SlideShare uma empresa Scribd logo

Experiment

Transferir como DOCX, PDF
J
jbashask
Economia e finançasNegócios
1 de 12
Our Experiment Description Index Online Shopping Sites, their concern for Security. Existing Security Measures in the Market. Existing counter measures in Credit Card Transactions. Ratio of Counterfeit Frauds. Industry counter measures for Counterfeit Frauds. Encryption/Decryption Techniques and their limitations. What is lacking? Existing Practices for Data Security. Our Experiment. Our Architecture Overview. About Acunetix Tool. Reports Generated by Acunetix Tool. Online Shopping Sites, their concern for Security Data Security is the major concern for all the online shopping sites where each transaction happens through online using Credit Cards or Debit Cards For all major Banking Sites and Shopping Cart Sites, securing transactions is a major issue where the credit card or debit card details are to be maintained confidential. For this concern, all these merchants are using various tools which provides security for the transactions. Though there are many tools available in the market, still the probability of frauds happening is more as these tools are not capable enough to handle the transactions by securing the actual card data. For this reason we find a large amount of fraudulent transactions happening throughout the world due to data theft and other types of hacking techniques. The current scenario in the market is to provide proper security for the data so that if data transmission is secure then there would be minimum scope for the frauds to happen. Existing Security Measures in the Market There are many tools available today in the market which are providing security for all the online card based transactions. Some of the tools like Vfraud, or the sites like PayPal, Paisa Pay are well known in the market. Almost all the existing security systems are using HTTPS protocols as well as different Encryption/Decryption techniques. Digital Certificate is also one of the security that is being used by all the sites throughout the internet. Most of the merchants like eBay, Sify shopping, India Times shopping etc are taking the support of PayPal or Paisa Pay to secure their transactions. Though, so many methodologies are in use by in the market, all these practices are common in every product and every tool. Existing counter measures in Credit Card Transactions All the Tools that are available in the market are using the concept of Filters. These filters are nothing but different layers through which data flows during the card transactions. There are various filters available in the market which filters the data based on the Geographical criteria's as well as the number of transactions made on that particular card. These layers can identify and filter the transactions when duplicate cards or duplicate card data is being used during any card transaction. There are many products releasing in the market, which has more robust filters embedded, but still these filters are unable to identify the fraud even after providing the genuine details of credit card. These types of transaction are the root cause for Counterfeit Frauds which are very high and are the major concern in the market. What is a Counterfeit Fraud? Duplicating the Credit / Debit cards by stealing the card data from the magnetic stripes is called as Counterfeiting. In Counterfeiting either the fraudster uses a counterfeit card made from the stolen data or uses a stolen card itself. The information travelling through the secure channels remain the same as that of a genuine card even though all the filters are activated. Hence as there are no such products in the market which can identify the counterfeit cards, the percentage of Counterfeit Frauds is more as compared to all the other types of fraud. Hence it has been a high concern for all the merchants, banks and the customers that the counterfeit frauds should be minimized. Industry counter measures for Counterfeit Frauds Some of the Industry counter measures for the counterfeit cards are Encryption/ Decryption and Hash Address Verification System Geography profile of Billing Address and Shipping Address. Etc….. However many of the techniques currently being recommended or used by banks or other financial sectors are either outdated or as the technical sophistication of the fraudsters has evolved, are vulnerable to getting compromised For example in recent years there were successful attempts to break some of the very strong encryption techniques like DES. Also now hackers are maintaining their private centralized databases containing large collection of combination of hash and its alphabet profile Also hackers or fraudsters have become so skillful that they can dynamically tamper with the secure data in transit or can compromise a user’s system. In offline cases where card is physically present, fraudsters are coming up with efficient new techniques like magnetic card readers , postal tweaks and some time even have dare to phone the target and represent themselves as bank card officers and try to sneak out information from the target without his knowledge. Tamper Data is one of the tools available which can tamper the data that is being entered in the most secured sites like Citibank, HDFC Bank etc Hence the counter measures already in practice are also not completely successful in reducing the counterfeit frauds. Some of the Industry counter measures for the counterfeit cards are using different encryption/decryption techniques or using some data value pairs in order to verify the card user’s genuineness. Some of the measures like verifying the Billing Address and the Shipping Address to be the same are also in practice. Though these counter measures are taken care it is not always possible to verify the Billing and the Shipping address as there are so many sites which gives the facility for the instant download, where there is no point of shipping address. Even the data value pairs technique which is being used by many of the banking sites is not so secure as it could be captured by some of the sniffing tools installed