Online Fraud Transaction prevention system using

Extended Visual Cryptography and QR code

Shubhangi Khaimar Reena Kharat

Department of Computer Engineering Department of Computer Engineering
Pimpri Chinchwad College of Engineering Pimpri Chinchwad College of Engineering
Pune-44 Pune-44
Shubangi.khairnar@gmail.com Reenakharat@yahoo.com

Abstract - Now a days many people are doing online financial

transactions. This transaction needs to be secure. There are
various attacks present behind this. Phishing is one type of
attack. For detecting this attack, various anti-phishing
mechanisms are used. In phishing process, suppose cheater sends
out thousands of phishing emails with a link to the fake website.
Victims click on links in email believing it is legitimate. They
enter personal information on that fake website. Fraudsters
collect the stolen data and login into correct website. This is an
overall process of phishing. We propose a new scheme for online
fraud transaction prevention using extended visual cryptography
and QR codes. This scheme uses extended visual cryptography
for share generation. One time password is used for phishing
website detection. Extended visual cryptography is used for
converting the QR code into two shares. The system provides
security for online users and detecting the phishing websites.
Fig.l. Phishing Process
Keywords- OTP, Phishing, QR code, Extended visual
cryptography. In this paper, we proposed a new scheme for
providing security during an online transaction. We propose a
new scheme for online frauds detection using Extended Visual
I. INTRODUCTION Cryptography (EVC) and QR code. By using this technique,
Now a day an online transaction has become very common. we provide better security to people. In proposed system user
There are various attacks present during the online transaction. first registered on the website. Client sends verification
Phishing is a very common attack. In phishing process, request to merchant server and the merchant server sends ID
suppose cheater sends out thousands of phishing emails with a and password to bank server for verification. If it is valid then
link to the fake website. Victims click on links in email generate One Time Password (OTP) and apply EVC for shares
believing it is legitimate. They enter personal information on generation. Bank server sends one share to the client and one
that fake website. Fraudsters collect the stolen data and login share to the server. Then merchant server sends this share to
into correct website. This is an overall process of phishing. the client. At the time of reconstruction, two shares are
combined to reveal the original OTP. Then client sends this
Now a day various people are using internet for online OTP to bank server for verification.
financial transaction. Security is very important term during an
online transaction. Various security attacks present behind this 11. RELATED WORK
online transaction. So, we propose the new idea in this paper
für providing the security. In phishing process, suppüse Image-based verification using visual cryptography is
cheater sends out thousands of phishing emails with a link to proposed in [2]. Visual cryptography is use to transform the
the fake website. Fig.l shows phishing process victim clicks QR code into two shares and both these shares transmitted
on links in email believing it is legitimate [1]. He enters separately. This methodology was implemented image based
personal information on that fake website. Fraudster collects authentication using visual cryptography. Using this method,
the data entered by victim and login into correct website. This the user can determine whether the site is safe or unsafe to
is an overall process of phishing. carry out his transaction. In this system we prove that this
method is more efficient and secured.
In [3], authors proposed a new method for phishing detection.
This methodology was based on the Anti-Phishing Image
validation scheme using visual cryptography. This method
prevents password and other important information from the
phishing websites. This methodology was implemented image
based authentication using visual cryptography. In [4], OTP is
encoded in QR code.

An enhanced anti-phishing framework based on visual

cryptography is proposed in [5]. In this paper, an image-based
verification using visual cryptography is implemented. This
technique uses visual cryptography to preserve the privacy of
the casually chosen image by dividing the image into two
shares. These two shares are for that particular session. Using
this method, the user can determine whether the site is safe or
unsafe to carry out his transaction.

The malicious website detection using visual cryptography

and OTP is proposed in [6]. It is used to solve the problem of
phishing. In this approach, image based validation using visual
cryptography is implemented with the grouping of OTP. The
use of visual cryptography is open to preserve the secrecy of Fig.2. Architecture of Proposed Method
an image captcha by dividing the original image captcha into
two shares. The original image is gained at the user end only Proposed system is shown in Fig.2. In this system the
when both the user and the server are registered with the user registration is done first. User sends request to merchant
trusted server. Using this, website cross validates its identity server and merchant server sends ID and password to bank
and proves that it is an honest website before the end users. server for verification. If it is valid then generate OTP and
apply EVC for shares generation. Bank server sends one share
In this paper, a new type of cryptographic schemes is proposed to the client and one share to the server. The merchant server
[7], which can decode images without any cryptographic sends this share to the client. At the time of reconstruction,
computations. The scheme is perfectly secure and very easy to two shares are combined to reveal the original OTP. Then,
implement. We extend it into a visual variant of the k out of n user sends this OTP to bank server for verification.
secret sharing problem. in which a dealer provides a
transparency to each one of the n users; any k of them can see
the image by stacking their transparencies, but any k - n of
them gain no information about it.

In [8], authors proposed a new scheme using steganography

and visual cryptography for preventing the user private
information. In this paper, the text based steganography is
used for hiding the customer unique authentication password
in connection to the bank. This system uses to protect
customer data and increasing customer assurance and
preventing identity theft.

III. PROPOSED METHODOLOGY

Now a day an onIine transaction has become very common.
There are various attacks present during the online transaction.
Phishing is a very common attack. We propose a new scheme
for onIine frauds detection using EVC and QR code.

