CHAPTER ONE 

INTRODUCTION

11 Background of the Study

Frauds have plagued telecommunication industries, financial institutions and other organizations for a long time (Jia and Jongwoo, 2005) The type of fraud addressed in this dissertation is called credit card transaction fraud This fraud costs financial institutions millions of dollars per year As a result, fraud detection has become an important and urgent need for these businesses

Currently, data mining is a popular way to combat frauds because of its effectiveness Data mining is a well-defined procedure that takes data as input and produces output in the form of patterns (Hand etal,2002) In other words, the task of data mining is to analyze a massive amount of data and to extract some usable information that one can interact with for future uses Once one has the right model for the data, the model can be used to predict future events by classifying the data In terms of data mining, fraud detection can be understood as the classification of the data Input data is analyzed with the appropriate model that determines whether it implies any fraudulent activity or not

A well-defined classification model is developed by recognizing the patterns of former fraudulent behaviors Then, the model is used to predict any suspicious transaction implied in a new data set Data mining and model construction require a lot of time, which prohibits it to detect frauds in real time This is a serious setback since, in many occasions such as online credit card transactions, one need to detect fraudulent activities in a very short period of time, typically while the fraudster is still at the banking hall Otherwise, the loss could be huge

Multi-agents are computer programs that can act on behalf of a person to do various jobs Multi- agents can automate a large portion of fraud detection process and require little human intervention Additionally, multi-agents do not stick to one model or rule They can construct new models and rules for fraud detection with their machine capabilities It will be harder to deceive multi- agents than other computer programs for fraud detection Besides, in a multi- agents system, many multi-agents can work in parallel and cooperate with each other This not only accelerates the detection process but also increases the detection accuracy Moreover, multi-agents can be deployed online for real-time detection This is an extremely desirable feature for online credit card fraud detection and network intrusion detection

Fraud in organization and industries of late has taken on a new dimension This is due to the advances that have been made in information technology Its increasing waves have resulted in a whole lot of havoc in various organizations For businesses and organizations alike, fraud alongside financial crime is not an acceptable way of carrying out day to day operations Fraud schemes are ever on the increase, its cost is on the increase, same as customers’ expectations Fraud has resulted in financial losses; it costs much to investigate and to pursue attendant litigation Fraud eats away impinges on customer/consumers’ confidence and ruins brand image It is indeed the number one enemy of the business world In recent times, surveys conducted by leading internal consulting firms indicate that fraud in the financial sector is rapidly increasing as information technology in this sector advances and most of the reported cases involve data manipulation with assistance of bank staff working hand in hand with external fraudsters (Lee et al,2005)

One such aspect of banking where there is high rate of abuse of office and some level of collaboration in perpetrating fraud is in the case of credit card Timely information on fraudulent activities is strategic to the banking industry Banks have many and huge databases Valuable business information can be extracted from these data stores Credit card fraud detection is the process of classifying those transactions into two classes of legitimate (genuine) and fraudulent transactions (Singh etal,2014) Credit card frauds can be broadly classified into three categories, viz: traditional card related frauds (application, stolen, account takeover, fake and counterfeit), merchant related frauds (merchant collusion and triangulation), and Internet frauds (site cloning, credit card generators and false merchant sites) Data mining is a process that uses a variety of data analysis tools to discover patterns and relationships in data that may be used to make a valid prediction (Singh etal,2014) In everyday life, credit cards are used for purchasing goods and services using online transaction or physical card for offline transaction

In credit or debit card based purchase, the cardholder presents card to a merchant for making payment To commit fraud in this kind of acquisition, the fraudster has to steal the credit card If the legitimate user does not understand the loss of card, it can lead to important financial loss to the credit card company and also to the user In online payment mode, attackers need only little information for false transaction, for example, secure code, expiration date, card number and many other factors In this purchase method, many transactions will be done through Internet or telephone To obligate fraud in these types of purchases, an impostor simply needs

to know the card details Most of the time, the honest cardholder is not aware that someone else has seen or stolen his card information The only way to detect this kind of fraud is to analyze the spending patterns on every card and to figure out any irregularity with respect to the “usual” spending patterns The examination of existing purchase data of cardholder is a likely way to reduce the rate of positive credit card frauds Since humans tend to display specific behaviorist profiles, every cardholder can be characterized by a set of patterns comprising information about the distinctive purchase category, the time since the last buying, the amount of money spent, and other things Nonconformity from such patterns is reflected as fraud

Credit card frauds are increasing day by day as the use of credit card is increasing (Patel, 2014) Occurrence of credit card fraud has increased dramatically both online and offline Credit card based purchase can be done in two ways: (i) physical card (ii) virtual card In physical card purchase, the cardholder presents his card physically to the merchant for making payment For this type of fraud the attacker has to steal the credit card In virtual card purchase only the information about the card is stolen or gathered like card number, secure code etc Such purchases are done over the Internet For this type of fraud the attacker needs only the card details so the only way to detect this type of fraud is to analyze the spending pattern of the card holder When one’s credit card or credit card information is stolen and used to make unauthorized purchases on e-commerce systems on the Internet, one becomes a victim of internet credit card fraud or no card present fraud This is nothing new and there is nothing unusual about this because identity theft and credit-card fraud are present-day happenings that affect many people and involve substantial monetary losses Fraud is a million dollar business and increasing every year

Credit card is refers to a method of selling goods or services without the buyer having cash in hand (Delamaire etal,2009) A credit card transaction involves four entities The first entity is the consumer; that is the person who owns the card and who carries out the legitimate transactions The second entity is the credit card issuer; that is usually the consumer’s bank – also known as issuing bank – which provides the credit services to the consumer The credit card issuer sends the bill to the consumer in order to request a payment for their credit card transactions The third entity is the merchant who sells goods or services to the consumer by charging consumer’s credit card This charge is achieved through merchant’s bank – the forth entity – which sends the request for the transaction to the issuing bank The issuing bank will check whether the amount of the transaction does not reach the credit card’s limit before

authorizing that transaction If the transaction is valid, the issuing bank will block the requested amount from consumer’s credit card account and send an authorization response to merchant bank As soon as the authorization response is received by the merchant’s bank, the merchant is notified; the transaction is marked as completed and the consumer can take the goods The blocked amount on consumer’s credit card account will be transferred into merchant’s bank account

12 Statement of the Problem

Information Technology (IT) has contributed to a great extent in mitigating fraud for banks that have embraced and implemented it Credit card transaction frauds cost financial institutions millions of dollars per year As a result, fraud detection has become an important and urgent task for this business The incidents of loss of hard earned money to fraudsters have raised a lot of concern and portend serious danger to economic growth Ordinarily, thieves invade homes and offices to steal physical cash from their victims The rapid development in information and communication technology has introduced a cashless society where people can pay for goods and services using credit cards This appears more secured as people no longer keep huge physical cash at home; leading to less incidents of theft The recent development shows that hackers have device electronic means of stealing money from people’s account by stealing their credit card details and using same to transfer money to other accounts This is heart breaking and requires an enhanced security system on communication channels to avert such financial loss Another challenge for contemporary financial institutions is the ability to understand and deal with the high volume of data and information, and using knowledge from them to improve and make informed decisions Credit card fraud detection is a pattern recognition problem Every cardholder has a shopping behavior which establishes a profile for the cardholder Currently, fraud detection system (FDS) identifies many legitimate accounts as fraudulent resulting in a large number of false positives (FPs) As every cardholder has a huge number of possibilities for developing new patterns of behavior, the types of transactions are widely variable Hence, it is almost impossible to identify consistent and stable patterns for al1 the transactions In fact, there are so many variations of behavior for each individual that are exponential in combination and the complexities of enumerating all combinations of cases are enormous This ever changing pattern of behavior with the combination of legitimate and fraudulent cases has left the Financial Institutions (FIs) with a large number of FPs (approximately 90% of flagged accounts) for investigation The above challenges can be addressed through the use of a multi-agents system that is based on artificial

intelligence since it will provide managers with added value information reduce the uncertainty of the decision outcome and thereby enhance banking service quality No doubt, the application of new technologies can give bank a competitive lead to a high performance and eliminate fraud associated with credit cards Credit card frauds (CCF) have been a long –time headache for credit card companies With the growth of online business in Nigeria, the number of credit card frauds has also increased drastically