in the system. Tamper Data is one of such tools available which can tamper the data that is being entered in the most secured sites like Citibank, HDFC Bank etc. Hence the counter measures already in practice are also not completely successful in reducing the counterfeit frauds. Sample using Tamper Data Tool on citibank site Sample using Tamper Data Tool on citibank siteOriginal Data EnteredOriginal Data Entered11© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on citibank site Sample using Tamper Data Tool on citibank siteTampered Data12© ADLUX CONSULTANCY SERVICES PVT. LTD. Man in the Middle Attack (False Certificate) This diagram represents how Man in the Middle attack happens by using False Certificate and steal the user Credentials. (In our architecture even if Man in the Middle attack happens and the intruder steals the user data, the data remains useless as this data could only be decrypted by our server) Encryption/Decryption Techniques and their limitations All the tools that are using encryption decryption techniques are using some of the common standard encryption algorithms which have been identified by the industry through years. None of the latest tools or the banking sites are using any new encryption logics apart from the old standard ones for which the decryption tools are also available in the internet as freeware. Any data that is encrypted using some encryption algorithm could be decrypted by the key. If this key is stolen or if this data is captured in the internet, this data could be decrypted and used to make counterfeit frauds. So, finally what is lacking in the whole scenario is the Data Security. For every transaction, data is the major input and as long as the data is not secured, the scope for the frauds is always open. In our entire research we found that all the tools that are existing in the market are only concentrating on filters. There is no such tools in the existing market which mainly concentrates on how to secure the data throughout the transit. Our Experiment Looking at all the aforesaid scenarios and the causes for the frauds, we have experimented with an architecture which mainly concentrates on the data security. Our main aim is to make the data tamper proof so that even if the data that is transmitted by our architecture is captured makes no sense to the other party. We mainly experimented on Protecting data in the transit through the internet by encrypting the whole page, so that even if some hackers tries to view the source, the page is totally encrypted so that, the source that the hacker can view makes no sense and has no direct relationship with the actual data that is present in the page. We are also experimenting in the URL and Session Profiling in order to safeguard the data from external script or data injecting. With our experiment to make the data tamper proof, we ensured the security of data to the maximum extent after creating various layers of wrappers around the data. Our Architecture Overview Y is the encrypted data sent to the browser, and is visible to the user as X using Images. The value for X is stored as Y in the server for each profile for each request and changes dynamically for each profile and only the server can understand the meaning of Y. Our Architecture OverviewBrowserX - Actual DataY – Encrypted DataY – Encrypted Data Generated by our architecture using X – Actual Data as inputGenerated Using0 Dynamic Encrypted AlgorithmsNGenerated Using0 Dynamic Seeds*NYUser Enters Data through Browser.*A Seed is a dynamic number based on which the encryption algorithm is chosen.16© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on Our Architecture Sample using Tamper Data Tool on Our ArchitectureOriginal Data Entered(Actual Architecture)Encrypted Architecture17© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on Our ArchitectureTampered Data (Encrypted – Meaning less)18© ADLUX CONSULTANCY SERVICES PVT. LTD. Moreover as a extra level of security the whole page content will be fill with numbers with no logic/method ,it will be only understandable by the browser compiler only(c)ADLUX CONSULTANCY SERVICES PVT. LTD. 19 (c)ADLUX CONSULTANCY SERVICES PVT. LTD. 20 About Acunetix Tool Acunetix is a web site scanning tool which scans a given website for all the types of possible vulnerabilities. This tool scans and tests the websites by sending large amount of different types of requests to verify the standards and the security of the wrappers around the site. This tool even checks for the security of the website by using various hacking techniques available in the market and generates reports stating the strength and weaknesses of the website. This tool attacks the websites using various techniques to verify the stability of the website or any other online tools. In the report generated by this tool, it describes about the risks and categorizes them as high, middle, low and informational risks. This tool scans for all the vulnerabilities according to the existing industry standards. Though our main criteria was data security, we even mitigated our architecture which can satisfy the industry standards. We have tested our architecture using this tool and found ‘0’ vulnerabilities. (All the Reports are attached in the next slide) We have also scanned some of the famous sites to check the standards of the tool and also to compare with our product. Reports Generated by Acunetix ToolIRCTC ReportScotia Bank ReporteBay ReportSecured Shopping Cart Application (Our Architecture)22© ADLUX CONSULTANCY SERVICES PVT. LTD. Conclusion Based on our architecture, all the data that would be transmitted is always secure and remains useless even if any intruder gets it, as the encrypted data changes for every request and for every profile as explained in the architecture. Based on the reports by Acunetix tool, our testers and also third party people who worked on breaking our architecture, declared it to be tamper proof. Furthermore we are still making R & D on enhancing this architecture and working towards building a robust solution.
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment
Experiment

