Green Team October 16, 2006 Product: Customizable Credit Card Protection (C
advertisement
Green Team October 16, 2006 Product: Customizable Credit Card Protection (C3 P) Organization Chart October 18, 2006 Green Team 2 This family received food stamps www.co.kern.ca.us/dhs/images/0987.jpg October 18, 2006 Green Team 3 This family received money from FEMA www.katrinapictures.blogspot.com/ October 18, 2006 Green Team 4 This family received both http://www.spasearch.org/admin/images/fld_ma in_photo/fld_main_photo_38.jpg October 18, 2006 Green Team 5 What do these families have in common? • All these families received Government money • The first two used the money as intended • The third is guilty of spending government money on things other than the intended purpose October 18, 2006 Green Team 6 FEMA Fraud • Hurricane Katrina victims – 900,000 of 2.5 Million aid applicants were fraudulent* Obtained funds through fraud Obtained funds legally * http://www.msnbc.msn.com/id/11326973/ October 18, 2006 Green Team 7 Problem Statement Government organizations and private businesses have inadequate protection against unauthorized purchases by authorized cardholders, which results in a loss of funds. October 18, 2006 Green Team 8 Problem Analysis • Out of a $2.5 trillion government budget** – $14 billion was spent on private purchases by employees –$2 billion was spent on unauthorized purchases by employees* * Foiling credit card fraud by Jenny C. McCune • Bankrate.com ** http://www.gpoaccess.gov/usbudget/ October 18, 2006 Green Team 9 Problem Characteristics •Tracking physical receipts –Archaic –Inaccurate –Unreliable –Easy to lose •Employees produced 20% of all transaction receipts* •Cards can be stolen •Organization loses money –Money spent unwisely by an authorized user of the card is not covered under fraud protection * http://www.dallasnews.com October 18, 2006 Green Team 10 Solution Characteristics • Prevention of lost corporate funds – Reduces personal, unwarranted spending • Biometrics – Prevents unauthorized use • Uses customizable database – Allows different business to have different options October 18, 2006 Green Team 11 C3 Protection Card •So what is C3P? – Customizable Credit Card Protection October 18, 2006 Green Team 12 Objectives • Develop a customizable credit card system to prevent unauthorized purchases by employees – Customizable database to hold prohibited purchases • GUI to allow customization of database – Uses Merchant Commercial Codes (MCCs) – Use Universal Product Codes (UPCs) • Implement latest security technology for card protection October 18, 2006 Green Team 13 Features •Secure Credit card –128-bit DES encryption –Biometrics •Fingerprint •Photo ID –Allows customizable control over card’s use –Controlled by a user interface to each business’ personal database October 18, 2006 Green Team 14 Customers •Hard Customers -Visa -MasterCard -Discover -American Express •Soft Customers -Every business that holds a business credit card -Caring and concerned parents who issue credit cards to their children October 18, 2006 Green Team 15 Customer Characteristics •Credit Card Companies -Spend millions each year on securing their credit cards* -Minors are Credit Card Company’s new target consumer** •Credit Card Company’s Consumers -Small businesses report billions of dollars in losses through embezzlement each year*** -Parents are concerned with giving children control of a credit card yet are even more concerned about giving a child real cash** * http://news.com.com/Retailers+feel+security+heat/2100-7349_3-5680788.html ** http://www.bankrate.com/fox/news/cc/20000508.asp *** http://www.fbi.gov/publications/financial/fcs_report052005/fcs_report052005.htm October 18, 2006 Green Team 16 Why does the customer need this? •Soft customer –Secure and efficient control of company funds –Reduced costs to prevent and lesson the effects of fraud –Parental control of children's spending •Hard Customer –Offer safer card services