Credit Card Fraud

Detection Using Hidden

Markov Model
 abstract
• Increase in credit card usage for online payments
• cases of fraud associated with it are also rising.
• Few steps involving credit card transaction process using a Hidden
Markov Model (HMM)
• how it can be used for the detection of frauds.
• An HMM is initially trained for a cardholder.
• If a credit card transaction is not accepted by the trained HMM. It is
considered to be fraudulent.
Scope of the project

To detect and block from fraud

transactions using a credit card.
Introduction
• Credit-card-based purchases can be categorized into two types: 1)
physical card and 2) virtual card. In a physical-card based purchase,
the cardholder presents his card physically to a merchant for making a
payment. To carry out fraudulent transactions in this kind of
purchase, an attacker has to steal the credit card. If the cardholder
does not realize the loss of card, it can lead to a substantial financial
loss to the credit card company. In the second kind of purchase, only
some important information about a card (card number, expiration
date, secure code) is required to make the payment. Such purchases
are normally done on the Internet or over the telephone
• . To commit fraud in these types of purchases, a fraudster simply needs to
know the card details. Most of the time, the genuine cardholder is not
aware that someone else has seen or stolen his card information. The only
way to detect this kind of fraud is to analyze the spending patterns on
every card and to figure out any inconsistency with respect to the “usual”
spending patterns. Fraud detection based on the analysis of existing
purchase data of cardholder is a promising way to reduce the rate of
successful credit card frauds. Since humans tend to exhibit specific
behaviorist profiles, every cardholder can be represented by a set of
patterns containing information about the typical purchase category, the
time since the last purchase, the amount of money spent, etc. Deviation
from such patterns is a potential threat to the system.
 MODULES
• New card
• Login
• Security information
• Transaction
• Verification
Module Description
• New card
• In this module, the customer gives there information to enroll a new card. The
information is all about there contact details. They can create there own login and
password for there future use of the card.
• Login
• In Login Form module presents site visitors with a form with username and password
fields. If the user enters a valid username/password combination they will be granted
access to additional resources on website. Which additional resources they will have
access to can be configured separately.
• Security information
• In Security information module it will get the information detail and its store’s in
database. If the card lost then the Security information module form arise. It has a set of
question where the user has to answer the correctly to move to the transaction section.
It contain informational privacy and informational self-determination are addressed
squarely by the invention affording persons and entities a trusted means to user, secure,
search, process, and exchange personal and/or confidential information.
• Transaction
• The method and apparatus for pre-authorizing transactions includes providing a communications
device to a vendor and a credit card owner. The credit card owner initiates a credit card
transaction by communicating to a credit card number, and storing therein, a distinguishing piece
of information that characterizes a specific transaction to be made by an authorized user of the
credit card at a later time. The information is accepted as "network data" in the data base only if a
correct personal identification code (PIC) is used with the communication. The "network data"
will serve to later authorize that specific transaction. The credit card owner or other authorized
user can then only make that specific transaction with the credit card. Because the transaction is
pre-authorized, the vendor does not need to see or transmit a PIC.
• Verification
• Verification information is provided with respect to a transaction between an initiating party and
a verification-seeking party, the verification information being given by a third, verifying party,
based on confidential information in the possession of the initiating party. In verification the
process will seeks card number and if the card number is correct the relevant process will be
executed. If the number is wrong, mail will be sent to the user saying the card no has been block
and he can’t do the further transaction.
Module I/O
• New card
• Given Input- Request from the user for the card.
• Expected Output-Assigning an account to requested user.
• Login
• Given Input- Give username and password of particular user.
• Expected Output- Login to user’s account.
• Security information
• Given Input- Give the security information by answering security questions.
• Expected Output-Updation of account with the security details.
• Transaction
• Given Input- Give the account details and performs transaction.
• Expected Output- Updation of database.
• Verification
• Given Input- Checks with user’s stored details like security answers or hidden details.
• Expected Output-If the verification is success, user can perform transaction, else blocks the cards
Existing System:
• In case of the existing system the fraud is detected after the fraud is
done that is, the fraud is detected after the complaint of the card
holder. And so the card holder faced a lot of trouble before the
investigation finish. And also as all the transaction is maintained in a
log, we need to maintain a huge data. And also now a days lot of
online purchase are made so we don’t know the person how is using
the card online, we just capture the IP address for verification
purpose. So there need a help from the cyber crime to investigate the
fraud. To avoid the entire above disadvantage we propose the system
to detect the fraud in a best and easy way.
Proposed System:
• In proposed system, we present a Hidden Markov Model (HMM).Which does not
require fraud signatures and yet is able to detect frauds by considering a
cardholder’s spending habit. Card transaction processing sequence by the
stochastic process of an HMM. The details of items purchased in Individual
transactions are usually not known to any Fraud Detection System(FDS) running
at the bank that issues credit cards to the cardholders. Hence, we feel that HMM
is an ideal choice for addressing this problem. Another important advantage of
the HMM-based approach is a drastic reduction in the number of False Positives
transactions identified as malicious by an FDS although they are actually genuine.
An FDS runs at a credit card issuing bank. Each incoming transaction is submitted
to the FDS for verification. FDS receives the card details and the value of purchase
to verify, whether the transaction is genuine or not. The types of goods that are
bought in that transaction are not known to the FDS. It tries to find any anomaly
in the transaction based on the spending profile of the cardholder, shipping
address, and billing address, etc. If the FDS confirms the transaction to be of
fraud, it raises an alarm, and the issuing bank declines the transaction.
Hardware Requirements

