Abstract
With the digital technology explosion, Internet banking users increased exponentially due to worldwide accessibility and convenience. The leading challenge of online banking is to ensure security for online transactions and the accounts of customers. Phishing attempts to get user’s login credentials like username and password by disguising themselves as a trusted entity in the banking sector. SIM swap is a new cyber fraud, where the attacker collects the personal data of the bank customer and gets a new SIM card. The attacker can easily steal the user’s login credentials like user name and password using phishing attack and the OTP using the SIM swap fraud attack. This study analyzes the security of the online banking system and proposes a new anomaly-based fraud detection method to overcome phishing and SIM swap fraud attacks. The login attributes like IP address, device, cookie, operating system, and browser are used to generate and update the user’s profile. The primary user profile contains the most recently used login attributes, and the second profile contains the most frequently used login attributes. If the current login attributes match either the primary or secondary user profile, the user can access their account. Otherwise, additional security mechanisms like OTP with QR code or biometric authentication or both are used to identify the suspicious behavior of the user. The proposed method reduces the login burden of the user and provides better security for the online mobile banking system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Liao, Z., Cheung, M.T.: Internet-based e-banking and consumer attitudes: an empirical study. Inf. Manag. 39(4), 283–295 (2002)
Mehra, P.: Controlling attacks and intrusions on internet banking using intrusion detection system in banks. Int. J. Adv. Res. Comput. Commun. Eng. 4(11), 346–348 (2015)
Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590 (2006)
The anti-phishing working group. http://www.antiphishing.org/
Jordaan, L., von Solms, B.: A biometrics-based solution to combat sim swap fraud. In: International Workshop on Open Problems in Network Security, pp. 70–87. Springer (2010)
Brindha, G., G.N.: Secure banking using QR code. Int. J. Adv. Res. Comput. Eng. Technol. 3(12), 4302–4306 (2014)
Jain, A.K., Nandakumar, K.: Biometric authentication: system security and user privacy. IEEE Comput. 45(11), 87–92 (2012)
Rid, T., Buchanan, B.: Attributing cyber attacks. J. Strateg. Stud. 38(1–2), 4–37 (2015)
Mail, A., Box, D.: Two factor authentication (2017)
Yeboah-Boateng, E.O., Amanor, P.M.: Phishing, smishing & vishing: an assessment of threats against mobile devices. J. Emerg. Trends Comput. Inf. Sci. 5(4), 297–307 (2014)
Awale, S.M., Gupta, P.G.: Awareness of sim swap attack. Int. J. Trend Sci. Res. Dev. 4, 995–997 (2019)
Sivaganesan, D.: A data driven trust mechanism based on blockchain in Iot sensor networks for detection and mitigation of attacks. J. Trends Comput. Sci. Smart Technol. (TCSST) 3(01), 59–69 (2021)
Tsai, C.L., Chen, C.J., Zhuang, D.J.: Secure OTP and biometric verification scheme for mobile banking. In: 2012 Third FTRA International Conference on Mobile, Ubiquitous, and Intelligent Computing, pp. 138–141. IEEE (2012)
Yildirim, N., Varol, A.: A research on security vulnerabilities in online and mobile banking systems. In: 2019 7th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–5. IEEE (2019)
O’neil, E.J., O’neil, P.E., Weikum, G.: The lru-k page replacement algorithm for database disk buffering. ACM Sigmod Record 22(2), 297–306 (1993)
Park, J.S., Sandhu, R.: Secure cookies on the web. IEEE Internet Comput. 4(4), 36–44 (2000)
Ford, M., Boucadair, M., Durand, A., Levis, P., Roberts, P.: Issues with IP address sharing. IETF Request Comment 6269 (2011)
Kumar, K., Kaur, P., Amritsar, G.: Vulnerability detection of international mobile equipment identity number of smartphone and automated reporting of changed IMEI number. Int. J. Comput. Sci. Mob. Comput. 4(5), 527–533 (2015)
Sharma, L., Mathuria, M.: Mobile banking transaction using fingerprint authentication. In: 2018 2nd International Conference on Inventive Systems and Control (ICISC), pp. 1300–1305. IEEE (2018)
Manoharan, J.S.: A novel user layer cloud security model based on chaotic Arnold transformation using fingerprint biometric traits. J. Innov. Image Process. (JIIP) 3(01), 36–51 (2021)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 1–58 (2009)
Tatbul, N., Lee, T.J., Zdonik, S., Alam, M., Gottschlich, J.: Precision and recall for time series. arXiv preprint arXiv:1803.03639 (2018)
Davis, J., Goadrich, M.: The relationship between precision-recall and roc curves. In: Proceedings of the 23rd international conference on Machine learning, pp. 233–240 (2006)
Bani-Hani, A., Majdalweieh, M., AlShamsi, A.: Online authentication methods used in banks and attacks against these methods. Procedia Comput. Sci. 151, 1052–1059 (2019)
Sadri, M.J., Asaar, M.R.: An anonymous two-factor authentication protocol for iot-based applications. Comput. Netw. 199, 108460 (2021)
Jacomme, C., Kremer, S.: An extensive formal analysis of multi-factor authentication protocols. ACM Trans. Privacy Secur. (TOPS) 24(2), 1–34 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ajish, S., Anil Kumar, K.S. (2022). Secure Mobile Internet Banking System Using QR Code and Biometric Authentication. In: Pandian, A.P., Fernando, X., Haoxiang, W. (eds) Computer Networks, Big Data and IoT. Lecture Notes on Data Engineering and Communications Technologies, vol 117. Springer, Singapore. https://doi.org/10.1007/978-981-19-0898-9_60
Download citation
DOI: https://doi.org/10.1007/978-981-19-0898-9_60
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-0897-2
Online ISBN: 978-981-19-0898-9
eBook Packages: EngineeringEngineering (R0)