Using Disposable Domain Names to Detect Online Card Transaction Fraud
Laurens, Roy, Rezaeighaleh, Hossein, Zou, Cliff C., and Jusak, Jusak (2019) Using Disposable Domain Names to Detect Online Card Transaction Fraud. In: Proceedings of the IEEE International Conference on Communications. From: ICC 2019: IEEE International Conference on Communications, 20-24 May 2019, Shanghai, China.
PDF (Published Version)
- Published Version
Restricted to Repository staff only |
Abstract
Online card transaction fraud is one of the major threats to the bottom line of E-commerce merchants. In this paper, we propose a novel method for online merchants to utilize disposable (“one-time use”) domain names to detect client IP spoofing by collecting client's DNS information during an E-commerce transaction, which in turn can help with transaction fraud detection. By inserting a dynamically generated unique hostname on the E-commerce transaction webpage, a client will issue an identifiable DNS query to the customized authoritative DNS server maintained by the online Merchant. In this way, the online Merchant is able to collect DNS configuration of the client and match it with the client's corresponding transaction in order to verify the consistency of the client's IP address. Any discrepancy can reveal proxy usage, which fraudsters commonly use to spoof their true origins. We have deployed our preliminary prototype system on a real online merchant and successfully collected clients DNS queries correlated with their web transactions; then we show some real instances of successful fraud detection using this method. We also address some concerns regarding the use of disposable domains.
Item ID: | 71263 |
---|---|
Item Type: | Conference Item (Research - E1) |
ISBN: | 978-1-5386-8088-9 |
Keywords: | Electronic Commerce; fraud detection; Disposable Domain Name; DNS; Authoritative Name Server; Proxy Detection; Security |
Copyright Information: | © 2019 IEEE |
Date Deposited: | 29 Aug 2022 01:14 |
FoR Codes: | 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460407 System and network security @ 60% 40 ENGINEERING > 4006 Communications engineering > 400604 Network engineering @ 40% |
SEO Codes: | 22 INFORMATION AND COMMUNICATION SERVICES > 2201 Communication technologies, systems and services > 220104 Network security @ 60% 22 INFORMATION AND COMMUNICATION SERVICES > 2201 Communication technologies, systems and services > 220105 Network systems and services @ 40% |
Downloads: |
Total: 1 |
More Statistics |