Recomendados

Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
VISTA InfoSec
 
CREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card SecurityCREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card Security
Rahul Tyagi
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
Hamid Ghorbani
 
A deep walk on the dark side of information security
A deep walk on the dark side of information securityA deep walk on the dark side of information security
A deep walk on the dark side of information security
DATA SECURITY SOLUTIONS
 
Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?
Zach Gardner
 
Tokenization
TokenizationTokenization
Tokenization
Century Business Solutions
 
Analysis of-credit-card-fault-detection
Analysis of-credit-card-fault-detectionAnalysis of-credit-card-fault-detection
Analysis of-credit-card-fault-detection
Justluk Luk
 

Recomendados

Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
VISTA InfoSec
 
CREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card SecurityCREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card Security
Rahul Tyagi
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
Hamid Ghorbani
 
A deep walk on the dark side of information security
A deep walk on the dark side of information securityA deep walk on the dark side of information security
A deep walk on the dark side of information security
DATA SECURITY SOLUTIONS
 
Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?
Zach Gardner
 
Tokenization
TokenizationTokenization
Tokenization
Century Business Solutions
 
Analysis of-credit-card-fault-detection
Analysis of-credit-card-fault-detectionAnalysis of-credit-card-fault-detection
Analysis of-credit-card-fault-detection
Justluk Luk
 
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public CloudA Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
rahulmonikasharma
 
Dynamag by MagTek
Dynamag by MagTekDynamag by MagTek
Dynamag by MagTek
2FA, Inc.
 
IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
1crore projects
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-Mon
Fares Sharif
 
A Survey of Online Credit Card Fraud Detection using Data Mining Techniques
A Survey of Online Credit Card Fraud Detection using Data Mining TechniquesA Survey of Online Credit Card Fraud Detection using Data Mining Techniques
A Survey of Online Credit Card Fraud Detection using Data Mining Techniques
IJSRD
 
White_Papers
White_PapersWhite_Papers
White_Papers
Kaushal Kumar
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - final
Alex Tan
 
Blockchain Privacy Innovation Insights from Patents
Blockchain Privacy Innovation Insights from PatentsBlockchain Privacy Innovation Insights from Patents
Blockchain Privacy Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Blockchain Interoperability Innovation Insights from Patents
Blockchain Interoperability Innovation Insights from PatentsBlockchain Interoperability Innovation Insights from Patents
Blockchain Interoperability Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Ulf Mattsson
 
INTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISINTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSIS
RAHUL KUMAR
 
AI, Blockchain, IoT for Finance AT A Glance
AI, Blockchain, IoT for Finance AT A GlanceAI, Blockchain, IoT for Finance AT A Glance
AI, Blockchain, IoT for Finance AT A Glance
Alex G. Lee, Ph.D. Esq. CLP
 
