2016 Online International Conference on Green Engineering and Technologies (IC-GET)
A Robust and secure authentication mechanism in
online banking
Hridya Venugopal
M Tech Scholar ,CSE
Toc H Institute of Science and Technology
Cochin,India 682313
Email:
[email protected]
Email:
[email protected]
Abstract—Online banking is on the up each day with
a persistent rise in the number of people using this novel
service to carry out their financial transactions. This amplified
interest in the use of online banking has consequently raised
the concerns over the security. This has raised the need to
protect online banking in to guard these transactions as well
as establishing secure mechanisms for information exchange
that prevent fraud and safeguard the personal data. With the
internet now popular among all age groups, online banking has
become a necessity.Security mechanisms are, therefore a must
for the proper functioning of online banking. In addition to
this, all the users are required to manage multiple passwords
and devices. Security which are provided by the extensively
used systems namely knowledge-based security and token-based
security can be easily breached when one reveals his password
and his cards are stolen. In order to overcome this, biometrics
are used. Banks have started using single biometric systems for
financial transactions. In order to provide further security for
online banking transactions, the proposed system introduces
the use of multiple(face and fingerprint) biometrics for online
financial transaction where both are required for authentication
of log-in- process and one biometric is used for transaction
process, thus would help overcome traditional vulnerabilities.
Further, this proposed research further explores the matching
at the feature level, which of course is a under studied problem.
Here in this approach, the feature sets extracted from multiple
data sources would be fused to create a new feature set
to represent the individual. Since the feature set contains
better-off information about the fresh biometric data compared
to the match score level or the final decision, combination
at this level is possible to provide better authentication
results. Initial results indicate that the planned technique can
lead to large improvement in multimodal matching performance.
Index Terms—Unimodal biometrics, multimodal biometrics,
OTP.
I. I NTRODUCTION
A number of aspects, including lesser cost of network
devices, larger Internet and mobile Internet penetration, avail-
ability of devices and increased use of the smartphones have
gone into commercialising online banking around the world.
The circumstance remains that in spite of the advancements
in security technology, vulnerablity still exist. Studies shows
that many phishing and social engineering attacks take place
around the world every month. Though there are many threats
and vulnerabilities, a very strong authentication mechanism
978-1-5090-4556-3/16/$31.00 ©2016 IEEE
N Viswanath
Professor, CSE
Toc H Institute of Science and Technology
Cochin,India 682313
for customers and transactions will address most fraud re-
lated issues. Apart from incorporating strong authentication
mechanism, certain banks limit the number of online banking
operations that a customer can perform each day.
Biometric technology ensures the robust and safe technique
to make Secure authentications of persons. A large portion of
system breaches are caused by authentication failure, either
during the login process or in the transaction process which
exist due to the limitations accompanying the existing authen-
tication methods[7]. Current authentication methods are not
user oriented and are thus an endanger to users security.
In the current world, authentication of online banking users is
done using the following methods:[1]
A. KNOWLEDGE BASED
This method, which is the most popular and common,
asks the users to authenticate by entering their User Id and
password. The bank safeguards the security by ensuring that
the users have a strong password and that are changed at a
frequent intervals which is assigned to be for few days.
B. TOKEN BASED
Token based method is currently used in almost all onine
bank transactions. This method authenticates the users based
on the knowledge based identity and something else that they
have.This is usually done using OTP(One Time Password), or
token devices.
II. RELATED WORKS
A. UNIMODAL BIOMETRICS
The unimodal biometric systems rely on the evidence
of a single source of information for authentication of
person. Though these unimodal biometric systems have
many advantages, it has to face with variety problems like
Noisy data,Intra class variation,Interclass similarities,Non
universality,Spoofing etc[6].
B. TYPES OF MULTIMODAL SYSTEMS
Depending on the traits, sensors and feature sets many
different types of multimodal systems are there.These
include:[2]
 2016 Online International Conference on Green Engineering and Technologies (IC-GET)
1) Single biometric trait, multiple sensors: Multiple
sensors are used to record the same biometric characteristic.
The raw data taken from different sensors can then be
combined at the feature level or matcher score level to
improve the performance of the system.
2) Multiple biometrics: Multiple biometric traits such as
fingerprints and face can be combined.Different sensors are
used for each biometric characteristic. The interdependency
of the traits ensures a significant improvement in the
performance of the system.
3) Multiple units, single biometric traits: Two or more
fingers of a single user can be used as a biometric trait. It
is inexpensive way of improving system performance, as it
doesnt require multiple sensors or incorporating additional
feature extraction or matching modules. Iris can also be
included in this category.
4) Multiple snapshots of single biometric: In this more
than one instance of the same biometric is used for the
recognition. For e.g. multiple impressions of the same finger
or multiple samples of the voice.
5) Multiple matching algorithms for the same biometric:
In it different methods can be applied to feature extraction
and matching of the biometric characteristic.
C. FUSION LEVELS IN MULTIMODAL BIOMETRICS
There are three fusion levels in multimodal biometrics:
feature level fusion, matching score level fusion and decision
level fusion respectively. The three levels of fusion are
described as follows:[3]
1) FEATURE LEVEL FUSION: In the feature level
fusion, features from different biometric traits are initially
processed and the feature vectors are obtained are extracted
and combined to form a composite feature vector. This is
then combined to form a feature vector that is used for
classification.
2) MATCHING SCORE LEVEL FUSION: In matching
score level fusion, individual matching score is found based
on various biometric traits and these matching scores are
gathered to make the classification.
3) DECISION LEVEL FUSION: In decision level fusion,
each biometric traits are captured and features are extracted
from the captured traits.The final decision of accept or reject
based on the combination of the outcomes from different
biometric modalities.
D. MATCHING ALGORITHMS
Based on the pattern of the matching algorithm, the
matching speed can vary. In a biometric recognition system,
the individuality corresponding to the probe is clasically
determined by matching it against the templates of all
individualities in the gallery.[5]
E. FINGERPRINT MATCHING TECHNIQUES
For accurate personal identification,considering all the cur-
rently used biometric techniques, fingerprint authentication
system is the widely used and appropriate.The existing popular
fingerprint matching techniques can be broadly classified into
three categories depending on the types of features used:[4]
1) Minutiae-based:
2) Correlation-based:
3) Euclidean distance-based:
III. P ROPOSED S YSTEM D ESIGN
In the proposed system, the online banking system
ensures robust and secure authentication mechanism by using
the multimodal biometrics.Multimodal system including
Fingerprint and face are used for the login process. As theft
can occur at any point of transaction process, fingerprint
authentication is again done during transaction process.
Efficient encryption and decryption methods are used for
providing the security of data transmitted and storing the data
in the database. Thus the proposed system ensures improved
security in online banking by using the multimodal biometric
system.
Figure 1. High level design
Figure 1 describes the overall scenario in the proposed
system.The planned system consists of a client system which is
the user doing the online transaction. The bank server encloses
the database with which the details has to be compared. The
user can login with the user id , and recognising self with
fingerprint and face . These details are compared with the
database in the server. Once the login is successful, the user
can make the necessary transaction by authenticating with the
fingerprint once again. The details are again compared with
the server.
The proposed system uses a multimodal biometric system.It
consists of two main modules namely,
A. Enrolment module
Here, the user has to register at the bank with the necessary
details . This includes the biometric traits as well as other
 2016 Online International Conference on Green Engineering and Technologies (IC-GET)

