Green Team April 27, 2007 Product: Customizable Credit Card Protection

advertisement

Green Team

April 27, 2007

Product: Customizable

Credit Card Protection

(C

3

P)

4/27/2007

Green Team

2

• Problem/Solution Introduction

• Process Description

• Solution Characteristics

• Prototype Characteristics

• Prototype Demonstration

– Simulated POST

– Business Leader GUI

– Purchase Verification Software

– Database Control

Green Team

4/27/2007 3

Our project is

Customizable Credit Card Protection (C

3

P), which is a project addressing a common and growing problem in managing corporate credit cards.

Green Team

4/27/2007 4

• You own a business, for example, an

Engineering company

– Employees need to make purchases

• Company credit account

• Manual receipt tracking to validate purchases

Green Team

4/27/2007 5

• Businesses are ultimately responsible for debts on corporate credit cards

• Personal credit reports do not include corporate cards

• Credit card companies do not provide protection from fraud committed by authorized card holders*

4/27/2007

* Visa.com

Green Team

6

Organizations and private businesses have inadequate protection and controls over unauthorized use by authorized cardholders, which results in a loss of funds.

4/27/2007

Current methods of addressing unauthorized use are expensive and subjective.

Green Team

7

• Your employee needs to purchase items for the company e.g. computer components, etc.

• The following slides will illustrate 4 scenarios outlining fundamental flaws in the current system of use for corporate credit cards

Green Team

4/27/2007 8

• Situation

– Your employee needs to purchase these items at a particular store

4/27/2007

Green Team

9

• Problem

– You cannot limit your credit card as to which stores these items can be purchased

• Solution

– Restrict purchases by Merchant Commercial Code

(M.C.C.)

• Fact

– Surveyed company stated spending of $250,000 per year in efforts to prevent credit card misuse*

4/27/2007

* Admiral Julius Caesar, Senior VP

Green Team

of SAIC

10

• Situation

– Your employee can purchase whatever item they want within that store

4/27/2007

Green Team

11

• Problem

– You cannot limit your credit card as to which individual items can be purchased

• Solution

– Restrict purchases by Universal Product Code (U.P.C.)

• Facts

– Immense company loss due to legal fees and other efforts to recover the fraudulent spending

Green Team

4/27/2007 12

• Situation

– Your employee may need a flexible credit limit as to the specific items that they need to purchase

• Due to travel

• If knowledgeable on which item would be better to purchase due to their area of expertise

Green Team

4/27/2007 13

• Problem

– You cannot dynamically set a per diem amount on the credit card specific to certain trips or purchases

• Solution

– Restrict purchases by modifying per diem limit dynamically

• Facts

4/27/2007

– Out of $2.5 trillion government budget*

• $14 billion was spent on private purchases by employees

• $2 billion was spent on unauthorized purchases by employees**

* http://www.gpoaccess.gov/usbudget/

** Foiling credit card fraud by Jenny C. McCune • Bankrate.com

Green Team

14

• Situation

– Receipts can be misplaced or lost

4/27/2007

Green Team

15

• Problem

– The receipt tracking system is subjective and receipts can be misplaced

– Labour intensive

• Solution

– Online data mining makes tracking employee spending habits much easier

• Facts

– One company reviewed stated that employees produced only 20% of all transaction receipts*

* http://www.dallasnews.com

4/27/2007

Green Team

16

What solution solves all these problems?

4/27/2007

Green Team

17

• Regulate types of purchases

• Reduce receipt checking

• Improve accuracy

– Automatic prevention of prohibited purchases

• Organization saves money

– Keeps control of money in hands of employer

Green Team

4/27/2007 18

• Customizable database

– Restrict Purchases by

• Universal Product Code (UPC)

– Only at participating locations in USA

• Merchant Commercial Code (MCC)

– Everywhere, including overseas

• Use contact RFID smart cards

– Fast & Secure

– Programmable for transaction routing

• Modifiable sending of UPCs and MCCs

• User interface software

– Web-based GUI

• User access for modification of card holder account

• Reporting and Analysis tools

• Drives Database

Green Team

4/27/2007 19

4/27/2007

Green Team

20

t y i l i o b a b

P r

81-100%

61 - 80%

41 - 60%

21-40%

1-20%

4/27/2007

5

4

1

2, 3

1 2 3 4

Impact: 1(Low) - 5(high)

Green Team

5

1

No corporate buy-in

(access to UPC database)

2

Access to credit card info

3

Hardware malfunction

4 Software malfunction

5

Insulting to employee

21

• Limit the scope of the initial project!

