Uploaded byjbashask
DOCX, PDF297 views

Experiment

- The document discusses security issues with online shopping sites and credit card transactions, and existing security measures that have limitations. It then describes an experiment to develop a new architecture that focuses on data security. - The architecture encrypts data transmitted in the browser so it appears meaningless even if intercepted. Only the server can decrypt the data. Encryption keys and algorithms vary for each user profile and request, making stolen data unusable. - Testing with security tools found the new architecture had no vulnerabilities, improving on existing industry standards. The architecture aims to make transmitted data tamper-proof.

Embed presentation

Downloaded 13 times
Our Experiment DescriptionIndex Online Shopping Sites, their concern for Security. Existing Security Measures in the Market. Existing counter measures in Credit Card Transactions. Ratio of Counterfeit Frauds. Industry counter measures for Counterfeit Frauds. Encryption/Decryption Techniques and their limitations. What is lacking? Existing Practices for Data Security. Our Experiment. Our Architecture Overview. About Acunetix Tool. Reports Generated by Acunetix Tool.Online Shopping Sites, their concern for SecurityData Security is the major concern for all the online shopping sites where each transaction happens through online using Credit Cards or Debit Cards For all major Banking Sites and Shopping Cart Sites, securing transactions is a major issue where the credit card or debit card details are to be maintained confidential. For this concern, all these merchants are using various tools which provides security for the transactions. Though there are many tools available in the market, still the probability of frauds happening is more as these tools are not capable enough to handle the transactions by securing the actual card data. For this reason we find a large amount of fraudulent transactions happening throughout the world due to data theft and other types of hacking techniques. The current scenario in the market is to provide proper security for the data so that if data transmission is secure then there would be minimum scope for the frauds to happen.Existing Security Measures in the MarketThere are many tools available today in the market which are providing security for all the online card based transactions. Some of the tools like Vfraud, or the sites like PayPal, Paisa Pay are well known in the market. Almost all the existing security systems are using HTTPS protocols as well as different Encryption/Decryption techniques. Digital Certificate is also one of the security that is being used by all the sites throughout the internet. Most of the merchants like eBay, Sify shopping, India Times shopping etc are taking the support of PayPal or Paisa Pay to secure their transactions. Though, so many methodologies are in use by in the market, all these practices are common in every product and every tool. Existing counter measures in Credit Card TransactionsAll the Tools that are available in the market are using the concept of Filters. These filters are nothing but different layers through which data flows during the card transactions. There are various filters available in the market which filters the data based on the Geographical criteria's as well as the number of transactions made on that particular card. These layers can identify and filter the transactions when duplicate cards or duplicate card data is being used during any card transaction. There are many products releasing in the market, which has more robust filters embedded, but still these filters are unable to identify the fraud even after providing the genuine details of credit card. These types of transaction are the root cause for Counterfeit Frauds which are very high and are the major concern in the market.What is a Counterfeit Fraud?Duplicating the Credit / Debit cards by stealing the card data from the magnetic stripes is called as Counterfeiting. In Counterfeiting either the fraudster uses a counterfeit card made from the stolen data or uses a stolen card itself. The information travelling through the secure channels remain the same as that of a genuine card even though all the filters are activated. Hence as there are no such products in the market which can identify the counterfeit cards, the percentage of Counterfeit Frauds is more as compared to all the other types of fraud.Hence it has been a high concern for all the merchants, banks and the customers that the counterfeit frauds should be minimized.Industry counter measures for Counterfeit FraudsSome of the Industry counter measures for the counterfeit cards areEncryption/ Decryption and Hash Address Verification SystemGeography profile of Billing Address and Shipping Address.Etc…..However many of the techniques currently being recommended or used by banks or other financial sectors are either outdated or as the technical sophistication of the fraudsters has evolved, are vulnerable to getting compromisedFor example in recent years there were successful attempts to break some of the very strong encryption techniques like DES. Also now hackers are maintaining their private centralized databases containing large collection of combination of hash and its alphabet profileAlso hackers or fraudsters have become so skillful that they can dynamically tamper with the secure data in transit or can compromise a user’s system.In offline cases where card is physically present, fraudsters are coming up with efficient new techniques like magnetic card readers , postal tweaks and some time even have dare to phone the target and represent themselves as bank card officers and try to sneak out information from the target without his knowledge.Tamper Data is one of the tools available which can tamper the data that is being entered in the most secured sites like Citibank, HDFC Bank etcHence the counter measures already in practice are also not completely successful in reducing the counterfeit frauds. Some of the Industry counter measures for the counterfeit cards are using different encryption/decryption techniques or using some data value pairs in order to verify the card user’s genuineness.Some of the measures like verifying the Billing Address and the Shipping Address to be the same are also in practice.Though these counter measures are taken care it is not always possible to verify