Target@ Data Breach2edit
Target@ Data Breach2editTarget@ Data Breach2edit
Target@ Data Breach2edit
Kehinde Adelusi
 
Gayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be tGayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be t
RAHUL126667
 
Fool Proof: Protecting Digital Identity in the Age of the Data Breach
Fool Proof: Protecting Digital Identity in the Age of the Data BreachFool Proof: Protecting Digital Identity in the Age of the Data Breach
Fool Proof: Protecting Digital Identity in the Age of the Data Breach
Priyanka Aash
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
Ulf Mattsson
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card System
Warren Smith
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
Ulf Mattsson
 
Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.
CA Priyadarshan Behera
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite Group
Laurent Pacalin
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
ITIO Innovex
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 

Mais conteúdo relacionado

Mais procurados

IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
1crore projects
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-Mon
Fares Sharif
 
Blockchain Privacy Innovation Insights from Patents
Blockchain Privacy Innovation Insights from PatentsBlockchain Privacy Innovation Insights from Patents
Blockchain Privacy Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Blockchain Interoperability Innovation Insights from Patents
Blockchain Interoperability Innovation Insights from PatentsBlockchain Interoperability Innovation Insights from Patents
Blockchain Interoperability Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Target@ Data Breach2edit
Target@ Data Breach2editTarget@ Data Breach2edit
Target@ Data Breach2edit
Kehinde Adelusi
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
Ulf Mattsson
 

Mais procurados (20)

A Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public CloudA Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
 
Dynamag by MagTek
Dynamag by MagTekDynamag by MagTek
Dynamag by MagTek
 
IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
IEEE projects 2016 | IEEE Projects 2016 - 1 Crore Projects
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-Mon
 
A Survey of Online Credit Card Fraud Detection using Data Mining Techniques
A Survey of Online Credit Card Fraud Detection using Data Mining TechniquesA Survey of Online Credit Card Fraud Detection using Data Mining Techniques
A Survey of Online Credit Card Fraud Detection using Data Mining Techniques
 
White_Papers
White_PapersWhite_Papers
White_Papers
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - final
 
Blockchain Privacy Innovation Insights from Patents
Blockchain Privacy Innovation Insights from PatentsBlockchain Privacy Innovation Insights from Patents
Blockchain Privacy Innovation Insights from Patents
 
Blockchain Interoperability Innovation Insights from Patents
Blockchain Interoperability Innovation Insights from PatentsBlockchain Interoperability Innovation Insights from Patents
Blockchain Interoperability Innovation Insights from Patents
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
INTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISINTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSIS
 
AI, Blockchain, IoT for Finance AT A Glance
AI, Blockchain, IoT for Finance AT A GlanceAI, Blockchain, IoT for Finance AT A Glance
AI, Blockchain, IoT for Finance AT A Glance
 
Target@ Data Breach2edit
Target@ Data Breach2editTarget@ Data Breach2edit
Target@ Data Breach2edit
 
Gayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be tGayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be t
 
Fool Proof: Protecting Digital Identity in the Age of the Data Breach
Fool Proof: Protecting Digital Identity in the Age of the Data BreachFool Proof: Protecting Digital Identity in the Age of the Data Breach
Fool Proof: Protecting Digital Identity in the Age of the Data Breach
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card System
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.Requirement of PCI-DSS in India.
Requirement of PCI-DSS in India.
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite Group
 

Semelhante a Experiment

Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 
Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA Cryptosystem
AM Publications,India
 
Operationalize deep learning models for fraud detection with Azure Machine Le...
Operationalize deep learning models for fraud detection with Azure Machine Le...Operationalize deep learning models for fraud detection with Azure Machine Le...
Operationalize deep learning models for fraud detection with Azure Machine Le...
Francesca Lazzeri, PhD
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
Peter Tran
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
SantosConleyha
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
AbbyWhyte974
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
Kerri Lorch
 
Ulf mattsson the standardization of tokenization and moving beyond pci
Ulf mattsson the standardization of tokenization and moving beyond pciUlf mattsson the standardization of tokenization and moving beyond pci
Ulf mattsson the standardization of tokenization and moving beyond pci
Ulf Mattsson
 