to credit users –Larger customer base •Increase of large, reliable customers October 18, 2006 Green Team 17 Major Functional Component Diagram October 18, 2006 Green Team 18 RFID Card Specifications • An embedded antenna that is attached to the chip is used to transfer information stored in the chip's memory • The range of operation is 2.5" to 3.9“ • Information can be written to the card the same way it is read. • The fingerprint scanner can be added October 18, 2006 Green Team 19 Software Features • Intuitive web-based GUI Interface – Able to customize MCCs and/or UPCs by creating an ‘acceptance’ list – Able to analyze and graph employee spending habits • Incoming UPCs and MCCS are compared with an ‘acceptable’ database of allowed codes October 18, 2006 Green Team 20 Receipt Tracking • For each business, all employee purchases are tracked and listed by employee • Receipts will list accepted and rejected purchases • Receipts can be grouped by purchaser, date, and/or MCC October 18, 2006 Green Team 21 Smart Card Setup • User account access information added to smart card memory by C3P • 1st user finger scan saves a threedimensional electrical image of the fingerprint's unique pattern using small variations in finger surface capacitance. October 18, 2006 Green Team 22 Authentication Process Current Process NEW Process Vendor must take the credit card and ID from customer Then vendor must authenticate the customer by judgment alone. If your fingerprint matches, the Smart Card & RFID chip will be activated If the customer matches the identification, the transaction is made. October 18, 2006 Hold your thumb over the fingerprint scanner to prove your identity. Green Team Touch the card to the card reader and the transaction will be processed. 23 Payment Process Current Process NEW Process Vendor swipes You swipe your card at your card at the point-of-sale register. The data is sent to a computer to verify your credit. If you have the funds, your purchase is allowed. October 18, 2006 the point-of-sale register. Your data is sent to our servers for verification. Your data is then sent to the credit servers to verify. If your card is accepted and your purchases are valid, sale is complete. Green Team 24 What’s in the Box? What’s Not In The Box What’s What’s In The In The Box Box Businesses •Authentication code for website IF REQUESTED: •Website URL (holds database) •Requirements for submission of pictures and info Computer with Internet connection Loading Station Credit Card Companies Credit card customer information October 18, 2006 Green Team 25 Flow of Information/Hardware a. Request CC w/C3P b1. Camera? How many cards? b2. Reply c. Send notification of request e. Send camera (opt.) & authentication code d. Sell camera (opt.) & authentication code Business accesses C3P database online C3P makes RFID smart cards w/ biometrics f. Send photos g. Sell cards with C3P (RFID chip/C3P logo/biometrics h. Send cards with CC logo & photo ID October 18, 2006 Green Team 26 What this product does not do • Provide point-of-sale RFID readers • Protect against blocking of authorized purchases – Will mostly be a result of human error – Will decrease in occurrence as more businesses use product • Provide credit for businesses October 18, 2006 Green Team 27 Competition Matrix Cards MTU Purchasing X Government Credit X Food Stamps X Worldwide Purchasing X LeCarte Purchase X NASA SmartPay X X X X X X X X X X X X X October 18, 2006 X X X X X X X Smart C3P X X X X X X X X X X X Green Team X X X X X 28 Cost (Soft Customer) Components Number Required Price Camera (optional) 1 $110.00 $110.00 Access to website 1 FREE FREE Authentication code (convenience fee) 1 $10.00 $10.00 1 per member $20.00 $20.00/member RFID smart card w/biometrics* Cost Total Cost (Max) $120.00 + $20.00/member Total Cost (Min) $10.00 + $20.00/member * http://www.processor.com/editorial/article.asp?article=articles/P2716/30p16.asp&guid= October 18, 2006 Green Team 29 Cost (Hard