SEMINAR PAPER ON

CREDIT CARD FRAUD DETECTION USING

HIDDEN MARKOV MODEL (HMM)
PRESENTED BY

AKINMULEYA BENJAMIN OLASENI

MATRIC NO: 135022022
SUBMITTED TO THE DEPARTMENT OF COMPUTER
SCIENCE, LAGOS STATE POLYTECHNIC, IKORODU

IN PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE AWARD OF

HIGHER NATIONAL DIPLOMA (HND) IN COMPUTER SCIENCE

SUPERVISED BY

MR AKINRINLOLA IBITOYE AKINFOLA

JULY 2015

ABSTRACT
The credit card has increasingly become the most accepted payment mode for both offline and online
transactions in todays world; it provides cashless shopping at every shop across the world. It is the
most suitable way to do online shopping, pay bills, and perform other related tasks. Hence risk of
fraudulent transactions using credit card has also been on the increase. In current credit card fraud
detection processing systems, fraudulent transaction will be detected after transaction is done.
Hidden Markov Model is the statistical tools for engineers and scientists to solve various problems.
Credit card fraud can be detected using Hidden Markov Model during transactions. Hidden Markov
Model aids to obtain high fraud transaction coverage combined with low false alarm rate, thus
providing a better and convenient way to detect frauds. Using Hidden Markov Model, the fraud
detection system is primarily trained with the standard procedures and spending patterns of a
cardholder. If an incoming credit card transaction deviates from the regular pattern, it is considered
to be fraudulent. During this process, it is also ensured that legitimate transactions are not rejected.

Keywords: Hidden Markov Model, Fraudulent Transaction, Credit Card, Online Shopping, Fraud
Detection.

1.0 INTRODUCTION
1.1 CREDIT CARD
This is a payment card issued to users as a system of payment. It allows the cardholder to pay for
goods and services based on the holders promise to pay for them. The issuer of the card creates a
revolving account and grants a line of credit to the user from which the user can borrow money for
payment to a merchant or as cash advance to the user. The typical credit card looks like a small
rectangular card made of plastic, the size of most of them is 33/8 X 21/8 inches. The credit-card
holders are allowed to purchase any materials or service as long as the promises are kept by the
credit card user. Security of the credit card relies upon its privacy of the card details i.e., credit card
holder name and also its number. The credit cards can be used in two ways:

Physical usage

Virtual/online usage.

Physical usage involves an individual using the credit card to pay for his purchases in any store
personally while Virtual or Online usage is where the card owner uses the credit card to pay for
purchased items online over the internet by just entering the required Credit card details.

FEATURES OF A CREDIT CARD

Figure 1.0: Front of a Typical Credit Card

(www.en.wikipedia.org/wiki/credit_card)
1. Issuing bank logo
2. EMV chip
3. -Hologram
2

4. Card number
5. Card network logo
6. Expiration date
7. Card holder name
8. Contactless Chip

Figure 1.1 Reverse Side of a Typical Credit Card

(www.en.wikipedia.org/wiki/credit_card)
1. Magnetic Stripe
2. Signature Strip
3. Card Security Code
1.2 CREDIT CARD FRAUD
In general, a fraud is defined as a crime committed with intention to damage a person and is also a
violation. Fraud may be committed for various reasons: for entertainment, to exploit a business / an
organization, to take revenge, to cause financial loss, to damage identity etc. Also there are several
types of frauds: bankruptcy frauds, identity thefts, health frauds, religious frauds, credit card frauds,
insurance frauds, forgery, tax frauds and many more. Considering only the credit card frauds, they
can be of two kinds:
a) Offline credit card frauds
3

b) Online credit card frauds.

Offline credit card frauds are those where an individuals credit card is lost or stolen. If any attacker
or hacker, hacks the details and use it to commit illegal actions is referred as online frauds. With the
rapidly developing technology, usage of internet is drastically increasing. Substantially, this is
leading to many credit-card fraudulent activities.

1.3 CREDIT CARD FRAUD TECHNIQUES

There exist different techniques with which fraudsters execute a credit card fraud. As technology
changes, so does the techniques of fraudsters, and thus the manner with which they perpetrate frauds.
Frauds can be broadly classified into three categories, i.e., traditional card related frauds, merchant
related frauds and internet frauds. The different types of methods for committing credit card frauds
are described below:

(1) LOST/ STOLEN CARDS

A card is lost / stolen when a legitimate account holder receives a card and loses it or someone steals
the card for criminal purposes. This type of fraud is in essence the easiest way for a fraudster to get
hold of other individual's credit cards without investment in technology. It is also perhaps the hardest
form of traditional credit card fraud to tackle.

(2) ACCOUNT TAKEOVER

This type of fraud occurs when a fraudster illegally obtains a valid customers personal information.
The fraudster takes control of a legitimate account by either providing the customers account
number or the card number. The fraudster then contacts the card issuer, camouflaged as the genuine
cardholder, to ask that mail be redirected to a new address. The fraudster reports card lost and asks
for a replacement to be sent.

(3) FAKE AND COUNTERFEIT CARDS

The creation of counterfeit cards, together with lost / stolen cards poses the highest threat in credit
card frauds. Fraudsters are constantly investing in new and more innovative ways to create
counterfeit cards. Some of the techniques used to create false and counterfeit cards are listed below:
a) Creating a fake card from scratch using sophisticated machines. This is the most common
type of fraud, though fake cards require a lot of effort and skill to produce.
b) Altering card details by either re-embossing them or by re-encoding them using computer
software that encodes the magnetic stripe data on the card.
4

c) Skimming which involves electronically copying genuine data on a cards magnetic stripe
onto another.
d) Erasing the magnetic strip by tampering with an existing card that has been acquired illegally
by erasing the metallic strip with a powerful electro-magnetic device.
e) White Plastic-a card-size piece of plastic of any color that a fraudster creates and encodes
with legitimate magnetic stripe data for illegal transactions.

(4) MERCHANT RELATED FRAUDS

Merchant related frauds are initiated either by owners of the merchant establishment or their
employees. Some types of frauds initiated by merchants are listed below:
a) Merchant Collusion where merchant owners and/or their employees conspire to commit
fraud by passing their customers (cardholder) accounts and/or personal information to
fraudsters.
b) Triangulation which involves a fraudster operating from a fraudulent website that appears to
be a legitimate auction or sales site. While placing orders online, the customer provides
information such as name, address and valid credit card details to the site. The fraudsters use
the details to order goods from a legitimate site using stolen credit card details.

(5) INTERNET RELATED FRAUDS

The Internet provides an ideal platform for fraudsters to easily commit credit card fraud. Recently,
they have begun to operate on a truly transnational level. With the expansion of trans-border or
'global' social, economic and political spaces, the internet has become a New World market,
capturing consumers from most countries around the world. The most commonly used techniques in
internet fraud are described below:
a) False merchant sites offering customers extremely cheap service. They are usually part of a
larger criminal network, and request a customers credit card details such as name and
address in return for access to the content of the site and verification of age.
b) Site cloning is where fraudsters replicate an entire site or just the pages from which a
customer places order. This cloned/spoofed site receives customer details and sends them
receipts of transaction via email just as the real company would. The customer do not suspect
they are not dealing with the company that they wished to purchase goods or services from
because the pages that they are viewing are identical to those of the real site, whilst the
fraudsters have all the details they need to commit credit card fraud.

c) Credit card generators: Credit card number generators are computer programs that generate
valid credit card numbers and expiry dates. These generators work by generating lists of
credit card account numbers from a single account number. The generators allow users to
illegally generate as many numbers as the user desires, in the form of any of the credit card
formats.

1.4 IMPACT OF FRAUDS

A) On Cardholders: It is pertinent to note that the cardholder is the least impacted party due to
fraud in credit card transactions as consumer liability is limited for credit card transactions
by the legislation prevailing in most countries. Many banks have a cardholder protection
policy in place that covers for most losses of the cardholder. The cardholder just needs to
report suspicious charges to the issuing bank, which in turn investigates the issue with the
acquirer and merchant, and processes chargeback for the disputed amount.
B) On Merchants: Merchants are the most affected party in a credit card fraud, particularly more
in the card-not-present transactions, as they have to accept full liability for losses due to
fraud. Whenever a legitimate cardholder disputes a credit card charge, the card-issuing bank
will send a chargeback to the merchant (through the acquirer), reversing the credit for the
transaction. In case, the merchant does not have any physical evidence (e.g. delivery
signature) available to challenge the cardholders dispute, it is almost impossible to reverse
the chargeback. Therefore, the merchant will have to completely absorb the cost of the
fraudulent transaction

C) On Banks (Issuer/Acquirer): Based on the scheme rules defined by both MasterCard and
Visa, it is sometimes possible that the Issuer/Acquirer bears the costs of fraud. Even in cases
when the Issuer/Acquirer is not bearing the direct cost of the fraud, there are some indirect
costs that will finally be borne by them. Like in the case of charge backs issued to the
merchant, there are administrative and manpower costs incurred by the bank. The issuers and
acquirers also have to make huge investments in preventing frauds by deploying
sophisticated IT systems for detection of fraudulent transactions.

