A Multifactor Authentication Model to Mitigate the Phishing Attack of E-Service Systems from Bangladesh Perspective

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 882)


A new multifactor authentication model has been proposed for Bangladesh taking cost-effectiveness in primary concern. We considered two-factor authentications in our previous e-service models which were proven to be insufficient in terms of phishing attack. Users often fail to identify phishing site and provide confidential information unintentionally, resulting in a successful phishing attempt. As a result, phishing can be considered as one of the most serious issues and required to be addressed and mitigated. Three factors were included to form multifactor authentication, namely, user ID, secured image with caption, and one-time password. Through the survey, the proposed multifactor model is proven to be better by 59% points for total users which comprises 55% points for technical users and 64% points for nontechnical users in comparison to traditional two-factor authentication model. Since the results and recommendations from the user were reflected in the model, user satisfaction was achieved.


Phishing attack E-banking E-service Online banking 


  1. 1.
    Mahmud, A., & Sattar, A. (2013). ‘ICTization framework’: A conceptual development model through ICT modernization in Bangladesh, Published. In Advanced Computer Science Applications and Technologies (ACSAT), 2013 International Conference, Malaysia. 23–24 Dec. 2013, 19 June 2014, 978-1-4799-2758-6, Publisher: IEEE.Google Scholar
  2. 2.
    Mahmud, A., & Sattar, A. (2014). Deployment of contextual mobile payment system: A prospective e-service based on ICTization framework from Bangladesh perspective. In Proceedings of the International Conference on Advances in Computer Science and Electronics Engineering—CSEE 2014, Copyright © Institute of Research Engineers and Doctors. All rights reserved. ISBN: 978-1-63248-000-2.Google Scholar
  3. 3.
    Mahmud, A., & Sattar, A. (2016) Deployment of contextual E-healthcare system: A prospective e-service based on context aware conceptual framework and ICTization framework model. In 2016 IEEE 11th Conference, Hefei, China, 5–7 June 201624 October 2016, Electronic ISBN: 978-1-4673-8644-9, 978-1-5090-2605-0, Publisher: IEEE.Google Scholar
  4. 4.
    Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing detection: A literature survey. IEEE Communications Surveys & Tutorials, 15, 2091–2121.CrossRefGoogle Scholar
  5. 5.
    HUANG, H., TAN, J. & LIU, L. (2009). Countermeasure techniques for deceptive phishing attack. In International Conference on, 2009. New Trends in Information and Service Science, NISS’09. IEEE, pp. 636–641.Google Scholar
  6. 6.
    Weider, et al. (2008). A phishing vulnerability analysis of web based Systems. In IEEE Symposium on Computers and Communications. ISCC 2008. 2008. IEEE, 326–331.Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Daffodil International UniversityDhakaBangladesh

Personalised recommendations