Implementasi Otentikasi Berbasis Risiko dan Deteksi Penipuan pada Platform E-Niaga SecureShop

Authors

  • Satria Tegar Bimantara Politeknik Siber dan Sandi Negara
  • Damar Damar Politeknik Siber dan Sandi Negara
  • Rahadian Ronggo Kusumo Politeknik Siber dan Sandi Negara

DOI:

https://doi.org/10.61132/merkurius.v4i4.1619

Keywords:

Anomaly Detection, E-Commerce Security, Fraud Detection, Risk-Based Authentication, Threat Modeling

Abstract

The rapid growth of the e-commerce ecosystem has introduced complex cybersecurity threats, particularly account takeovers and transaction fraud. Traditional static authentication and fragmented security modules are no longer sufficient to mitigate these dynamic risks. This research aims to design, implement, and evaluate an integrated security architecture that combines adaptive Risk-Based Authentication with a real-time Order Risk Engine. Utilizing an experimental approach within the Secure Software Development Life Cycle framework, a server-side rendered prototype was developed and subjected to synthetic anomaly injections in an isolated local testbed. The system evaluates operational contexts, such as unfamiliar IP addresses, bruteforce attempts, and abnormal order velocities, using a deterministic scoring mechanism to trigger automated interventions ranging from multi-factor authentication challenges to absolute access blocks. The empirical findings demonstrate that the proposed end-to-end risk scoring engine achieved a zero percent false-positive rate for legitimate users while successfully mitigating all simulated critical threats and account takeover attempts. Furthermore, the integration of stateless session management maintained an exceptionally low computational latency, ensuring a seamless user experience. These results imply that a unified risk-scoring model provides a highly effective, autonomous, and scalable blueprint for securing modern e-commerce platforms against multi-layered exploitations.

References

Abdallah, A., Maarof, M. A., & Zainal, A. (2016). Fraud detection system: A survey. Journal of Network and Computer Applications, 68, 90–113. https://doi.org/10.1016/j.jnca.2016.04.007

Bonneau, J., Herley, C., Oorschot, P. C. V., & Stajano, F. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In 2012 IEEE Symposium on Security and Privacy (pp. 553–567). IEEE. https://doi.org/10.1109/SP.2012.44

Calzavara, S., Gritti, F., Bugliesi, M., & Focardi, R. (2017). Mithril: Mining token-based authentication vulnerabilities. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 582–596). IEEE. https://doi.org/10.1109/EuroSP.2017.36

Carbone, R., Compagna, L., Jacomme, C., & Sibut, P. (2023). Let’s review the security of JWT implementations. In Proceedings of the 2023 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 59–75). IEEE. https://doi.org/10.1109/EuroSP57164.2023.00013

Fadayomi, O., Bello, A. D., Elebe, O., Ikeoluwa, N., Hammed, H., & Omoegun, G. O. (2024). An adaptive fraud risk scoring model for real-time transaction monitoring at scale. International Journal of Business and Finance Research, 10(10), 212–230. https://doi.org/10.56201/ijbfr.v10.no10.2024.pg212.230

Festa, Y. Y., & Vorobyev, I. A. (2022). A hybrid machine learning framework for e-commerce fraud detection. Model Assisted Statistics and Applications, 17(1), 17–28. https://doi.org/10.3233/MAS-221350

Freeman, C., Roopakalu, S., & Boneh, D. (2016). Who are you? A statistical approach to measuring user authenticity. In Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS). Internet Society. https://doi.org/10.14722/ndss.2016.23234

Gayam, S. R. (2024). AI-driven fraud detection in e-commerce: Advanced techniques for anomaly detection, transaction monitoring, and risk mitigation. Distributed Learning and Broad Applications in Scientific Research.

Grassi, P. A., Garcia, M. E., & Fenton, J. L. (2017). Digital identity guidelines: Authentication and lifecycle management (NIST SP 800-63B). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-63b

Jones, M., Bradley, J., & Sakimura, N. (2015). RFC 7519: JSON Web Token (JWT). Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/rfc7519

Lodderstedt, T., McGloin, M., & Hunt, P. (2013). RFC 6819: OAuth 2.0 threat model and security considerations. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/rfc6819

OWASP Foundation. (2021). OWASP Top 10: The ten most critical web application security risks. https://owasp.org/Top10/

Rao, S. X., Zhang, S., Han, Z., Zhang, Z., Min, W., Chen, Z., & Zhao, P. (2020). xFraud: Explainable fraud transaction detection on heterogeneous graphs. arXiv preprint arXiv:2011.12193.

Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.

Soyemi, J., Hammed, M., & Soyemi, O. B. (2026). Adaptive risk-based multi-layer authentication framework for secure online banking systems. FUDMA Journal of Sciences, 10(4). https://doi.org/10.33003/fjs-2026-1004-4870

Tang, S., & Wong, R. K. (2026). Adaptive fraud detection on e-commerce platforms. In Proceedings of the European Conference on Artificial Intelligence (ECAI).

Wiefling, S., Iacono, L. L., & Dürmuth, M. (2019). What’s in an end-user’s mind? A qualitative study on risk-based authentication. In Proceedings of the Fifteenth Symposium on Usable Privacy and Security (SOUPS) (pp. 323–341). USENIX Association.

Wiefling, S., Iacono, L. L., & Dürmuth, M. (2020). Is this really you? An empirical study on risk-based authentication applied in the wild. In Proceedings of the 35th IFIP International Conference on Information Security (IFIP SEC) (pp. 134–148). Springer. https://doi.org/10.1007/978-3-030-58201-2_10

Zeni, M., Agosti, C., & Crispo, B. (2014). You can’t be here: The power of location in risk-based authentication. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (pp. 531–536). ACM. https://doi.org/10.1145/2590296.2590353

Zheng, X., Liu, Z., Sun, L., & Li, Y. (2020). A literature review of secure software development lifecycle. In 2020 IEEE International Conference on Artificial Intelligence and Information Systems (ICAIIS) (pp. 370–373). IEEE. https://doi.org/10.1109/ICAIIS49377.2020.9194858

Downloads

Published

2026-07-03

How to Cite

Satria Tegar Bimantara, Damar Damar, & Rahadian Ronggo Kusumo. (2026). Implementasi Otentikasi Berbasis Risiko dan Deteksi Penipuan pada Platform E-Niaga SecureShop. Merkurius : Jurnal Riset Sistem Informasi Dan Teknik Informatika, 4(4), 33–43. https://doi.org/10.61132/merkurius.v4i4.1619

Similar Articles

<< < 2 3 4 5 6 7 8 > >> 

You may also start an advanced similarity search for this article.