13 Aim and Objectives of the Study

The aim of this dissertation is to design and develop an enhanced model for credit card fraud detection in Nigerian banks

The specific objectives are:

1 To characterize the information source and identify the security problems inherent in the communication channels for credit card transactions

2 To provide a means of detecting and preventing credit card fraud in a real –time transaction on the Internet

3 To model a security system that will promote trust in communication channels by implementing hybrid technology that will combine both adaptive data mining and multi- agents to authenticate the credit card transaction

4 To develop a system using PHP-MySQL and java script to implement the credit card fraud detection model which can authenticate credit card transactions

5 To evaluate the performance of this model in detecting credit card fraud

14 Scope of the Study

This work focuses on predictive model using data mining that scores each transaction with high or low risk of fraud and those with high risk generate alerts Predictive data mining performs inference on the current data in order to make predictions The check those alerts and provide a feedback for each alert ie true positive (genuine) or false positive (fraud) Furthermore, in view of the broad nature of financial fraud, the study is particularly about credit card fraud using data strictly stored on the core banking database and card issuer’s database The study will narrow down to particular type of financial institutions which are the banks Since most of the existing credit card frauds are done using a customer’s banking information and card information, the study will focus on banking industry and card issuer institutions This work will cover detection, monitoring and response of fraudulent activities in e-commerce business

It will also cover the area of real-time alerting system to enable financial companies stop or deactivate any financial transaction suspected to be fraud

15 Significance of the Study

The process of searching for fraud is lengthy due to the amount of data involved In most cases, auditors unknowingly get the information they need from the involved employees who deliberately mislead them and waste their time With a multi-agents fraud detection system in place to check unusual transactions, the work load is distributed among the agents, thus a search is faster and block any transaction suspected to be fraudulent Since different agents communicate and carry out the verifications otherwise done manually, they detect a fraud on the fly, before a transaction fraud is concluded Without an effective system to check against internal attacks, management of these financial institutions rely on auditors, both internal and external to investigate the fraud, if they suspect that one has taken place The problem is that some fraud can go undetected or by the time they figure out that fraud has occurred it is either too late and the fraudsters have disappeared or they have had enough time to cover their tracks and the trail goes cold

16 Limitation of the Study

Unfortunately most banks prefer not to go public and report the incidences as they fear losing business if the fraud cases are known to the public Owing to this fact, it is difficult to get direct reports from the financial institutions, so it is difficult to come up with a clear indication of how rampant the problem is However, reports from Central Bank of Nigeria (CBN), newspaper articles and a few publications on the issue show that the problem exists and is actually growing steadily

17 Definition of Terms

Agent: Computer software that is capable of autonomous action in some environment in order to meet the designed objectives

ATM: is an abbreviation for Automated Teller Machine It is a cash point that can be used to withdraw cash, do transfers A debit card or credit card is used at the machine to withdraw cash The personal identification number (PIN) has to be entered along with credit or debit card to access cash

Bank Account: It is record of financial transaction between a bank and the customer which is maintained by the bank A bank account also shows the resultant financial position of the customer with the bank

Bank Fraud: The use of potentially illegal means to obtain money, assets or other property owned or held by a financial institution or obtaining money from depositors by fraudulently posing at a bank or other financial institution

Card Association: Is a network of issuing banks and acquiring banks that process payment cards of a specific brand

Cardholder: Is a person who owns the credit card issued by appropriate credit card company or financial institution

Commercial Banks: Financial institutions that provide services such as accepting deposits, giving business loans and auto loans, mortgage lending and basic investment products like savings accounts and certificates of deposits (Koru, 2014) The traditional commercial bank is a brick and mortar institution with tellers, safe deposit boxes, vaults and ATMS However, some commercial banks do not have any physical branches and require customers to complete all transactions by phone or internet

Credit card fraud detection: This is a process of classifying credit card transactions into two classes of legitimate (genuine) and fraudulent transactions

Data Mining: This is a well-defined procedure that takes data as input and produces output in the forms of models or patterns

Financial Institution: This is an institution that provides financial services for its clients or members (Wikipedia, 2016) Probably the most important financial service provided by financial institutions is acting as financial intermediaries

Financial Sector: This is a category of stocks containing firms that provide financial services to commercial and retail customers It includes banks, investment funds (Koru, 2014)