Green Team October 16, 2006 Product: Customizable Credit Card Protection (C 3 P) October 18, 2006 Green Team
Organization Chart October 18, 2006 Green Team 2
This family received food stamps www. co. kern. ca. us/dhs/images/0987. jpg October 18, 2006 Green Team 3
This family received money from FEMA www. katrinapictures. blogspot. com/ October 18, 2006 Green Team 4
This family received both http: //www. spasearch. org/admin/images/fld_ma in_photo/fld_main_photo_38. jpg October 18, 2006 Green Team 5
What do these families have in common? • All these families received Government money • The first two used the money as intended • The third is guilty of spending government money on things other than the intended purpose October 18, 2006 Green Team 6
FEMA Fraud • Hurricane Katrina victims – 900, 000 of 2. 5 Million aid applicants were fraudulent* * http: //www. msnbc. msn. com/id/11326973/ October 18, 2006 Green Team 7
Problem Statement Government organizations and private businesses have inadequate protection against unauthorized purchases by authorized cardholders, which results in a loss of funds. October 18, 2006 Green Team 8
Problem Analysis • Out of a $2. 5 trillion government budget** – $14 billion was spent on private purchases by employees –$2 billion was spent on unauthorized purchases by employees* * Foiling credit card fraud by Jenny C. Mc. Cune • Bankrate. com ** http: //www. gpoaccess. gov/usbudget/ October 18, 2006 Green Team 9
Problem Characteristics • Tracking physical receipts –Archaic –Inaccurate –Unreliable –Easy to lose • Employees produced 20% of all transaction receipts* • Cards can be stolen • Organization loses money –Money spent unwisely by an authorized user of the card is not covered under fraud protection * http: //www. dallasnews. com October 18, 2006 Green Team 10
Solution Characteristics • Prevention of lost corporate funds – Reduces personal, unwarranted spending • Biometrics – Prevents unauthorized use • Uses customizable database – Allows different business to have different options October 18, 2006 Green Team 11
C 3 Protection Card • So what is C 3 P? – Customizable Credit Card Protection October 18, 2006 Green Team 12
Objectives • Develop a customizable credit card system to prevent unauthorized purchases by employees – Customizable database to hold prohibited purchases • GUI to allow customization of database – Uses Merchant Commercial Codes (MCCs) – Use Universal Product Codes (UPCs) • Implement latest security technology for card protection October 18, 2006 Green Team 13
Features • Secure Credit card – 128 -bit DES encryption –Biometrics • Fingerprint • Photo ID –Allows customizable control over card’s use –Controlled by a user interface to each business’ personal database October 18, 2006 Green Team 14
Customers • Hard Customers -Visa -Master. Card -Discover -American Express • Soft Customers -Every business that holds a business credit card -Caring and concerned parents who issue credit cards to their children October 18, 2006 Green Team 15
Customer Characteristics • Credit Card Companies -Spend millions each year on securing their credit cards* -Minors are Credit Card Company’s new target consumer** • Credit Card Company’s Consumers -Small businesses report billions of dollars in losses through embezzlement each year*** -Parents are concerned with giving children control of a credit card yet are even more concerned about giving a child real cash** * http: //news. com/Retailers+feel+security+heat/2100 -7349_3 -5680788. html ** http: //www. bankrate. com/fox/news/cc/20000508. asp *** http: //www. fbi. gov/publications/financial/fcs_report 052005. htm October 18, 2006 Green Team 16
Why does the customer need this? • Soft customer –Secure and efficient control of company funds –Reduced costs to prevent and lesson the effects of fraud –Parental control of children's spending • Hard Customer –Offer safer card services to credit users –Larger customer base • Increase of large, reliable customers October 18, 2006 Green Team 17
