• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.33-40
• /
• 2016

Credit card is means of payment used like cash in terms of function and its users have increased consistently. With development of Internet and electronic commerce a role as payment method of credit card has been growing. But as the risk which results from centralized information and online increases, credit card fraud is also growing. Card theft and loss are decreasing due to countermeasure of card companies and financial supervisory authorities, while card forge and identity theft are increasing. Recently because of frequent personal information leakage and deregulation of financial security following easy-to-use payment enforcement, customer's anxiety about card fraud is growing. And the increase of card fraud lowers trust on credit system as well as causes social costs. In this paper, the security problems of card operating system are addressed in depth and the measures such as immediate switch to IC card terminals, introduction of new security technology, supervision reinforcement of the authorities are proposed.

• Journal of Digital Convergence
• /
• v.14 no.9
• /
• pp.287-299
• /
• 2016

The electronic transactions over the Internet are growing across the world recently. There have been a lot of identity theft incidents during these online transactions nowaday. Therefore, a high level of identity proofing shall be carried out when using online services to deal with these matter. To prevent this kind of incident, i-PIN was introduced in Korea, which is used as an Internet Personal Identification Number. The i-PIN is designated to provide an online identification of the Internet users. As such, the unique identification numbers are provided to the internet service providers. This paper is to analyze the capabilities that the i-PIN provides, to propose the assurance security model for i-PIN. Furthermore, the security analysis results are presented. The result of this paper can be applicable to improve the applicabilities of the i-PIN.

• Journal of the Korea Convergence Society
• /
• v.2 no.4
• /
• pp.9-14
• /
• 2011

Phishing is an attack to theft an user's identity by masquerading the user or the device. The number of phishing victims are sharply increased due to wide spread use of smart phones and messenger programs. Smart phones can operate various wi-fi based apps besides typical voice call and SMS functions. Generally, the messenger program such as Kakao Talk or Nate On is consisted of client and server functions. Thus, the authentication between the client and the server is essential to communicate securely. In this paper, we propose the messenger authentication protocol safe against smart phone phishing. To protect communications among clients, the proposed method provides message encryption and authentication functions.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.1-11
• /
• 2010

Recently, We have many private information leakage cases through internet which cause social problems and it is impossible to change or update the leaked information, it is also used to the third crime such as identity theft, internet fraud. Hackers are interested in stealing private information for making money, in this point private information leakage problems are constantly increased hereafter. In this paper, I surveyed the authorization model on site registration which is currently used in Korea, and the problem of collecting personal identification number, I proposed policy model of useless method of private information, especially leaked information can not be used anymore in internet.

• Journal of Communications and Networks
• /
• v.13 no.2
• /
• pp.102-112
• /
• 2011

In this paper, we propose a privacy-preserving emergency call scheme, called PEC, enabling patients in life-threatening emergencies to fast and accurately transmit emergency data to the nearby helpers via mobile healthcare social networks (MHSNs). Once an emergency happens, the personal digital assistant (PDA) of the patient runs the PEC to collect the emergency data including emergency location, patient health record, as well as patient physiological condition. The PEC then generates an emergency call with the emergency data inside and epidemically disseminates it to every user in the patient's neighborhood. If a physician happens to be nearby, the PEC ensures the time used to notify the physician of the emergency is the shortest. We show via theoretical analysis that the PEC is able to provide fine-grained access control on the emergency data, where the access policy is set by patients themselves. Moreover, the PEC can withstandmultiple types of attacks, such as identity theft attack, forgery attack, and collusion attack. We also devise an effective revocation mechanism to make the revocable PEC (rPEC) resistant to inside attacks. In addition, we demonstrate via simulation that the PEC can significantly reduce the response time of emergency care in MHSNs.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.1-8
• /
• 2008

Not only the recent hacking techniques are becoming more malicious with the sophisticated technology but also its consequences are bringing more damages as the broadband Internet is growing rapidly. These may include invasion of information leakage, or identity theft over the internet. Its intent is very destructive which can result in invasion of information leakage, hacking, one of the most disturbing problems on the net. This thesis describes the technology of how you can effectively analyze and detect these kind of E-Mail malicious codes. This research explains how we can cope with malicious code more efficiently by detection method.

