Green Team
CS 410
Professor & Consultant: Janet Brunelle
Team Leader & Risk: Justin Brunelle
Marketing: Nigel Tierney
Web Master: Jason Benson
Technical: Aaron Fowler
Research & Main Presenter: Jeremy Archey
Financial: Lisa Ortiz
Topic : RFID
SubTopic : Electronics
A.1. Responsiveness to NSF Topics
B.4 – RFID, Electronics (EL)
A. 2. Proposal Objectives
After completing our Phase I feasibility study, we hope to discover several things.
First, we want to find out whether the technology exists to implement our idea for smart
card protection in a method that is user friendly, stable, and cost efficient. Next, we need
to create a rough budget and schedule for our project so that we can have some general
estimates for project timelines and financial needs. We also need to research whether the
current credit card companies would be interested in purchasing protection like ours from
an independent company and incorporating it into their own business model. Along with
this, we need to find out if there are any other companies already creating this solution,
and if there are, decide if we can compete with them in any meaningful way.
A.3. Phase I Project Requirements.
The deliverable at the end of an SBIR/STTR Phase I grant is a technical report
that summarizes the experimental and theoretical accomplishments of the research
proposed. This report serves as the basis for a Phase II proposal.
A.9.2. Project Summary
According to www.foodstampfraud.org, the Federal government spends $40
billion on food stamp fraud each year. According to MSNBC, 900,000 claims to FEMA
during Hurricane Katrina were duplicate applications. EPA research has shown that 11%
of government employees given Government Credit Cards cannot reproduce receipts of
purchases made with Government Credit Cards when asked, and 9% of those that could
reproduce receipts purchased prohibited items. 11% of card holders lent their card to
unauthorized users. Nearly $14 billion of government money entrusted to government
employees is spent on private purchases, and small businesses lose, on average, $2,500 to
$100,000 annually on unauthorized purchases.
The solution to these problems is Customizable Credit Card Protection.
Customizable Credit Card Protection (C3 P) will eliminate unauthorized purchases by
government and private business employees. C3 P will prevent employees who have been
entrusted with funds from spending that money inappropriately by preventing purchases
at certain types of commercial locations using MCCs, and preventing purchases of
specified UPCs. The package sold will come with programmable Smart Cards with RFID
chips in them (protected by 128-bit and triple DES encryption), and a customizable
database that will hold prohibited purchases. The owner or head of the company will be
able to specify what purchases are legal, and each card will be programmed to accept
only legal purchases. This product is marketable to anyone who wishes to control
purchases, such as parents or schools.
Efficiency of lines at stores will not decrease because of this implementation. A
contactless credit card transaction takes, on average, 15 seconds, while a magnetic strip
transaction averages 25 seconds. Cash transactions normally take 34 seconds
(technovelgy.com). The RFID signal cannot be picked up by thieves with RFID sensors
because the sensor has to be fractions of a centimeter away from the card to get a reading.
Even if the thief did get that close, the reading will be encrypted. Also, each Smart Card
transaction has a different code number, making the information taken from the card
useless when decoded.
C3 P will ensure appropriated funds are spent according to company and government
policy, and not in any other way. Vendors, customers, and card companies will benefit
from C3 P because vendors will get more and more efficient business, customers are
protected and have less wait time in line, and card companies get to sell cards and RFID
sensors to vendors. C3 P will revolutionize the credit system world wide.
A.9.3. Project Description
Part 1: Identification and Significance of the Innovation
The innovation in our solution comes from the use of both the already used
MCC’s as well as the individual items’ UPCS to block unauthorized purchases at the
point of sale, rather than putting the responsibility on businesses to monitor their
employees after the sale has been made. This allows a business to have much more
control of how their funds are being spent, and radically changes the idea that credit cards
can only send a fixed amount of information every transaction.
Part 2: Background and Phase 1 Technical Objectives
The solution needs to activate the user's Finger Card with the on card scanner, read
Finger Card with a RFID scanner, send list of UPCs and MCCs to our database, compare
UPCs and MCCs to the allowed list, respond with a trivial authorized or unauthorized
transaction, and forward authorized transactions to the credit card company.
The hardware and software that will be required to build it is a Finger Card, digital
camera, server, database, transaction approval algorithm, and a GUI and a website for
customizing MCC and UPC approval lists and viewing transactions.
The COTS products needed are a Finger Card, Finger Card RFID scanner, and a server.
The customer needs to have a RFID scanner. The GUI and a website have to be specially
built, as well as the software that will need to be added to the POS terminals to allow
UPC’s to be transmitted with each transaction.
Part 3: Phase 1 Research Plan
There is extensive research required in order to prove our product’s technical feasibility.
This research includes looking at pre-existing publications on the topic as well as performing
experiments to test how plausible our solution is in real world conditions. While there may be
additional technical considerations once we get customer buy in, in terms of adapting our solution
to work with a company’s proprietary information, these are the basic technical considerations
that we must first research before proceeding any further.
Our proposal is for a software system that analyzes business credit card purchases at the
time of the transaction, decides whether the purchase will be allowed or not, and keeps track of
this data for later analysis by the primary stakeholders of that credit card user’s company. This
will be primarily implemented through our own system of servers and databases that we will be
responsible for maintaining, though there may be hardware considerations depending on the
amount of data we need the credit card user to send to us and the quality of the business’
connection to us. The process of determining whether a purchase is valid or not will be based on
a simple algorithm that combines the Merchant Category Classification and the UPC codes that
the customer is purchasing and compares it to what the customer’s business has listed as
acceptable purchases. All information, including the MCC and UPC codes, will be stored on our
databases for an extended period of time so that business users may analyze purchase patterns of
their employees, which will be facilitated through software and web site access that we will
provide.
There are four main areas of research that need to be carried out to feel confident about
our solution. First, we need to research how current credit card systems work, from both a
hardware and software standpoint, so that we can try to use as much as the current infrastructure
as possible in implementing our solution. This will be done through library research as well as
through interviews with those who are in the industry, although there may be limitations as far as
what information can be given to us.
Second, we need to determine how much information we can send over a low end credit
card terminal connection before customer satisfaction becomes an issue as far as waiting time.
For this, we will need to test with the lowest capacity connection, a 14.4 baud modem, with a
large transaction, one that contains multiple UPC’s. The results will be measured in seconds,
with any result over 5 seconds being ‘unacceptable.’ Various configurations of data format and
hardware configuration may also be tried to reduce this time.
Third, we have to test our server’s reliability, as credit card companies demand a very
high percentage of ‘up time,’ over 99%. We will need to decide which servers can handle
constant, multiple transactions without significant slow down or failure. We will test this through
simulation, by sending massive amounts of simulated data to a test machine and recording the
results. The outcome will allow us to better judge our budgetary needs for the project, and will
most likely influence our software solution in some way.
Finally, we need to create various prototypes for our web interface, and decide which is
the most user friendly. This will involve focus groups and testing to see which areas of the web
site will be most accessed and used. These tests can also implement performance measures that
test what the best solution will be as far as implementing our web site’s programming. Speed will
be the primary concern, but ease of use and ease of data analysis will also be priorities.
Part 4: Company Information
Old Dominion University Computer Science Department
Norfolk, VA 23529
757.683.3000A.9.4. References Cited
IEEE Feasibility Study on biometric credit cards:
http://www.ee.ucla.edu/faculty/papers/ingridv_TransCE_nov04.pdf#search=%2
2Portable%20Biometrics%22
Smart Card technology with localized, portable biometrics:
http://www.biometricassociates.com/smartcard.php
Open source smart card technology, both software and hardware:
http://www.smartcardalliance.org/industry_news/industry_news_item.cfm?itemID=1596
DISD credit card oversight lax:
http://www.dallasnews.com
Picture 1:
www.co.kern.ca.us/dhs/images/0987.jpg
Picture 2:
www.katrinapictures.blogspot.com/
Picture 3:
http://www.spasearch.org/admin/images/fld_main_photo/fld_main_photo_38.jpg
FEMA Fraud:
http://www.msnbc.msn.com/id/11326973/
Food stamp fraud:
http://www.frac.org/html/federal_food_programs/programs/fsp_faq.html#4
Food stamp info:
http://www.fns.usda.gov/fsp/faqs.htm#9
Data on food stamp fraud:
http://www.eweek.com/article2/0,1895,1972079,00.asp
http://www.foodstampfraud.org/
http://www.cioinsight.com/article2/0,1540,1850300,00.asp
FEMA Fraud data:
http://www.cnn.com/2006/US/09/13/katrina.fraud/index.html?section=cnn_topstories
http://www.msnbc.msn.com/id/11326973/
Lockout codes
http://www.admin.mtu.edu/acct/dept/pur/purchcard/lockout.htm
Info on why this is a problem:
http://www.dallasnews.com/sharedcontent/dws/news/localnews/stories/070206dnmetpcar
ds.192c71f.html
http://financialplan.about.com/od/studentsandmoney/a/TeenCreditCards.htm
Info on current program in place:
http://arc.publicdebt.treas.gov/DWP/fs/fscredcard.htm#1
Data and why this is needed – EPA’s complaint paper on current system!!!
