Design of An Online Banking Authentication System, Implementing Mobile-OTP With QR-Code
Design of An Online Banking Authentication System, Implementing Mobile-OTP With QR-Code
ISSN No:-2456-2165
3 4
Oden P. J. Onwuasoanya U. K
University of Nigeria Rhema University
Nsukka, Enugu State Aba, Abia State
Abstract:- Financial institutions will keep working to but you can access your account at any time with a
make it possible for clients to move money, pay bills, and mobile device or computer.
access critical information online. The internet banking
landscape has changed substantially in recent years. Online banking is one of the most daunting tasks the
Online banking has been targeted by thieves and average Internet user performs. Most traditional banks
cybercriminals looking to steal client data during this now offer "secure" online banking. Banks offer the
time. Fraudsters today frequently employ well-known apparent "100% Online Security Guarantee," but in small
attacks like phishing and pharming to get client data and print and usually with the condition that the user meets
gain access to online banking accounts. As a result, certain security requirements.
financial institutions are now quite concerned about the
authentication of customers using online banking In the first quarter of 2009, the number of users of
services. This study unequivocally shows that internet the National Banking System steadily increased: the
banking requires stronger authentication. It discusses average number of daily transactions exceeded 26.41
the key security issues, criminal behavior, and million and the number of transactions exceeded 26.9
development of robust authentication that are driving. trillion won. However, banks have been reluctant to
reimburse users who have been victims of online frauds
I. INTRODUCTION such as phishing and pharming; the first hacking incident
in Korea in 2005 prompted the FSS (Korea Financial
With traditional signature mechanisms, the user who Supervisory Service) to announce comprehensive
signs the document has complete control over how it is measures. One of the most notable measures taken by
signed. With electronic signatures, however, the user is financial institutions is the use of one-time passwords
always dependent on an untrustworthy client. Despite the (OTPs) as a method of user verification and the
fact that secure revolving payments are employed, the user establishment of a common OTP verification center.
is usually unable to claim that the knowledge displayed on
the screen truly matches the knowledge signed by the Currently, online financial transactions use security
revolving payment. This shortcoming is common to any cards and public key certificates as a method of user
type of electronic transaction that requires some type of verification, but recently one-time passwords have been
signature by the user. Examples include online banking and introduced. A one-time password is a password that can
electronic signatures of contracts. The most significant only be used once, requiring the user to authenticate with
drawback is that data on the client can be carelessly altered a new password key each time. This ensures security
by malicious code. As a countermeasure, financial even if a hacker exploits the password on the network or
institutions are focusing on One Time Password (OTP) and the user loses the password. OTPs are also anonymous,
have introduced OTP co-confirmation canters as one of the portable, and scalable, preventing information leakage.
user confirmation measures; OTP is anonymous, immutable, Types of devices used to generate OTPs include smart
and scalable, and can prevent knowledge leakage. cards, USB keys, and fingerprint authentication. Our
online banking authentication system uses "mobile OTP,"
A. Background of Study one of the OTP-generating devices that offer the same
Online banking gives you complete control over security as existing OTPs, but with the convenience of
your bank account using a computer or mobile device mobile functionality and semi-permanent use. This not
connected to the Internet. This operation includes only reduces deployment costs but also facilitates the
transferring funds, depositing checks, and paying bills download of deployment disciples in the case of financial
electronically. Traditional banks with branches generally deployments. In addition, users do not need to pay any
allow you to access your account via the Internet. additional fees, except for the initial download cost.
However, online banks and access providers primarily
offer mobile access. You never see a banker in person,
Studies comparing these citations explain the superiority of encoding, but QR-code is more common in Asia and
especially popular in Japan.
Each QR Code symbol consists of an encoding area For camera phones and PDAs that do not have a QR
and a functional pattern as shown in Figure 2. Functional code reader, additional tools are available to decode the
patterns include registration patterns, separation patterns, QR code by simply placing the device in front of the QR
synchronization patterns, and alignment patterns. Search code. This operation is done automatically in the stream,
patterns located at the three edges of the symbol are and the user does not need to take a picture of the QR
intended to make it easy to identify the position, size, and code. Good examples of free tools using this technique
tilt of the symbol. are the Quick-Mark reader and the 1-nigma reader, which
are available for a wide range of models and devices.
