Green Team
October 16, 2006
Product: Customizable Credit
Card Protection (C
3
P)
October 18, 2006
Green Team
2
Organization Chart
October 18, 2006
Green Team
3
This family received food
stamps
www.co.kern.ca.us/dhs/images/0987.jpg
October 18, 2006
Green Team
4
This family received money from
FEMA
www.katrinapictures.blogspot.com/
October 18, 2006
Green Team
5
This family received both
http://www.spasearch.org/admin/images/fld_ma
in_photo/fld_main_photo_38.jpg
October 18, 2006
Green Team
6
What do these families have in
common?
•
All these families received Government
money
•
The first two used the money as intended
•
The third is guilty of spending government
money on things other than the intended
purpose
October 18, 2006
Green Team
7
FEMA Fraud
•
Hurricane Katrina
victims
–
900,000 of 2.5
Million aid applicants
were fraudulent
*
* http://www.msnbc.msn.com/id/11326973/
Obtained
funds
through
fraud
Obtained
funds
legally
October 18, 2006
Green Team
8
Problem Statement
Government organizations and private
businesses have inadequate protection
against unauthorized purchases by
authorized cardholders, which results in a
loss of funds.
October 18, 2006
Green Team
9
Problem Analysis
•
Out of a $2.5 trillion government budget
**
–
$14 billion was spent on private
purchases by employees
–
$2 billion was spent on unauthorized
purchases by employees
*
* Foiling credit card fraud by Jenny C. McCune • Bankrate.com
** http://www.gpoaccess.gov/usbudget/
October 18, 2006
Green Team
10
Problem Characteristics
•
Tracking physical receipts
–
Archaic
–
Inaccurate
–
Unreliable
–
Easy to lose
•
Employees produced 20% of all transaction
receipts
*
•
Cards can be stolen
•
Organization loses money
–
Money spent unwisely by an authorized user of
the card is not covered under fraud protection
* http://www.dallasnews.com
October 18, 2006
Green Team
11
Solution Characteristics
•
Prevention of lost corporate funds
–
Reduces personal, unwarranted spending
•
Biometrics
–
Prevents unauthorized use
•
Uses customizable database
–
Allows different business to have different
options
October 18, 2006
Green Team
12
C
3
Protection Card
•
So what is C
3
P?
–
Customizable Credit Card Protection
October 18, 2006
Green Team
13
Objectives
•
Develop a customizable credit card
system to prevent unauthorized purchases
by employees
–
Customizable database to hold prohibited
purchases
•
GUI to allow customization of database
–
Uses Merchant Commercial Codes (MCCs)
–
Use Universal Product Codes (UPCs)
•
Implement latest security technology for card
protection
October 18, 2006
Green Team
14
Features
•
Secure Credit card
–
128
-
bit DES encryption
–
Biometrics
•
Fingerprint
•
Photo ID
–
Allows customizable control over card’s use
–
Controlled by a user interface to each business’
personal database
October 18, 2006
Green Team
15
Customers
•
Hard Customers
-
Visa
-
MasterCard
-
Discover
-
American Express
•
Soft Customers
-
Every business that holds a business credit card
-
Caring and concerned parents who issue credit cards to
their children
October 18, 2006
Green Team
16
Customer Characteristics
•
Credit Card Companies
-
Spend millions each year on securing their credit cards*
-
Minors are Credit Card Company’s new target consumer
**
•
Credit Card Company’s Consumers
-
Small businesses report billions of dollars in losses through
embezzlement each year***
-
Parents are concerned with giving children control of a credit
card yet are even more concerned about giving a child real cash
**
* http://news.com.com/Retailers+feel+security+heat/2100
-
7349_3
-
5680788.html
** http://www.bankrate.com/fox/news/cc/20000508.asp
*** http://www.fbi.gov/publications/financial/fcs_report052005/fcs_report052005.htm
October 18, 2006
Green Team
17
Why does the customer need this?
•
Soft customer
–
Secure and efficient control of company funds
–
Reduced costs to prevent and lesson the effects of fraud
–
Parental control of children's spending
•
Hard Customer
–
Offer safer card services to credit users
–
Larger customer base
•
Increase of large, reliable customers
October 18, 2006
Green Team
18
Major Functional Component
Diagram
October 18, 2006
Green Team
19
RFID Card Specifications
•
An embedded antenna that is
attached to the chip is used to
transfer information stored in the
chip's memory
•
The range of operation is 2.5" to
3.9“
•
Information can be written to the
card the same way it is read.