http://www.epa.gov/oig/reports/1995/bankrep.htm#CHAPTER%204
How credit cards work:
http://money.howstuffworks.com/credit-card2.htm
A.9.5. Biographical Sketches
Justin Brunelle:
Justin is a Virginia Beach local in his 3rd year as a Computer Science major at ODU. He
works on the iSTART research project under Dr. Levinstein and plans on attending grad
school at ODU. His research interests include web programming and modeling and
simulation.
Aaron Fowler:
Aaron is a senior at ODU majoring in Computer Science with a minor in Computer
Engineering. He transferred from VWCC with associate’s degrees in Computer Science
and Computer Engineering. He works as a consultant for the ODU systems group.
Nigel Tierney:
Nigel is an F1 international student from Ireland. He is completing the accelerated
Masters course in Computer Science at ODU and is currently in his 4th year. He is
currently doing voluntary research under Dr. Jessica Crouch on creating a deformable
finite cataract surgery model. His research interests include computer graphics and
computer vision.
Lisa Ortiz:
Lisa is from Northern Virginia and in her 3rd year at ODU, majoring in Computer Science
with a minor in Finance. During the summer and winter breaks, she interns with
Northrop Grumman Mission Systems in Dahlgren, VA. She has been there since the
summer of 2004. She is also currently a member of the Society of Hispanic Professional
Engineers.
Jeremy Archey:
Jeremy is a senior at ODU, majoring in Computer Science with a minor in Information
Technology. He has an interest in sales and public speaking, and currently works full
time at Kay Jewelers. After graduation, he hopes to enter a career that involves travel
and personal interaction with clients.
A.9.6. Budget
Funding in support of the C3P project will be requested from the National Science
Foundation (NSF) under the SBIR grant program. [This plan will address total budgeted
costs for the project and also the costs required for the out years.]
The SBIR program distributes funds in two distinct phases. During Phase I,
[amount] will be needed for the development of the C3P prototype. This development
work will include planning, identification of requirements, hardware setup, design,
coding and testing. The SBIR program’s funding limit of $100,000 for Phase I will cover
the costs of this work.
Upon successful implementation of a prototype, an additional $750,000 will be
requested for Phase II work. This funding will cover ongoing development from Phase I,
additional hard resources, technical documentation and actual beta testing of the product
with users. Total costs for Phase II are budgeted at [amount].
[This part of the funding plan will address how we will be obtaining funds for
Phase III, since not additional funds may be solicited through the SBIR program.] In
Phase III, having acquired the necessary funding in Phases I and II to complete the
prototype, C3P will be in a position to enter production and commercialization. [This part
will also include total Phase III budget costs.]
[This part of the funding plan will explain funding and budget costs during the out
years.]
[This part of the funding plan will state the deadline for the submission of
proposals to the SBIR program.]
[This part of the funding plan will discuss the additional funding obtained for
each phase outside of NSF.]
[The last section of the funding plan will include the charts and graphs, displaying
budget costs, resources, break-even analysis, etc.]
"What are the broader impacts of the proposed activity?"
1. The commercial benefits of C3P include sale of C3P technology. The societal impact of C3P
is to reduce the amount of credit card fraud regarding entrusted funds from private
businesses and government organizations to its employees. Businesses will retain more
funds due to lack of personal spending by employees and the tax payers and government
organizations will retain more money, as well.
2. C3P expands the use of RFID and credit card technologies.
3. This project is widely needed among businesses and government organizations. Employees
of these organizations spend appropriated funds on personal objects and activities without
approval from the owner of the funds. Organizations need a way to make sure their funds
are being spent according to organization policy and designation.
4. See competition matrix. Incomplete as of 11/08
5. Once the funding for this project from SBIR/STTR ends, the project will earn it’s own
funds by leasing our technology to credit card companies, government organizations, and
even parents in the future.
6. C3P can advance NSF’s goals in education by allowing students to learn about RFID and
the credit card process. The database structure and extraction is another source of learning
opportunities.
C3P has not successfully commercialized SBIR/STTR-supported technology.