Implementation of an adaptive five-factor authentication scheme for online banking services in South Africa.
Moepi, Glen Lehlohonolo
Moepi, Glen Lehlohonolo
Citations
Altmetric:
Abstract
Online banking has rapidly become one of the most popular customer service delivery platforms, but its growing popularity has also attracted cybercriminals. The increasing number of cyberattacks such as malwares (i.e., Carbanak malware, Emotet malware, TrickBot malware, Zeus malware,) social engineering, phishing, man-in-the-middle (MitM) attacks, among many others on online banking platforms has raised concerns about the security of these platforms. Traditional authentication methods, such as passwords and PINs, are no longer sufficient to protect against these sophisticated cyberattacks. This is because these traditional authentication methods are susceptible to social engineering, vulnerable to brute-force and dictionary attacks. In addition, many people reuse passwords and PINs across multiple websites and accounts. This makes it easier for attackers to compromise multiple accounts such as online banking platform if they are able to obtain one password or personal identification number (PIN). As a result, this study developed an adaptive five-factor authentication scheme to reduce these threats. Five mixed modalities of authentication were incorporated in the proposed scheme: The traditional username, password, PIN and one-time PIN (OTP), augmented with fingerprints or facial scans, registered smart devices, and a time locked user's location. One of the scheme's most impressive accomplishments is its capacity to seamlessly detect undesired activities and send alerts in the form of secretly obtained photographs and location triangulation. The study employed the design science methodology to develop and evaluate the proposed MFA scheme. Three different prototypes of the scheme were developed and tested using different development environments. The performance of the prototypes was compared against well-known MFA schemes currently used by South African banks. Datadog and AppDynamics Application Performance Measuring (APM) tools were used to evaluate the effectiveness of the schemes. The proposed MFA scheme achieved an 80% rating for overall security, slightly behind the 90% scores earned by the First National Bank (FNB) and Standard (STDB) schemes. However, the proposed scheme outperformed both FNB and STDB with an average response time of 500milliseconds, significantly faster than 700 and 1000 milliseconds, respectively. The proposed MFA scheme demonstrated the potential for enhancing online banking security by combining traditional authentication methods with biometric and location based authentication. This study endeavours to make a contribution towards improving the security and authentication protocols used in online platforms by developing schemes that can secure future online transactions.
Description
Dissertation submitted in fulfilment of the requirements for the degree Master of Computing Information Technology in the Department of Information Technology
Faculty of Information and Communication Technology at the Tshwane University of Technology.
Date
2023-11-01
Journal Title
Journal ISSN
Volume Title
Publisher
Tshwane University of Technology.
Research Projects
Organizational Units
Journal Issue
Keywords
Attacks., Biometrics., Multi-Factor Authentication (MFA)., Online Banking Services., Security., Vulnerability.