Major Functional Component Diagram October 18, 2006 Green Team 18
RFID Card Specifications • An embedded antenna that is attached to the chip is used to transfer information stored in the chip's memory • The range of operation is 2. 5" to 3. 9“ • Information can be written to the card the same way it is read. • The fingerprint scanner can be added October 18, 2006 Green Team 19
Software Features • Intuitive web-based GUI Interface – Able to customize MCCs and/or UPCs by creating an ‘acceptance’ list – Able to analyze and graph employee spending habits • Incoming UPCs and MCCS are compared with an ‘acceptable’ database of allowed codes October 18, 2006 Green Team 20
Receipt Tracking • For each business, all employee purchases are tracked and listed by employee • Receipts will list accepted and rejected purchases • Receipts can be grouped by purchaser, date, and/or MCC October 18, 2006 Green Team 21
Smart Card Setup • User account access information added to smart card memory by C 3 P • 1 st user finger scan saves a threedimensional electrical image of the fingerprint's unique pattern using small variations in finger surface capacitance. October 18, 2006 Green Team 22
Authentication Process Current Process NEW Process Vendor must take the credit card and ID from customer Then vendor must authenticate the customer by judgment alone. If your fingerprint matches, the Smart Card & RFID chip will be activated If the customer matches the identification, the transaction is made. October 18, 2006 Hold your thumb over the fingerprint scanner to prove your identity. Green Team Touch the card to the card reader and the transaction will be processed. 23
Payment Process Current Process NEW Process Vendor swipes You swipe your card at the point-of-sale register. The data is sent to a computer to verify your credit. If you have the funds, your purchase is allowed. October 18, 2006 the point-of-sale register. Your data is sent to our servers for verification. Your data is then sent to the credit servers to verify. If your card is accepted and your purchases are valid, sale is complete. Green Team 24
What’s in the Box? What’s Not In The Box What’s In The Box Businesses • Authentication code for website • Website URL (holds database) IF REQUESTED: • Requirements for submission of pictures and info Computer with Internet connection Loading Station Credit Card Companies Credit card customer information October 18, 2006 Green Team 25
Flow of Information/Hardware a. Request CC w/C 3 P b 1. Camera? How many cards? b 2. Reply c. Send notification of request e. Send camera (opt. ) & authentication code d. Sell camera (opt. ) & authentication code Business accesses C 3 P database online C 3 P makes RFID smart cards w/ biometrics f. Send photos g. Sell cards with C 3 P (RFID chip/C 3 P logo/biometrics h. Send cards with CC logo & photo ID October 18, 2006 Green Team 26
What this product does not do • Provide point-of-sale RFID readers • Protect against blocking of authorized purchases – Will mostly be a result of human error – Will decrease in occurrence as more businesses use product • Provide credit for businesses October 18, 2006 Green Team 27
Competition Matrix t) rin p s n io ct ri r ns ge er s est tt rs r fin r d de d pa ade se s its m ea an e ha de des o an on se r r Li rd es rd urc co co hot cati t U se se g C C in n ca s ca p i g cha ng ble MC UP D (p upl me al U ss U end in r i I t t n e p D rn ist pu xist iza -ou ou tric ts ove erso usin et S x s e e om s s e en s es rack ses ust lack iom rev or G or P or B an s T U U C B B P F F B F C Cards MTU Purchasing X Government Credit X Food Stamps X Worldwide Purchasing X Le. Carte Purchase X NASA Smart. Pay X X X October 18, 2006 X X X X Smart C 3 P X X X Green Team X X X 28
Cost (Soft Customer) Components Number Required Price Camera (optional) 1 $110. 00 Access to website 1 FREE Authentication code (convenience fee) 1 $10. 00 1 per member $20. 00/member RFID smart card w/biometrics* Cost Total Cost (Max) $120. 00 + $20. 00/member Total Cost (Min) $10. 00 + $20. 00/member * http: //www. processor. com/editorial/article. asp? article=articles/P 2716/30 p 16. asp&guid= October 18, 2006 Green Team 29