Semelhante a Experiment (17)

All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 
Key Security Measures Behind Digital Payment Systems
Key Security Measures Behind Digital Payment SystemsKey Security Measures Behind Digital Payment Systems
Key Security Measures Behind Digital Payment Systems
 
Introduction to Computer Forensics & Cyber Security
Introduction to Computer Forensics & Cyber SecurityIntroduction to Computer Forensics & Cyber Security
Introduction to Computer Forensics & Cyber Security
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
IRJET - Online Credit Card Fraud Detection and Prevention System
IRJET - Online Credit Card Fraud Detection and Prevention SystemIRJET - Online Credit Card Fraud Detection and Prevention System
IRJET - Online Credit Card Fraud Detection and Prevention System
 
Hashing Functions & eSignatures Securing Tomorrows Data Today - DrySign
Hashing Functions & eSignatures Securing Tomorrows Data Today - DrySignHashing Functions & eSignatures Securing Tomorrows Data Today - DrySign
Hashing Functions & eSignatures Securing Tomorrows Data Today - DrySign
 
Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA Cryptosystem
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using Biometrics
 
Operationalize deep learning models for fraud detection with Azure Machine Le...
Operationalize deep learning models for fraud detection with Azure Machine Le...Operationalize deep learning models for fraud detection with Azure Machine Le...
Operationalize deep learning models for fraud detection with Azure Machine Le...
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
 
Network Security
Network SecurityNetwork Security
Network Security
 
Tokenization: What's Next After PCI?
Tokenization: What's Next After PCI?Tokenization: What's Next After PCI?
Tokenization: What's Next After PCI?
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
 
Ulf mattsson the standardization of tokenization and moving beyond pci
Ulf mattsson the standardization of tokenization and moving beyond pciUlf mattsson the standardization of tokenization and moving beyond pci
Ulf mattsson the standardization of tokenization and moving beyond pci
 

Último

VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Call Girls in Nagpur High Profile
 
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbaiVasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
priyasharma62062
 
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Call Girls in Nagpur High Profile
 
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
Adnet Communications
 

Último (20)

Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
 
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
 
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
 
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbaiVasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
 
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdf
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
The Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfThe Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdf
 
Indore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdfIndore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdf
 
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
 
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
 
Mira Road Awesome 100% Independent Call Girls NUmber-9833754194-Dahisar Inter...
Mira Road Awesome 100% Independent Call Girls NUmber-9833754194-Dahisar Inter...Mira Road Awesome 100% Independent Call Girls NUmber-9833754194-Dahisar Inter...
Mira Road Awesome 100% Independent Call Girls NUmber-9833754194-Dahisar Inter...
 
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdf
 
The Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdfThe Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdf
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdf
 
The Economic History of the U.S. Lecture 25.pdf
The Economic History of the U.S. Lecture 25.pdfThe Economic History of the U.S. Lecture 25.pdf
The Economic History of the U.S. Lecture 25.pdf
 

