Showing the area of exploitation, with known fraud and inferred fraud
One of our team member's parents is a fraud analyst at a community bank, and frequently has to perform repetitive tasks when determining the origin and extent of a credit card data breach.
Criminals rarely steal data for just one credit card. Card fraud often comes in the form of an ongoing breach, where criminals steal credit card information from a point of purchase and attempt to use it elsewhere. Card data breaches can be very expensive to banks until the source is identified and affected cards are replaced.
What it does
Given a set of purchases that are confirmed as fraud, BreachHound determines the most likely origin of a data breach by examining common points of purchase on accounts containing fraud. BreachHound then identifies all cards that have been used at the suspected location, and provides a map of known fraud, the suspected common point of purchase, and purchases on cards that may have been compromised in the breach.
BreachHound automatically sends an e-mail alert using SparkPost to notify bank managers of a possible breach and of which cards may be affected.
How we built it
We us a combination of existing merchant data on Nessie, and simulate common patterns of purchases using scripts. During analysis, all data is scraped from Nessie. Analysis data is summarized using the Google Maps API.
Challenges we ran into
Accomplishments that we're proud of
It works! We were very excited when we finally got the analysis functions working.
What we learned
What's next for BreachHound
This is definitely a project we intend to develop farther because we know there is a need for it. This was a proof of concept, next steps involve providing more information on the map, incorporating time data, and use of clustering analysis.