the Billing and the Shipping address as there are so many sites which gives the facility for the instant download, where there is no point of shipping address.Even the data value pairs technique which is being used by many of the banking sites is not so secure as it could be captured by some of the sniffing tools installed in the system.Tamper Data is one of such tools available which can tamper the data that is being entered in the most secured sites like Citibank, HDFC Bank etc.Hence the counter measures already in practice are also not completely successful in reducing the counterfeit frauds. Sample using Tamper Data Tool on citibank siteSample using Tamper Data Tool on citibank siteOriginal Data EnteredOriginal Data Entered11© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on citibank siteSample using Tamper Data Tool on citibank siteTampered Data12© ADLUX CONSULTANCY SERVICES PVT. LTD. Man in the Middle Attack (False Certificate)This diagram represents how Man in the Middle attack happens by using False Certificate and steal the user Credentials. (In our architecture even if Man in the Middle attack happens and the intruder steals the user data, the data remains useless as this data could only be decrypted by our server)Encryption/Decryption Techniques and their limitationsAll the tools that are using encryption decryption techniques are using some of the common standard encryption algorithms which have been identified by the industry through years. None of the latest tools or the banking sites are using any new encryption logics apart from the old standard ones for which the decryption tools are also available in the internet as freeware. Any data that is encrypted using some encryption algorithm could be decrypted by the key. If this key is stolen or if this data is captured in the internet, this data could be decrypted and used to make counterfeit frauds. So, finally what is lacking in the whole scenario is the Data Security. For every transaction, data is the major input and as long as the data is not secured, the scope for the frauds is always open. In our entire research we found that all the tools that are existing in the market are only concentrating on filters. There is no such tools in the existing market which mainly concentrates on how to secure the data throughout the transit.Our ExperimentLooking at all the aforesaid scenarios and the causes for the frauds, we have experimented with an architecture which mainly concentrates on the data security. Our main aim is to make the data tamper proof so that even if the data that is transmitted by our architecture is captured makes no sense to the other party. We mainly experimented on Protecting data in the transit through the internet by encrypting the whole page, so that even if some hackers tries to view the source, the page is totally encrypted so that, the source that the hacker can view makes no sense and has no direct relationship with the actual data that is present in the page. We are also experimenting in the URL and Session Profiling in order to safeguard the data from external script or data injecting. With our experiment to make the data tamper proof, we ensured the security of data to the maximum extent after creating various layers of wrappers around the data.Our Architecture OverviewY is the encrypted data sent to the browser, and is visible to the user as X using Images. The value for X is stored as Y in the server for each profile for each request and changes dynamically for each profile and only the server can understand the meaning of Y. Our Architecture OverviewBrowserX - Actual DataY – Encrypted DataY – Encrypted Data Generated by our architecture using X – Actual Data as inputGenerated Using0 Dynamic Encrypted AlgorithmsNGenerated Using0 Dynamic Seeds*NYUser Enters Data through Browser.*A Seed is a dynamic number based on which the encryption algorithm is chosen.16© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on Our ArchitectureSample using Tamper Data Tool on Our ArchitectureOriginal Data Entered(Actual Architecture)Encrypted Architecture17© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on Our ArchitectureTampered Data (Encrypted – Meaning less)18© ADLUX CONSULTANCY SERVICES PVT. LTD. Moreover as a extra level of security the whole page content will be fill with numbers with no logic/method ,it will be only understandable by the browser compiler only(c)ADLUX CONSULTANCY SERVICES PVT. LTD. 19(c)ADLUX CONSULTANCY SERVICES PVT. LTD. 20About Acunetix ToolAcunetix is a web site scanning tool which scans a given website for all the types of possible vulnerabilities. This tool scans and tests the websites by sending large amount of different types of requests to verify the standards and the security of the wrappers around the site. This tool even checks for the security of the website by using various hacking techniques available in the market and generates reports stating the strength and weaknesses of the website. This tool attacks the websites using various techniques to verify the stability of the website or any other online tools. In the report generated by this tool, it describes about the risks and categorizes them as high, middle, low and informational risks. This tool scans for all the vulnerabilities according to the existing industry standards. Though our main criteria was data security, we even mitigated our architecture which can satisfy the industry standards. We have tested our architecture using this tool and found ‘0’ vulnerabilities. (All the Reports are attached in the next slide) We have also scanned some of the famous sites to check the standards of the tool and also to compare with our product. Reports Generated by Acunetix ToolIRCTC ReportScotia Bank ReporteBay ReportSecured Shopping Cart Application (Our Architecture)22© ADLUX CONSULTANCY SERVICES PVT. LTD. ConclusionBased on our architecture, all the data that would be transmitted is always secure and remains useless even if any intruder gets it, as the encrypted data changes for every request and for every profile as explained in the architecture. Based on the reports by Acunetix tool, our testers and also third party people who worked on breaking our architecture, declared it to be tamper proof. Furthermore we are still making R & D on enhancing this architecture and working towards building a robust solution.
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment

More Related Content

PPTX
Reducing cardholder data footprint with tokenization and other techniques
byVISTA InfoSec
 
PPT
CREDITSEC - Next Generation Credit Card Security
byRahul Tyagi
 
DOCX
Preventing Internet Fraud By Preventing Identity Theft
byDiane M. Metcalf
 
PDF
Payment Tokenization
byHamid Ghorbani
 
PDF
A deep walk on the dark side of information security
byDATA SECURITY SOLUTIONS
 
PPTX
Encryption and Tokenization: Friend or Foe?
byZach Gardner
 
PDF
Tokenization
byCentury Business Solutions
 
PPTX
Analysis of-credit-card-fault-detection
byJustluk Luk
 
Reducing cardholder data footprint with tokenization and other techniques
byVISTA InfoSec
 
CREDITSEC - Next Generation Credit Card Security
byRahul Tyagi
 
Preventing Internet Fraud By Preventing Identity Theft
byDiane M. Metcalf
 
Payment Tokenization
byHamid Ghorbani
 
A deep walk on the dark side of information security
byDATA SECURITY SOLUTIONS
 
Encryption and Tokenization: Friend or Foe?
byZach Gardner
 
Tokenization
byCentury Business Solutions
 
Analysis of-credit-card-fault-detection
byJustluk Luk
 

What's hot

PDF
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
byrahulmonikasharma
 
PDF
Dynamag by MagTek
by2FA, Inc.
 
PDF
IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
by1crore projects
 
DOCX
Backup of FinalExam-EssayQ-Mon
byFares Sharif
 
PDF
A Survey of Online Credit Card Fraud Detection using Data Mining Techniques
byIJSRD
 
PDF
White_Papers
byKaushal Kumar
 
PDF
Secure ip payment networks what's available other than ssl - final
byAlex Tan
 
PDF
Blockchain Privacy Innovation Insights from Patents
byAlex G. Lee, Ph.D. Esq. CLP
 
PDF
Blockchain Interoperability Innovation Insights from Patents
byAlex G. Lee, Ph.D. Esq. CLP
 
PPTX
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
byUlf Mattsson
 
PPTX
INTERNET BANKING & SECURITY ANALYSIS
byRAHUL KUMAR
 
PDF
AI, Blockchain, IoT for Finance AT A Glance
byAlex G. Lee, Ph.D. Esq. CLP
 
DOCX
Target@ Data Breach2edit
byKehinde Adelusi
 
DOCX
Gayatri the process of signing your document digitally can be t
byRAHUL126667
 
PDF
Fool Proof: Protecting Digital Identity in the Age of the Data Breach
byPriyanka Aash
 
PPTX
What is tokenization in blockchain?
byUlf Mattsson
 
PDF
Replace The Current Antiquated Credit Card System
byWarren Smith
 
PPTX
Protecting data privacy in analytics and machine learning - ISACA
byUlf Mattsson
 
DOCX
Requirement of PCI-DSS in India.
byCA Priyadarshan Behera
 
PDF
Preventing P2P Fraud with Aite Group
byLaurent Pacalin
 
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
byrahulmonikasharma
 
Dynamag by MagTek
by2FA, Inc.
 
IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
by1crore projects
 
Backup of FinalExam-EssayQ-Mon
byFares Sharif
 
A Survey of Online Credit Card Fraud Detection using Data Mining Techniques
byIJSRD
 
White_Papers
byKaushal Kumar
 
Secure ip payment networks what's available other than ssl - final
byAlex Tan
 
Blockchain Privacy Innovation Insights from Patents
byAlex G. Lee, Ph.D. Esq. CLP
 
Blockchain Interoperability Innovation Insights from Patents
byAlex G. Lee, Ph.D. Esq. CLP
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
byUlf Mattsson
 
INTERNET BANKING & SECURITY ANALYSIS
byRAHUL KUMAR
 
AI, Blockchain, IoT for Finance AT A Glance
byAlex G. Lee, Ph.D. Esq. CLP
 
Target@ Data Breach2edit
byKehinde Adelusi
 
Gayatri the process of signing your document digitally can be t
byRAHUL126667
 
Fool Proof: Protecting Digital Identity in the Age of the Data Breach
byPriyanka Aash
 
What is tokenization in blockchain?
byUlf Mattsson
 
Replace The Current Antiquated Credit Card System
byWarren Smith
 
Protecting data privacy in analytics and machine learning - ISACA
byUlf Mattsson
 
Requirement of PCI-DSS in India.
byCA Priyadarshan Behera
 
Preventing P2P Fraud with Aite Group
byLaurent Pacalin
 

Similar to Experiment

PDF
Review on Fraud Detection in Electronic Payment Gateway
byIRJET Journal
 
PDF
Online Secure payment System using shared Images
byIRJET Journal
 
PPTX
Sgsits cyber securityworkshop_4mar2017
byAnil Jain
 
PDF
The International Journal of Engineering and Science (The IJES)
bytheijes
 
PPTX
Insecure Transactions
byTyson Kopczynski
 
PDF
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
byStefano Amorelli
 
PPT
Naccu Card Fraud And Identity Theft
bymherr_riskconsult
 
PDF
Cyber fraud in banks
byNetwork Intelligence India
 
PPT
Vormetric data security complying with pci dss encryption rules
byVormetric Inc
 
PPT
CNP Payment Fraud and its Affect on Gift Cards
byChristopher Uriarte
 
PPTX
The DNA of Online Payments Fraud
byChristopher Uriarte
 
PPT
Introduction to Computer Forensics & Cyber Security
bypivisoc989
 
PPT
Understanding the Card Fraud Lifecycle : A Guide For Private Label Issuers
byChristopher Uriarte
 
PDF
TISA Pro-Talk_1-2554-K.Sommai_pci-dss
byTISA
 
PDF
Ce hv6 module 58 credit card frauds
byVi Tính Hoàng Nam
 
PDF
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
byijmnct
 
PDF
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
byijmnct
 
PDF
The Target Breach – Follow The Money
byResilient Systems
 
PDF
How Banks Detect and Fight Dumps and CVV2 Fraud in Real Time?
byB Club
 
PDF
Life As A Fraudster: Carding 101
byKount
 
Review on Fraud Detection in Electronic Payment Gateway
byIRJET Journal
 
Online Secure payment System using shared Images
byIRJET Journal
 
Sgsits cyber securityworkshop_4mar2017
byAnil Jain
 
The International Journal of Engineering and Science (The IJES)
bytheijes
 
Insecure Transactions
byTyson Kopczynski
 
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
byStefano Amorelli
 
Naccu Card Fraud And Identity Theft
bymherr_riskconsult
 
Cyber fraud in banks
byNetwork Intelligence India
 
Vormetric data security complying with pci dss encryption rules
byVormetric Inc
 
CNP Payment Fraud and its Affect on Gift Cards
byChristopher Uriarte
 
The DNA of Online Payments Fraud
byChristopher Uriarte
 
Introduction to Computer Forensics & Cyber Security
bypivisoc989
 
Understanding the Card Fraud Lifecycle : A Guide For Private Label Issuers
byChristopher Uriarte
 
TISA Pro-Talk_1-2554-K.Sommai_pci-dss
byTISA
 
Ce hv6 module 58 credit card frauds
byVi Tính Hoàng Nam
 
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
byijmnct
 
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
byijmnct
 
The Target Breach – Follow The Money
byResilient Systems
 
How Banks Detect and Fight Dumps and CVV2 Fraud in Real Time?
byB Club
 
Life As A Fraudster: Carding 101
byKount
 

Recently uploaded

PDF
How to Buy Verified Cash App Accounts in Bulk.pdf
bymarketing
 
DOCX
_Bank of America Setup Made Simple — Walkthroughs & One-on-One Support.docx
bymarketing
 