•
The fingerprint scanner can be
added
October 18, 2006
Green Team
20
Software Features
•
Intuitive web
-
based GUI Interface
–
Able to customize MCCs and/or UPCs by
creating an ‘acceptance’ list
–
Able to analyze and graph employee
spending habits
•
Incoming UPCs and MCCS are compared
with an ‘acceptable’ database of allowed
codes
October 18, 2006
Green Team
21
Receipt Tracking
•
For each business, all employee
purchases are tracked and listed by
employee
•
Receipts will list accepted and rejected
purchases
•
Receipts can be grouped by purchaser,
date, and/or MCC
October 18, 2006
Green Team
22
Smart Card Setup
•
User account access information added to
smart card memory by C
3
P
•
1
st
user finger scan saves a three
-
dimensional electrical image of the
fingerprint's unique pattern using small
variations in finger surface capacitance.
October 18, 2006
Green Team
23
Authentication Process
Current Process
NEW Process
Vendor
must
take
the
credit
card
and
ID
from
customer
Then vendor must
authenticate the
customer by
judgment alone.
If the customer
matches the
identification, the
transaction is made.
Hold your thumb
over the fingerprint
scanner to prove
your identity.
If your fingerprint
matches, the Smart
Card & RFID chip
will be activated
Touch the card
to the card
reader and the
transaction will
be processed.
October 18, 2006
Green Team
24
Payment Process
Current Process
NEW Process
Vendor
swipes
your card at
the point
-
of
-
sale
register.
The data is sent
to a computer
to verify your
credit.
If you have
the funds, your
purchase is
allowed.
You
swipe your card at
the point
-
of
-
sale register.
Your data is sent to our
servers for verification.
Your data is then sent to
the credit servers to verify.
If your card is accepted
and your purchases are
valid, sale is complete.
October 18, 2006
Green Team
25
What’s In The Box
What’s in the Box?
Loading Station
What’s In The Box
What’s Not In The Box
IF
REQUESTED:
•
Authentication
code for website
•
Website URL
(holds database)
•
Requirements for
submission of
pictures and info
Credit card
customer
information
Computer with
Internet connection
Businesses
Credit Card Companies
October 18, 2006
Green Team
26
Flow of Information/Hardware
a. Request CC w/C
3
P
b1. Camera? How
many cards?
b2. Reply
e. Send camera (opt.)
& authentication code
f. Send photos
h. Send cards with CC
logo & photo ID
Business
accesses C
3
P
database online
c. Send notification of
request
d. Sell camera (opt.) &
authentication code
g. Sell cards with C
3
P
(RFID chip/C
3
P
logo/biometrics
C
3
P makes RFID
smart cards w/
biometrics
October 18, 2006
Green Team
27
What this product does not do
•
Provide point
-
of
-
sale RFID readers
•
Protect against blocking of authorized
purchases
–
Will mostly be a result of human error
–
Will decrease in occurrence as more
businesses use product
•
Provide credit for businesses
October 18, 2006
Green Team
28
Competition Matrix
MTU Purchasing
X
X
X
X
X
Government Credit
X
X
X
Food Stamps
X
X
X
X
X
X
Worldwide Purchasing
X
X
X
X
X
X
LeCarte Purchase
X
X
X
X
X
NASA SmartPay
X
X
X
Smart
X
C
3
P
X
X
X
X
X
X
X
X
X
X
X
X
Cards
October 18, 2006
Green Team
29
Cost (Soft Customer)
Components
Number Required
Price
Cost
Camera (optional)
1
$110.00
$110.00
Access to website
1
FREE
FREE
Authentication code (convenience
fee)
1
$10.00
$10.00
RFID smart card w/biometrics
*
1 per member
$20.00
$20.00/member
Total Cost (Max)
$120.00
+
$20.00/member
Total Cost (Min)
$10.00
+
$20.00/member
* http://www.processor.com/editorial/article.asp?article=articles/P2716/30p16.asp&guid=
October 18, 2006
Green Team
30
Cost (Hard Customer)
Components
Number
Required
Price
Cost
Initial Training
1 day per store
$3,000.00
$3,000.00 per day per
company
Server
*
(incl. add’l
features)
1 (for C
3
P use
only)
$8,162.00
$8,162
RFID smart card printer
1 (for C
3
P use
only)
$4,000.00
$4,000.00
RFID smart cards
1 per member
(for C
3
P
manufacturing)
$15.00
$15.00/card
Total Cost for C
3
P
$12,162.00
+ 3,000/day of training
+ $15.00/card
* http://configure.us.dell.com/dellstore/config.aspx?c=us&cs=04&kc=6W300&l=en&oc=pe1950
-
max&s=bsd
October 18, 2006
Green Team
31
Pros
•
Smart Card Technology
–
Quick
–
Uses Biometrics
•
Safe and Secure
•
Customizable
–
Spending limits
–
Tracks Items Bought
–
Tracks Vendors Bought From
•