Cost (Hard Customer) Components Number Required Price Cost Initial Training 1 day per store $3, 000. 00 per day per company Server* (incl. add’l features) 1 (for C 3 P use only) $8, 162. 00 $8, 162 RFID smart card printer 1 (for C 3 P use only) $4, 000. 00 RFID smart cards 1 per member (for $15. 00 C 3 P manufacturing) $15. 00/card Total Cost for C 3 P $12, 162. 00 + 3, 000/day of training + $15. 00/card * http: //configure. us. dell. com/dellstore/config. aspx? c=us&cs=04&kc=6 W 300&l=en&oc=pe 1950 -max&s=bsd October 18, 2006 Green Team 30
Pros • Smart Card Technology – Quick – Uses Biometrics • Safe and Secure • Customizable – Spending limits – Tracks Items Bought – Tracks Vendors Bought From • More Efficient – Saves Time Spent On Accounting • Saves money • Keeps better records – Automatic record of exact item bought and vendor shopped at – Better information for routine audits October 18, 2006 Green Team 31
Cons • Uses fingerprints – People are afraid of giving up such information • Solved with encryption and marketing • Vendors need RFID readers – Requires New Technology • Many vendors are getting scanners – 7 -11 is adding 5, 600 RFID scanners this year* • Accidental blocking of necessary purchases – Solved with training and research • 24/7 Server/Website Maintenance * mastercard. com October 18, 2006 Green Team 32
Risk Probability/Impact Matrix P r o b a b i l i t 81 -100% 61 - 80% Access to credit card 1 info 2 Hardware malfunction 3 Cards are not delivered 41 - 60% 21 -40% 7 1 -20% 6 1 2 y 4 1, 2 5 3 3 4 5 4 Software Malfunction 5 Insulting to Employees won't give 6 up finger prints UPC database is 7 unavailable Impact: 1(Low) - 5(high) October 18, 2006 Green Team 33
Risks Risk# Risk Description Mitigation Actions 1 Access to Personal Info from Credit Card Companies 2 Hardware Malfunction or Viruses Out of our control 3 Cards are not delivered by contracted company Out of our control 4 Software Malfunction Thorough testing and 24/7 support October 18, 2006 Green Team Encryption, policy of not reading the information 34
Risks Risk# Risk Description Mitigation Actions 5 Insults Employee (can not be trusted) 6 Employees are reluctant to give 128 -bit DES encryption, need of up fingerprints due to privacy access to the money by user issues and fear of ‘Big Brother’ 7 UPC Database is unavailable October 18, 2006 Green Team Marketing plan and training to avoid insulting employees Drop UPC solution from initial launch and use only MCCs 35
Return on Investment • Improves reputation of credit card company • Reduces loss of money due to unscrupulous purchases • Saves time used to perform manual audits • Reduces fraud • Reduces the number of investigations required October 18, 2006 Green Team 36
Conclusion • Regulates how funds are spent • Uses biometrics –Prevents the use or selling of stolen cards • Vendors, credit customers, and card companies will benefit –Vendors will get higher quantity and more efficient business –Credit customers are protected and have less wait-time in line –Card companies get to sell cards and RFID sensors to vendors while increasing their number of users • C 3 P will revolutionize the credit system world wide October 18, 2006 Green Team 37
Questions At this time, we welcome any questions you may have. October 18, 2006 Green Team 38
References • • • DISD credit card oversight lax: http: //www. dallasnews. com Picture 1: www. co. kern. ca. us/dhs/images/0987. jpg Picture 2: www. katrinapictures. blogspot. com/ Picture 3: http: //www. spasearch. org/admin/images/fld_main_photo_38. jpg FEMA Fraud, http: //www. msnbc. msn. com/id/11326973/ • IEEE Feasibility Study on biometric credit cards: http: //www. ee. ucla. edu/faculty/papers/ingridv_Trans. CE_nov 04. pdf#search=%2 2 Portable%20 Biometrics%22 • Smart Card technology with localized, portable biometrics: http: //www. biometricassociates. com/smartcard. php • • Open source smart card technology, both software and hardware: http: //www. smartcardalliance. org/industry_news_item. cfm? ite m. ID=1596 October 18, 2006 Green Team 39
