Aydin Abadi
ABSTRACT
An “Authorised Push Payment” (APP) fraud refers to a case where fraudsters deceive a victim to make payments to bank accounts controlled by them. The total amount of money stolen via APP frauds is swiftly growing. Although regulators have provided guidelines to improve victims’ protection, the guidelines are vague, the implementation is lacking in transparency, and the victims are not receiving sufficient protection. To facilitate victims’ reimbursement, in this work, we propose a protocol called “Payment with Dispute Resolution” (PwDR) and formally define it. The protocol lets an honest victim prove its innocence to a third-party dispute resolver while preserving the protocol participants’ privacy. It makes black-box use of a standard online banking system. We implement its most computationally-intensive subroutine and analyse its runtime. We also evaluate its asymptotic cost. Our evaluation indicates that the protocol is efficient. It imposes only O(1) overheads to the customer and bank. Moreover, it takes a dispute resolver only 0.09 milliseconds to settle a dispute between the two parties.
- Aydin Abadi. 2023. Variant 1: Efficient Verdict Encoding-Decoding Protocol. https://github.com/AydinAbadi/PwDR/blob/main/PwDR-code/encoding-decoding.cpp.Google Scholar
- Aydin Abadi. 2023. Variant 2: Generic Verdict Encoding-Decoding Protocol. https://github.com/AydinAbadi/PwDR/blob/main/PwDR-code/generic-encoding-decoding.cpp.Google Scholar
- Aydin Abadi and Steven J. Murdoch. 2022. Payment with Dispute Resolution: A Protocol For Reimbursing Frauds Victims (Full Version). Cryptology ePrint Archive, Paper 2022/107. https://eprint.iacr.org/2022/107.Google Scholar
- Aydin Abadi, Steven J. Murdoch, and Thomas Zacharias. 2021. Recurring Contingent Payment for Proofs of Retrievability. IACR Cryptol. ePrint Arch. (2021).Google Scholar
- Ross Anderson 2007. Closing the phishing hole–fraud, risk and nonbanks. In Federal Reserve Bank of Kansas City–Payment System Research Conferences.Google Scholar
- Ross Anderson, Chris Barton, Rainer Bölme, Richard Clayton, Carlos Ganán, Tom Grasso, Michael Levi, Tyler Moore, and Marie Vasek. 2019. Measuring the changing cost of cybercrime. (2019).Google Scholar
- Ingolf Becker, Alice Hutchings, Ruba Abu-Salma, Ross J. Anderson, Nicholas Bohm, Steven J. Murdoch, M. Angela Sasse, and Gianluca Stringhini. 2017. International comparison of bank fraud reimbursement: customer perceptions and contractual terms. J. Cybersecur. (2017).Google Scholar
- Burton H. Bloom. 1970. Space/Time Trade-offs in Hash Coding with Allowable Errors. Commun. (1970).Google Scholar
- Nicholas Bohm, Ian Brown, and Brian Gladman. 2000. Electronic Commerce: Who Carries the Risk of Fraud?J. Inf. Law Technol. 2000 (2000).Google Scholar
- Michael Buchwald. 2019. Smart contract dispute resolution: the inescapable flaws of blockchain-based arbitration. U. Pa. L. Rev. (2019).Google Scholar
- Confirmation of Payee Team. 2020. Confirmation of Payee- Response to consultation CP20/1 and decision on varying Specific Direction 10. (2020).Google Scholar
- Scott A. Crosby and Dan S. Wallach. 2009. Efficient Data Structures For Tamper-Evident Logging. In USENIX Security, Fabian Monrose (Ed.).Google Scholar
- Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, and Aad van Moorsel. 2017. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing. In CCS.Google Scholar
- Stefan Dziembowski, Lisa Eckey, and Sebastian Faust. 2018. FairSwap: How To Fairly Exchange Digital Goods. In CCS.Google Scholar
- Lisa Eckey, Sebastian Faust, and Benjamin Schlosser. 2020. OptiSwap: Fast Optimistic Fair Exchange. In ASIA CCS.Google Scholar
- Ittay Eyal, Adem Efe Gencer, Emin Gün Sirer, and Robbert van Renesse. 2016. Bitcoin-NG: A Scalable Blockchain Protocol. In NSDI.Google Scholar
- Federal Bureau of Investigation (FBI). 2020. Internet Crime Report. (2020). https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf.Google Scholar
- Adam French. 2016. Which? makes scams super-complaint-Banks must protect those tricked into a bank transfer. (2016).Google Scholar