Customer) Components Number Required Price Cost Initial Training 1 day per store $3,000.00 $3,000.00 per day per company Server* (incl. add’l features) 1 (for C3P use only) $8,162.00 $8,162 RFID smart card printer 1 (for C3P use only) $4,000.00 $4,000.00 RFID smart cards 1 per member (for C3P manufacturing) $15.00 $15.00/card Total Cost for C3P $12,162.00 + 3,000/day of training + $15.00/card * http://configure.us.dell.com/dellstore/config.aspx?c=us&cs=04&kc=6W300&l=en&oc=pe1950-max&s=bsd October 18, 2006 Green Team 30 Pros • Smart Card Technology – Quick – Uses Biometrics • Safe and Secure • Customizable – Spending limits – Tracks Items Bought – Tracks Vendors Bought From • More Efficient – Saves Time Spent On Accounting • Saves money • Keeps better records – Automatic record of exact item bought and vendor shopped at – Better information for routine audits October 18, 2006 Green Team 31 Cons • Uses fingerprints – People are afraid of giving up such information • Solved with encryption and marketing • Vendors need RFID readers – Requires New Technology • Many vendors are getting scanners – 7-11 is adding 5,600 RFID scanners this year* • Accidental blocking of necessary purchases – Solved with training and research • 24/7 Server/Website Maintenance * mastercard.com October 18, 2006 Green Team 32 Risk Probability/Impact Matrix P r o b a b i l i t Access to credit card 1 info 81-100% 2 Hardware malfunction 61 - 80% 3 Cards are not delivered 41 - 60% 21-40% 4 Software Malfunction 7 1-20% y 1 4 6 5 2 3 1, 2 3 4 5 Insulting to Employee Employees won't give 6 up finger prints UPC database is 7 unavailable 5 Impact: 1(Low) - 5(high) October 18, 2006 Green Team 33 Risks Risk# Risk Description Mitigation Actions 1 Access to Personal Info from Credit Card Companies 2 Hardware Malfunction or Viruses Out of our control 3 Cards are not delivered by contracted company Out of our control 4 Software Malfunction Thorough testing and 24/7 support October 18, 2006 Green Team Encryption, policy of not reading the information 34 Risks Risk# Risk Description Mitigation Actions 5 Insults Employee (can not be trusted) Marketing plan and training to avoid insulting employees 6 Employees are reluctant to give up fingerprints due to privacy issues and fear of ‘Big Brother’ 128-bit DES encryption, need of access to the money by user 7 UPC Database is unavailable Drop UPC solution from initial launch and use only MCCs October 18, 2006 Green Team 35 Return on Investment • Improves reputation of credit card company • Reduces loss of money due to unscrupulous purchases • Saves time used to perform manual audits • Reduces fraud • Reduces the number of investigations required October 18, 2006 Green Team 36 Conclusion • Regulates how funds are spent • Uses biometrics –Prevents the use or selling of stolen cards •Vendors, credit customers, and card companies will benefit –Vendors will get higher quantity and more efficient business –Credit customers are protected and have less wait-time in line –Card companies get to sell cards and RFID sensors to vendors while increasing their number of users •C3P will revolutionize the credit system world wide October 18, 2006 Green Team 37 Questions At this time, we welcome any questions you may have. October 18, 2006 Green Team 38 References • • • • • DISD credit card oversight lax: http://www.dallasnews.com Picture 1: www.co.kern.ca.us/dhs/images/0987.jpg Picture 2: www.katrinapictures.blogspot.com/ Picture 3: http://www.spasearch.org/admin/images/fld_main_photo/fld_main_photo_38.jpg FEMA Fraud, http://www.msnbc.msn.com/id/11326973/ • IEEE Feasibility Study on biometric credit cards: http://www.ee.ucla.edu/faculty/papers/ingridv_TransCE_nov04.pdf#search=%2 2Portable%20Biometrics%22 • Smart Card technology with localized, portable biometrics: http://www.biometricassociates.com/smartcard.php • • Open source smart card technology, both software and hardware: http://www.smartcardalliance.org/industry_news/industry_news_item.cfm?ite