Securing ATM Transactions With SMS Alert

Securing Automated Teller Machine (ATM)
Transactions With SMS Alert
LAWAL O. N.*
SOKUNBI M. A.
OJO O.
Adelokun A. P.
ALAKIRI H.
Department of Computer Technology,
Yaba College of Technology, Yaba, Lagos, Nigeria.
@
iSTEAMS Research Nexus 2013
An International Conference on Science, Technology, Engineering,
Education, Arts, Management & the Social Sciences (iSTEAMS)
Date: 30th May 1st June, 2013
Venue: Conference Centre, University of Ibadan, Ibadan, Nigeria
PRESENTATION OUTLINE
ABSTRACT
INTRODUCTION
PROBLEM STATEMENT
CASE STUDY
RELATED WORKS
RESEARCH FRAMEWORK
RESEARCH METHODOLOGY
PROPOSED MODEL
FINDINGS
DISCUSSION
CONCLUSION
RESEARCH IMPLICATIONS
RECOMMENDATIONS
REFERENCES
Securing ATM Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
ABSTRACT
The menace of identity theft and electronic scam
continues to be a problem in Nigeria and globally. It
increases the growing need of regulatory requirements
for the protection of confidential data and especially in
ATM based financial transactions. Existing ATM
authentication systems often use a PIN encoded onto a
chip or magnetic stripe card. The vulnerability is that
access is based only on single factor authentication
(PIN), which is not secure to protect user data in periods
of compromise of PIN or stolen ATM cards. There is a
need for multifactor security protocols. This paper
provides a new security model that can be employed in
ATM system authentication, which encompasses both
financial security and high usability. It uses a novel
approach based on transaction authentication code via
SMS to enforce another security level with the traditional
ENTER
PIN protocol. The system provides a highly
3
INTRODUCTION
An effective authentication system is

necessary
for
compliance
with
requirements to safeguard customer
information, prevent money laundering,
reduce fraud, and prevent identity theft on
ATM transactions.
The aim of this paper is to propose a

model that exhibits how SMS alert can be
brought into the authentication method of
enhancing security in Automated Teller
Machines (ATM) transactions.
PROBLEM STATEMENT
The risk of doing business with some

unauthorized or incorrectly identified
persons
in
an
electronic
banking
system/environment can result in damage
to reputation through fraud, loss of
finance,
disclosure
of
customer
information, corruption etc.
This has been the issue since the advent
of ATM banking in Nigeria. Cases of
customers complaints are constantly on
the increase and this calls for better and
CASE STUDY
RELATED WORKS
Ayannuga and Lawal (2012) observed that most
authentication schemes do not suggest good usability as
they are difficult for the users to memorize and adapt to.
They argued that an important goal of all usable
authentication schemes is to ensure a usable yet secure
system for user authentication.
Obodoeze et al. (2012) identified myriads of security as

well as technical and legal challenges facing the
successful transition from cash-based to cashless
electronic payment system in Nigeria. Their study
revealed why the CBN adopted data security framework,
the PCI DSS, failed to attract wide acceptability and
compliance in Nigerias epayment system. The result of
their findings showed that cost and simplicity of
implementations must be seriously considered, for full
RESEARCH FRAMEWORK
SMS PASSCODE is the leading technology in realtime two-factor authentication using your mobile
device. To protect against the rise in internet based
identity theft hitting both consumers and corporate
employees, SMS PASSCODE offers a stronger
authentication via the mobile phone SMS service
compared
to
traditional
alternatives.
Many
organizations have implemented two-factor security
using legacy dedicated hardware devices such as
tokens to protect systems used for remote log-ins.
This technology is based on a small physical pocket
size device or calculator type form-factor seen in
some home banking solutions that generates a
unique code. When a user logs into a companys
system, the user is sent an extra code via an SMS
8
text message
that can verify that the user is the
RESEARCH METHODOLOGY
We use flowcharts to depict both the
existing procedure in ATM transaction, and
our proposed model.
The existing ATM transaction procedure is
shown in Figure 1 in the next slide.
CURRENT ATM TRANSACTION MODEL
Figure 1: Existing procedure in ATM

