Nowadays, most financial transactions, as well as fraud, are conducted online. Researchers are developing sophisticated logic to identify suspicious online activity.
“I hope he doesn’t take too long,” you grumble as you wait at the ATM behind a customer who is taking his sweet time withdrawing cash. For the umpteenth time, you check your watch and sigh audibly as you wait for the man to finish his withdrawal.
Finally, the machine spits out a large wad of cash and returns his card – but as soon as you make a move for your turn, the man pulls out another card from his wallet and restarts the process.
He must be about to buy something really expensive, you reason, as more cash comes out of the ATM. And he’s not even done yet, as he starts fiddling in his wallet to find another card. You start wondering if he’s up to something illegal?
In the 2003 great cyber heist in New York, a suspicious young man was followed by detectives who saw him performing an unusually large number of withdrawals from an ATM.
It turned out that he had stolen credit card information from unsuspecting persons, and
he was using that information with bank cards loaded with stolen data.
Fast-forward to 2016 – in the present internet age, most financial transactions are conducted online. And that means that most frauds also take place online.
To counter this, banks and other companies handling financial transactions have built complex software systems to ensure that these transactions are secure and not fraudulent.
But the complexity of these software systems means that it is easy for them to contain programming mistakes which may allow for loopholes and means for circumventing deviant behaviour they are trying to stop in the first place.
And even though software companies invest substantial resources in testing their systems to discover and remedy problems before deploying them, this does not suffice, since any uncaught software errors discovered by malicious users can be abused repeatedly, resulting in serious consequences.
A team of researchers at the University of Malta, together with software architects and engineers at Ixaris Systems Limited, are working on developing innovative technologies in order to address this problem – developing techniques to support complex software, particularly in the domain of online financial transaction systems.
Ixaris Systems Limited has built a payment platform which includes sophisticated logic
to identify suspicious online activity. The company’s quality assurance team ensures that software testing is heavily used, in order to identify wrongly implemented logic.
All software companies invest heavily in developing software tests to check that their systems work as they should before these are made available to clients. Yet tests on their own cannot guarantee that the software works correctly 100 per cent of the time once the system is out there.
Through GOMTA, a research project financed by the Malta Council for Science and Technology (MCST), the University of Malta and Ixaris are working on techniques to maximise the investment made in developing software tests by converting these tests into software monitors that operate in real-time, much like the detectives in the great New York cyber heist.
This would help detect problems as they happen, potentially saving companies large sums of money as well as their reputation with present and potential clients.
The solution derived from the GOMTA project can easily be adopted in other software systems as the same principles apply.
This research is being carried out through the Generating Online Monitors from Tests Automatically (GOMTA) project, which is funded by the Malta Council of Science and Technology (MCST). The team at the University of Malta is composed of Dr Christian Colombo, Prof Gordon Pace, Dr Mark Micallef, Dr Adrian Francalanza, Dr Abigail Cauchi, and Luke Chircop. For more information visit www.um.edu.mt/ict/cs/research/projects/gomta.