• What is taken out?

– The physical aspect of RFID reader/writer and RFID cards

– The interaction between Credit Card Company and

C

3

P servers

– A formatted data mining receipt tracking system

• What is new?

– The Simulated Point of Sale Terminal

• What remains?

– The Purchase Verification Software

– The Business Leader Graphical User Interface

– The Database of Users, MCCs, and UPCs

Green Team

4/27/2007 22

4/27/2007

Green Team

23

Risk#

1

2

Risk Description

No corporate buy-in (access to

UPC database)

Access to Credit Card Info

4 Software Malfunction

Mitigation via Prototype

UPC can be retrieved from online databases

Future implementation of encryption and current ability of restricted access to info via basic authentication

Software demonstrated during

Prototype Demonstration

4/27/2007

Green Team

24

4/27/2007

Green Team

25

• Equipment Drivers

– Nigel Tierney/Justin Brunelle/Aaron Fowler

• Product and Prototype Description Presenter

– Jeremy Archey

• Database Description Presenter

– Jason Benson

• Business Leader GUI Presenters

– Jason Benson

• Purchase Verification Software Presenter

– Jason Benson

• Simulated POST Presenter

4/27/2007

– Lisa Ortiz

Green Team

26

• Consists of the following tables:

– Employee

– Business Leader

– MCCs

– UPCs

• Created using MySQL

• Located on ODU server

Green Team

4/27/2007 27

Employee Table Part 1

UID Name acctNum apMCC apUPC totpurchase

Identification number for each employee

Employee's name totpurchase

Total amount of this day's purchases spendingLimi t

Total daily spending limit

Employee's corporate spending account number

List of

Approve d MCCs

Employee Table Part 2

List of Approved

UPCs addr phone employeeNum

Total amount of this day's purchases company

Employee

Address

Employee

Phone

Number

Employee

Corporation

Number

Employee

Company

SSN

Employee

Social

Security

Number

4/27/2007

Green Team

28

refNum

Reference number for the

UPC (primary key)

UPC

UPC

UPC Table pName

Product Name cost

Cost of product per unit in cents categorization

Categorization of products (lumber, clothing, food, hardware, automotive, business supplies)

MCC Table refNum MCC sType leaderID

Business Leader's ID

4/27/2007

Reference number for the

MCC (primary key)

MCC Type of Vendor pwd

Business Leader's password

Business Leader Table employees company

Employees that work for this business leader

Company that this business leader works for

Green Team

name

Business leader's name

29

• This software package is an interface for the business leader to be able to:

-

Add employees to the database

- Delete employees from the database

- Modify the database of allowed UPCs, MCCs, and spending limits for employees

• Created using HTML, PHP and Javascript

• Hosted on the ODU webserver

Green Team

4/27/2007 30

4/27/2007

Green Team

31

• This software was coded to validate purchases by C

3

P card holders

• It takes a transaction string that simulates an actual credit card transaction string, decodes it, and checks the validity of the purchase.

• Was written entirely in PHP and is used by the POS terminal to validate purchases.

• Located on ODU server

Green Team

4/27/2007 32

4/27/2007

Green Team

33

• Consists of:

– Text fields: MCC and Employee ID (Required)

– Drag-and-drop feature (From Products to

Shopping Cart)

– Clear Cart feature, Delete (item) feature

– Purchase button

• Created using PHP, MySQL, and JavaScript*

• Works in conjunction with Purchase Verification

Software

• Located on ODU server

*Scriptaculous.com

4/27/2007

Green Team

34

4/27/2007

Green Team

35

4/27/2007

Green Team

36

• Milestones & Deliverables (M & D)