mID=1596 October 18, 2006 Green Team 39 References • • • • • • • Food stamp fraud: http://www.frac.org/html/federal_food_programs/programs/fsp_faq.html#4 Food stamp info: http://www.fns.usda.gov/fsp/faqs.htm#9 Data on food stamp fraud: (http://www.eweek.com/article2/0,1895,1972079,00.asp) (http://www.foodstampfraud.org/) (http://www.cioinsight.com/article2/0,1540,1850300,00.asp) • FEMA Fraud data: http://www.cnn.com/2006/US/09/13/katrina.fraud/index.html?section=cnn_topstories) (http://www.msnbc.msn.com/id/11326973/) • Lockout codes http://www.admin.mtu.edu/acct/dept/pur/purchcard/lockout.htm Info on why this is a problem: http://www.dallasnews.com/sharedcontent/dws/news/localnews/stories/070206dnmetp cards.192c71f.html http://financialplan.about.com/od/studentsandmoney/a/TeenCreditCards.htm Info on current program in place: http://arc.publicdebt.treas.gov/DWP/fs/fscredcard.htm#1 Data and why this is needed – EPA’s complaint paper on current system!!! http://www.epa.gov/oig/reports/1995/bankrep.htm#CHAPTER%204 How credit cards work: http://money.howstuffworks.com/credit-card2.htm October 18, 2006 Green Team 40 Appendix A Expert Testimony from Admiral Julius Caesar from SAIC October 18, 2006 Green Team 41 Expert Testimony – Current Problems • Navy sailors are given credit cards for travel because they do not have enough personal cash – Spending money in “Girly Bars” – Tabs in excess of $15,000 • Private Business – Employee used company credit card to put $14,000 down payment on a house – Employee bought several $1,500 airline tickets, and canceled the flight to collect the cash refund, which he used to finance his private company – Employee bought $1,500 in thongs at Victoria Secret October 18, 2006 Green Team 42 Expert Testimony - Current Solutions • Only activating the credit card for the duration of the travel • Background credit checks on employees to be entrusted with company funds October 18, 2006 Green Team 43 Expert Testimony – Loose ends left by current solution • Can’t regulate purchases • Company liable for purchases – Employees can’t pay the company back • Must be taken to court October 18, 2006 Green Team 44 Expert testimony – Time and Money spent on problem • • • • ~$25,000 per division per year 20 Divisions ~$250,000 per year for this company Credit card companies dropped the Navy as a customer because of fraud problems October 18, 2006 Green Team 45 Expert Testimony - Data • 2002: 1.4 million Government Travel Cards in use – $ 3.4 billion spent on purchases with these cards • One man made $262,800 in charges on 13 Government Credit Cards October 18, 2006 Green Team 46 Expert Testimony – On C3P • Target “high risk” employees – In the 18-25 year-old bracket • Don’t know how to use credit – Employees with bad credit October 18, 2006 Green Team 47 October 18, 2006 In e Fingerprint Photo ID PIN Password Retinal Scan Signature Se c ur e Authentication Methods xp e No nsive Me Hig mori za hd tio e g No ree n Re qu Hu o f ire fra d Ea man se Ve ud p rot rifi of ec c u Ea ati s tio e se on of Re n Im qu ple ire me d nta tio n Authentication Green Team 48 Fingerprints Advantages: • Relatively Mature Technology • Low Cost • Highly Portable Technology October 18, 2006 Distinctiveness High Permanence High Collectibility Medium Performance High Acceptability Medium Potential for Circumvention Low Green Team 49 Biometric Fingerprints • Finger Print Characteristics – Genetic and environmental factors – Never the same – Biometric image cannot be reproduced • Finger Print Scanner – Capacitive Scanner – Electric Current October 18, 2006 Green Team 50 Appendix B Merchant Commercial Code (MCC) – A specialized code that categorizes a store based on what it sells (e.g. Target and WalMart have the same MCC) Universal Product Code (UPC) – A code that designates a specific product, different for every brand and variation of a product (Lay’s and Pringle’s potato chips still have different UPCs) October 18, 2006 Green Team 51