PDF
What We Learned Running the Commercial HackathonSF — TokenizedOilFi Goals & O...
byTatianaSF.com
 
PPT
Investment Multiplier and its effect.ppt
bysowmyaseco
 
DOCX
Open a Bank of America Advantage Savings Account Online.docx
bymarketing
 
PDF
“Stop Letting Banks Control You — Buy a Self Bank Account and Take Charge”.pdf
bymarketing
 
PDF
Lundin Gold November 2025 Corporate Presentation
byAdnet Communications
 
PPTX
Nature and Scope of Managerial Economics
byDr. Baranipriya A
 
DOCX
How to Buy Verified Cash App Accounts in Bulk.pdf.docx
bymarketing
 
PDF
Buy Verified Binance Accounts Safely 9.99.pdf
bymarketing
 
PDF
New world order according to Forbs Contact Us
bygeraldsabinus
 
PPTX
9th Nov'25_Repco Home - Alpha Ideas 20-20 meet 2025.pptx
byKatalyst Wealth
 
PDF
How Technology is Changing the Way Woodwind Instruments are Played and Preserved
byMusicInsuranceCompany
 
PDF
Navigating Your Financial Journey: Practical Strategies for Life Stage Success
byMatt Dixon
 
PDF
Unit 1: format of Financial Statement .pdf
bybharath321164
 
DOCX
How to Safely Buy Verified Zelle Accounts Online - Fabble.docx
bycucfuc315
 
PPTX
Chapter-2.pptx.pptxSay Malaysia places a strict quota on goods imported from ...
byseowyen2003
 
DOCX
Best Top ____Apple pay_____ Account.docx
bymarketing
 
PPTX
IFRS & DIGITAL TRANSFORMATION IN ACCOUNTING.pdf
bybharath321164
 
PPT
Strategic management. external audit.ppt
byleyliallaberdievaa
 
How to Buy Verified Cash App Accounts in Bulk.pdf
bymarketing
 
_Bank of America Setup Made Simple — Walkthroughs & One-on-One Support.docx
bymarketing
 
What We Learned Running the Commercial HackathonSF — TokenizedOilFi Goals & O...
byTatianaSF.com
 
Investment Multiplier and its effect.ppt
bysowmyaseco
 
Open a Bank of America Advantage Savings Account Online.docx
bymarketing
 
“Stop Letting Banks Control You — Buy a Self Bank Account and Take Charge”.pdf
bymarketing
 
Lundin Gold November 2025 Corporate Presentation
byAdnet Communications
 
Nature and Scope of Managerial Economics
byDr. Baranipriya A
 
How to Buy Verified Cash App Accounts in Bulk.pdf.docx
bymarketing
 
Buy Verified Binance Accounts Safely 9.99.pdf
bymarketing
 
New world order according to Forbs Contact Us
bygeraldsabinus
 
9th Nov'25_Repco Home - Alpha Ideas 20-20 meet 2025.pptx
byKatalyst Wealth
 
How Technology is Changing the Way Woodwind Instruments are Played and Preserved
byMusicInsuranceCompany
 
Navigating Your Financial Journey: Practical Strategies for Life Stage Success
byMatt Dixon
 
Unit 1: format of Financial Statement .pdf
bybharath321164
 
How to Safely Buy Verified Zelle Accounts Online - Fabble.docx
bycucfuc315
 
Chapter-2.pptx.pptxSay Malaysia places a strict quota on goods imported from ...
byseowyen2003
 