• SYSTEM : Pentium IV 2.4 GHz

• HARD DISK : 40 GB
• FLOPPY DRIVE : 1.44 MB
• MONITOR : 15 VGA colour
• MOUSE : Logitech.
• RAM : 256 MB
Software Requirements

• Operating system :- Windows XP Professional

• Front End : - Asp .Net 3.5.
• Coding Language :- Visual C# .Net
• Back-End : - Sql Server 2008.
.Net Framework
• .Net Framework is a platform or development environment to
seamlessly create web-applications that are accessible through client
machines from across the globe. These web-applications adopt open
standards such as eXtensible Markup Language (XML), Hyper Text
Transfer Protocol (HTTP), and Simple Object Access Protocol (SOAP)
to interact with applications that are available in other platforms.
The .NET Compilation Stages

• The Code written in .NET isn't compiled directly to the executable;

instead .NET uses two steps to compile the code. First, the code is
compiled to an Intermediate Language called Microsoft Intermediate
Language (MSIL). Second, the compiled code will be recompiled with
the Common Language Runtime (CLR), which converts the code to
the machine code. The basic Idea of these two stages was to make
the code language independence.
Garbage Collection: Automatic Memory Management in
the Microsoft .NET FrameworkLevel
• Allocate memory for the type that represents the resource.
• Initialize the memory to set the initial state of the resource and to
make the resource usable.
• Use the resource by accessing the instance members of the type
(repeat as necessary).
• Tear down the state of the resource to clean up.
• Free the memory
module diagram:

Start

New Card

Login

Security Information

Transaction Verification

Stop
Use case diagram:

New Card

User Login

Store Info

Verification Transaction
Class diagram
collaboration diagram

New Account

1: User Info

Login Complete Transaction

2: Login Info 5: Verification Details

Transaction 3: Transaction Details Verification 4: Security Info Security

Literature review
• Ghosh and Reilly have proposed credit card fraud detection with a neural network. They
have built a detection system, which is trained on a large sample of labeled credit card
account transactions. These transactions contain example fraud cases due to lost cards,
stolen cards, application fraud, counterfeit fraud, mail-order fraud, and nonreceived
issue (NRI) fraud. Recently, Syeda et al. have used parallel granular neural networks
(PGNNs) for improving the speed of data mining and knowledge discovery process in
credit card fraud detection. A complete system has been implemented for this purpose.
Stolfo et al. suggest a credit card fraud detection system (FDS) using metalearning
techniques to learn models of fraudulent credit card transactions. Metalearning is a
general strategy that provides a means for combining and integrating a number of
separately built classifiers or models. A metaclassifier is thus trained on the correlation of
the predictions of the base classifiers. The same group has also worked on a cost-based
model for fraud and intrusion detection . They use Java agents for Metalearning (JAM),
which is a distributed data mining system for credit card fraud detection. A number of
important performance metrics like True Positive—False Positive (TP-FP) spread and
accuracy have been defined by them. Aleskerov et al. present CARDWATCH, a database
mining system used for credit card fraud detection.
HMM Model

• To map the credit card transaction processing operation in terms of

an HMM, we start by first deciding the observation symbols in our
model.Wequantize the purchase values x into M price ranges V1; V2; .
. . VM, forming the observation symbols at the issuing bank. The
actual price range for each symbol is configurable based on the
spending habit of individual cardholders. These price ranges can be
determined dynamically by applying a clustering algorithm on the
values of each cardholder’s transactions, as shown in Section 5.2. We
use Vk, k ¼ 1; 2; . . .M, to represent both the observation symbol, as
well as the corresponding price range.
Advantages

• Highly Security from unauthorized use of credit card

• 1. Avoids fraud usage of card through online transactions.
• 2. Detect if card used by others if card lost.
SYSTEM TESTING

• To ensure that during operation the system will perform as per

specification
• To make sure that the system meets user’s requirements during
.operation.
• To verify that the controls incorporated in the system function as
intended.
• To make sure when correct inputs are fed to the system, the outputs
are correct.
• To make sure that during operation, incorrect input, processing and
outputs will be deleted.
PERFORMANCE TESTING

• Performance test is designed to test the run- time performance of the

software within the context of an integrated system. Tests are based
on coverage of code statements, branches, paths, conditions.
UNIT TESTING

• Testing of individual software components or modules. Typically done

by the programmer and not by testers, as it requires detailed
knowledge of the internal program design and code.
INTEGRATION TESTING

• Testing of integrated modules to verify combined functionality after

integration. Modules are typically code modules, individual
applications, client and server applications on a network, etc. This
type of testing is especially relevant to client/server and distributed
systems.