More Efficient
–
Saves Time Spent On Accounting
•
Saves money
•
Keeps better records
–
Automatic record of exact item bought and vendor shopped at
–
Better information for routine audits
October 18, 2006
Green Team
32
Cons
•
Uses fingerprints
–
People are afraid of giving up such information
•
Solved with encryption and marketing
•
Vendors need RFID readers
–
Requires New Technology
•
Many vendors are getting scanners
–
7
-
11 is adding 5,600 RFID scanners this year
*
•
Accidental blocking of necessary purchases
–
Solved with training and research
•
24/7 Server/Website Maintenance
* mastercard.com
October 18, 2006
Green Team
33
Risk Probability/Impact Matrix
P
81
-
100%
r
o
61
-
80%
b
a
41
-
60%
b
i
21
-
40%
7
4
1, 2
l
i
1
-
20%
6
5
3
t
y
1
2
3
4
5
Impact: 1(Low)
-
5(high)
1
Access to credit card
info
2
Hardware malfunction
3
Cards are not delivered
4
Software Malfunction
5
Insulting to Employee
6
Employees won't give
up finger prints
7
UPC database is
unavailable
October 18, 2006
Green Team
34
Risks
Risk#
Risk Description
Mitigation Actions
1
Access to Personal Info from
Credit Card Companies
Encryption, policy of not
reading the information
2
Hardware Malfunction or Viruses
Out of our control
3
Cards are not delivered by
contracted company
Out of our control
4
Software Malfunction
Thorough testing and 24/7
support
October 18, 2006
Green Team
35
Risks
Risk#
Risk Description
Mitigation Actions
5
Insults Employee (can not be
trusted)
Marketing plan and training to
avoid insulting employees
6
Employees are reluctant to give
up fingerprints due to privacy
issues and fear of ‘Big Brother’
128
-
bit DES encryption, need of
access to the money by user
7
UPC Database is unavailable
Drop UPC solution from initial
launch and use only MCCs
October 18, 2006
Green Team
36
Return on Investment
•
Improves reputation of credit card company
•
Reduces loss of money due to unscrupulous
purchases
•
Saves time used to perform manual audits
•
Reduces fraud
•
Reduces the number of investigations required
October 18, 2006
Green Team
37
Conclusion
•
Regulates how funds are spent
•
Uses biometrics
–
Prevents the use or selling of stolen cards
•
Vendors, credit customers, and card companies will benefit
–
Vendors will get higher quantity and more efficient business
–
Credit customers are protected and have less wait
-
time in line
–
Card companies get to sell cards and RFID sensors to vendors
while increasing their number of users
•
C
3
P will revolutionize the credit system world wide
October 18, 2006
Green Team
38
Questions
At this time, we welcome any questions you
may have.
October 18, 2006
Green Team
39
References
•
DISD credit card oversight lax:
http://www.dallasnews.com
•
Picture 1:
www.co.kern.ca.us/dhs/images/0987.jpg
•
Picture 2:
www.katrinapictures.blogspot.com/
•
Picture 3:
http://www.spasearch.org/admin/images/fld_main_photo/fld_main_photo_38.jpg
•
FEMA Fraud, http://www.msnbc.msn.com/id/11326973/
•
IEEE Feasibility Study on biometric credit cards:
http://www.ee.ucla.edu/faculty/papers/ingridv_TransCE_nov04.pdf#search=%2
2Portable%20Biometrics%22
•
Smart Card technology with localized, portable biometrics:
http://www.biometricassociates.com/smartcard.php
•
Open source smart card technology, both software and hardware:
•
http://www.smartcardalliance.org/industry_news/industry_news_item.cfm?ite
mID=1596
October 18, 2006
Green Team
40
References
•
Food stamp fraud:
http://www.frac.org/html/federal_food_programs/programs/fsp_faq.html#4
•
Food stamp info: http://www.fns.usda.gov/fsp/faqs.htm#9
•
Data on food stamp fraud:
(http://www.eweek.com/article2/0,1895,1972079,00.asp)
(http://www.foodstampfraud.org/)
(http://www.cioinsight.com/article2/0,1540,1850300,00.asp)
•
FEMA Fraud data:
http://www.cnn.com/2006/US/09/13/katrina.fraud/index.html?section=cnn_topstories)
(http://www.msnbc.msn.com/id/11326973/)
•
Lockout codes
http://www.admin.mtu.edu/acct/dept/pur/purchcard/lockout.htm
•
Info on why this is a problem:
http://www.dallasnews.com/sharedcontent/dws/news/localnews/stories/070206dnmetp
cards.192c71f.html
http://financialplan.about.com/od/studentsandmoney/a/TeenCreditCards.htm
•
Info on current program in place:
http://arc.publicdebt.treas.gov/DWP/fs/fscredcard.htm#1
•
Data and why this is needed
–
EPA’s complaint paper on current system!!!
