Staff
JCU App
Library
LearnJCU
Contact
Give
JCU Australia logo

 

Using Disposable Domain Names to Detect Online Card Transaction Fraud

Laurens, Roy, Rezaeighaleh, Hossein, Zou, Cliff C., and Jusak, Jusak (2019) Using Disposable Domain Names to Detect Online Card Transaction Fraud. In: Proceedings of the IEEE International Conference on Communications. From: ICC 2019: IEEE International Conference on Communications, 20-24 May 2019, Shanghai, China.

[img] PDF (Published Version) - Published Version
Restricted to Repository staff only
DOI: 10.1109/ICC.2019.8761144
View at Publisher Website: https://doi.org/10.1109/ICC.2019.8761144
 
1


Abstract

Online card transaction fraud is one of the major threats to the bottom line of E-commerce merchants. In this paper, we propose a novel method for online merchants to utilize disposable (“one-time use”) domain names to detect client IP spoofing by collecting client's DNS information during an E-commerce transaction, which in turn can help with transaction fraud detection. By inserting a dynamically generated unique hostname on the E-commerce transaction webpage, a client will issue an identifiable DNS query to the customized authoritative DNS server maintained by the online Merchant. In this way, the online Merchant is able to collect DNS configuration of the client and match it with the client's corresponding transaction in order to verify the consistency of the client's IP address. Any discrepancy can reveal proxy usage, which fraudsters commonly use to spoof their true origins. We have deployed our preliminary prototype system on a real online merchant and successfully collected clients DNS queries correlated with their web transactions; then we show some real instances of successful fraud detection using this method. We also address some concerns regarding the use of disposable domains.

Item ID: 71263
Item Type: Conference Item (Research - E1)
ISBN: 978-1-5386-8088-9
Keywords: Electronic Commerce; fraud detection; Disposable Domain Name; DNS; Authoritative Name Server; Proxy Detection; Security
Copyright Information: © 2019 IEEE
Date Deposited: 29 Aug 2022 01:14
FoR Codes: 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460407 System and network security @ 60%
40 ENGINEERING > 4006 Communications engineering > 400604 Network engineering @ 40%
SEO Codes: 22 INFORMATION AND COMMUNICATION SERVICES > 2201 Communication technologies, systems and services > 220104 Network security @ 60%
22 INFORMATION AND COMMUNICATION SERVICES > 2201 Communication technologies, systems and services > 220105 Network systems and services @ 40%
Downloads: Total: 1
More Statistics

Actions (Repository Staff Only)

Item Control Page Item Control Page

Athena SWAN Bronze Award logo Innovative Research Universities Universities Australia State of the Tropics
Aboriginal flag Torres Strait flag We acknowledge Australian Aboriginal People and Torres Strait Islander People as the first inhabitants of the nation, and acknowledge Traditional Owners of the lands where our staff and students live, learn and work.