1. Reliability of EMV Protocol
EMV (Europay, MasterCard, Visa) is a jointly developed set of global standards to facilitate interoperability between the cards with computer chips and terminals used by financial services companies.
EMV is the world’s dominant smart card payment system, with billions of credit and debit cards in use.
In 2010 Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond published the research paper “Chip and Pin is Broken”, highlighting possible flaws in the standard.
“A major contributing factor to the fact that these protocol flaws remained undiscovered is the size and complexity of the specification, and its poor structure. The core EMV protocols are now 707 pages long, there are a further 2 126 pages of testing documentation, and card schemes also specify extensions (Visa publishes 810 pages of public documentation, and there is more which is secret). Many options are given, and a typical implementation mixes some of the functionality from the published manuals with some issuer-specific enhancements. Security critical details are scattered throughout, and there is no one section which is sufficient to understand the protocol, the threat model, or the security policy. In fact, much detail is not specified at all, being left to implementation decisions by individual issuers.”.
Many papers have subsequently been published highlighting further vulnerabilities and flaws related to the standard.
The thesis will focus on the EMV protocol, its flaws and vulnerabilities assessing the current reliability of the standard.
2. Malware in banking sector
Financial and payment services are not immune to malware infections. In fact, 2017 and 2018 have seen massive cyber-attacks hit major institutions worldwide, most of them involved malware infections. Kaspersky discovered 430,000 users faced malware aimed at stealing finances, cryptocurrencies and web-money services in the first half of 2019, showing a 7% growth.
The thesis will focus on the investigation of specific malware threats targeting bank infrastructure and bank customers and to evaluate and predict future attacks scenarios.
3. Vulnerabilities in Mobile Point of Sale solutions
Leigh-Anne Galloway and Tim Yunusov Positive Technologies' security researcher discovered several vulnerabilities affecting mobile point-of-sale (mPOS) technology. The vulnerabilities allow malicious merchants to change the amount customers think they are paying, send arbitrary code via Bluetooth and mobile applications and exploit a remote code execution vulnerability.
The thesis will focus on the analysis of Mobile POS technology and its vulnerabilities and perform an assessment of a specific mobile pos model.
4. Fraud detection and prevention using machine learning in e-commerce
The Financial Cost of Fraud 2019 report, published by the University of Portsmouth’s Centre for Counter Fraud Studies, states that frauds cost the global economy 3.89 trillion pounds. The number of e-commerce transactions is also increasing as e-commerce sales are expected to rise to $4.5 trillion by 2021.
The thesis will aim to provide an analysis of the state?of?the?art research on machine learning applied to fraud detection and to extend our software with ML fraud detection models.
NUMERA is an ICT Company based in Italy. It is a part of BPER Banca Group, playing a significant role in the provision of IT services to the entire Group. It was established as a start-up of Banca Popolare di Sassari, a Regional Bank, more than 30 years ago. Numera can be considered one of the first FinTech.
Today, the Company manages IT services for Banks, Companies and Public Administrations. Numera’s focus is management of electronic payment systems and documents. Numera’s expertise in IT Security compliance has led to achievement of ISO 27001 and PCI-DSS certifications. Numera Payment Gateway system (NPGW) and its Fraud Detection model for electronic payments are used by important customers throughout Italy.
Numera’s goal to combine innovation and experience, gained by providing services to Public Administrations and Banking Groups, has led to creation of PagoPA service - Italian standard payment system to the Public Administration. Numera plays both roles of Technological Partner for the P.A. and support partner for Payment service Providers (PSP).
Numera is actively working on Payment Services Directive (PSD2) research with particular emphasis on the Third Parties - Account Information Service Provider (AISP) and Payment Initiative Service Provider (PISP) domains.