• Journal of Family Resource Management and Policy Review
• /
• v.10 no.3
• /
• pp.23-43
• /
• 2006

The purpose of this study is to identify the types of consumer problems involving the use of online game services in Korea. This study analyzed the consumer damage cases by age and type that were reported to the Korea Consumer Protection Board (KCPB). The results of this study are as follows: The online game complaints varied by age. In the case of children, most complaints involved phone charging online game fees without parents' consent. There were similarities in the victimization of teens and children according to reason for complaint, handling result and type of damage. However, based on method of charging, mobile phone and credit card payments were causes in the case of teen victimization. Meanwhile, complaints among adults showed more complexity than the previous two groups such as cases relating to online game companies illegally seizing game items and game accounts, and charging fees for unused services caused by identity theft. By type of charging method, most complaints involved phone and mobile phone payments. According to the analysis result of online game victims, the monetary damage of consumers did not differ among socio-demographic variables such as age, residence, gender and occupation but there was difference in the method of charging. In the handling period, differences could be seen by age, year, gender and type of damage.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.213-218
• /
• 2021

This paper proposes a technique for detecting a significant threat that attempts to get sensitive and confidential information such as usernames, passwords, credit card information, and more to target an individual or organization. By definition, a phishing attack happens when malicious people pose as trusted entities to fraudulently obtain user data. Phishing is classified as a type of social engineering attack. For a phishing attack to happen, a victim must be convinced to open an email or a direct message [1]. The email or direct message will contain a link that the victim will be required to click on. The aim of the attack is usually to install malicious software or to freeze a system. In other instances, the attackers will threaten to reveal sensitive information obtained from the victim. Phishing attacks can have devastating effects on the victim. Sensitive and confidential information can find its way into the hands of malicious people. Another devastating effect of phishing attacks is identity theft [1]. Attackers may impersonate the victim to make unauthorized purchases. Victims also complain of loss of funds when attackers access their credit card information. The proposed method has two major subsystems: (1) Data collection: different websites have been collected as a big data corresponding to normal and phishing dataset, and (2) distributed detection system: different artificial algorithms are used: a neural network algorithm and machine learning. The Amazon cloud was used for running the cluster with different cores of machines. The experiment results of the proposed system achieved very good accuracy and detection rate as well.

• Advances in environmental research
• /
• v.12 no.2
• /
• pp.113-122
• /
• 2023

Biometric authentication has become an essential part of modern-day security systems, especially in financial institutions like banks. A face recognition-based ATM is a biometric authentication system, that uses facial recognition technology to verify the identity of bank account holders during ATM transactions. This technology offers a secure and convenient alternative to traditional ATM transactions that rely on PIN numbers for verification. The proposed system captures users' pictures and compares it with the stored image in the bank's database to authenticate the transaction. The technology also offers additional benefits such as reducing the risk of fraud and theft, as well as speeding up the transaction process. However, privacy and data security concerns remain, and it is important for the banking sector to instrument solid security actions to protect customers' personal information. The proposed system consists of two stages: the first stage captures the user's facial image using a camera and performs pre-processing, including face detection and alignment. In the second stage, machine learning algorithms compare the pre-processed image with the stored image in the database. The results demonstrate the feasibility and effectiveness of using face recognition for ATM authentication, which can enhance the security of ATMs and reduce the risk of fraud.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.77-102
• /
• 2015

FinTech service industry has been growing rapidly around the world. It has driven innovation in financial and payment service industry with different channels such as mobile based on Information and Communications Technology (ICT). However, FinTech service is vulnerable to different security threats due to use the valuable data such as personal information and financial information. It is undeniable that collection and use of those information may increase the possibility of identity theft or privacy breach. In this paper will develop a self-checklist for the Simple Payment service users (Privacy Pragmatists) who want to make a rational decision to protect their personal information. The checklist is going to let the users assess the personal information protection by performing the assessment themself when they use the service. The body of this paper is going to analyze the items of the checklist and through the analysis, will suggest a security policy for personal information protection of FinTech service.