- Juan A. Garay, Aggelos Kiayias, and Nikos Leonardos. 2015. The Bitcoin Backbone Protocol: Analysis and Applications. In EUROCRYPT.Google Scholar
- Matthew Green and Ian Miers. 2017. Bolt: Anonymous Payment Channels for Decentralized Currencies. In CCS.Google Scholar
- Hyperledger Foundation. 2018. Hyperledger Blockchain Performance Metrics.Google Scholar
- Jonathan Katz and Yehuda Lindell. 2014. Introduction to Modern Cryptography, Second Edition. CRC Press.Google ScholarDigital Library
- Marte Eidsand Kjørven. 2020. Who pays when things go wrong? Online financial fraud and consumer protection in Scandinavia and Europe. European Business Law Review (2020).Google Scholar
- Ralf Küsters, Julian Liedtke, Johannes Müller, Daniel Rausch, and Andreas Vogt. 2020. Ordinos: A Verifiable Tally-Hiding E-Voting System. In EuroS&P.Google Scholar
- Ben Laurie, Adam Langley, and Emilia Käsper. 2013. Certificate Transparency. RFC 6962 (2013), 1–27. https://doi.org/10.17487/RFC6962Google ScholarDigital Library
- Lending Standards Board. 2021. Contingent Reimbursement Model Code for Authorised Push Payment Scams. (2021). https://www.lendingstandardsboard.org.uk/wp-content/uploads/2021/04/CRM-Code-LSB-Final-April-2021.pdf.Google Scholar
- Pietro Ortolani. 2016. Self-enforcing online dispute resolution: lessons from bitcoin. Oxford Journal of Legal Studies (2016).Google Scholar
- Pietro Ortolani. 2019. The impact of blockchain technologies and smart contracts on dispute resolution: arbitration and court litigation at the crossroads. Uniform law review (2019).Google Scholar
- Joseph Poon and Thaddeus Dryja. 2016. The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments. Technical Report. https://lightning.network/lightning-network-paper.pdf.Google Scholar
- Bruce Schneier. 1996. Applied cryptography - protocols, algorithms, and source code in C, 2nd Edition. Wiley.Google Scholar
- Enrique Soriano-Salvador and Gorka Guardiola Muzquiz. 2021. SealFS: Storage-based tamper-evident logging. Comput. Secur. (2021).Google Scholar
- John L Taylor and Tony Galica. 2020. A New Code to Protect Victims in the UK from Authorised Push Payments Fraud. Banking & Finance Law Review (2020).Google Scholar
- The Financial Ombudsman Service. 2020. Lending Standards Board Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams-Financial Ombudsman Service response. (2020). https://www.financial-ombudsman.org.uk/files/289009/2020-10-02-LSB-CRM-Code-Review-Financial-Ombudsman-Service-Response.pdf.Google Scholar
- The International Criminal Police Organization. 2021. Investment fraud via dating apps. https://www.interpol.int/en/News-and-Events/News/2021/Investment-fraud-via-dating-apps.Google Scholar
- UK Finance. 2021. 2021 Half Year Fraud Update. https://www.ukfinance.org.uk/system/files/Half-year-fraud-update-2021-FINAL.pdf.Google Scholar
- UK Finance. 2021. THE DEFINITIVE OVERVIEW OF PAYMENT INDUSTRY FRAUD. https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202021-%20FINAL.pdf.Google Scholar
- Gavin Wood 2014. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper (2014).Google Scholar
Index Terms
- Payment with Dispute Resolution: A Protocol for Reimbursing Frauds Victims
Recommendations
Computer assisted frauds: An examination of offender and offense characteristics in relation to arrests
Previous studies on fighting computer-assisted frauds have attempted to assist law enforcement agencies (LEAs) to better understand important aspects of motivation, opportunity and deterrence. However, there have been few empirical studies on the ...
Dispute resolution and e-government
ICEGOV '08: Proceedings of the 2nd international conference on Theory and practice of electronic governanceDispute resolution is a core governmental activity and one that occurs not only in courts but in almost all administrative and regulatory agencies. At times, a government agency will be a party to a dispute and at other times the agency will attempt to ...
Comments