A SECURED PAYMENT GATEWAY TO AVOID FRAUDULENT TRANSACTIONS
This article can be divided mainly into 2 sections.
- One, Project Synopsis
- Two, Project demonstration, you are here 😊
Continue if you’ve gone through Part 1. If not, click on the link below 😊
BLASEC : A PAYMENT GATEWAY – Part 1/2
PART 2: Project Demonstration
1: Login Page
Common for both ADMIN and users.
This application is to be integrated with E-Commerce or other websites that require a payment gateway. Then, user will be automatically logged in to this system with his/her account details. For now, this is a stand-alone application which is not integrated with other system, so user has to manually login.
2: ADMIN module
ADMIN functionalities in detail:-
An option for the ADMIN to add new login details via the back-end. Once integrated with the E-Commerce website, user account details will be mapped to our database, so this won’t be much of a use. But this is included for safety purposes to recover when sync fails between the integrated website and our database.
Security Question and Answer is included for every account as it is required to pass the authentication step when an unusual pattern is detected. Open Status can be N or Y, which denotes whether an account is blocked or not.
An option for the ADMIN to view and edit the Negative Database. In the future, this black-listed list will be provided by a third party and can be imported to our application via the back-end in a specific format. Also, this can be used for analysis by the cybersecurity team as well. When a user inputs credit/debit card details, they are cross-checked with this database, and also, IP is fetched and compared too. If a match is found, the transaction is declined from further processing.
ADMIN also has the option to search by username.
Geographic locations are fetched using IP with the help of API from Maxmind. The remarks column explains the reason for each transaction.
3: USER module
If the user logs in, the system directs to the payment page if IP validation is passed.
An unusual pattern is detected on clicking ‘Pay’ when:
- New Card details are provided by the user which is not present in the ‘Customer Card Details’ in the ADMIN module.
- The amount provided does not lie between the previous ‘Customer Transaction History’ range. (Behavior and Location Analysis (BLA)
- The user’s geographic location is different compared to the previous ‘Customer Transaction History’. (Behavior and Location Analysis (BLA)
- No Transaction history is present for the user in ‘Customer Transaction History’.
- If the Billing Address is different from the Credit card linked address in ‘Customer Card Details’. (Address Verification Service)
Then, the system directs the user to re-login and prompts them to answer the security question as part of authentication.
The user is provided with 3 attempts to answer correctly. If done, the transaction is made successful and the database is updated properly with new values, if not, blacklist user card details, and IP, and block the account from further proceedings.
If the user provides an incorrect answer 3 times,
If the user’s details are under the blacklisted database, the user cannot proceed further. (Negative Database Security)
Database values are stored in encrypted format using AES encryption to avoid SQL injection or other attacks.
THANK YOU FOR READING! I HOPE YOU ENJOYED IT😃
This is not a real payment gateway. It’s a project to address existing security flaws and some additional features that could be incorporated in the back end to tighten up their security and reduce fraudulent transactions at least by 30%.
If you liked it, do give it a shout, and if you wish to take up an initiative and reduce such online frauds and make it safer for payment gateways, do share it with your friends or colleagues.
Well, there are a lot of areas for improvement in this project and, for any new suggestions or comments, I’m all ears.
Download project from: https://github.com/sharuroy16/blasec