securing atm transactions with sms alert
DESCRIPTION
atmTRANSCRIPT
-
Securing Automated Teller Machine (ATM) Transactions With SMS AlertLAWAL O. N.*SOKUNBI M. A.OJO O.Adelokun A. P.ALAKIRI H.Department of Computer Technology, Yaba College of Technology, Yaba, Lagos, Nigeria.@
iSTEAMS Research Nexus 2013 An International Conference on Science, Technology, Engineering, Education, Arts, Management & the Social Sciences (iSTEAMS)Date: 30th May 1st June, 2013 Venue: Conference Centre, University of Ibadan, Ibadan, Nigeria
-
PRESENTATION OUTLINEABSTRACTINTRODUCTIONPROBLEM STATEMENTCASE STUDYRELATED WORKSRESEARCH FRAMEWORKRESEARCH METHODOLOGYPROPOSED MODELFINDINGSDISCUSSIONCONCLUSIONRESEARCH IMPLICATIONSRECOMMENDATIONSREFERENCES*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
ABSTRACTThe menace of identity theft and electronic scam continues to be a problem in Nigeria and globally. It increases the growing need of regulatory requirements for the protection of confidential data and especially in ATM based financial transactions. Existing ATM authentication systems often use a PIN encoded onto a chip or magnetic stripe card. The vulnerability is that access is based only on single factor authentication (PIN), which is not secure to protect user data in periods of compromise of PIN or stolen ATM cards. There is a need for multifactor security protocols. This paper provides a new security model that can be employed in ATM system authentication, which encompasses both financial security and high usability. It uses a novel approach based on transaction authentication code via SMS to enforce another security level with the traditional ENTER PIN protocol. The system provides a highly secure environment that is simple to use and deployed within limited resources that do not require any change in existing infrastructure or underlying protocol of wireless network.*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
INTRODUCTIONAn effective authentication system is necessary for compliance with requirements to safeguard customer information, prevent money laundering, reduce fraud, and prevent identity theft on ATM transactions.The aim of this paper is to propose a model that exhibits how SMS alert can be brought into the authentication method of enhancing security in Automated Teller Machines (ATM) transactions.*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
PROBLEM STATEMENTThe risk of doing business with some unauthorized or incorrectly identified persons in an electronic banking system/environment can result in damage to reputation through fraud, loss of finance, disclosure of customer information, corruption etc.
This has been the issue since the advent of ATM banking in Nigeria. Cases of customers complaints are constantly on the increase and this calls for better and safer security protocols to be put in place.*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
CASE STUDY*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
RELATED WORKSAyannuga and Lawal (2012) observed that most authentication schemes do not suggest good usability as they are difficult for the users to memorize and adapt to. They argued that an important goal of all usable authentication schemes is to ensure a usable yet secure system for user authentication.Obodoeze et al. (2012) identified myriads of security as well as technical and legal challenges facing the successful transition from cash-based to cashless electronic payment system in Nigeria. Their study revealed why the CBN adopted data security framework, the PCI DSS, failed to attract wide acceptability and compliance in Nigerias epayment system. The result of their findings showed that cost and simplicity of implementations must be seriously considered, for full compliance to any adopted data security framework for any epayment system. *Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
RESEARCH FRAMEWORKSMS PASSCODE is the leading technology in real-time two-factor authentication using your mobile device. To protect against the rise in internet based identity theft hitting both consumers and corporate employees, SMS PASSCODE offers a stronger authentication via the mobile phone SMS service compared to traditional alternatives. Many organizations have implemented two-factor security using legacy dedicated hardware devices such as tokens to protect systems used for remote log-ins. This technology is based on a small physical pocket size device or calculator type form-factor seen in some home banking solutions that generates a unique code. When a user logs into a companys system, the user is sent an extra code via an SMS text message that can verify that the user is the actual person s(he) claims to be (SMS PASSCODE, 2012).*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
RESEARCH METHODOLOGYWe use flowcharts to depict both the existing procedure in ATM transaction, and our proposed model.
The existing ATM transaction procedure is shown in Figure 1 in the next slide.*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
CURRENT ATM TRANSACTION MODEL*Figure 1: Existing procedure in ATM TransactionSecuring ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Start
Customer Slots in ATM Card
Proceed with Transaction
Customer Enters PIN
Send Transaction SMS Alert to Customer
Eject ATM Card
Terminate Transaction
Another Transaction?