Experiment

  • 1. Our Experiment Description Index Online Shopping Sites, their concern for Security. Existing Security Measures in the Market. Existing counter measures in Credit Card Transactions. Ratio of Counterfeit Frauds. Industry counter measures for Counterfeit Frauds. Encryption/Decryption Techniques and their limitations. What is lacking? Existing Practices for Data Security. Our Experiment. Our Architecture Overview. About Acunetix Tool. Reports Generated by Acunetix Tool. Online Shopping Sites, their concern for Security Data Security is the major concern for all the online shopping sites where each transaction happens through online using Credit Cards or Debit Cards For all major Banking Sites and Shopping Cart Sites, securing transactions is a major issue where the credit card or debit card details are to be maintained confidential. For this concern, all these merchants are using various tools which provides security for the transactions. Though there are many tools available in the market, still the probability of frauds happening is more as these tools are not capable enough to handle the transactions by securing the actual card data. For this reason we find a large amount of fraudulent transactions happening throughout the world due to data theft and other types of hacking techniques. The current scenario in the market is to provide proper security for the data so that if data transmission is secure then there would be minimum scope for the frauds to happen. Existing Security Measures in the Market There are many tools available today in the market which are providing security for all the online card based transactions. Some of the tools like Vfraud, or the sites like PayPal, Paisa Pay are well known in the market. Almost all the existing security systems are using HTTPS protocols as well as different Encryption/Decryption techniques. Digital Certificate is also one of the security that is being used by all the sites throughout the internet. Most of the merchants like eBay, Sify shopping, India Times shopping etc are taking the support of PayPal or Paisa Pay to secure their transactions. Though, so many methodologies are in use by in the market, all these practices are common in every product and every tool. Existing counter measures in Credit Card Transactions All the Tools that are available in the market are using the concept of Filters. These filters are nothing but different layers through which data flows during the card transactions. There are various filters available in the market which filters the data based on the Geographical criteria's as well as the number of transactions made on that particular card. These layers can identify and filter the transactions when duplicate cards or duplicate card data is being used during any card transaction. There are many products releasing in the market, which has more robust filters embedded, but still these filters are unable to identify the fraud even after providing the genuine details of credit card. These types of transaction are the root cause for Counterfeit Frauds which are very high and are the major concern in the market. What is a Counterfeit Fraud? Duplicating the Credit / Debit cards by stealing the card data from the magnetic stripes is called as Counterfeiting. In Counterfeiting either the fraudster uses a counterfeit card made from the stolen data or uses a stolen card itself. The information travelling through the secure channels remain the same as that of a genuine card even though all the filters are activated. Hence as there are no such products in the market which can identify the counterfeit cards, the percentage of Counterfeit Frauds is more as compared to all the other types of fraud. Hence it has been a high concern for all the merchants, banks and the customers that the counterfeit frauds should be minimized. Industry counter measures for Counterfeit Frauds Some of the Industry counter measures for the counterfeit cards are Encryption/ Decryption and Hash Address Verification System Geography profile of Billing Address and Shipping Address. Etc….. However many of the techniques currently being recommended or used by banks or other financial sectors are either outdated or as the technical sophistication of the fraudsters has evolved, are vulnerable to getting compromised For example in recent years there were successful attempts to break some of the very strong encryption techniques like DES. Also now hackers are maintaining their private centralized databases containing large collection of combination of hash and its alphabet profile Also hackers or fraudsters have become so skillful that they can dynamically tamper with the secure data in transit or can compromise a user’s system. In offline cases where card is physically present, fraudsters are coming up with efficient new techniques like magnetic card readers , postal tweaks and some time even have dare to phone the target and represent themselves as bank card officers and try to sneak out information from the target without his knowledge. Tamper Data is one of the tools available which can tamper the data that is being entered in the most secured sites like Citibank, HDFC Bank etc Hence the counter measures already in practice are also not completely successful in reducing the counterfeit frauds. Some of the Industry counter measures for the counterfeit cards are using different encryption/decryption techniques or using some data value pairs in order to verify the card user’s genuineness. Some of the measures like verifying the Billing Address and the Shipping Address to be the same are also in practice. Though these counter measures are taken care it is not always possible to verify the Billing and the Shipping address as there are so many sites which gives the facility for the instant download, where there is no point of shipping address. Even the data value pairs technique which is being used by many of the banking sites is not so secure as it could be captured by some of the sniffing tools installed in the system. Tamper