Best Top ____Apple pay_____ Account.docx
bymarketing
 
IFRS & DIGITAL TRANSFORMATION IN ACCOUNTING.pdf
bybharath321164
 
Strategic management. external audit.ppt
byleyliallaberdievaa
 

Experiment

  • 1.
    Our Experiment DescriptionIndex Online Shopping Sites, their concern for Security. Existing Security Measures in the Market. Existing counter measures in Credit Card Transactions. Ratio of Counterfeit Frauds. Industry counter measures for Counterfeit Frauds. Encryption/Decryption Techniques and their limitations. What is lacking? Existing Practices for Data Security. Our Experiment. Our Architecture Overview. About Acunetix Tool. Reports Generated by Acunetix Tool.Online Shopping Sites, their concern for SecurityData Security is the major concern for all the online shopping sites where each transaction happens through online using Credit Cards or Debit Cards For all major Banking Sites and Shopping Cart Sites, securing transactions is a major issue where the credit card or debit card details are to be maintained confidential. For this concern, all these merchants are using various tools which provides security for the transactions. Though there are many tools available in the market, still the probability of frauds happening is more as these tools are not capable enough to handle the transactions by securing the actual card data. For this reason we find a large amount of fraudulent transactions happening throughout the world due to data theft and other types of hacking techniques. The current scenario in the market is to provide proper security for the data so that if data transmission is secure then there would be minimum scope for the frauds to happen.Existing Security Measures in the MarketThere are many tools available today in the market which are providing security for all the online card based transactions. Some of the tools like Vfraud, or the sites like PayPal, Paisa Pay are well known in the market. Almost all the existing security systems are using HTTPS protocols as well as different Encryption/Decryption techniques. Digital Certificate is also one of the security that is being used by all the sites throughout the internet. Most of the merchants like eBay, Sify shopping, India Times shopping etc are taking the support of PayPal or Paisa Pay to secure their transactions. Though, so many methodologies are in use by in the market, all these practices are common in every product and every tool. Existing counter measures in Credit Card TransactionsAll the Tools that are available in the market are using the concept of Filters. These filters are nothing but different layers through which data flows during the card transactions. There are various filters available in the market which filters the data based on the Geographical criteria's as well as the number of transactions made on that particular card. These layers can identify and filter the transactions when duplicate cards or duplicate card data is being used during any card transaction. There are many products releasing in the market, which has more robust filters embedded, but still these filters are unable to identify the fraud even after providing the genuine details of credit card. These types of transaction are the root cause for Counterfeit Frauds which are very high and are the major concern in the market.What is a Counterfeit Fraud?Duplicating the Credit / Debit cards by stealing the card data from the magnetic stripes is called as Counterfeiting. In Counterfeiting either the fraudster uses a counterfeit card made from the stolen data or uses a stolen card itself. The information travelling through the secure channels remain the same as that of a genuine card even though all the filters are activated. Hence as there are no such products in the market which can identify the counterfeit cards, the percentage of Counterfeit Frauds is more as compared to all the other types of fraud.Hence it has been a high concern for all the merchants, banks and the customers that the counterfeit frauds should be minimized.Industry counter measures for Counterfeit FraudsSome of the Industry counter measures for the counterfeit cards areEncryption/ Decryption and Hash Address Verification SystemGeography profile of Billing Address and Shipping Address.Etc…..However many of the techniques currently being recommended or used by banks or other financial sectors are either outdated or as the technical sophistication of the fraudsters has evolved, are vulnerable to getting compromisedFor example in recent years there were successful attempts to break some of the very strong encryption techniques like DES. Also now hackers are maintaining their private centralized databases containing large collection of combination of hash and its alphabet profileAlso hackers or fraudsters have become so skillful that they can dynamically tamper with the secure data in transit or can compromise a user’s system.In offline cases where card is physically present, fraudsters are coming up with efficient new techniques like magnetic card readers , postal tweaks and some time even have dare to phone the target and represent themselves as bank card officers and try to sneak out information from the target without his knowledge.Tamper Data is one of the tools available which can tamper the data that is being entered in the most secured sites like Citibank, HDFC Bank etcHence the counter measures already in practice are also not completely successful in reducing the counterfeit frauds. Some of the Industry counter measures for the counterfeit cards are using different encryption/decryption techniques or using some data value pairs in order to verify the card user’s genuineness.Some of the measures like verifying the Billing Address and the Shipping Address to be the same are also in practice.Though these counter measures are taken care it is not always possible to verify the Billing and the Shipping address as there are so many sites which gives the facility for the instant download, where there is no point of shipping address.Even the data value pairs technique which is being used by many of the banking sites is