TY - GEN
T1 - Multi-Layer Defense Model for Securing Online Financial Transactions
AU - Gualdoni, Joseph
AU - Kurtz, Andrew
AU - Myzyri, Ilva
AU - Wheeler, Megan
AU - Rizvi, Syed
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2018/6/21
Y1 - 2018/6/21
N2 - Purchasing items on the Internet with credit cards is risky-due to the ease of gaining the information without having the physical card. The ease of phishing, spoofing, or other ways perpetrators can obtain a consumer's credit card information. The threat of identity theft is growing as we rely more and more on the Internet to make purchases. To mitigate risk, we present a new Multi-Layer Defense (MLD) model. Our proposed MLD model combines the strong two-factor authentication capabilities with a unique random code that is only valid for an active session. Essentially, two-factor authentication is an extra layer of security used in addition to username and password to better confirm the user's identity. This code serves as a private key to authenticate such online transactions. The code can be utilized to identify users and establish secure ways of purchasing items. The proposed MLD model uses devices to log into card accounts via an application to view a generated code. The generated code is inputted on an online retailer's website to authorize the use of the credit card. This minimizes the possibility of an illegitimate user gaining access to another individual's credit card. Without a valid code, impostors cannot use the stolen card information to make purchases that could harm the account holder. To show the practicality of our scheme, we provide one case study between a Consumer A and Consumer B that explains the difference in outcome by using the proposed MLD model.
AB - Purchasing items on the Internet with credit cards is risky-due to the ease of gaining the information without having the physical card. The ease of phishing, spoofing, or other ways perpetrators can obtain a consumer's credit card information. The threat of identity theft is growing as we rely more and more on the Internet to make purchases. To mitigate risk, we present a new Multi-Layer Defense (MLD) model. Our proposed MLD model combines the strong two-factor authentication capabilities with a unique random code that is only valid for an active session. Essentially, two-factor authentication is an extra layer of security used in addition to username and password to better confirm the user's identity. This code serves as a private key to authenticate such online transactions. The code can be utilized to identify users and establish secure ways of purchasing items. The proposed MLD model uses devices to log into card accounts via an application to view a generated code. The generated code is inputted on an online retailer's website to authorize the use of the credit card. This minimizes the possibility of an illegitimate user gaining access to another individual's credit card. Without a valid code, impostors cannot use the stolen card information to make purchases that could harm the account holder. To show the practicality of our scheme, we provide one case study between a Consumer A and Consumer B that explains the difference in outcome by using the proposed MLD model.
UR - http://www.scopus.com/inward/record.url?scp=85050554854&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85050554854&partnerID=8YFLogxK
U2 - 10.1109/ICSSA.2017.25
DO - 10.1109/ICSSA.2017.25
M3 - Conference contribution
AN - SCOPUS:85050554854
T3 - Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017
SP - 75
EP - 79
BT - Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd International Conference on Software Security and Assurance, ICSSA 2017
Y2 - 24 July 2017 through 25 July 2017
ER -