Skip to main content
SpringerLink
Log in

Secure Mobile Internet Banking System Using QR Code and Biometric Authentication

  • Conference paper
  • First Online:
Computer Networks, Big Data and IoT

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 117))

Abstract

With the digital technology explosion, Internet banking users increased exponentially due to worldwide accessibility and convenience. The leading challenge of online banking is to ensure security for online transactions and the accounts of customers. Phishing attempts to get user’s login credentials like username and password by disguising themselves as a trusted entity in the banking sector. SIM swap is a new cyber fraud, where the attacker collects the personal data of the bank customer and gets a new SIM card. The attacker can easily steal the user’s login credentials like user name and password using phishing attack and the OTP using the SIM swap fraud attack. This study analyzes the security of the online banking system and proposes a new anomaly-based fraud detection method to overcome phishing and SIM swap fraud attacks. The login attributes like IP address, device, cookie, operating system, and browser are used to generate and update the user’s profile. The primary user profile contains the most recently used login attributes, and the second profile contains the most frequently used login attributes. If the current login attributes match either the primary or secondary user profile, the user can access their account. Otherwise, additional security mechanisms like OTP with QR code or biometric authentication or both are used to identify the suspicious behavior of the user. The proposed method reduces the login burden of the user and provides better security for the online mobile banking system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Liao, Z., Cheung, M.T.: Internet-based e-banking and consumer attitudes: an empirical study. Inf. Manag. 39(4), 283–295 (2002)

    Article  Google Scholar 

  2. Mehra, P.: Controlling attacks and intrusions on internet banking using intrusion detection system in banks. Int. J. Adv. Res. Comput. Commun. Eng. 4(11), 346–348 (2015)

    Google Scholar 

  3. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590 (2006)

    Google Scholar 

  4. The anti-phishing working group. http://www.antiphishing.org/

  5. Jordaan, L., von Solms, B.: A biometrics-based solution to combat sim swap fraud. In: International Workshop on Open Problems in Network Security, pp. 70–87. Springer (2010)

    Google Scholar 

  6. Brindha, G., G.N.: Secure banking using QR code. Int. J. Adv. Res. Comput. Eng. Technol. 3(12), 4302–4306 (2014)

    Google Scholar 

  7. Jain, A.K., Nandakumar, K.: Biometric authentication: system security and user privacy. IEEE Comput. 45(11), 87–92 (2012)

    Article  Google Scholar 

  8. Rid, T., Buchanan, B.: Attributing cyber attacks. J. Strateg. Stud. 38(1–2), 4–37 (2015)

    Article  Google Scholar 

  9. Mail, A., Box, D.: Two factor authentication (2017)

    Google Scholar 

  10. Yeboah-Boateng, E.O., Amanor, P.M.: Phishing, smishing & vishing: an assessment of threats against mobile devices. J. Emerg. Trends Comput. Inf. Sci. 5(4), 297–307 (2014)

    Google Scholar 

  11. Awale, S.M., Gupta, P.G.: Awareness of sim swap attack. Int. J. Trend Sci. Res. Dev. 4, 995–997 (2019)

    Google Scholar 

  12. Sivaganesan, D.: A data driven trust mechanism based on blockchain in Iot sensor networks for detection and mitigation of attacks. J. Trends Comput. Sci. Smart Technol. (TCSST) 3(01), 59–69 (2021)

    Article  Google Scholar 

  13. Tsai, C.L., Chen, C.J., Zhuang, D.J.: Secure OTP and biometric verification scheme for mobile banking. In: 2012 Third FTRA International Conference on Mobile, Ubiquitous, and Intelligent Computing, pp. 138–141. IEEE (2012)

    Google Scholar 

  14. Yildirim, N., Varol, A.: A research on security vulnerabilities in online and mobile banking systems. In: 2019 7th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–5. IEEE (2019)

    Google Scholar 

  15. O’neil, E.J., O’neil, P.E., Weikum, G.: The lru-k page replacement algorithm for database disk buffering. ACM Sigmod Record 22(2), 297–306 (1993)

    Google Scholar 

  16. Park, J.S., Sandhu, R.: Secure cookies on the web. IEEE Internet Comput. 4(4), 36–44 (2000)

    Article  Google Scholar 

  17. Ford, M., Boucadair, M., Durand, A., Levis, P., Roberts, P.: Issues with IP address sharing. IETF Request Comment 6269 (2011)

    Google Scholar 

  18. Kumar, K., Kaur, P., Amritsar, G.: Vulnerability detection of international mobile equipment identity number of smartphone and automated reporting of changed IMEI number. Int. J. Comput. Sci. Mob. Comput. 4(5), 527–533 (2015)

    Google Scholar 

  19. Sharma, L., Mathuria, M.: Mobile banking transaction using fingerprint authentication. In: 2018 2nd International Conference on Inventive Systems and Control (ICISC), pp. 1300–1305. IEEE (2018)

    Google Scholar 

  20. Manoharan, J.S.: A novel user layer cloud security model based on chaotic Arnold transformation using fingerprint biometric traits. J. Innov. Image Process. (JIIP) 3(01), 36–51 (2021)

    Article  Google Scholar 

  21. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 1–58 (2009)

    Article  Google Scholar 

  22. Tatbul, N., Lee, T.J., Zdonik, S., Alam, M., Gottschlich, J.: Precision and recall for time series. arXiv preprint arXiv:1803.03639 (2018)

  23. Davis, J., Goadrich, M.: The relationship between precision-recall and roc curves. In: Proceedings of the 23rd international conference on Machine learning, pp. 233–240 (2006)

    Google Scholar 

  24. Bani-Hani, A., Majdalweieh, M., AlShamsi, A.: Online authentication methods used in banks and attacks against these methods. Procedia Comput. Sci. 151, 1052–1059 (2019)

    Article  Google Scholar 

  25. Sadri, M.J., Asaar, M.R.: An anonymous two-factor authentication protocol for iot-based applications. Comput. Netw. 199, 108460 (2021)

    Article  Google Scholar 

  26. Jacomme, C., Kremer, S.: An extensive formal analysis of multi-factor authentication protocols. ACM Trans. Privacy Secur. (TOPS) 24(2), 1–34 (2021)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Futures Studies, University of Kerala, Thiruvananthapuram, Kerala, India

    S. Ajish

  2. University of Kerala, Thiruvananthapuram, Kerala, India

    K. S. Anil Kumar

Authors
  1. S. Ajish
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. K. S. Anil Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Ajish .

Editor information

Editors and Affiliations

  1. Dean (R&D), CARE College of Engineering, Trichy, India

    A. Pasumpon Pandian

  2. Department of Electrical and Computer Engineering, Ryerson Communications Lab, Toronto, ON, Canada

    Xavier Fernando

  3. Go Perception Laboratory, Cornell University, Ithaca, NY, USA

    Wang Haoxiang

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ajish, S., Anil Kumar, K.S. (2022). Secure Mobile Internet Banking System Using QR Code and Biometric Authentication. In: Pandian, A.P., Fernando, X., Haoxiang, W. (eds) Computer Networks, Big Data and IoT. Lecture Notes on Data Engineering and Communications Technologies, vol 117. Springer, Singapore. https://doi.org/10.1007/978-981-19-0898-9_60

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-0898-9_60

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-0897-2

  • Online ISBN: 978-981-19-0898-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation