A Comprehensive Survey on Machine Learning Techniques and User Authentication Approaches for Credit Card Fraud Detection
Authors: Niloofar Yousefi, Marie Alaghband, Ivan Garibay
Abstract:
With the increase of credit card usage, the volume of credit card misuse also has significantly increased, which may cause appreciable financial losses for both credit card holders and financial organizations issuing credit cards. As a result, financial organizations are working hard on developing and deploying credit card fraud detection methods, in order to adapt to ever-evolving, increasingly sophisticated defrauding strategies and identifying illicit transactions as quickly as possible to protect themselves and their customers. Compounding on the complex nature of such adverse strategies, credit card fraudulent activities are rare events compared to the number of legitimate transactions. Hence, the challenge to develop fraud detection that are accurate and efficient is substantially intensified and, as a consequence, credit card fraud detection has lately become a very active area of research. In this work, we provide a survey of current techniques most relevant to the problem of credit card fraud detection. We carry out our survey in two main parts. In the first part, we focus on studies utilizing classical machine learning models, which mostly employ traditional transnational features to make fraud predictions. These models typically rely on some static physical characteristics, such as what the user knows (knowledge-based method), or what he/she has access to (object-based method). In the second part of our survey, we review more advanced techniques of user authentication, which use behavioral biometrics to identify an individual based on his/her unique behavior while he/she is interacting with his/her electronic devices. These approaches rely on how people behave (instead of what they do), which cannot be easily forged. By providing an overview of current approaches and the results reported in the literature, this survey aims to drive the future research agenda for the community in order to develop more accurate, reliable and scalable models of credit card fraud detection.
Keywords: credit card fraud detection, user authentication, behavioral biometrics, machine learning, literature survey
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 543References:
[1] Agaskar, V., Babariya, M., Chandran, S., & Giri, N. (2017). Unsupervised learning for credit card fraud detection. International Research Journal of Engineering and Technology (IRJET), 4(3), 2343-2346.
[2] Akhtar, Z., Buriro, A., Crispo, B., & Falk, T. H. (2017, November). Multimodal smartphone user authentication using touchstroke, phone-movement and face patterns. In 2017 IEEE Global Conference on Signal and Information Processing (GlobalSIP) (pp. 1368-1372). IEEE.
[3] Albashrawi, M. (2016). Detecting financial fraud using data mining techniques: A decade review from 2004 to 2015. Journal of Data Science, 14(3), 553-569.
[4] Aviv, A. J., Gibson, K. L., Mossop, E., Blaze, M., & Smith, J. M. (2010). Smudge attacks on smartphone touch screens. Woot, 10, 1-7.
[5] Bahnsen, A. C., Stojanovic, A., Aouada, D., & Ottersten, B. (2013, December). Cost sensitive credit card fraud detection using Bayes minimum risk. In 2013 12th international conference on machine learning and applications (Vol. 1, pp. 333-338). IEEE.
[6] Bahnsen, A. C., Aouada, D., & Ottersten, B. (2015). Example-dependent cost-sensitive decision trees. Expert Systems with Applications, 42(19), 6609-6619.
[7] Barkadehi, M. H., Nilashi, M., Ibrahim, O., Fardi, A. Z., & Samad, S. (2018). Authentication systems: A literature review and classification. Telematics and Informatics, 35(5), 1491-1511.
[8] Behera, T. K., & Panigrahi, S. (2015, May). Credit card fraud detection: a hybrid approach using fuzzy clustering & neural network. In 2015 Second International Conference on Advances in Computing and Communication Engineering (pp. 494-499). IEEE.
[9] Bergadano, F., Gunetti, D., & Picardi, C. (2002). User authentication through keystroke dynamics. ACM Transactions on Information and System Security (TISSEC), 5(4), 367-397.
[10] Bhattacharyya, S., Jha, S., Tharakunnel, K., & Westland, J. C. (2011). Data mining for credit card fraud: A comparative study. Decision support systems, 50(3), 602-613.