Transaction
10
MODEL
Figure 1: Proposed Model to

Authenticate ATM Transaction via SMS
11
FINDINGS
We found that the existing system allows transaction to
proceed once the account PIN is valid, whether the
person conducting the transaction is the authentic owner
or not. This makes it very easy for anyone to use another
person's ATM card and PIN to conduct financial
transaction. The owner of the account will become aware
of the transaction after it is already concluded. This has
led to financial loss.
Conversely, our model allows a transaction to proceed

only after confirming the true ownership of the account.
Even if a customer misplace or lose his/her ATM card, as
long as s(he) has not misplace or lose his/her phone, the
ATM card is useless; because if the person who found the
card could guess the PIN, the person cannot receive the
SMS Securing
PIN, ATM
which
be
sent
the & Alakiri
authentic
12
Transactionwould
With SMS Alert
Lawal,
Sokunbi, to
Ojo, Adelokun
DISCUSSIONS
From Figure 1, the existing model only sends

SMS notification to the customer after the
transaction has been concluded. This implies
that such customers will not even be aware of
the illegal transaction immediately.
From Figure 2, our model sends two SMS
notifications to the Customer: one prior to the
transaction, to confirm/authenticate the true
ownership of the account. The second SMS
alert is sent after the transaction is
concluded. Thus the account is secured from
identity
theft.
13
CONCLUSION
ATMs have proved effective in carrying out financial

transactions outside the banking hall; they have
helped to expand the bank's business and made
mode of payment easy and convenient for
customers. However financial transactions on ATMS
are vulnerable to various types of frauds and attacks
which introduce significant security concerns. As a
result financial organisations must authenticate their
customers and transactions, but must also
implement a multifactor authentication process to
further protect customers from fraud. We proposed a
model to make ATM transaction more secure with
the use of SMS PIN sent to a customer's phone to
double confirm the true ownership of the account,
before the transaction can proceed. This model is
14
Transaction With SMS Alert Lawal, Sokunbi, Ojo, Adelokun & Alakiri
cheapSecuring
andATMconvenient
on the part of the banks and
RESEARCH IMPLICATIONS
The outcome of this research should inform

bank management that securing ATMs and
protecting customers can be done in a cheap
and convenient manner with the use of SMS.
The SMS authentication proposed will reduce
the volume of ATM related customer
complaints received by the banks, and help
them to focus more on providing better
services.
This research will also help to reduce
financial scams done through ATMs; thus
reducing
crime rate in the community and
15
RECOMMENDATION
We recommend that the first SMS is

mandatory and should be free;
because we believe the banks should
be able to bear the cost, especially in
this era of bulk cheap SMS.
16
REFERENCES
1. Ayannuga O. O. and Lawal O. N. (2012 December). Usable
Authentication Schemes: A Critique. IEEE African Journal of
Computing & ICT, Vol. 5(6), pp. 88-94.
2. Brewster Tom (2013 Online). Five Arrested Over 500k American
Express Cyber Theft. TechWeekEurope. May 9th. Retrieved Friday,
10th May, 2013 from http://www.techweekeurope.co.uk/news/fivearrested-pceu-american-express-cyber-crime-115723
3. Felton E., Balfanz D., Dean D., & Wallach D. (2007). Web Spoofing:
An Internet Con Game. In Proc. of the 20th National Information
Systems Security Conference.
4. FFIEC (2001). Authentication in an electronic banking environment.
http://www.ffiec.org/papers.php?id=1247
5. Obodoeze F.C., Okoye F.A., Asogwa S.C., Ozioko F.E., & Mba C.N.
(2012). Enhanced Modified Security Framework for Nigeria Cashless
E-payment System. International Journal of Advanced Computer
Science and Applications (IJACSA), Vol 3 (11), pp. 189-196.
6. SMS PASSCODE (2012). Secure World Business - leading real-time
two-factor
authentication
solution.
Author.
www.smspasscode.com/company
7. Udenta Omoligho (2009). ATM, Oh ATM. The Guardian Life Magazine,
17
26 October.
THANK YOU
18

Securing ATM Transactions With SMS Alert

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Securing ATM Transactions With SMS Alert

Hochgeladen von

Copyright:

Verfügbare Formate

Securing Automated Teller Machine (ATM)

Transactions With SMS Alert

An effective authentication system is

The aim of this paper is to propose a

The risk of doing business with some

Obodoeze et al. (2012) identified myriads of security as

CURRENT ATM TRANSACTION MODEL

Figure 1: Existing procedure in ATM

Figure 1: Proposed Model to

Conversely, our model allows a transaction to proceed

From Figure 1, the existing model only sends

ATMs have proved effective in carrying out financial

The outcome of this research should inform

We recommend that the first SMS is

Das könnte Ihnen auch gefallen