• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1179-1195
• /
• 2018

Recently, a variety of attacks on web services have been occurring through a multiple access environment such as PC, tablet, and smartphone. These attacks are causing various subsequent damages such as online fraud transactions, takeovers and theft of accounts, fraudulent logins, and information leakage through web service vulnerabilities. Creating a new fake account for Fraud attacks, hijacking accounts, and bypassing IP while using other usernames or email addresses is a relatively easy attack method, but it is not easy to detect and block these attacks. In this paper, we have studied a method to detect online fraud transaction and obsession by identifying and managing devices accessing web service using web-based device fingerprinting. In particular, it has been proposed to identify devices and to manage them by scoring process. In order to secure the validity of the proposed scheme, we analyzed the application cases and proved that they can effectively defend against various attacks because they actively cope with online fraud and obtain visibility of user accounts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.133-146
• /
• 2015

Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.

• The Journal of Society for e-Business Studies
• /
• v.26 no.3
• /
• pp.21-32
• /
• 2021

Due to the recent development in electronic financial services, transactions of electronic prepayment are rapidly increasing. The increased transactions of electronic prepayment, however, also leads to the increased fraud attempts. It is mainly because electronic prepayment can easily be converted into cash. The objective of this paper is to develop a methodology that can effectively detect fraud transactions in electronic prepayment, by using sequential pattern mining techniques. To validate our approach, experiments on real transaction data were conducted and the applicability of the proposed method was demonstrated. As a result, the accuracy of the proposed method has been 95.6 percent, showing that the proposed method can effectively detect fraud transactions. The proposed method could be used to reduce the damage caused by the fraud attempts of electronic prepayment.

• 한국경영정보학회:학술대회논문집
• /
• 2007.06a
• /
• pp.699-704
• /
• 2007

In this study, we examine why there exist different legal systems in electronic commerce or online financial trading. When a fraud online transaction occurs and the online customer disputes the transaction, the online customer takes responsibility for the proof of her/his argument in many European countries while in the U.S., the burden of proof lays on the firm. This paper analyzes how these two different legal systems exist and how these can be applied to electronic commerce law. In particular, this paper intends to find the optimal level of e-commerce firms' investment on security and analyzes how security investments can be related to firm's profits and consumer's welfare depending on IT infrastructure and social trust environment. More on, this paper can be contributed to provide guidelines for regulatory framework on ecommerce online transactions and discuss social welfare implications.

• Journal of the Korean Society for Industrial and Applied Mathematics
• /
• v.27 no.4
• /
• pp.324-341
• /
• 2023

Topological data analysis (TDA) is a data analysis technique, recently developed, that investigates the overall shape of a given dataset. The mapper algorithm is a TDA method that considers the connectivity of the given data and converts the data into a mapper graph. Compared to persistent homology, another popular TDA tool, that mainly focuses on the homological structure of the given data, the mapper algorithm is more of a visualization method that represents the given data as a graph in a lower dimension. As it visualizes the overall data connectivity, it could be used as a prediction method that visualizes the new input points on the mapper graph. The existing mapper packages such as Giotto-TDA, Gudhi and Kepler Mapper provide the descriptive mapper algorithm, that is, the final output of those packages is mainly the mapper graph. In this paper, we develop a simple predictive algorithm. That is, the proposed algorithm identifies the node information within the established mapper graph associated with the new emerging data point. By checking the feature of the detected nodes, such as the anomality of the identified nodes, we can determine the feature of the new input data point. As an example, we employ the fraud credit card transaction data and provide an example that shows how the developed algorithm can be used as a node prediction method.

• Advances in environmental research
• /
• v.12 no.2
• /
• pp.113-122
• /
• 2023

Biometric authentication has become an essential part of modern-day security systems, especially in financial institutions like banks. A face recognition-based ATM is a biometric authentication system, that uses facial recognition technology to verify the identity of bank account holders during ATM transactions. This technology offers a secure and convenient alternative to traditional ATM transactions that rely on PIN numbers for verification. The proposed system captures users' pictures and compares it with the stored image in the bank's database to authenticate the transaction. The technology also offers additional benefits such as reducing the risk of fraud and theft, as well as speeding up the transaction process. However, privacy and data security concerns remain, and it is important for the banking sector to instrument solid security actions to protect customers' personal information. The proposed system consists of two stages: the first stage captures the user's facial image using a camera and performs pre-processing, including face detection and alignment. In the second stage, machine learning algorithms compare the pre-processed image with the stored image in the database. The results demonstrate the feasibility and effectiveness of using face recognition for ATM authentication, which can enhance the security of ATMs and reduce the risk of fraud.