[11] Buriro, A., Crispo, B., Del Frari, F., & Wrona, K. (2015, September). Touchstroke: Smartphone user authentication based on touch-typing biometrics. In International Conference on Image Analysis and Processing (pp. 27-34). Springer, Cham.
[12] Buriro, A., Crispo, B., Gupta, S., & Del Frari, F. (2018, March). Dialerauth: A motion-assisted touch-based smartphone user authentication scheme. In Proceedings of the eighth ACM conference on data and application security and privacy (pp. 267-276).
[13] Buschek, D., Bisinger, B., & Alt, F. (2018, April). ResearchIME: A mobile keyboard application for studying free typing behaviour in the wild. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (pp. 1-14).
[14] Cardinaux, F., Sanderson, C., & Bengio, S. (2005). User authentication via adapted statistical models of face images. IEEE Transactions on Signal Processing, 54(1), 361-373.
[15] Centeno, M. P., Guan, Y., & van Moorsel, A. (2018, June). Mobile based continuous authentication using deep features. In Proceedings of the 2nd International Workshop on Embedded and Mobile Deep Learning (pp. 19-24).
[16] Chang, J. S., & Chang, W. H. (2014). Analysis of fraudulent behavior strategies in online auctions for detecting latent fraudsters. Electronic Commerce Research and Applications, 13(2), 79-97.
[17] Chen, R. C., Luo, S. T., Liang, X., & Lee, V. C. (2005, October). Personalized approach based on SVM and ANN for detecting credit card fraud. In 2005 International Conference on Neural Networks and Brain (Vol. 2, pp. 810-815). IEEE.
[18] Chen, R. C., Chen, T. S., & Lin, C. C. (2006). A new binary support vector system for increasing detection rate of credit card fraud. International Journal of Pattern Recognition and Artificial Intelligence, 20(02), 227-239.
[19] Chen, Y., Sun, J., Zhang, R., & Zhang, Y. (2015, April). Your song your way: Rhythm-based two-factor authentication for multi-touch mobile devices. In 2015 IEEE conference on computer communications (INFOCOM) (pp. 2686-2694). IEEE.
[20] Chudá, D., & Durfina, M. (2009, June). Multifactor authentication based on keystroke dynamics. In Proceedings of the International Conference on Computer Systems and Technologies and Workshop for PhD Students in Computing (pp. 1-6).
[21] Clarke, N. L., & Furnell, S. M. (2007). Authenticating mobile phone users using keystroke analysis. International journal of information security, 6(1), 1-14.
[22] Dai, J., & Zhou, J. (2010). Multifeature-based high-resolution palmprint recognition. IEEE Transactions on Pattern Analysis and Machine Intelligence, 33(5), 945-957.
[23] Dal Pozzolo, A., Caelen, O., Le Borgne, Y. A., Waterschoot, S., & Bontempi, G. (2014). Learned lessons in credit card fraud detection from a practitioner perspective. Expert systems with applications, 41(10), 4915-4928.
[24] Dal Pozzolo, A., Boracchi, G., Caelen, O., Alippi, C., & Bontempi, G. (2015, July). Credit card fraud detection and concept-drift adaptation with delayed supervised information. In 2015 international joint conference on Neural networks (IJCNN) (pp. 1-8). IEEE.
[25] Darabseh, A., & Namin, A. S. (2014, April). The accuracy of user authentication through keystroke features using the most frequent words. In Proceedings of the 9th Annual Cyber and Information Security Research Conference (pp. 85-88).
[26] De Luca, A., Hang, A., Brudy, F., Lindner, C., & Hussmann, H. (2012, May). Touch me once and i know it’s you! implicit authentication based on touch screen patterns. In proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 987-996).
[27] Deng, Q., & Mei, G. (2009, August). Combining self-organizing map and k-means clustering for detecting fraudulent financial statements. In 2009 IEEE International Conference on Granular Computing (pp. 126-131). IEEE.
[28] Dheepa, V., & Dhanapal, R. (2012). Behavior based credit card fraud detection using support vector machines. ICTACT Journal on Soft computing, 2(07), 2012.
