. Based on X-FDS, we derive an improved detection model with an accuracy of 94% was finally derived by fine-tuning the importance of features that adversely affect the proposed model.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.631-633
• /
• 2010

본 논문에서 제시하는 통합 관리 지능형 에이전트 기술은 개인정보보호 사고의 원인분석을 통해 도출된 요구기능을 통합 구현하는 기술이다. 본 기술은 PC 및 인터넷 이용자들의 개인정보 침해에 따른 경제적 피해를 줄이고, 안전한 인터넷 문화를 정착하여 인터넷 이용자들의 인터넷 경제활동 활성화에 기여할 뿐만 아니라, 개인정보 노출방지 등을 통해 명의도용 등의 사고를 예방하여 실물경제활동도 촉진하는 효과가 있다. 먼저, 피싱 파밍 등의 개인정보 침해에 대응한 상황인식 기반 피싱 파밍 자동분석 기술을 적용함으로써 인터넷 사이트를 통한 경제활동의 신뢰가 확보되어 인터넷 금융, 온라인 쇼핑몰 등의 인터넷 경제활동을 촉진하게 되며, 개인정보 노출에 따른 피해를 줄임으로써 다양한 형태의 명의도용 사고를 방지할 수 있다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.25-31
• /
• 2015

FinTech(Financial Technology) is defined as the technique to create efficient financial services using IT technologies. FinTech is an innovative technology through IT platform and big data, and is expected to improve the security and problems of the conventional banking system. Domestic financial institutions has introduced the technologies and investment in order to provide safe and effective services to users. However, In the financial environment, information disclosure and security incident has occurred so they has lost the trust from their customers. Moreover new variant of the security threats and attack techniques have occurred. Therefore, in this paper, we designed a authentication scheme for secure payment system in FinTech environment. The proposed study evaluated the stability of the existing security systems with respect to attack methods occurred in the financial environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1319-1328
• /
• 2014

While the recent advance in network system has made it easier to collect and process personal information, the loss of customers, financial companies and even nations is getting bigger due to the leakage of personal information. Therefore, it is required to take a measure to prevent additional damage from the illegal use of leakaged personal information. Currently, financial companies use access control in accordance with job title or position on general documents as well as important documents including personal information. Therefore, even if a documents is confidential, it is possible for a person of the same job title or position to access the document properly. This paper propose setting up security grade of documents to improve current access control system. It will help preventing the leakage of personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1293-1308
• /
• 2014

The cause of privacy extrusion in credit card company at 2014 is usage of the original data in test system. By Electronic banking supervision regulations of the Financial Supervisory Service and Information Security business best practices of Finance information technology (IT) sector, the data to identify the customer in the test system should be used to convert. Following this guidelines, Financial firms use converted customer identificaion data by loading in test system. However, there is some risks that may be introduced unintentionally by user mistake or lack of administrative or technical security in the process of testing. also control and risk management processes for those risks did not studied. These situations are conducive to increasing the compliance violation possibility of supervisory institution. So in this paper, we present and prove the process to eliminate the compliance violation possibility of supervisory institution by controlling and managing the unidentified conversion customer identification data and check the effectiveness of the process.

• Journal of Internet Computing and Services
• /
• v.15 no.1
• /
• pp.157-170
• /
• 2014

As the increase of transaction using mobile banking continues, threat to the mobile financial security is also increasing. Mobile banking service performs the financial transaction using the dedicate application which is made by financial corporation. It provides the same services as the internet banking service. Personal information such as credit card number, which is stored in the mobile banking application can be used to the additional attack caused by a malicious attack or the loss of the mobile devices. Therefore, in this paper, to cope with the mobile financial accident caused by personal information exposure, we suggest outlier detection method which can judge whether the transaction is conducted by the appropriate user or not. This detection method utilizes the user's input patterns and transaction patterns when a user uses the banking service on the mobile devices. User's input and transaction pattern data involves the information which can be used to discern a certain user. Thus, if these data are utilized appropriately, they can be the information to distinguish abnormal transaction from the transaction done by the appropriate user. In this paper, we collect the data of user's input patterns on a smart phone for the experiment. And we use the experiment data which domestic financial corporation uses to detect outlier as the data of transaction pattern. We verify that our proposal can detect the abnormal transaction efficiently, as a result of detection experiment based on the collected input and transaction pattern data.

• The Journal of Society for e-Business Studies
• /
• v.27 no.2
• /
• pp.65-77
• /
• 2022

Due to the recent development in electronic financial services, transactions of electronic prepayment are rapidly growing, leading to growing fraud attempts. This paper proposes a methodology that can effectively detect fraud transactions in electronic prepayment by machine learning algorithms, including support vector machines, decision trees, and artificial neural networks. Actual transaction data of electronic prepayment services were collected and preprocessed to extract the most relevant variables from raw data. Two different approaches were explored in the paper. One is a transaction-based approach, and the other is a user ID-based approach. For the transaction-based approach, the first model is primarily based on raw data features, while the second model uses extra features in addition to the first model. The user ID-based approach also used feature engineering to extract and transform the most relevant features. Overall, the user ID-based approach showed a better performance than the transaction-based approach, where the artificial neural networks showed the best performance. The proposed method could be used to reduce the damage caused by financial accidents by detecting and blocking fraud attempts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1207-1217
• /
• 2013

This study utilizes raw data from "Research on the actual condition of firms' information security" of KISA (2010) and constructs panel dataset to analyze a causal relationship between information security investment and security breach. Using Difference in Difference estimation method we find the following results. First, while the usual causality that information security investment reduces security breach is not supported, the reverse causality that security breach increases information security investment is well explained. Second, contrary to the conventional wisdom, firms in the finance/insurance business sector show the most significant reverse causality pattern.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.451-455
• /
• 2012

In this paper, Nateon, MSN Messenger, including how to hack into the most intimate acquaintance formed as follows, for hacking (keyloggers, remote monitoring, etc.) by sending a bank and ID, PW, certificate, security card, etc. personal financial information obtained after the withdrawal of the account balance to have a personal financial analysis infringement attack vulnerable elements found in internet banking, the vulnerabilities and countermeasures concerning the prevention of accidents, including violations by seeking a more secure Internet banking personal Internet Banking is to devise a deal.

• Convergence Security Journal
• /
• v.16 no.1
• /
• pp.81-87
• /
• 2016

In this paper, we propose a forgery/falsification detection technique of web site using the images. The proposed system captures images of the web site when a user accesses to the forgery/falsification web site that has the financial information deodorizing purpose. The captured images are compared with those of normal web site images to detect forgery/falsification. The proposed system calculates similarity factor of normal site image with captured one to detect whether the site is normal or not. If it is determined as normal, analysis procedure is finished. But if it is determined as abnormal, a message informs the user to prevent additional financial information spill and further accidents from the forgery web site.