References • • Food stamp fraud: http: //www. frac. org/html/federal_food_programs/fsp_faq. html#4 Food stamp info: http: //www. fns. usda. gov/fsp/faqs. htm#9 Data on food stamp fraud: (http: //www. eweek. com/article 2/0, 1895, 1972079, 00. asp) (http: //www. foodstampfraud. org/) (http: //www. cioinsight. com/article 2/0, 1540, 1850300, 00. asp) • FEMA Fraud data: http: //www. cnn. com/2006/US/09/13/katrina. fraud/index. html? section=cnn_topstories) (http: //www. msnbc. msn. com/id/11326973/) • Lockout codes http: //www. admin. mtu. edu/acct/dept/purchcard/lockout. htm Info on why this is a problem: http: //www. dallasnews. com/sharedcontent/dws/news/localnews/stories/070206 dnmet pcards. 192 c 71 f. html http: //financialplan. about. com/od/studentsandmoney/a/Teen. Credit. Cards. htm Info on current program in place: http: //arc. publicdebt. treas. gov/DWP/fs/fscredcard. htm#1 Data and why this is needed – EPA’s complaint paper on current system!!! http: //www. epa. gov/oig/reports/1995/bankrep. htm#CHAPTER%204 How credit cards work: http: //money. howstuffworks. com/credit-card 2. htm October 18, 2006 Green Team 40
Appendix A Expert Testimony from Admiral Julius Caesar from SAIC October 18, 2006 Green Team 41
Expert Testimony – Current Problems • Navy sailors are given credit cards for travel because they do not have enough personal cash – Spending money in “Girly Bars” – Tabs in excess of $15, 000 • Private Business – Employee used company credit card to put $14, 000 down payment on a house – Employee bought several $1, 500 airline tickets, and canceled the flight to collect the cash refund, which he used to finance his private company – Employee bought $1, 500 in thongs at Victoria Secret October 18, 2006 Green Team 42
Expert Testimony - Current Solutions • Only activating the credit card for the duration of the travel • Background credit checks on employees to be entrusted with company funds October 18, 2006 Green Team 43
Expert Testimony – Loose ends left by current solution • Can’t regulate purchases • Company liable for purchases – Employees can’t pay the company back • Must be taken to court October 18, 2006 Green Team 44
Expert testimony – Time and Money spent on problem • • ~$25, 000 per division per year 20 Divisions ~$250, 000 per year for this company Credit card companies dropped the Navy as a customer because of fraud problems October 18, 2006 Green Team 45
Expert Testimony - Data • 2002: 1. 4 million Government Travel Cards in use – $ 3. 4 billion spent on purchases with these cards • One man made $262, 800 in charges on 13 Government Credit Cards October 18, 2006 Green Team 46
Expert Testimony – On C 3 P • Target “high risk” employees – In the 18 -25 year-old bracket • Don’t know how to use credit – Employees with bad credit October 18, 2006 Green Team 47
Authentication October 18, 2006 Green Team 48
Fingerprints Advantages: • Relatively Mature Technology • Low Cost • Highly Portable Technology October 18, 2006 Distinctiveness High Permanence High Collectibility Medium Performance High Acceptability Medium Potential for Circumvention Low Green Team 49
Biometric Fingerprints • Finger Print Characteristics – Genetic and environmental factors – Never the same – Biometric image cannot be reproduced • Finger Print Scanner – Capacitive Scanner – Electric Current October 18, 2006 Green Team 50
Appendix B Merchant Commercial Code (MCC) – A specialized code that categorizes a store based on what it sells (e. g. Target and Wal. Mart have the same MCC) Universal Product Code (UPC) – A code that designates a specific product, different for every brand variation of a product (Lay’s and Pringle’s potato chips still have different UPCs) October 18, 2006 Green Team 51
Скачать презентацию Green Team October 16 2006 Product Customizable Credit
2e47d5b063986accd49db03f66683961.ppt