[29] Dunphy, P., Heiner, A. P., & Asokan, N. (2010, July). A closer look at recognition-based graphical passwords on mobile devices. In Proceedings of the Sixth Symposium on Usable Privacy and Security (pp. 1-12).
[30] Feng, T., Liu, Z., Kwon, K. A., Shi, W., Carbunar, B., Jiang, Y., & Nguyen, N. (2012, November). Continuous mobile authentication using touchscreen gestures. In 2012 IEEE conference on technologies for homeland security (HST) (pp. 451-456). IEEE.
[31] Florencio, D., & Herley, C. (2007, May). A large-scale study of web password habits. In Proceedings of the 16th international conference on World Wide Web (pp. 657-666).
[32] Frank, M., Biedert, R., Ma, E., Martinovic, I., & Song, D. (2012). Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE transactions on information forensics and security, 8(1), 136-148.
[33] Gong, N. Z., Payer, M., Moazzezi, R., & Frank, M. (2016, May). Forgery-resistant touch-based authentication on mobile devices. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (pp. 499-510).
[34] Gunson, N., Marshall, D., McInnes, F., & Jack, M. (2011). Usability evaluation of voiceprint authentication in automated telephone banking: Sentences versus digits. Interacting with Computers, 23(1), 57-69.
[35] Huang, D. S., Jia, W., & Zhang, D. (2008). Palmprint verification based on principal lines. Pattern Recognition, 41(4), 1316-1328.
[36] Inoue, M., & Ogawa, T. (2017, December). One tap owner authentication on smartphones. In Proceedings of the 15th International Conference on Advances in Mobile Computing & Multimedia (pp. 22-28).
[37] Inoue, M., & Ogawa, T. (2018). TapOnce: a novel authentication method on smartphones. International Journal of Pervasive Computing and Communications.
[38] Jha, S., Guillen, M., & Westland, J. C. (2012). Employing transaction aggregation strategy to detect credit card fraud. Expert systems with applications, 39(16), 12650-12657.
[39] Jiang, C., Song, J., Liu, G., Zheng, L., & Luan, W. (2018). Credit card fraud detection: A novel approach using aggregation strategy and feedback mechanism. IEEE Internet of Things Journal, 5(5), 3637-3647.
[40] Jiang, C. H., Shieh, S., & Liu, J. C. (2007, March). Keystroke statistical learning model for web authentication. In Proceedings of the 2nd ACM symposium on Information, computer and communications security (pp. 359-361).
[41] Kang, J., Nyang, D., & Lee, K. (2014). Two-factor face authentication using matrix permutation transformation and a user password. Information Sciences, 269, 1-20.
[42] Khan, H., Atwater, A., & Hengartner, U. (2014, September). A comparative evaluation of implicit authentication schemes. In International Workshop on Recent Advances in Intrusion Detection (pp. 255-275). Springer, Cham.
[43] Kim, D., Dunphy, P., Briggs, P., Hook, J., Nicholson, J. W., Nicholson, J., & Olivier, P. (2010, April). Multi-touch authentication on tabletops. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp. 1093-1102).
[44] Kim, M. J., & Kim, T. S. (2002, August). A neural classifier with fraud density map for effective credit card fraud detection. In International conference on intelligent data engineering and automated learning (pp. 378-383). Springer, Berlin, Heidelberg.
[45] Kim, Y., Jo, J. Y., & Suh, K. K. (2006, April). Baseline profile stability for network anomaly detection. In Third International Conference on Information Technology: New Generations (ITNG’06) (pp. 720-725). IEEE.
[46] Kumar, R., Kundu, P. P., & Phoha, V. V. (2018, January). Continuous authentication using one-class classifiers and their fusion. In 2018 IEEE 4th International Conference on Identity, Security, and Behavior Analysis (ISBA) (pp. 1-8). IEEE.
[47] Kumari, S., & Choubey, A. (2017). Credit card fraud detection using hmm and k-means clustering algorithm. International Journal of Scientific Research Engineering & Technology (IJSRET), 6(6).