Yes
No
PIN Valid?
Yes
No
End
-
PROPOSED ATM TRANSACTION MODEL*Figure 1: Proposed Model to Authenticate ATM Transaction via SMS
Start
Customer Slots in ATM Card
Customer Enters PIN
Proceed with Transaction
Send Transaction SMS Alert to Customer
Eject ATM Card
Terminate Transaction
End
PIN Valid?
Yes
No
Another Transaction?
Yes
No
Send Transaction Confirmation PIN to Customer via SMS Alert
Customer Enters Confirmation PIN
No
Confirmation PIN Valid?
Yes
-
FINDINGSWe found that the existing system allows transaction to proceed once the account PIN is valid, whether the person conducting the transaction is the authentic owner or not. This makes it very easy for anyone to use another person's ATM card and PIN to conduct financial transaction. The owner of the account will become aware of the transaction after it is already concluded. This has led to financial loss.Conversely, our model allows a transaction to proceed only after confirming the true ownership of the account. Even if a customer misplace or lose his/her ATM card, as long as s(he) has not misplace or lose his/her phone, the ATM card is useless; because if the person who found the card could guess the PIN, the person cannot receive the SMS PIN, which would be sent to the authentic customer's phone.*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
DISCUSSIONSFrom Figure 1, the existing model only sends SMS notification to the customer after the transaction has been concluded. This implies that such customers will not even be aware of the illegal transaction immediately.
From Figure 2, our model sends two SMS notifications to the Customer: one prior to the transaction, to confirm/authenticate the true ownership of the account. The second SMS alert is sent after the transaction is concluded. Thus the account is secured from identity theft.*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
CONCLUSIONATMs have proved effective in carrying out financial transactions outside the banking hall; they have helped to expand the bank's business and made mode of payment easy and convenient for customers. However financial transactions on ATMS are vulnerable to various types of frauds and attacks which introduce significant security concerns. As a result financial organisations must authenticate their customers and transactions, but must also implement a multifactor authentication process to further protect customers from fraud. We proposed a model to make ATM transaction more secure with the use of SMS PIN sent to a customer's phone to double confirm the true ownership of the account, before the transaction can proceed. This model is cheap and convenient on the part of the banks and customers.*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
RESEARCH IMPLICATIONS The outcome of this research should inform bank management that securing ATMs and protecting customers can be done in a cheap and convenient manner with the use of SMS. The SMS authentication proposed will reduce the volume of ATM related customer complaints received by the banks, and help them to focus more on providing better services.
This research will also help to reduce financial scams done through ATMs; thus reducing crime rate in the community and the country at large.*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
RECOMMENDATIONWe recommend that the first SMS is mandatory and should be free; because we believe the banks should be able to bear the cost, especially in this era of bulk cheap SMS.*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
REFERENCESAyannuga O. O. and Lawal O. N. (2012 December). Usable Authentication Schemes: A Critique. IEEE African Journal of Computing & ICT, Vol. 5(6), pp. 88-94.Brewster Tom (2013 Online). Five Arrested Over 500k American Express Cyber Theft. TechWeekEurope. May 9th. Retrieved Friday, 10th May, 2013 from http://www.techweekeurope.co.uk/news/five-arrested-pceu-american-express-cyber-crime-115723Felton E., Balfanz D., Dean D., & Wallach D. (2007). Web Spoofing: An Internet Con Game. In Proc. of the 20th National Information Systems Security Conference.FFIEC (2001). Authentication in an electronic banking environment. http://www.ffiec.org/papers.php?id=1247Obodoeze F.C., Okoye F.A., Asogwa S.C., Ozioko F.E., & Mba C.N. (2012). Enhanced Modified Security Framework for Nigeria Cashless E-payment System. International Journal of Advanced Computer Science and Applications (IJACSA), Vol 3 (11), pp. 189-196.SMS PASSCODE (2012). Secure World Business - leading real-time two-factor authentication solution. Author. www.smspasscode.com/companyUdenta Omoligho (2009). ATM, Oh ATM. The Guardian Life Magazine, 26 October.Wikipedia (2013). Lebanese Loop. Author. http://en.wikipedia.org/wiki/Lebanese_loop*Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
-
THANK YOU*
*