A Model of Fraud Detection in Mobile Transaction via ...

A Model of Fraud Detection in Mobile Transaction via Unstructured Supplementary Service Data Kulani E. Vukeya and Okuthe P. Kogeda Department of Computer Science Tshwane University of Technology, Private bag X680, Pretoria 0001 Tel: +27 12 382 9640, Fax: +27 12 3829525 email: [email protected] ; [email protected]

Abstract- mobile payments have become more popular and are used to perform transactions that carry sensitive information that should only be visible to the person performing that particular transaction. One of the wellknown services to perform such transactions is called Unstructured Supplementary Service Data (USSD) and due to the sensitive and important details it performs it has become very attractive target for fraudsters. The problem is that critical threats such as fraudulent transactions, request/response manipulations, weak encryption, and insecure message communications are directly triggering revenue loss for mobile payment service providers, customers and financial institutions. In this paper, we seek to design and implement a model of fraud detection in mobile transaction via USSD. We use Bayesian Network model to define the type of transactions given the customers behavior and EM algorithm to learn the parameters in the model using observed data from transactions via USSD services across the network. The proposed system has been designed.

encryption and authentication algorithms [2]. Preventing fraud in mobile transactions is not easy, hence it must be approached with well-defined procedures, policies and guidelines that take into consideration the system boundaries, infrastructure, human behavior, culture, literacy level and market dynamics. The simplicity of the protocol has triggered a lot of fraudulent activities on it because many find it easy to temper with and understand the protocol. Developers of this technology normally look at deployment that enables management of USSD-based applications that can enhance end user loyalty and revenue streams only. Figure 1 below is the typical architecture of the USSD centre in a telecommunication industry. In order to rectify this problem extra work on authentication of the mobile application is required, thus introducing fraud detection system between the mobile application and the network.

Index Terms—USSD, Fraud, Meta-learning, Bayesian Networks, EM algorithm, GSM I. INTRODUCTION The number of USSD use in transactions has increased rapidly in the past decade and the uses of this technology also include personal and confidential details as well as financial records. We introduce a work in progress that seeks to provide a fraud detection model that can be used by telecommunications industries into managing fraud in transactions via Unstructured Supplementary Service Data (USSD). To help identify potentially fraudulent users and their typical usage patterns, detect attempts to gain fraudulent entry to customer accounts, discover unusual patterns which may need special attention, find usage patterns for a set of communication services by customer group, by month, etc. The USSD is a session-based, realtime communication technology for supplementary services. USSD is used in sending messages across a GSM network, between a mobile client and an application server. It operates much like SMS but its session-based and interactive nature differentiates the two. Its protocol caters for all mobile phones no matter their capacity and brand. This technology has its strengths and weaknesses from perspectives of system security. It uses GSM services and GSM Security, which is known to have inherent flaws in its

Figure 1: USSD System Architecture The remainder of this paper is organized as follows: In Section II, we provide background and overview of related work. In Section III, we describe the proposed system design and architecture, In Section IV we provided the model and present conclusion and future work in Section V. II. BACKGROUND AND RELATED WORK Salvatore et al. [2] proposed a novel system to address credit card frauds. They describe experiments using meta-learning techniques to learn models that have two key component technologies: local fraud detection agents that learn how to detect fraud and provide intrusion detection services within a single corporate information system, and a secure, integrated meta-learning system that combines the collective knowledge acquired by individual local agents. They used learning algorithms ID3, CART, BAYES, and RIPPER is applied to every partition of the classifiers. These classifiers each attained a True Positive rate of approximately 80% and False Positive rate less than 17%. The results indicated that fraud is detected if the (True Positive) rate is higher than the