[48] Kunda, D., & Chishimba, M. (2018). A survey of android mobile phone authentication schemes. Mobile Networks and Applications, 1-9.
[49] Lee, Y. S., Hetchily, W., Shelton, J., Gunn, D., Roy, K., Esterline, A.,& Yuan, X. (2016, October). Touch based active user authentication using deep belief networks and random forests. In 2016 6th International Conference on Information Communication and Management (ICICM) (pp. 304-308). IEEE.
[50] Lu, Q., & Ju, C. (2011). Research on credit card fraud detection model based on class weighted support vector machine. Journal of Convergence Information Technology, 6(1).
[51] Mahmoudi, N., & Duman, E. (2015). Detecting credit card fraud by modified Fisher discriminant analysis. Expert Systems with Applications, 42(5), 2510-2516.
[52] Mahmud, M. S., Meesad, P., & Sodsee, S. (2016, December). An evaluation of computational intelligence in credit card fraud detection. In 2016 International Computer Science and Engineering Conference (ICSEC) (pp. 1-6). IEEE.
[53] Maio, D., Maltoni, D., Cappelli, R., Wayman, J. L., & Jain, A. K. (2002). FVC2000: Fingerprint verification competition. IEEE transactions on pattern analysis and machine intelligence, 24(3), 402-412.
[54] Mansour, R. (2016). Iris recognition using gauss laplace filter. American Journal of Applied Sciences, 13(9), 962-968.
[55] Meng, W. (2016). Evaluating the effect of multi-touch behaviours on android unlock patterns. Information & Computer Security.
[56] Meng, W., Wong, D. S., Furnell, S., & Zhou, J. (2014). Surveying the development of biometric user authentication on mobile phones. IEEE Communications Surveys & Tutorials, 17(3), 1268-1293.
[57] Meng, W., Li, W., Jiang, L., & Meng, L. (2016, May). On multiple password interference of touch screen patterns and text passwords. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (pp. 4818-4822).
[58] Meng, W., Li, W., Wong, D. S., & Zhou, J. (2016, June). TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In International Conference on Applied Cryptography and Network Security (pp. 629-647). Springer, Cham.
[59] Meng, W., Li, W., & Wong, D. S. (2018). Enhancing touch behavioral authentication via cost-based intelligent mechanism on smartphones. Multimedia Tools and Applications, 77(23), 30167-30185.
[60] Meng, W., Wang, Y., Wong, D. S., Wen, S., & Xiang, Y. (2018). TouchWB: Touch behavioral user authentication based on web browsing on smartphones. Journal of Network and Computer Applications, 117, 1-9.
[61] Meng, Y., Wong, D. S., & Schlegel, R. (2012, November). Touch gestures based biometric authentication scheme for touchscreen mobile phones. In International conference on information security and cryptology (pp. 331-350). Springer, Berlin, Heidelberg.
[62] Meng, Y., Wong, D. S., & Kwok, L. F. (2014, March). Design of touch dynamics based user authentication with an adaptive mechanism on mobile phones. In Proceedings of the 29th annual ACM symposium on applied computing (pp. 1680-1687).
[63] Mohammed, R. A., Wong, K. W., Shiratuddin, M. F., & Wang, X. (2018, August). Scalable machine learning techniques for highly imbalanced credit card fraud detection: a comparative study. In Pacific Rim International Conference on Artificial Intelligence (pp. 237-246). Springer, Cham.
[64] Neal, T. J., & Woodard, D. L. (2016). Surveying biometric authentication for mobile device security. Journal of Pattern Recognition Research, 1(74-110), 4.
[65] Neal, T. J., & Woodard, D. L. (2017, October). Using associative classification to authenticate mobile device users. In 2017 IEEE international joint conference on biometrics (IJCB) (pp. 71-79). IEEE.
[66] Numabe, Y., Nonaka, H., & Yoshikawa, T. (2009, May). Finger identification for touch panel operation using tapping fluctuation. In 2009 IEEE 13th International Symposium on Consumer Electronics (pp. 899-902). IEEE.