• Journal of Arbitration Studies
• /
• v.18 no.2
• /
• pp.173-199
• /
• 2008

A letter of credit transaction of the preexistence have been raising one's head fraud charge problem as a result of abusing the principles of independence and abstraction. Every society has certain rules and conventions which it regards as important and most of people in any society. The paper document means a document in a traditional paper form. The eUCP credit must specify the formats in which electronic records are to be presented. In these present times, the issuance of documentary credit are performed by the SWIFT(Society for Worldwide Inter bank Financial Telecommunication) system. The eUCP have been written to allow for presentation completely electronically or for a mixture of paper documents and electronic presentation. Presentation is deemed not to have been made if the Beneficiary's notice is not received. An electronic record that cannot be authenticated is deemed not to have been presented. The e-UCP is the supplement of current existing UCP but is superior to UCP under some circumstances. The document shall include an electronic record. The place for presentation of electronic records means an electronic address. The current e-UCP is not clear on this matter. We have to note followings in case of presenting the documents electronically and applying the e-UCP. There are three principles in the letter of credit transaction, that is to say, independence and abstraction, document dealing, strict compliance. IN the electronic letter of credit, these principles are called as independence and abstraction, electronic document dealing, strict compliance.

• Journal of Arbitration Studies
• /
• v.22 no.3
• /
• pp.119-139
• /
• 2012

In the case of Banque Paribas V. Banco Santander in England for the reimbursement request of deferred payment credit by the nominated bank, the L/C-issuing bank refused to pay the proceeds at maturity because of a fraudulent transaction. The reason of refusal was that the nominated bank, Banco Santander, had no right of payment in deferred credit before its maturity if it made payment of proceeds without notice to the issuing bank, that is, payment not based upon a credit transaction but on its own account. However, in the case of ADIB V. Fortis Bank in America, the New York court made the decision that the deferred payment bank could not refuse to reimburse to the nominated bank, Fortis Bank, because of fraud. Its decision was based on the UCP600. We have analyzed and investigated the above two cases-one was an English court's decision and the other an American's. The English court's decision was made under UCP500, but the American court's was made under UCP600, which was revised in 2007. As a result, we can expect that from now on in deferred payment credit transactions, the power of the nominated bank will be greater than before, but the issuing bank will bear the risk of the beneficiary's fraud, so the issuing bank will be hesitant to issue deferred payment credit. Notwithstanding, we thought that the New York court decision would come into effect in the activation of deferred payment credit in practical trade transactions.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.42
• /
• pp.133-160
• /
• 2009

In International trade the buyer and seller are normally separated from on another not only by distance but also by differences in language and culture. It is rarely possible for the performance of obligations to be simultaneous and the performance of contracts therefore calls for trust in a situation in which the parties are unlikely to feel able to trust each other unless they have a longstanding and successful relationship. Thus the seller under an international contract of sale will not wish to surrender documents of title to goods to the buyer until he has at least an assurance of payment, and no buyer will wish to pay for goods until he has received them. A gap of distrust thus exists which is often bridged by the undertaking of an intermediary known and trusted by both parties who will undertake on his own liability to pay the seller the contract price in return for the documents of title and then pass the documents to the buyer in return for the reimbursement. This is a common explanation of the theory behind the documentary letter of credit in which the undertaking of a bank of international repute serves as a "guarantee" to each party that the other will perform his obligations. The independence principle, also referred to as the "autonomy principle", is at the core of letter of credit or bank guarantee law. This principle provides that the letter of credit or bank guarantee is independent of the underlying contractual commitment - that is, the transaction that the credit is intented to secure - between the applicant and the beneficiary ; the credit is also independent of the relationship between the bank and its customer, the applicant. The most important exception to the independence principle is the doctrine of fraud in the transaction. A strict interpretation of the rule that the guarantee is independent of the underlying transaction would lead to the conclusion that neither fraud nor manifest abuse of rights by the beneficiary would constitute an objection to payment. There is one major problem related to "Independent guarantees", namely abusive or unfair callings. The beneficiary may make an unfair calling under the guarantee. The countermeasure of beneficiary's unfair calling divided three cases. First, advance countermeasure namely by contract. In other words, when the formation of the contract, the parties must insert the Force Majeure Clause, Arbitration Clause to Contract, and clear statement to the condition for demand calling. Second, post countermeasure namely by court. Many countries, including the United States, authorize the courts to grant an order enjoining the issuer from paying or enjoining the beneficiary from receiving payment under the guaranty letter. Third, Export Insurance. For example, the Export Credit Guarantees Department is prepared, subject to certain conditions, to cover the risk of unfair calling. Of course, KEIC in Korea is cover the risk of the all things for guarantees. On international projects, contractor performance is usually guaranteed by either a standby letters of credit or Independent guarantee. These instruments will be care the parties.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1175-1186
• /
• 2015

Financial fraud has been increasing along with credit card usage. Magnetic stripe cards have vulnerabilities in that credit card information is exposed in plaintext and cardholder verification is untrustworthy. So they have been replaced by a smart card scheme to provide enhanced security. Furthermore, the FinTech that combines the IT with Financial product is being prevalent. For that reason, many mobile device based payment schemes have been proposed for card present transaction. In this paper, we propose a virtual credit card number payment scheme based on public key system for efficient authentication in card present transaction. Our proposed scheme is able to authenticate efficiently in card present transaction by pre-registering virtual credit card number based on cardholder's public key without PKI. And we compare and analyze our proposed scheme with EMV.