(False Positive) rate. Our study will apply the BAYES algorithm to compare the (True Positive) rate of the incomplete data. Jaakko at el. (1996) introduced a Call-Based Fraud Detection in Mobile communications using a Hierarchical regime-switching model. The detection problem is formulated as an inference problem on the regime probabilities. The hierarchical regime-switching model consists of three variables, the first binary variable Vt (victimized) ,second binary variable St (fraud) is equal to one if the fraudster currently performs, finally, the binary variable Yt (call) is equal to one if the mobile phone is being used with state transition matrix pfjk = P(Yt = ilst = j, Yt-l = k); i, j, k = 0,1. The dynamics and results found are learned from data using the EM algorithm. Their interest was to estimate the probability that an account was victimized or that fraud is currently occurring based on the call patterns up to the current point in time. It is claimed that the accounts were attacked by fraud when call pattern periods has high traffic from posterior time-evolving probabilities calculations for an account. Therefore, they declare an account to be victimized if the victimized variable at some point exceeds the threshold. Our study will use the EM algorithm to learn the real-time results of the USSD transactions. III. SYSTEM DESIGN AND ARCHITECTURE This work intends to provide a model that will help minimize fraud in the use USSD service. The FDM (Fraud Detection model). Figure 2 below shows the typical Flow of the USSD Transaction highlighted in red, from the Mobile device to the FDM.

posterior 

prior  likelihood evidence

(2)

EM is an iterative method for finding maximum likelihood or maximum a posteriori (MAP) estimates of parameters in statistical models, where the model depends on unobserved latent variables. M-step the model parameters are optimized using the estimates of the hidden states using the current parameter estimates. The E-step determines the probabilities on the right sides of the equations using the current parameter estimates. EM Algorithm steps are given in Equation. 3 and 4: E-step: Estimate the complete-data sufficient statistics t ()

t ( P)  E(t () Iy, ct ( P)) M-step: Determine ct ( P  1) as the solution of the equations: E (t () Iy, ct ( P)) by finding:

(3) (4)

V. CONCLUSION AND FUTURE WORK The USSD service has its weaknesses from perspectives of security that we have investigated and identified. The service inherits many vulnerabilities due to the security weaknesses inherited in the network flaws. Our paper introduced a FDM model that we are going to use to help minimize fraud encountered in USSD transactions and presented the BAYES and EM algorithms to be used in data calculations and analysis. Next step is to do a critical analysis of the existing security mechanisms that have been identified through literature review and as well as experiments in laboratory. Then we will then evaluate and incorporate the proposed mechanisms and results found into what the FDM built intends to do on the USSD transactions. VI. REFERENCES

Figure 2: USSD FDM Architecture Flow IV. BAYES AND EM ALGORITHMS Maximum likelihood estimation and Bayesian estimation will only work for complete data, i.e. a data set in which each case specifies a value for each of the variables. We will consider the incomplete data set as having been produced from a complete data set by a process that hides some of the data. We can approximate the parameter estimation by the Expectation-Maximization (EM) algorithm. Bayes theorem provides a way of calculating the posterior probability, P(c|x), from P(c), P(x), and P(x|c). Naive Bayes classifier assumes that the effect of the value of a predictor (x) on a given class (c) is independent of the values of other predictors as shown in Equation.1:

p(C | F1 ,......, Fn ) 

p(C ) p( F ,......, Fn | C ) p( F1 ,......, Fn )

(1)

In plain English, using Bayesian terminology, the above equation can be written as

[1] Baraka W. Nyamtiga, Anael Sam, Loserian S. Laizer Security Perspectives For USSD Versus SMS In Conducting Mobile Transactions , Vol 1 , No. 1, p.38 – 43, April 2013. [2] Jaakko Hollmen, Volker Tresp, “Call-based Fraud Detection in Mobile Communication Networks using a Hierarchical Regime-Switching Model” , Vol 2 , No. 1 , p.800 – 896, June 1996. [3] Pequeno, K A, “Real-Time fraud detection: Telecom's next big step. Telecommunications (America Edition)”, Vol 31, No 5, p30-60. November 1997. [4] Chong, M.K.,”Security of mobile banking: Secure SMS banking”, Vol 1, No 2, p3-4, May 2006 Taskin, E, “GSM MSC/VLR Unstructured Supplementary Service Data (USSD) Service”, p22-50, June (2012). [5] Salvatore J. Stolfo, David W. Fan, Wenke Lee and Andreas L. Prodromidis, “Credit Card Fraud Detection Using Meta-Learning: Issues and Initial Results”, Vol 1, No 6, 510-517. July 2013. Kulani Vukeya received her BTECH in Information Technology in 2012 form the Tshwane University of Technology and is presently studying towards her Master of Technology at Tshwane University of Technology.