[67] Olszewski, D. (2014). Fraud detection using self-organizing map visualizing the user profiles. Knowledge-Based Systems, 70, 324-334.
[68] Pasenchuk, V. A., & Volkov, D. A. (2016, June). SignToLogin cloud service of biometrie two-factor authentication using mobile devices. In 2016 17th International Conference of Young Specialists on Micro/Nanotechnologies and Electron Devices (EDM) (pp. 164-167). IEEE.
[69] Patidar, R., & Sharma, L. (2011). Credit card fraud detection using neural network. International Journal of Soft Computing and Engineering (IJSCE), 1(32-38).
[70] Phillips, P. J., Beveridge, J. R., Draper, B. A., Givens, G., O’Toole, A. J., Bolme, D. S., ... & Weimer, S. (2011, March). An introduction to the good, the bad, & the ugly face recognition challenge problem. In 2011 IEEE International Conference on Automatic Face & Gesture Recognition (FG) (pp. 346-353). IEEE.
[71] Pillai, J. K., Patel, V., Chellappa, R., & Ratha, N. (2016). Robust and secure iris recognition. In Handbook of Iris Recognition (pp. 247-268). Springer, London.
[72] Pun, J., & Lawryshyn, Y. (2012). Improving credit card fraud detection using a meta-classification strategy. International Journal of Computer Applications, 56(10).
[73] Rehman, A. U., Awais, M., & Shah, M. A. (2017, September). Authentication analysis using input gestures in touch-based mobile devices. In 2017 23rd international conference on automation and computing (ICAC) (pp. 1-5). IEEE.
[74] Rushin, G., Stancil, C., Sun, M., Adams, S., & Beling, P. (2017, April). Horse race analysis in credit card fraud—deep learning, logistic regression, and Gradient Boosted Tree. In 2017 systems and information engineering design symposium (SIEDS) (pp. 117-121). IEEE.
[75] Sae-Bae, N., Memon, N., Isbister, K., & Ahmed, K. (2014). Multitouch gesture-based authentication. IEEE transactions on information forensics and security, 9(4), 568-582.
[76] Sahin, Y., & Duman, E. (2011, June). Detecting credit card fraud by ANN and logistic regression. In 2011 International Symposium on Innovations in Intelligent Systems and Applications (pp. 315-319). IEEE.
[77] Sahin, Y., Bulkan, S., & Duman, E. (2013). A cost-sensitive decision tree approach for fraud detection. Expert Systems with Applications, 40(15), 5916-5923.
[78] Seeja, K. R., & Zareapoor, M. (2014). Fraudminer: A novel credit card fraud detection model based on frequent itemset mining. The Scientific World Journal, 2014.
[79] Shahzad, M., Liu, A. X., & Samuel, A. (2016). Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Transactions on Mobile Computing, 16(10), 2726-2741.
[80] Sharma, V., & Enbody, R. (2017, July). User authentication and identification from user interface interactions on touch-enabled devices. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (pp. 1-11).
[81] Shen, A., Tong, R., & Deng, Y. (2007, June). Application of classification models on credit card fraud detection. In 2007 International conference on service systems and service management (pp. 1-4). IEEE.
[82] Shen, C., Chen, Y., & Guan, X. (2018). Performance evaluation of implicit smartphones authentication via sensor-behavior analysis. Information Sciences, 430, 538-553.
[83] Smith-Creasey, M., & Rajarajan, M. (2016, December). A continuous user authentication scheme for mobile devices. In 2016 14th Annual Conference on Privacy, Security and Trust (PST) (pp. 104-113). IEEE.
[84] Sommer, R., & Paxson, V. (2003, October). Enhancing byte-level network intrusion detection signatures with context. In Proceedings of the 10th ACM conference on Computer and communications security (pp. 262-271).
[85] Song, Y., Cai, Z., & Zhang, Z. L. (2017, May). Multi-touch authentication using hand geometry and behavioral information. In 2017 IEEE symposium on security and privacy (SP) (pp. 357-372). IEEE.