2.0 LITERATURE REVIEW

Credit card fraud detection has received significant consideration from researchers in the world.
Several techniques have been developed to detect fraud using credit card which are based on
Bayesian networks, neural network, data mining, clustering techniques, genetic algorithms, decision
tree etc.

Ghosh and Reilly proposed a neural network method to detect credit card fraud transactions. They
built a detection system, which uses a three-layered feed-forward network with only two training
passes and is trained on a large sample of labeled credit card account transactions. These transactions
contains sample fraud cases due to stolen cards, lost cards, application fraud, stolen card details,
counterfeit fraud etc. They tested on a data set of all transactions of credit card account over a
subsequent period of time. The system significantly reduced the investigation workload of fraud
analysts.

Bayesian networks are also one technique to detect fraud, and have been used to detect fraud in the
credit card industry. This technique yielded better results but have large cycle time to detect fraud.
The time constraint is one main disadvantage of this technique, especially compared with neural
networks.

An algorithm suggested by Bentley is based on genetic programming. A Genetic algorithm is used

to establish logic rules capable of classifying credit card transactions as suspicious and nonsuspicious. Basically, this method follows the scoring process in which overdue payments are
checked against the last three months payment. If it is greater than that of the last three months, it is
considered as suspicious or otherwise.

The idea of similarity tree, a variety of Decision Trees logic was proposed by Kokkinaki in 1997. A
decision tree is defined recursively; it contains nodes and edges that are labeled with attribute names
and with values of attributes, respectively. All of these satisfy some condition and get an intensity
factor which is defined as the ratio of the number of transactions that satisfy applied conditions over
the total number of legitimate transaction. The advantages of the method are the ease to understand
and implement. While its disadvantages include a need for continual updates when user habits and
fraud patterns change, as the user profiles are not dynamically adaptive.
7

Bolton and Hand proposed an unsupervised credit card detection method by observing abnormal
spending behavior and frequency of transactions. The mean amount spent over a specified time
window was used as the comparison statistic. Bolton and Hand proposed the Peer Group Analysis
(PGA) and the Break Point Analysis (BPA) techniques as unsupervised 45 outlier detection tools.
The report showed that the PGA technique is able to successfully detect local anomalies in the data,
and the BPA technique is successful in determining fraudulent behavior by comparing transactions
at the beginning and end of a time window.

The data mining technique has been in use from 1990. This technique was a very time consuming
and difficult process to detect fraud transaction. Since there are millions of transactions processed
every day and their data are highly skewed. The transactions are more legitimate than fraudulent. It
requires highly efficient technique to scale down all data and also try to identify fraudulent and not
legitimate transactions.

Kim and Kim identified skewed distribution of data and mix of legitimate and fraudulent transactions
as the two main reasons for the complexity of credit card fraud detection. Based on this observation,
they used fraud density of real transaction data as a confidence value and generated the weighted
fraud score to reduce the number of misdetections.

Apart from the above mentioned credit card fraud detection techniques there are some recent
techniques that have gained recognition, they include:

i.

BLAST-SSAHA in credit card fraud detection

ii.

Credit Card Fraud Detection Using Bayesian and Neural Networks

iii.

Fusion of DempsterShafer Theory and Bayesian learning

iv.

Fuzzy Darwinian Detection of Credit Card Fraud

v.

Combination of web services, like XML, and data mining techniques (Proposed by Chiu
and Tsai.

vi.

Agent-based approach with distributed learning for detecting frauds in credit card
transactions by Prodromidis and Stolfo.
8

3.0 DEFINITION OF TITLE

3.1 CREDIT CARD
A credit card is a payment card issued to users as a system of payment. The typical credit card looks
like a small rectangular card made of plastic, the size of most of them is 33/8 X 21/8 inches.