information needed for the authentication.

B. Authentication module
Here, the user has to authenticate him/herself using the
multi biometric traits used for the login process and unimodal
biometric , used for transaction process.The Authentication
module consist of two main processes.
1) Login Process: Here, the user has to login using the
user id followed by the recognition of face and fingerprint
for authentication .Once the user login to the system the user
can only view the account details.

2) Transaction Process: Here, the user has to again

authenticate him/her self using the fingerprint authentication.
Only when the user authenticate with the fingerprint details,
the transaction can be done.
Figure 3. Server side
The authentication mechanism includes the processes at
both the client and server side. The client side process include
capturing the finger and face image ,followed by feature various spoofing attacks that can occur while using unimodal
extraction and fusion of the feature extracted,encrypting the biometrics. Thus multimodal biometrics ensures an efficient
Euclidean distance calculated and sending it to the server.This method for authentication in online transaction.Certain threats
is depicted in Figure 2. including hacking, phishing etc can also be dispensed when
using multimodal biometrics.

Figure 2. Client side
Figure 3 illustrates the server side process. The server
side process include, decrypting the encrypted data, and
comparing the stored data in the database.
R EFERENCES
[1] Available “http://www.edgeverve.com/finacle/resources/thought-
papers/Documents/what-the-future-online-banking.pdf
[2] Sheena S, Sheena Mathew,“ A STUDY OF MULTIMODAL BIOMETRIC
SYSTEM”, IJRET: International Journal of Research in Engineering and
Technology eISSN: 2319-1163 — pISSN: 2321-7308
[3] S.R.Soruba Sree , Dr. N.Radha,”A Survey on Fusion Techniques for
Multimodal Biomet- ric Identification, International Journal of Innovative
Research in Computer and Com- munication Engineering, Vol. 2, Issue
12, December 2014.
[4] Mary Lourde R, and Dushyant Khosla, ”Fingerprint Identification in
Biometric Security Systems”, International Journal of Computer and
Electrical Engineering, Vol. 2, No. 5, October, 2010 1793-8163
[5] K.Saranya,K.Baskar,”Multibiometric Secure Index Value Code Genera-
tion for Authentication and Retrieval”,Iternational Journal for Scientific
Research & Development— Vol. 1, Issue 5, 2013 — ISSN (online): 2321-
0613
[6] Available “http://www.airccse.org
[7] Sui, Yan, Xukai Zou, Eliza Y. Du, and Feng Li,”Design and Analysis
of a Highly User-Friendly, Secure,Privacy-Preserving, and Revocable
Authentication Method”,IEEE Transactions on Computers, 2014.
[8] Ghayoumi, Mehdi,””A review of multimodal biometric systems: Fusion
methods and their applications”,2015 IEEE/ACIS 14th International
Conference on Computer and Information Science (ICIS), 2015.

IV. C ONCLUSION
Today, the authentication mechanism in online banking
include two factor authentication which is the token based
authentication mechanism.This needs an external device to
dynamically authenticate the user. However, the chances to the
device being misplaced or loss can cause a compromise to the
bank account transactiona. There are many vulnerabilities still
concerning this area. So a robust and secure authentication
mechanism to be used in online banking is essential. This
can be achieved by using multimodal biometrics. There are