not so secure as it could be captured by some of the sniffing tools installed in the system.Tamper Data is one of such tools available which can tamper the data that is being entered in the most secured sites like Citibank, HDFC Bank etc.Hence the counter measures already in practice are also not completely successful in reducing the counterfeit frauds. Sample using Tamper Data Tool on citibank siteSample using Tamper Data Tool on citibank siteOriginal Data EnteredOriginal Data Entered11© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on citibank siteSample using Tamper Data Tool on citibank siteTampered Data12© ADLUX CONSULTANCY SERVICES PVT. LTD. Man in the Middle Attack (False Certificate)This diagram represents how Man in the Middle attack happens by using False Certificate and steal the user Credentials. (In our architecture even if Man in the Middle attack happens and the intruder steals the user data, the data remains useless as this data could only be decrypted by our server)Encryption/Decryption Techniques and their limitationsAll the tools that are using encryption decryption techniques are using some of the common standard encryption algorithms which have been identified by the industry through years. None of the latest tools or the banking sites are using any new encryption logics apart from the old standard ones for which the decryption tools are also available in the internet as freeware. Any data that is encrypted using some encryption algorithm could be decrypted by the key. If this key is stolen or if this data is captured in the internet, this data could be decrypted and used to make counterfeit frauds. So, finally what is lacking in the whole scenario is the Data Security. For every transaction, data is the major input and as long as the data is not secured, the scope for the frauds is always open. In our entire research we found that all the tools that are existing in the market are only concentrating on filters. There is no such tools in the existing market which mainly concentrates on how to secure the data throughout the transit.Our ExperimentLooking at all the aforesaid scenarios and the causes for the frauds, we have experimented with an architecture which mainly concentrates on the data security. Our main aim is to make the data tamper proof so that even if the data that is transmitted by our architecture is captured makes no sense to the other party. We mainly experimented on Protecting data in the transit through the internet by encrypting the whole page, so that even if some hackers tries to view the source, the page is totally encrypted so that, the source that the hacker can view makes no sense and has no direct relationship with the actual data that is present in the page. We are also experimenting in the URL and Session Profiling in order to safeguard the data from external script or data injecting. With our experiment to make the data tamper proof, we ensured the security of data to the maximum extent after creating various layers of wrappers around the data.Our Architecture OverviewY is the encrypted data sent to the browser, and is visible to the user as X using Images. The value for X is stored as Y in the server for each profile for each request and changes dynamically for each profile and only the server can understand the meaning of Y. Our Architecture OverviewBrowserX - Actual DataY – Encrypted DataY – Encrypted Data Generated by our architecture using X – Actual Data as inputGenerated Using0 Dynamic Encrypted AlgorithmsNGenerated Using0 Dynamic Seeds*NYUser Enters Data through Browser.*A Seed is a dynamic number based on which the encryption algorithm is chosen.16© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on Our ArchitectureSample using Tamper Data Tool on Our ArchitectureOriginal Data Entered(Actual Architecture)Encrypted Architecture17© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on Our ArchitectureTampered Data (Encrypted – Meaning less)18© ADLUX CONSULTANCY SERVICES PVT. LTD. Moreover as a extra level of security the whole page content will be fill with numbers with no logic/method ,it will be only understandable by the browser compiler only(c)ADLUX CONSULTANCY SERVICES PVT. LTD. 19(c)ADLUX CONSULTANCY SERVICES PVT. LTD. 20About Acunetix ToolAcunetix is a web site scanning tool which scans a given website for all the types of possible vulnerabilities. This tool scans and tests the websites by sending large amount of different types of requests to verify the standards and the security of the wrappers around the site. This tool even checks for the security of the website by using various hacking techniques available in the market and generates reports stating the strength and weaknesses of the website. This tool attacks the websites using various techniques to verify the stability of the website or any other online tools. In the report generated by this tool, it describes about the risks and categorizes them as high, middle, low and informational risks. This tool scans for all the vulnerabilities according to the existing industry standards. Though our main criteria was data security, we even mitigated our architecture which can satisfy the industry standards. We have tested our architecture using this tool and found ‘0’ vulnerabilities. (All the Reports are attached in the next slide) We have also scanned some of the famous sites to check the standards of the tool and also to compare with our product. Reports Generated by Acunetix ToolIRCTC ReportScotia Bank ReporteBay ReportSecured Shopping Cart Application (Our Architecture)22© ADLUX CONSULTANCY SERVICES PVT. LTD. ConclusionBased on our architecture, all the data that would be transmitted is always secure and remains useless even if any intruder gets it, as the encrypted data changes for every request and for every profile as explained in the architecture. Based on the reports by Acunetix tool, our testers and also third party people who worked on breaking our architecture, declared it to be tamper proof. Furthermore we are still making R & D on enhancing this architecture and working towards building a robust solution.