Data is one of such tools available which can tamper the data that is being entered in the most secured sites like Citibank, HDFC Bank etc. Hence the counter measures already in practice are also not completely successful in reducing the counterfeit frauds. Sample using Tamper Data Tool on citibank site Sample using Tamper Data Tool on citibank siteOriginal Data EnteredOriginal Data Entered11© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on citibank site Sample using Tamper Data Tool on citibank siteTampered Data12© ADLUX CONSULTANCY SERVICES PVT. LTD. Man in the Middle Attack (False Certificate) This diagram represents how Man in the Middle attack happens by using False Certificate and steal the user Credentials. (In our architecture even if Man in the Middle attack happens and the intruder steals the user data, the data remains useless as this data could only be decrypted by our server) Encryption/Decryption Techniques and their limitations All the tools that are using encryption decryption techniques are using some of the common standard encryption algorithms which have been identified by the industry through years. None of the latest tools or the banking sites are using any new encryption logics apart from the old standard ones for which the decryption tools are also available in the internet as freeware. Any data that is encrypted using some encryption algorithm could be decrypted by the key. If this key is stolen or if this data is captured in the internet, this data could be decrypted and used to make counterfeit frauds. So, finally what is lacking in the whole scenario is the Data Security. For every transaction, data is the major input and as long as the data is not secured, the scope for the frauds is always open. In our entire research we found that all the tools that are existing in the market are only concentrating on filters. There is no such tools in the existing market which mainly concentrates on how to secure the data throughout the transit. Our Experiment Looking at all the aforesaid scenarios and the causes for the frauds, we have experimented with an architecture which mainly concentrates on the data security. Our main aim is to make the data tamper proof so that even if the data that is transmitted by our architecture is captured makes no sense to the other party. We mainly experimented on Protecting data in the transit through the internet by encrypting the whole page, so that even if some hackers tries to view the source, the page is totally encrypted so that, the source that the hacker can view makes no sense and has no direct relationship with the actual data that is present in the page. We are also experimenting in the URL and Session Profiling in order to safeguard the data from external script or data injecting. With our experiment to make the data tamper proof, we ensured the security of data to the maximum extent after creating various layers of wrappers around the data. Our Architecture Overview Y is the encrypted data sent to the browser, and is visible to the user as X using Images. The value for X is stored as Y in the server for each profile for each request and changes dynamically for each profile and only the server can understand the meaning of Y. Our Architecture OverviewBrowserX - Actual DataY – Encrypted DataY – Encrypted Data Generated by our architecture using X – Actual Data as inputGenerated Using0 Dynamic Encrypted AlgorithmsNGenerated Using0 Dynamic Seeds*NYUser Enters Data through Browser.*A Seed is a dynamic number based on which the encryption algorithm is chosen.16© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on Our Architecture Sample using Tamper Data Tool on Our ArchitectureOriginal Data Entered(Actual Architecture)Encrypted Architecture17© ADLUX CONSULTANCY SERVICES PVT. LTD. Sample using Tamper Data Tool on Our ArchitectureTampered Data (Encrypted – Meaning less)18© ADLUX CONSULTANCY SERVICES PVT. LTD. Moreover as a extra level of security the whole page content will be fill with numbers with no logic/method ,it will be only understandable by the browser compiler only(c)ADLUX CONSULTANCY SERVICES PVT. LTD. 19 (c)ADLUX CONSULTANCY SERVICES PVT. LTD. 20 About Acunetix Tool Acunetix is a web site scanning tool which scans a given website for all the types of possible vulnerabilities. This tool scans and tests the websites by sending large amount of different types of requests to verify the standards and the security of the wrappers around the site. This tool even checks for the security of the website by using various hacking techniques available in the market and generates reports stating the strength and weaknesses of the website. This tool attacks the websites using various techniques to verify the stability of the website or any other online tools. In the report generated by this tool, it describes about the risks and categorizes them as high, middle, low and informational risks. This tool scans for all the vulnerabilities according to the existing industry standards. Though our main criteria was data security, we even mitigated our architecture which can satisfy the industry standards. We have tested our architecture using this tool and found ‘0’ vulnerabilities. (All the Reports are attached in the next slide) We have also scanned some of the famous sites to check the standards of the tool and also to compare with our product. Reports Generated by Acunetix ToolIRCTC ReportScotia Bank ReporteBay ReportSecured Shopping Cart Application (Our Architecture)22© ADLUX CONSULTANCY SERVICES PVT. LTD. Conclusion Based on our architecture, all the data that would be transmitted is always secure and remains useless even if any intruder gets it, as the encrypted data changes for every request and for every profile as explained in the architecture. Based on the reports by Acunetix tool, our testers and also third party people who worked on breaking our architecture, declared it to be tamper proof. Furthermore we are still making R & D on enhancing this architecture and working towards building a robust solution.