QR Code is a matrix code that was developed and Quick-mark offers an additional feature to QR codes,
published with the main goal of being a symbol that can allowing partial or total encryption of the code. This
be easily interpreted by a scanner. While conventional option encodes binary data (e.g., images) in the form of
barcodes contain data in only one direction (usually QR Code strings that can be scanned by the user to
vertical), QR codes contain information in both vertical recover the original content.
and horizontal directions. Compared to 1D barcodes, QR
codes contain 7,089 numeric characters, 4,296 This option encodes binary data (e.g., images) in the
alphanumeric characters, 2,953 binary (8-bit) bytes, and form of a string of QR codes that can be scanned by the
1,817 kanji and kana The QR Code can hold a very large user to recover the original content. If the end user only
amount of information: 7,089 numeric characters, 4,296 needs to scan the code and view the resulting message,
alphanumeric characters, 2,953 binary (8-bit) bytes, and the above software is sufficient. However, for developers
1,817 kanji and kana characters. Furthermore, QR Code who need to manage QR codes, several SDKs (Software
has an error correction function. Even if a large portion of Development Kits) have been released and some are
the code is distorted or damaged, the data can be already commercially available. For example, the
recovered. Microsoft Windows Live Barcode project, OpenNetCF,
QRCode Library for .NET Compact Framework, and
Items are labeled and estimated according to the QR Google ZXing (Zebra Crossing) project will be available
Code standard so that the internal code may be read. Five soon. Twit88 offers open source projects related to QR
steps are involved in barcode recognition: (1) edge codes.
detection, (2) shape detection, (3) identification of the
control bar, (4) use of the control bar to determine the
barcode's orientation, size, and bit density, and (5)
calculation of the barcode's value.
E. Software Testing
Software testing was conducted at each stage of development to ensure that the software was bug-free. After implementation,
the software was evaluated by a number of users to obtain feedback for improvement. The software was also tested on localhost
using Xampp, which acts as a local server that renders the web application in conjunction with the MySQL database. The software
showed no signs of bugs.
Below are screenshots of the web application, from the home page to the registration, to the user interface of the client
module, to the administration module.
Fig 8 The Login, Registration and Reset Password Page of the Online Banking Authentication System
Fig 11 The Edit Profile and Enable Authentication page of the Online Banking Authentication System
VI. DISCUSSION OF RESULTS legitimate user and block the use of malicious users. In
addition, the time value used to generate the OTP code
This section provides an overview of the outcomes of cannot be arbitrarily changed since the transfer time
the project. requested by the user is used.
To use the software application, the user must follow [1]. Gefen, Pearson & Straub, 2003. An Exploratory Study
these instructions into the Adoption of Internet Banking in a Developing
Register with the web application and access the user Country: Malaysia, Journal of Internet Commerce,
dashboard interface May 2008, vol. 16, no.3-13
Upon successful registration, proceed to the Profile page. [2]. FU Onu, PU Osisikankwu, CE Madubuike, G James,
On the Profile page, enable authentication. Impacts of Object Oriented Programming on Web
Once authentication is enabled, scan the QR code with Application Development. International Journal of
Google authenticator and save the recovery code in a Computer Applications Technology and Research
safe place. Volume 4– Issue 9, 706 - 710, 2015, ISSN: 2319–
8656.
VII. CONCLUSION [3]. Muniruddeen L., An Examination of Individual’s
Perceived Security and Privacy of the Internet in
In this paper, we have designed an online banking Malaysia and the Influence of This on Their Intention
authentication system that protects the online banking to Use E-Commerce: Using An Extension of the
login process via a web application. This system reduces Technology Acceptance Model, Journal of Internet
unauthorized access to a user's account. The ultimate goal Banking and Commerce, December 2007, vol. 12, no.3
of developing this system is to improve the security of http://www.arraydev.com/commerce/jibc/
online banking, and this approach will undoubtedly have [4]. Sarel, D., & Marmorstein, H. (2003). Marketing
a positive impact on the security of users' accounts and Online Banking Services: The Voice of the Customer.
increase their trust in banks. Journal of Financial Services Marketing, 8, 106-118.
[5]. James, Gabriel Gregory, Okpako Abugor Ejaita &
Although the use of electronic banking services is Inam, I. A. Development of Water Billing System: A
gradually increasing in daily life, existing online banking Case Study of Akwa Ibom State Water Company
services require the use of the respective bank's security Limited, Eket Branch. The International Journal of
card, which is not compatible with the modern mobile Science & Technoledge. Vol 4 Issue 7 July, 2016
environment where one never knows when and where (ISSN 2321 – 919X), www.theijst.com.
online banking services will be used In the event of an [6]. Gregory Gabriel James, Abugor Ejaita Okpako, C.
emergency, the security card must be used to access Ituma, J.E. Asuquo. Development of Hybrid Intelligent
online banking services. In an emergency, online banking based Information Retreival Technique. International
cannot be used without a security card. To eliminate the Journal of Computer Applications (0975 – 8887)
discomfort of security cards, an online banking Volume 184– No.34, October 2022.
authentication system using 2D barcodes instead of
security cards has been proposed.
RECOMMENDATIONS