[86] Sun, J., Zhang, R., Zhang, J., & Zhang, Y. (2014, October). Touchin: Sightless two-factor authentication on multi-touch mobile devices. In 2014 IEEE conference on communications and network security (pp. 436-444). IEEE.
[87] Tari, F., Ozok, A. A., & Holden, S. H. (2006, July). A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In Proceedings of the second symposium on Usable privacy and security (pp. 56-66).
[88] Teh, P. S., Zhang, N., Teoh, A. B. J., & Chen, K. (2015, December). Recognizing your touch: Towards strengthening mobile device authentication via touch dynamics integration. In Proceedings of the 13th International Conference on Advances in Mobile Computing and Multimedia (pp. 108-116).
[89] Trewin, S., Swart, C., Koved, L., Martino, J., Singh, K., & Ben-David, S. (2012, December). Biometric authentication on a mobile device: a study of user effort, error and task disruption. In Proceedings of the 28th Annual Computer Security Applications Conference (pp. 159-168).
[90] Vaishali, V. (2014). Fraud detection in credit card by clustering approach. International Journal of Computer Applications, 98(3), 29-32.
[91] Van Nguyen, T., Sae-Bae, N., & Memon, N. (2017). DRAW-A-PIN: Authentication using finger-drawn PIN on touch devices. computers & security, 66, 115-128.
[92] Van Vlasselaer, V., Bravo, C., Caelen, O., Eliassi-Rad, T., Akoglu, L., Snoeck, M., & Baesens, B. (2015). APATE: A novel approach for automated credit card transaction fraud detection using network-based extensions. Decision Support Systems, 75, 38-48.
[93] Wallace, R., McLaren, M., McCool, C., & Marcel, S. (2011, October). Inter-session variability modelling and joint factor analysis for face authentication. In 2011 International Joint Conference on Biometrics (IJCB) (pp. 1-8). IEEE.
[94] Wallace, R., McLaren, M., McCool, C., & Marcel, S. (2012). Cross-pollination of normalization techniques from speaker to face authentication using gaussian mixture models. IEEE Transactions on Information Forensics and Security, 7(2), 553-562.
[95] Wang, Y., Adams, S., Beling, P., Greenspan, S., Rajagopalan, S., Velez-Rojas, M., ... & Brown, D. (2018, August). Privacy preserving distributed deep learning and its application in credit card fraud detection. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 1070-1078). IEEE.
[96] Watanabe, Y., & Kun, L. (2017). Long-term influence of user identification based on touch operation on smart phone. Procedia Computer Science, 112, 2529-2536.
[97] Whitrow, C., Hand, D. J., Juszczak, P., Weston, D., & Adams, N. M. (2009). Transaction aggregation as a strategy for credit card fraud detection. Data mining and knowledge discovery, 18(1), 30-55.
[98] Yampolskiy, R. V., & Govindaraju, V. (2008, March). Generation of artificial biometric data enhanced with contextual information for game strategy-based behavioral biometrics. In Biometric Technology for Human Identification V (Vol. 6944, p. 69440N). International Society for Optics and Photonics.
[99] Yan, J., Blackwell, A., Anderson, R., & Grant, A. (2004). Password memorability and security: Empirical results. IEEE Security & privacy, 2(5), 25-31.
[100] Yeh, I. C., & Lien, C. H. (2009). The comparisons of data mining techniques for the predictive accuracy of probability of default of credit card clients. Expert Systems with Applications, 36(2), 2473-2480.
[101] Zahid, S., Shahzad, M., Khayam, S. A., & Farooq, M. (2009, September). Keystroke-based user identification on smart phones. In International workshop on recent advances in intrusion detection (pp. 224-243). Springer, Berlin, Heidelberg.
[102] Zheng, N., Bai, K., Huang, H., & Wang, H. (2014, October). You are how you touch: User verification on smartphones via tapping behaviors. In 2014 IEEE 22nd International Conference on Network Protocols (pp. 221-232). IEEE.
[103] Zhou, J., Chen, F., Wu, N., & Wu, C. (2009). Crease detection from fingerprint images and its applications in elderly people. Pattern Recognition, 42(5), 896-906.