Fig.3. Block Diagram of proposed work

A. Following steps used in the proposed Algorithm: User can do verification of shares. User has to select any share
which is to be verified. To do this procedure, generate one key
1. System user does registration process first. The user first for each session and then add cover image into one share. At
enters username and password. the time of de-steganography, if user enters correct key then
2. User sends this username and password to the merchant they will get correct share as shown in figA.
server.
PHISHING SERVER VERIFIER
3. Merchant server sends this username, password to bank
server with server ID/password.
4. Bank server checks this user data into bank database and
verifies the user.
5. If verification succeeds then bank server generates one
OTP.
6. Convert OTP into QR code.
7. Apply visual cryptography on QR code and generate
share 1 and share 2.
8. Load cover image and embed share_1 into a cover image
using steganography.
9. Bank server sends stego image to merchant server
10. Share 2 via email to the client. I'[JJFYSlRVER rtlWllQR(OIJ[

11. Merchant server sends stego image to the client. PROCITDTDJRlJIIAC1lO!I

12. Client applies de-steganography on merchant server and
gets share_1 from the cover image.
l 3. User downloads share 2 from mail. FigA. Snapshot for adding cover image into share 1

14. Superimpose share_1 and share_2 and get QR code.

15. After getting QR code user scan this QR code and get OTP
as output.
16. User enters the OTP and send to server for verification. By
using this technique verify merchant server is genuine or not.
B. Share Construction Algorithm:
Fig.5. shows snapshot of proposed system for share
construction. For share construction, firstly user has to select
secret image. Convert secret image into QR code. Then secret
sharing scheme visual cryptography is selected. After that as
per scheme secret shares are get generated and stored into the
system.
PHISHIHG SERVER VERIFIER

SHARE I SHAREl
Steps:
l. Read QR image of OTP.
2. Get height and width of that image.
3. Create share 1 by generating random (2*2) matrix.
4. Fill this matrix (0, 1) using random value.
5. Share 1 checks with the pixel of the original image. If
""' 'IlA===
usalD
original image pixels are 1 then we set the share 2
usaOl
matrix pixel same like share 1.
6. Share 2 is created.
GiNER.llIQRCOOE

C. Embedding share into cover image Algorithm:

PROCEID 10 TlAN5.ICTlCtI

Steps:
l. Read cover image. Fig.5. Snapshot for share generation after adding cover image
2. Separate RGB pixels for each channel.
3. Read secret data sequentially Snapshot of the proposed system for OR code generation as
4. Put secret data in last two bits of LSB for each shown in Fig.6. User superimposes share_l and share_2 to get
channel QR code. After getting QR code, user scans this QR code to
5. Based on user key generate an offset get OTP as output. User enters the OTP and send to the bank
6. Based on offset decide index of pixels on which data server for verification. By using this technique, user verifies
is embedded. the merchant server is genuine or not.
 IV. CONCLUSION
In this paper, we proposed a method for Online Fraud
Transaction prevention using extended visual cryptography
I and QR code techniques. Using extended visual cryptography
we can verify the shares are genuine or not. Therefore, it
provides better security in preventing phishing attack
compared to visual cryptography.

ENTER OTP:
(SCAN QR TO GET OTP)
Submi. OTP
V. REFERENCES

[ 1 ] A. Alnajim and M. Munro, "An anti-phishing approach that uses training

intervention for Phishing websites detection," in Proceedings of the 2009
Fig.6. Snapshot for QR code generation
Sixth International Conference on Information Technology: New Generations.
Washington, DC, USA: IEEE Computer Society, 2009, pp. 405-41 0.

[2] Dhanashree Moholkar ,"An Efficient Approach for Phishing Website

QIICOOE
Detection using Visual Cryptography (VC) and Quick Response Code (QR
Code)", International Journal of Computer Applications (0975 - 8887)
Volume 1 15 - No. 12, April 2015.

[ 3] Divya James, Mintu Philip, "A Novel Anti-Phishing framework based on

Visual Cryptography' 978- 1 -4673-0449-8/ 12/$3 1 .00 m0 12 IEEE.
m.

[ 4] D. R. Anekar, Binay Rana, Vishal Jhangiani," Online Banking Security

""'""' --
System Using OTP Encoded in QR-Code ", 2015, IJARCSSE
511111i10lP

[5] Gaurav Palande, Shekhar Jadhav," An Enhanced Anti-Phishing

Fig.7. Snapshot for checkillg with fake share
Snapshot of the proposed system for checking with fake share
shown in Fig.7. If hackers can add any fake share at the time
of QR code generation, then they don't get the original QR
code. So this system is secured for online transaction. By
using this technique, user verifies the merchant server is
genuine or not.
Framework Based on Visual Cryptography", International Joumal of
Emerging Research in Management &Technology ISSN: 2278-9359
(Volume-3,Issue-3)
[ 6] Kajal NanawareA, Kirti KanadeA, "Malicious Website Detection using
Visual Cryptography and OIP", International Journal of Current Engineering
and Technology, Vo1.4, NO.5 (Oct 20 1 4)
[ 7] M. Noar, A. Shamir, "Visual cryptography," in: A. De Santis
(Ed.),Advance in Cryptography: Eurpocrypt'94, Lecture Notes in Computer
Science, Volume. 950, pp. 1 - 12, 1 955.
[ 8] Souvik Roy and P. Venkateswaran, "Online Payment System using
Steganography and Visual Cryptography," 20 1 4 IEEE Students' Conference
on Electrical, Electronics and Computer Science.