3.2 FRAUD
Fraud is an intentional perversion of truth in order to induce another to part with something of value
or to surrender a legal right. It is an act of deceiving or misrepresenting. In law, fraud is a deliberate
deception to secure unfair or unlawful gain. It is both a civil wrong and a criminal wrong.

3.3 FRAUD DETECTION

Fraud detection protects customer and enterprise information, assets, accounts and transactions
through the real-time, near-real-time or batch analysis of activities by users and other defined
entities. It uses background server-based processes that examine users and other defined entities
access and behaviour patterns, and typically compares this information to a profile of what is
expected. Fraud detection is not Intrusive to a user unless the users activity is suspicious.

3.4 HIDDEN MARKOV MODEL (HMM)

A Hidden Markov Model (HMM) is a statistical Markov Model in which the system being modelled
is assumed to be a Markov process with unobserved (hidden) states. A Hidden Markov Model can
be presented as the simplest dynamic Bayesian Network. The mathematics behind Hidden Markov
Model was developed by L.E Baum and co-workers. A hidden markov model can be considered a
generalization of a mixture model where the hidden (latent) variables which control the mixture
component to be selected for each observation, are related through a Markov process rather than
independent of each other.

4.0 COMPONENTS OF TITLE

4.1 Cardholder:
A cardholder is a customer that owns a credit card or has been issued a card by the bank/financial
institution (Issuer). The cardholder has his account mapped to the card; bills for purchases are
charged to his account with the bank. The name of the card holder is usually printed on the front side
of the card.

4.2 Online Shopping:

Sometimes referred to as E-Shopping and E-Retail, it is the act of directly purchasing goods or
services from a seller over the internet using a web browser. Online shopping is also known as eshop, e-web-store, online store and virtual store. Mobile commerce is a variant of online shopping
which involves consumers making their purchases via an online retailers mobile optimized online
site or application on mobile devices, like a phone or tablet. Some common online retailers are
Amazon, Jumia, Konga, eBay, Taafoo, Kaymu.

4.3 Fraud Detection System:

This is a system that analyses patterns of normal and unusual behaviour as well as individual
transactions in order to thwart or abate likely/potential frauds. Fraud detection systems are capable
of signalling the threat of fraud before customers fall prey to the perpetrators. They analyse
suspicious behaviour and produce results for security and risk mitigation purposes.

4.4 Transaction:
Transaction is a business deal, an occurrence in which goods, services or money are passed from
one person, account, etc. to another. It can also be defined as a communicative process involving
two parties/things that mutually affect or influence each other. Transaction in this context refers to
payment for purchases of goods or services y the cardholder.

4.5 Online transaction:

An online transaction, also known as PIN-Debit transaction, is a password-protected payment
method that authorizes a transfer of funds over an electronic funds transfer. It requires a PIN to
complete the payment process when customers pay for goods or services.
10

4.6 Offline Transaction:

An offline transaction, also known as a signature debit transaction, is a payment method that uses a
debit card to transfer funds from a checking account to a merchant across a digital credit card
network.

4.7 Issuer:
A Bank or financial institution that offers credit card to customers (cardholder). The Issuer makes
the credit limit available to the cardholder and is responsible for sending payments to merchants for
payments made with credit cards from that bank. The name of the Issuer is usually printed at the
front of the card e.g. XYZ BANK

11

5.0 ARCHITECTURE OF CREDIT CARD FRAUD DETECTION SYSTEM USING HMM

Figure 5.0: Proposed Architecture of Hidden Markov Model Fraud Detection System
(Thakur et al, IJERST, April 2015)

The architecture of the credit card fraud detection using the Hidden Markov Model is represented
above. It consists of a user module, login module, transaction module and verification module.

Figure 5.1: Architecture of the User Module

(Sravani P, Texas A&M University-Corpus Christi, 2011)
12

The user module has a new card module and a store info module. A new user registers a new
credit card into the FDS by using the new card module. To store or modify any personal
information, the user make use of the store info module. An existing user can directly login to
make transactions using the login module. Users make transactions and generate payments through
the transaction module. The verification of transactions made using the credit card are done in the
verification module with the help of a security module. Thus a complete transaction can be made
successfully.

13

6.0 IMPLEMENTATION OF CREDIT CARD FRAUD DETECTION USING HMM

The implementation is carried out with Java as the coding language (using Java Platform Standard
Edition 6), PHP as the front end and SQL as the back end.