http://www.epa.gov/oig/reports/1995/bankrep.htm#CHAPTER%204
•
How credit cards work: http://money.howstuffworks.com/credit
-
card2.htm
October 18, 2006
Green Team
41
Appendix A
Expert Testimony from Admiral Julius
Caesar from SAIC
October 18, 2006
Green Team
42
Expert Testimony
–
Current
Problems
•
Navy sailors are given credit cards for travel
because they do not have enough personal cash
–
Spending money in “Girly Bars”
–
Tabs in excess of $15,000
•
Private Business
–
Employee used company credit card to put $14,000
down payment on a house
–
Employee bought several $1,500 airline tickets, and
canceled the flight to collect the cash refund, which
he used to finance his private company
–
Employee bought $1,500 in thongs at Victoria Secret
October 18, 2006
Green Team
43
Expert Testimony
-
Current
Solutions
•
Only activating the credit card for the
duration of the travel
•
Background credit checks on employees
to be entrusted with company funds
October 18, 2006
Green Team
44
Expert Testimony
–
Loose ends left
by current solution
•
Can’t regulate purchases
•
Company liable for purchases
–
Employees can’t pay the company back
•
Must be taken to court
October 18, 2006
Green Team
45
Expert testimony
–
Time and
Money spent on problem
•
~$25,000 per division per year
•
20 Divisions
•
~$250,000 per year for this company
•
Credit card companies dropped the Navy
as a customer because of fraud problems
October 18, 2006
Green Team
46
Expert Testimony
-
Data
•
2002: 1.4 million Government Travel
Cards in use
–
$ 3.4 billion spent on purchases with these
cards
•
One man made $262,800 in charges on
13 Government Credit Cards
October 18, 2006
Green Team
47
Expert Testimony
–
On C
3
P
•
Target “high risk” employees
–
In the 18
-
25 year
-
old bracket
•
Don’t know how to use credit
–
Employees with bad credit
October 18, 2006
Green Team
48
Authentication
Methods
Secure
Inexpensive
No Memorization Required
High degree of fraud protection
No Human Verification Required
Ease of use
Ease of Implementation
Fingerprint
Photo ID
PIN
Password
Retinal Scan
Signature
Authentication
October 18, 2006
Green Team
49
Fingerprints
Advantages:
•
Relatively Mature
Technology
•
Low Cost
•
Highly Portable
Technology
Distinctiveness
High
Permanence
High
Collectibility
Medium
Performance
High
Acceptability
Medium
Potential for
Circumvention
Low
October 18, 2006
Green Team
50
Biometric Fingerprints
•
Finger Print Characteristics
–
Genetic and environmental factors
–
Never the same
–
Biometric image cannot be
reproduced
•
Finger Print Scanner
–
Capacitive Scanner
–
Electric Current
October 18, 2006
Green Team
51
Appendix B
Merchant Commercial Code (MCC)
–
A
specialized code that categorizes a store
based on what it sells (e.g. Target and Wal
-
Mart have the same MCC)
Universal Product Code (UPC)
–
A code that
designates a specific product, different for
every brand and variation of a product (Lay’s
and Pringle’s potato chips still have different
UPCs)
- Αρχική
- Περιήγηση
- Όλες οι Κατηγορίες
- Internet και Εφαρμογές Web
- Αποθήκευση
- Ασφάλεια
- Βιοτεχνολογία
- Δίκτυα και Επικοινωνίες
- Διακομιστές
- Διαχείριση
- Διαχείριση Δεδομένων
- Επιχειρησιακές Εφαρμογές
- Ηλεκτρονική - Συσκευές
- Ημιαγωγοί
- Κινητά – Ασύρματες Τεχνολογίες
- Λογισμικό & κατασκευή λογ/κού
- Μηχανική
- Περιβαλλοντική Τεχνολογία
- Πετρελαϊκά και Εξόρυξη
- Πολεοδομικά Έργα
- Τεχνίτη Νοημοσύνη και Ρομποτική
- Τηλεπικοινωνίες
- Ψυχαγωγία
- Κοινότητα
- Μεταφόρτωση
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο