ABSTRACT
The demand of Automated Teller Machine (ATM) is exponentially increase from 2003 to 2018 which makes the ATM as important component in modern banking. The easiness and flexibility to have a transaction at any time without the need to stand in a long queue and dealing with administration make ATM is preferable by a lot of bank customers. However, it is also a big attraction point for criminals and fraudsters. Skimming is one of the threat of ATM service which will allow fraudster to create a clone card through duplication and combination of eavesdropping techniques such as shoulder surfing or installation of miniature video camera, utilization of counterfeit hardware proximity, etc. Therefore, an enhanced method of authentication shall be implemented to maintain the security of ATM service. In this work, we are proposing a new mechanism of ATM authentication which will enhance its security through the use of Soft Two-Factor Authenticator. The analysis of our proposed mechanism is done using NIST SP800-63B to ensure its security against possible techniques for skimming. Henceforth, it provides an additional security against skimming.
- Salem S.M.K., and Kamarudin S., "The Formal Design Model of an Automatic Teller Machine (ATM)". Lecture Notes on Information Theory Vol. 1, No. 1, March 2013.Google Scholar
- Yingxu W., Yanan Z., Philip C.Y.S., Xuhui L., Hong G., "The Formal Design Model of an Automatic Teller Machine (ATM)". International Journal of Software Science and Computational Intelligence, 2(1), 102-131, 2010.Google ScholarDigital Library
- C. Robat, "ATM" Thocp. Online URL: http://www.thocp.net/hardware/atm.htm Accessed on January 14th, 2020.Google Scholar
- International Monetary Fund, "Automated Telelr Machines (ATMs) (per 100,000 adults)" The World Bank. Online URL: https://data.worldbank.org/indicator/FB.ATM.TOTL.P5?end=2018&start=2010&view=chart Accessed on Januay 14, 2020.Google Scholar
- Aijaz A. S. and Syed M.M.S, "Auto Tller Machine (ATM) Fraud - case Study of a Commercial Bank in Pakistan" International Journal of Business and management, Vol. &, No. 22, 2012.Google Scholar
- Krishna V., "ATM Industry Trends" Infosys White Paper. Bangaluru: Infosys, 2019.Google Scholar
- Shweta S. and Shirendra P., "A Safeguard Against ATM Fraud" 2016 IEEE 6th International Conference on Advanced Computing, 2016.Google Scholar
- UK Finance, "The definitive overview of payment industry fraud" Fraud The Facts 2019. Online URL: https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202019%20-%20FINAL%20ONLINE.pdf Accessed on January 14th, 2020.Google Scholar
- Tina O., "ATM Attacks & Fraud Up, Survey Reports" Credit Union Times. Online Url: https://www.cutimes.com/2019/09/09/atm-attacks-fraud-up-survey-reports/?slreturn=20200013221331 Accessed on January 14th, 2020.Google Scholar
- G. R. Jebaline and S. Gomathi, "A Novel method to Enhance the Security of ATM using Biometrics" 2015 International Conference on Circuit, Power and Computing Technologies (ICCPCT), 2015.Google Scholar
- Shubhra J., 'ATM Frauds - Detection & Prevention" Internation Journal of Advances in Electronic and Computer Sciences, 2017.Google Scholar
- ABC13, "Pasadena police find skimming devices at ATMs, fuel pumps". Online URL: https://abc13.com/1408701/ Accessed on January 14th, 2020.Google Scholar
- US Army Cyber Command, "Should Surfing" Cybersecurity Fact Sheet. Online URL: https://www.arcyber.army.mil/Info/Fact-Sheets/Fact-Sheet-View-Page/Article/1440819/cybersecurity-fact-sheet-shoulder-surfing/ Accessed on January 19th, 2020.Google Scholar
- Hayley R., "Stole In The Wall: What should you look out for at an ATM and how can you tell if one has been tampered with" The Sun. Online URL: https://www.thesun.co.uk/money/3875481/atm-scams-money-criminal-tamper-card-machine-steal/ Accessed on January 14th, 2020.Google Scholar
- CAPEC, "Eavesdropping" Common Attack Pattern Enumeration and Classification. Online URL: https://capec.mitre.org/data/definitions/651.html Accessed on January 19th, 2020.Google Scholar
- CAPEC, "Interception" Common Attack Pattern Enumeration and Classification. Online URL: https://capec.mitre.org/data/definitions/117.html Accessed on January 19th, 2020.Google Scholar
- Elaine B. and John K., "Recommendation for Random Number Generation Using Deterministic Random Bit Generators" NIST Special Publication 800-90A. Computer Security Division, Information Technology Laboratory, 2015.Google Scholar
- J. Schiller and S. Crocker, "Randomness Requirements for Security" Request for Comments 4086. Online URL: https://tools.ietf.org/html/rfc4086#section-7.2.1 Accessed on January 19th, 2020.Google Scholar
- Paul A.G., Michael E.G., and James L. F., "Digital Identity Guidelines" NIST Special Publication 800-63-3, 2017.Google Scholar
- Paul A.G. et al.,"Digital Identity Guidelines: Enrollment and Identity Proofing" NIST Special Publication 800-63A, 2017.Google Scholar
Index Terms
- Enhanced Authentication Mechanism for Automated Teller Machine (ATM) through Implementation of Soft Two-Factor Authentication
Recommendations
Enhanced bitcoin with two-factor authentication
Bitcoin transactions rely on digital signatures to prove the ownership of bitcoin. The private signing key of the bitcoin owner is the key component to enable a bitcoin transaction. If the signing key of a bitcoin is stolen, the thief who possesses the ...
Design of a lightweight two-factor authentication scheme with smart card revocation
Smart card based authentication schemes present user-friendly and secure communication mechanism over insure public channel. Recently, Li et al. designed an authentication scheme with pre-smart card authentication to present efficient login phase and ...
An Enhanced Anonymous Two-factor Mutual Authentication with Key-agreement Scheme for Session Initiation Protocol
SIN '16: Proceedings of the 9th International Conference on Security of Information and NetworksA two-factor authenticated key-agreement scheme for session initiation protocol emerged as a best remedy to overcome the ascribed limitations of the password-based authentication scheme. Recently, Lu et al. proposed an anonymous two-factor authenticated ...
Comments