Boxer: Preventing fraud by scanning credit cards

Most apps and merchants don’t want to deal with financial fraud, but if they accept payments, then eventually they’ll have to.

Traditional thinking in anti-fraud technology casts this problem as a tradeoff between false positives and false negatives: you can tune your system to block fraud or block good users. We challenge this traditional thinking and ask the following question: can you block attacks without also blocking good users?

This work was published at the 2020 Usenix Security Symposium. For full technical details please see our paper or Zain’s talk at the conference. Interested in learning more or using the production version of Boxer? Check out Bouncer Scan.

Goals

Card-not-present credit card fraud costs businesses billions of dollars a year. In this post, we present Boxer, a mobile SDK and server that enables apps to combat card-not-present fraud by scanning cards and verifying that they are genuine. Boxer analyzes the images from these scans, looking for telltale signs of attacks, and introduces a novel abstraction on top of modern security hardware for complementary protection.

Figure 1. This figure shows how a food delivery app can use Boxer to verify a credit card for a suspicious transaction.

Our overall goal is to enable apps to stop fraud by verifying that a user physically possesses a card while making it easy for legitimate users to prove possession. Our system has started to have an impact with 323 apps integrating Boxer, resulting in over 10 million scans of real cards from real users in the field.

Motivating example: Mallory the fraudster

This section walks through an autobiographical motivating example of card-not-present fraud and how Boxer can help defend against it.

Mallory is a fraudster. She buys stolen credit card numbers from other attackers, which they send to her in a text file. At first, she uses these stolen card numbers to buy food from a food delivery app, called Foodie, for herself and her friends. Then, she sees an opportunity to go into business monetizing her stolen credit card numbers.

To monetize stolen credit cards, Mallory acts as an agent service selling food delivery at a heavy discount. In this scheme she collects money from the person who wants food and “pays” Foodie using stolen credit cards, leaving Foodie stuck with the bill. Given the profits from this attack, Mallory recruits a team to help and as they scale their enterprise, Foodie is now losing nearly 5% of their revenue to card-not-present credit card fraud.

Foodie first becomes aware of their fraud problem when Visa reaches out to Foodie due to their chargeback ratio going above 1%. At a chargeback ratio above 1%, Foodie is at risk of having Visa remove them from the payment network, effectively killing Foodie’s growing business.

Foodie acts by hiring a data scientist, Ari, to help detect fraud. Ari crafts some business rules to identify the most egregious transactions, and then trains a machine learning model to generalize to other transactions. As Ari’s model hits production, fraud plummets and order is restored at Foodie.

However, this calm is short lived as Ari only measures his model’s impact on chargebacks and not on the users that his model flags incorrectly. It is not until Ari’s model disables one of Foodie’s investors that Foodie starts to look at the impact of incorrect model decisions. Upon further investigation, they realize that they are losing more money due to lost business from blocking legitimate transactions that Ari’s model flags than they would have lost from chargebacks.

To help with their false positive problem, Foodie hires Brie, who had been working on stopping fake accounts at a large social network. Brie knows that by providing users with a way to verify themselves automatically she can recover almost all the false positives while still preventing most of the fraud. Brie uses the Boxer “scan your card” challenge that asks suspicious users to scan their credit card on their phone to proceed (Figure 1). She knows that most legitimate users have their card in their wallet, whereas attackers like Mallory just have a text file with card numbers, making it easy for good users to pass but hard for attackers. After Brie launched this challenge, Foodie recovers over 80% of their false positives, while keeping general fraud rates low.

Boxer design principles and overview

This section discusses the design principles that underlay our design and gives a brief overview of our technology.

Our first general defensive philosophy is to compose complementary defenses. Financial fraud is diverse, ranging from groups of humans carrying out attacks manually using real iPhones to full-blown automation, bots, and machine learning. Rather than try to devise a single defense to stop them all, we compose several complementary pieces to make an overall defensive system. We strive to have one component cover the weaknesses or blind spots of another.

Our second general defensive philosophy is to strive to never block good users. While the constraints imposed by Boxer inconveniences fraudulent users, we design them such that they do not hamper the experience of good users

Boxer design principles

In this section we describe our general design for scanning credit cards to verify that they are genuine. Although our focus is on scanning credit cards, we expect these general principles to apply to similar problems, such as scanning IDs, selfie checks, or verifying utility bills. Our design has five general principles that guide our implementation.

Principle 1: Scan the card to extract relevant details and check them against what the app has on record. In Boxer, we scan the credit card number using optical character recognition (OCR) and check that against the card number that the app has on record for that user.

Output of the object detector of the BIN consistency and expectation check. The model correctly identifies, issuing bank, the card network (Visa), card type, chip, name, and card number. These extracted features are correlated with our data of the card BIN to identify any inconsistencies.

Principle 2: Inspect the card image for telltale signs of tampering. Boxer uses a visual consistency check of the card image against the card’s Bank Identification Number (BIN), which is the first six digits of the card number and identifies the issuing bank of the card (e.g., Chase). For example, if a scanned card has a BIN from Chase but the model does not detect the Chase logo, then the scan is likely to be an attack.

Moiré patterns observed on capturing a laptop screen on a mobile phone. These patterns are an inherent aliasing effect that arise from differences in spatial frequency of the laptop screen and the mobile camera.

Principle 3: Detect cards rendered on false media. Although modern machine learning and computer vision algorithms empower attackers to tamper images that are difficult to detect, the attacker still needs to render these altered images to scan them. Boxer detects the presence of a screen when it scans a card. By detecting a screen, we can prevent one simple avenue for producing and scanning fake card images.

To track attacker activities, we count events and divide the counts into hardware-backed strata, which we can use to recover the counts after a device reset.

Principle 4: Associate attacker activities with items that are expensive. In Boxer, we track activities and increment a secure counter when they occur on the same device. This counting mechanism is important because it cuts to the core of a broad range of attack behavior: attackers will use a small set of real phones over and over to carry out attacks. By providing apps with the ability to count key events, like adding a credit card to an account, on a per device basis it allows them to limit the damage done by large scale attacks.

Principle 5: Respect end-user privacy. In Boxer, we put a premium on end-user privacy by only using device identifiers that users can reset and by running our machine learning models on the client.

Overview

Together, the card scanning system and secure counting abstraction make up Boxer, where both mechanisms complement each other to prevent damage from card-not-present fraud. The image analysis techniques behind card scanning (OCR, BIN consistency, and screen detection) detect common ways that attackers could create fake cards with stolen card numbers. The advantage of these techniques is that when they work, they stop the attack completely. The disadvantage is that attackers who create sophisticated fake cards (e.g., physically prints cards) can evade them. On the other hand, the secure counting abstraction can effectively deter even technologically sophisticated attackers. However, it will let through a limited number of fraudulent transactions. Thus, we use both card scanning and secure counting together to help make up for the shortcomings of the other.

Conclusion

Our goal was to have our cake and eat it too. We wanted to block fraud and allow good users to still use an app, even if their anti-fraud systems flag them accidentally. Through providing a world-class user experience, novel machine learning, and new security abstractions on top of modern mobile phone hardware, we take a first step towards that ideal security experience in apps.

This blog post is joint work by Zainul Abi Din, Hari Venugopalan, Jaime Park, Andy Li, Weisu Yin, Haohui Mai, Yong Jae Lee, Steven Liu, and Samuel T. King (me!)