– Overview

– Phase 2 Product Design

– Phase 2 Product Development

– Phase 2 Testing

– Phase 3

Green Team

4/27/2007 37

Phase

Phase 2

Phase 3

Start

5-3-07

Finish

10-31-07

Length

151 days

10/31/07 Out Years Out Years

5/07 8/07 11/07 2/08+

Green Team

4/27/2007 38

Module

Business

Leader

GUI

Data

Mining

POST

Purchase

Verification

Software

Database

Start

7-1-07

7-1-07

7-1-07

7-1-07

7-1-07

Finish

7-31-07

7-31-07

7-31-07

7-31-07

Length

30 days

30 days

30 days

30 days

7-31-07 30 days

5/07 6/07 7/07 8/07

Green Team

4/27/2007 39

Module Start Finish

Business

Leader

GUI

Data

Mining

POST

7-31-07

7-31-07

7-31-07

Purchase

Verification

Software

Database

7-31-07

7-31-07

9-11-07

9-11-07

9-11-07

9-11-07

9-11-07

Length

43 days

43 days

43 days

43 days

43 days

7/07 8/07 9/07 10/07

Green Team

4/27/2007 40

Module Start

Business

Leader

GUI

Data

Mining

POST

9-11-07

9-11-07

9-11-07

Purchase

Verification

Software

9-11-07

Finish

10-31-07 50 days

10-31-07 50 days

10-31-07

10-31-07

Length

50 days

50 days

8/07 9/07 10/07 11/07

Green Team

4/27/2007 41

• Out Years

• System Maintenance

– Updates

– Repairs

• Customer Support

• Advertising

Green Team

4/27/2007 42

• Phase 2 Funding

• Phase 2 Budget

4/27/2007

Green Team

43

• National Science Foundation (NSF)

– Phase 2: Funding award up to $750k or two years (whichever is reached first)

• Phase 2 Total Budget: $278,789

Green Team

4/27/2007 44

Hard Resources

Product

RFID Cards

Card Programmer

Card Printer

Domain Name Registrations

TOTAL

Personnel Resources

Resource

Project Manager

Database Maintenance Team

Database Administrator

Technical Director

POS Terminal Programmers

Programmer III

Software Maintenance &

Installation Team

Web Developer

GUI Programmer

Programmer II

Risk Management Director

Documentation Specialist

Finance Director

TOTAL

# Units Cost/Unit Total

10000 $0.52

$5,200 http://www.maxking.com/shopcart/product.php?productid=16375$cat=249&page=1

10

5

1

$64

$2,000

$15

$640 http://www.maxking.com/shopcart/product.php?productid=16213

$10,000 http://www.maxking.com/shopcart/product.php?productid=16282$cat=304&page=1

$15 InternetSolutions.com

$15,855

#

1

3

1

3

3

2

7

1

1

1

Salary*

75,616

$73,252

$56,926

$57,397

$52,920

$46,282

$45,368

$68,141

$35,751

$108,901

Overhead Hourly Hours Total

105,862

$102,553

$79,696

$80,356

$74,088

$64,795

$63,515

$95,397

$50,051

$152,461

$55

$53

$42

$42

$39

$34

$33

$50

$26

$79

403

121

295

53

578

803

216

95

606

136

$22,220

$19,442

$12,245

$6,654

$66,872

$54,164

$50,018

$4,720

$15,797

$10,799

$262,934

$278,789 TOTAL Resources

*Salary.com

4/27/2007

Green Team

45

• C3P regulates how funds are spent

– Saves money and time

• Prototype has proven feasibility and accuracy of product

• C3P will revolutionize the credit system world wide

Green Team

4/27/2007 46

4/27/2007

Green Team

47

4/27/2007

• Foiling credit card fraud by Jenny C. McCune

• Bankrate.com

• http://www.gpoaccess.gov/usbudget/

• http://www.dallasnews.com

• http://www.fbi.gov/publications/financial/fcs_ report052005/fcs_report052005.htm

• http://www.bankrate.com/fox/news/cc/20000508.asp

• http://www.bankrate.com/fox/news/cc/20000508.asp

• http://www.salary.com

• http://www.mastercard.com

• James Brunelle, Edo Corp.

• Admiral Julius Caesar, SAIC

Green Team

48

Download