Using Disposable Domain Names to Detect Online Card Transaction Fraud

Laurens, Roy, Rezaeighale, Hossein, Zou, Cliff C. and Jusak, Jusak ORCID: https://orcid.org/0000-0001-5646-4865 (2019) Using Disposable Domain Names to Detect Online Card Transaction Fraud. In: 2019 IEEE International Conference on Communications (ICC), 20 – 24 May 2019, Shanghai.

[img]
Preview
Text
2. Peer Review ICC2019.pdf - Accepted Version

Download (520kB) | Preview
[img]
Preview
Text
3. Turnitin ICC2019.pdf - Accepted Version

Download (2MB) | Preview
[img]
Preview
Text
1. Dokumen ICC2019.pdf - Accepted Version

Download (1MB) | Preview

Search this title on : |

Abstract

Online card transaction fraud is one of the major threats to the bottom line of E-commerce merchants. In this paper, we propose a novel method for online merchants to utilize disposable (“one-time use”) domain names to detect client IP spoofing by collecting client’s DNS information during an Ecommerce transaction, which in turn can help with transaction fraud detection. By inserting a dynamically generated unique hostname on the E-commerce transaction webpage, a client will issue an identifiable DNS query to the customized authoritative DNS server maintained by the online Merchant. In this way, the online Merchant is able to collect DNS configuration of the client and match it with the client’s corresponding transaction in order to verify the consistency of the client’s IP address. Any discrepancy can reveal proxy usage, which fraudsters commonly use to spoof their true origins. We have deployed our preliminary prototype system on a real online merchant and successfully collected clients DNS queries correlated with their web transactions; then we show some real instances of successful fraud detection using this method. We also address some concerns regarding the use of disposable domains.


Export Record


Item Type: Conference or Workshop Item (Paper)
Additional Information: Roy Laurens, Hossein Rezaeighaleh, Cliff C. Zou, Jusak
Uncontrolled Keywords: Electronic Commerce; fraud detection; Disposable Domain Name; DNS; Authoritative Name Server; Proxy Detection; Security
Dewey Decimal Classification: 000 – Computer science, information & general works > 000 Computer science, knowledge & systems > 005 Computer programming, programs & data
Divisions: Perpustakaan > Prosiding/Call for Papers
Depositing User: Annuh Liwan Nahar
Date Deposited: 07 May 2021 14:42
Last Modified: 02 Nov 2021 15:07
URI: http://repository.dinamika.ac.id/id/eprint/5602

Download Statistics

Downloads over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Actions (login required)

View Item   View Item