Direct Debit Transactions: A Comprehensive Analysis of Emerging Attack Patterns

In the recent years payment systems in Europe are evolved to a new scenario where transactions and retail payments take place according to the SEPA (Single Euro Payments Area) Regulation. SEPA is an initiative of the European banking industry aiming at making all electronic payments across the Euro area -- e.g. by credit card, debit card, bank transfer or direct debit -- as easy as domestic payments currently are. One of the payment schemes defined by the SEPA mandate is the SEPA Direct Debit (SDD) that allows a creditor (biller) to collect funds from a debtor's (payer's) account, provided that a signed mandate has been granted by the payer to the biller. Thanks to SDD consumers can make and receive no-cash euro payments with a single set of instructions and a single bank account. It is apparent that the use of this standard scheme facilitates the access to new markets by enterprises and public administrations and allows for a substantial cost reduction. However, the other side of the coin is represented by the security issues concerning this type of electronic payments. A study conducted by Center of Economics and Business Research (CEBR) of Britain, on behalf of Liverpool Insurance Company, showed that from 2006 to 2010 the Direct Debit frauds have increased of 288%. In this paper a comprehensive analysis of real SDD data provided by the EU FP7 LeanBigData project is performed in order to identify and classify emerging and sophisticated attack patterns that can be executed against an SDD service. The results of this data analysis will be used to inspire the design of a security system supporting analysts to detect Direct Debit frauds.

[1]  Luigi Coppolino,et al.  Use of the Dempster–Shafer theory to detect account takeovers in mobile money transfer services , 2015, J. Ambient Intell. Humaniz. Comput..

[2]  Luigi Coppolino,et al.  Effective Visualization of a Big Data Banking Application , 2015 .

[3]  Luigi Coppolino,et al.  Runtime Model Checking for SLA Compliance Monitoring and QoS Prediction , 2015, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[4]  Luigi Coppolino,et al.  Use of the Dempster-Shafer Theory for Fraud Detection: The Mobile Money Transfer Case Study , 2014, IDC.

[5]  Mutiara P. C. Pardede,et al.  E-Fraud, Taxonomy on Methods of Attacks, Prevention, Detection, Investigation, Prosecution and Restitution , 2013 .

[6]  Giuseppe Cicotti,et al.  How to Monitor QoS in Cloud Infrastructures: The QoSMONaaS Approach , 2012, IDC.

[7]  Massimiliano Rak,et al.  Intrusion Tolerance in Cloud Applications: The mOSAIC Approach , 2012, 2012 Sixth International Conference on Complex, Intelligent, and Software Intensive Systems.

[8]  Massimiliano Rak,et al.  Intrusion Tolerance as a Service - A SLA-based Solution , 2012, CLOSER.

[9]  Ekrem Duman,et al.  Detecting credit card fraud by genetic algorithm and scatter search , 2011, Expert Syst. Appl..

[10]  Luigi Coppolino,et al.  QoS Monitoring in a Cloud Services Environment: The SRT-15 Approach , 2011, Euro-Par Workshops.

[11]  Andrea Bondavalli,et al.  An event correlation approach for fault diagnosis in SCADA infrastructures , 2011, EWDC '11.

[12]  S. Benson Edwin Raj,et al.  Analysis on credit card fraud detection methods , 2011, 2011 International Conference on Computer, Communication and Electrical Technology (ICCCET).

[13]  R. Patidar,et al.  Credit Card Fraud Detection Using Neural Network , 2011 .

[14]  Luigi Coppolino,et al.  An Intrusion Detection System for Critical Information Infrastructures using Wireless Sensor Network technologies , 2010, 2010 5th International Conference on Critical Infrastructure (CRIS).

[15]  Kristin M. Finklea Identity Theft: Trends and Issues , 2010 .

[16]  Steve Goswell ISO 20022: The implications for payments processing and requirements for its successful use , 2006 .

[17]  Kim Michelle Lersch,et al.  Exploring the crime of identity theft: Prevalence, clearance rates, and victim/offender characteristics , 2005 .

[18]  Paola Batistoni,et al.  International Conference , 2001 .