scholarly journals An Improved Security Model for Nigerian Unstructured Supplementary Services Data Mobile Banking Platform

2020 ◽  
pp. 974-987
Author(s):  
Samera Uga Otor ◽  
Beatrice Obianiberi Akumba ◽  
Joseph Sunday Idikwu ◽  
Iorwuese Peter Achika
Keyword(s):  
Communication Technology ◽  
Value Added ◽  
Identity Theft ◽  
Personal Identification ◽  
Security Model ◽  
Mobile Banking ◽  
Personal Identification Number ◽  
Shoulder Surfing ◽  
Automated Teller Machine ◽  
Financial Transactions

Unstructured Supplementary Services Data (USSD) is a menu driven, real time communication technology used for value added services. It is adopted by banks for financial transactions due to its ease of operation. However existing USSD are used by fraudster to commit identity theft through Subscriber Identification Module (SIM) swap, phone theft and kidnap, in other to access funds in the bank. One of the reasons this is made possible is because existing USSD platforms use Automated Teller Machine (ATM) Personal Identification Number (PIN) as second level authenticator and this compromises the ATM channel and violets one of the stated guidelines for USSD operation in Nigeria. More so, the PIN is entered bare on the platform and so can easily be stolen by shoulder surfing. Therefore, in this paper we developed and simulated an improved USSD security model for banking operations in Nigeria. The security of existing USSD platform was enhanced using answer to a secret question as another level of authentication. This was with the view to minimise identity theft. This secret question is registered in the bank during account opening for new customers while existing customers will have to update their details in the banks data base before registering for USSD services. This is done the same way customers verify their ATM PIN in the bank. Hence the answer is known by the customer alone. The model was implemented using php on XAMPP platform and simulated using hubtel USSD mocker. Results showed that security of the proposed system was enhanced through another level of authentication provided by the answer to the security question.

Scrambling Keypad for Secure Pin Entry to Defeat Shoulder Surfing and Inference Attacks

2021 ◽  
Vol 13 (3) ◽  
pp. 12-33
Author(s):  
Samuel Selassie Yakohene ◽  
Winfred Yaokumah ◽  
Ernest Barfo Boadi Gyebi
Keyword(s):  
User Authentication ◽  
Object Oriented ◽  
Personal Identification ◽  
Object Oriented Programming ◽  
Personal Identification Number ◽  
Automated Teller Machines ◽  
Shoulder Surfing ◽  
Inference Attacks ◽  
Computing Platforms ◽  
Common User

Personal identification number (PIN) is a common user authentication method widely used especially for automated teller machines and point-of-sales devices. The user's PIN entry is susceptible to shoulder-surfing and inference attacks, where the attacker can obtain the PIN by looking over the user's shoulder. The conventional keypad with a fixed layout makes it easy for the attacker to infer the PIN entered by casual observation. This paper proposes a method of authentication to address these challenges. The paper develops a prototype numeric keypad with a layout akin to the conventional keypad, with the keys randomized for each PIN entry. The shuffle algorithm, Durstenfeld shuffle algorithm, is implemented in an application developed using JavaScript, which is a prototype-based object-oriented programming application that conforms to the ECMAScript specification. The prototype is implemented on three computing platforms for evaluation. The test proves the effectiveness of the system to mitigate shoulder-surfing and inference attacks.

scholarly journals Prototype for Card-less Electronic Automated Teller Machine using Internet of Things

2019 ◽  
Vol 9 (1) ◽  
pp. 4317-4319
Keyword(s):  
High Volume ◽  
User Friendliness ◽  
Eavesdropping Attack ◽  
Shoulder Surfing ◽  
Automated Teller Machine ◽  
Entertainment Establishment ◽  
The Face ◽  
User Access ◽  
Guessing Attack ◽  
Financial Transactions

Automated Teller Machine (ATM’s) are devices used for the personal and business financial transactions or banking functions. It can be used without the help of the banking official. The ATM’s have become popular among the public for their availability and the user friendliness. Nowadays ATMs are available in many locations such as college, supermarket, gas station, banking center, airport, work location, hotels, and entertainment establishment, having a consistent high volume of user traffic. The existing ATM machine uses the ATM cards for the user access to authenticate their account in order to use the services of the ATM. There are several problems which includes card expiring, cost of maintenance, accessing customer account by others, waiting time before the issuance of the new card, card damaging, card cloning, shoulder surfing attack, skimming attack, eavesdropping attack, guessing attack. This paper presents the prototype for the card-less electronic Automated Teller Machine without the use of the card. The proposed system uses the face recognizer using the HAAR algorithm. Using the help IoT the unauthorized users could be tracked and if there is any mismatch with the authorized users the mail and SMS could be send to the registered users.

scholarly journals Point of Sale (POS) Network with Embedded Fingerprint Biometric Authentication

2019 ◽  
pp. 95-111 ◽  
Author(s):  
Hussah Adnan Alzame ◽  
Muneerah Alshabanah ◽  
Mutasem K. Alsmadi
Keyword(s):  
Personal Identification ◽  
Security Level ◽  
Biometric Authentication ◽  
Social Security Number ◽  
Point Of Sale ◽  
Automated Teller Machines ◽  
Steady Growth ◽  
Electronic Transactions ◽  
Automated Teller Machine ◽  
Financial Transactions

The steady growth in electronic transactions has promoted the Automated Teller Machine (ATM) thereby making it the main transaction channel for carrying out financial transactions. Conventional method of identification based on possession of ID cards or exclusive knowledge like a social security number or a password are not all together reliable. However, this has also increased the amount of fraudulent activities carried out on Automated Teller Machines (ATMs) thereby calling for efficient security mechanisms and increasing the demand for fast and accurate user identification and authentication in ATMs. In this paper, an embedded fingerprint biometric authentication scheme for Point of Sale (POS) network as additional security option to the ATM card is proposed. A fingerprint biometric technique was fused with personal identification numbers (PIN's) for authentication to upgrade the security level. The proposed idea will solve the problems that may face the customers such as theft, counterfeiting, oblivion or loss the card. Therefore, the customer will be identified once putting his finger on the reader (based on finger scanning) and the system recognizes the customer without requiring keys or cards of support. We have distributed a questioner to 586 responders, the obtained results show the importance of fingerprint biometric authentication for POS network as additional security option to the ATM card.

scholarly journals Gaze Touch Cross PIN: Secure Multimodal Authentication using Gaze and Touch PIN

2019 ◽  
Vol 9 (1) ◽  
pp. 777-781 ◽  
Keyword(s):  
Information Security ◽  
User Authentication ◽  
Personal Identification ◽  
Personal Identification Number ◽  
Public Places ◽  
The Gaze ◽  
Shoulder Surfing ◽  
Basic Goal ◽  
Authentication System ◽  
Reliability And Availability

The basic goal of information security is, to protect the privacy, reliability, and availability of information on devices that manipulate and store the information. To protect this information, the fundamental step is user authentication. The most common method for authentication on devices is the personal identification number (PIN) method, which is vulnerable to shoulder surfing attack. Shoulder surfing attack used by attacker especially in the crowded public places. For shoulder surfing attack prevention several methods had been proposed. This paper proposed a GazeTouchCrossPIN authentication method that overcome the limitations found in the earlier work. we propose a multimodal authentication system that combines between the gaze gesture and touch PIN authentication systems. The results illustrate that the proposed GazeTouchCrossPIN method is more secure hence it decreases the shoulder surfing rate in both side attacks and iterative attacks.

Sign in / Sign up

Export Citation Format

Share Document