Java Platform, Standard Edition or Java SE is a widely used platform for development and
deployment of portable applications for desktop and server environments. Java SE uses the objectoriented Java programming language. It is part of the Java software platform family. One of the most
well-known implementations of Java SE is Oracle Corporation's Java Development Kit (JDK). Java
is a general-purpose computer programming language that is concurrent, class-based, objectoriented, and specifically designed to have as few implementation dependencies as possible. It is
intended to let application developers "write once, run anywhere" (WORA), meaning that compiled
Java code can run on all platforms that support Java without the need for recompilation.

PHP is a general-purpose scripting language that is especially suited to server-side web development,
in which case PHP generally runs on a web server. Any PHP code in a requested file is executed by
the PHP runtime, usually to create dynamic web page content or dynamic images used on websites
or elsewhere. It can also be used for command-line scripting and client-side graphical user interface
(GUI) applications. PHP can be deployed on most web servers, many operating systems and
platforms, and can be used with many relational database management systems (RDBMS). Although
PHP was originally designed to create dynamic web pages, its main focus now is on server-side
scripting, and it is similar to other server-side scripting languages that provide dynamic content from
a web server to a client, such as ASP.NET and JavaServer Pages.

SQL stands for Structured Query Language, which is a computer language for storing, manipulating
and retrieving data stored in relational database. SQL is the standard language for Relation Database
System. All relational database management systems like MySQL, MS Access, Oracle, and SQL
Server use SQL as standard database language. SQL provides the features which allow users to
access data in relational database management systems, describe the data. SQL also allows user to
define the data in database and manipulate that data, and embed within other languages using SQL
modules, libraries & pre-compilers. It is also useful where a user wants to create and drop databases
and tables, create view, stored procedure, functions in a database, and to set permissions on tables,
procedures, and views
14

7.0 CONCLUSION
Due to advancement in the electronic commerce technology, the use of credit cards has dramatically
increased. As credit card becomes the most popular mode of payment for both online as well as
regular purchase, cases of fraud associated with it are also on the rise. As a result, efficient credit
card fraud detection systems are utmost requirements for card issuing banks and all type of online
transactions that make use of credit cards. The Hidden Markov Model technique is used to detect
various suspicious activities on credit cards. It maintains a database, where past records of
transactions are saved. The card holder is notified through a system of messages if an unusual
transaction, which differs very much from the previous records, is carried out. The message, which
contains the details of the transaction is sent to his/her mobile device and helps prevent fraud. The
Hidden Markov Model makes the processing of detection very easy and tries to remove
complexities. The system is also scalable for handling large volumes of transactions.

15

REFERENCES AND BIBLIOGRAPHY

1. https://www.en.wikipedia.org/wiki/credit_card
2. https://www.en.wikipedia.org/wiki/fraud_detection
3. https://www.en.wikipedia.org/wiki/hidden_markov_model
4. https://www.en.wikipedia.org/wiki/PHP
5. https://www.en.wikipedia.org/wiki/Java_Platform,_Standard_Edition
6. https://www.fiserv.com/customer-channel-management/online-banking/fraud-detectionsystem.aspx
7. https://www.gartner.com/it-glossary/fraud-detection
8. https://www.tutorialspoint.com/sql/sql-overview.htm
9. Ashish Thakur et al (2015), Credit Card Fraud Detection Using Hidden Markov Model And
Enhanced Security Features, International Journal Of Engineering Sciences & Research
Technology (IJESRT), retrieved from http://www.ijesrt.com
10. Ashphak P. et al (2013), Credit Card Fraud Detection System through Observation
Probability Using Hidden Markov Model, International Journal of Thesis Projects and
Dissertations (IJTPD), Volume. 1, Issue 1, pp15.
11. Avinash Ingole and Dr. R.C Thool (2013), Credit Card Fraud Detection Using Hidden
Markov Model and Its Performance, International Journal of Advanced Research in
Computer Science and Software Engineering (IJARCSSE), Volume. 3, Issue 6.
12. Kavita Rawat and Jyoti Hazrati (2012), Credit Card Fraud Detection Using Hidden Markov
Model, International Journal of Latest Research in Science and Technology (IJLRST),
Volume. 1, Issue 4, pp421.
13. Geetanjali Sawant et al (2014), Credit Card Fraud Detection Using Hidden Markov Model,
Indian Streams Research Journal (ISRJ), Volume. 4, Issue 4, retrieved from
http://www.isrj.net

16