0% found this document useful (0 votes)
122 views15 pages

Design of An Online Banking Authentication System, Implementing Mobile-OTP With QR-Code

Financial institutions will keep working to make it possible for clients to move money, pay bills, and access critical information online. The internet banking landscape has changed substantially in recent years. Online banking has been targeted by thieves and cybercriminals looking to steal client data during this time. Fraudsters today frequently employ well-known attacks like phishing and pharming to get client data and gain access to online banking accounts.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
122 views15 pages

Design of An Online Banking Authentication System, Implementing Mobile-OTP With QR-Code

Financial institutions will keep working to make it possible for clients to move money, pay bills, and access critical information online. The internet banking landscape has changed substantially in recent years. Online banking has been targeted by thieves and cybercriminals looking to steal client data during this time. Fraudsters today frequently employ well-known attacks like phishing and pharming to get client data and gain access to online banking accounts.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology

ISSN No:-2456-2165

Design of an Online Banking Authentication System,


Implementing Mobile-OTP with QR-Code
1 2
Chukwu, E. G Nwazuo E. K.
Federal University of Technology Rhema University
Ikot-Abasi, Akwa-Ibom State Aba, Abia State

3 4
Oden P. J. Onwuasoanya U. K
University of Nigeria Rhema University
Nsukka, Enugu State Aba, Abia State

Abstract:- Financial institutions will keep working to but you can access your account at any time with a
make it possible for clients to move money, pay bills, and mobile device or computer.
access critical information online. The internet banking
landscape has changed substantially in recent years. Online banking is one of the most daunting tasks the
Online banking has been targeted by thieves and average Internet user performs. Most traditional banks
cybercriminals looking to steal client data during this now offer "secure" online banking. Banks offer the
time. Fraudsters today frequently employ well-known apparent "100% Online Security Guarantee," but in small
attacks like phishing and pharming to get client data and print and usually with the condition that the user meets
gain access to online banking accounts. As a result, certain security requirements.
financial institutions are now quite concerned about the
authentication of customers using online banking In the first quarter of 2009, the number of users of
services. This study unequivocally shows that internet the National Banking System steadily increased: the
banking requires stronger authentication. It discusses average number of daily transactions exceeded 26.41
the key security issues, criminal behavior, and million and the number of transactions exceeded 26.9
development of robust authentication that are driving. trillion won. However, banks have been reluctant to
reimburse users who have been victims of online frauds
I. INTRODUCTION such as phishing and pharming; the first hacking incident
in Korea in 2005 prompted the FSS (Korea Financial
With traditional signature mechanisms, the user who Supervisory Service) to announce comprehensive
signs the document has complete control over how it is measures. One of the most notable measures taken by
signed. With electronic signatures, however, the user is financial institutions is the use of one-time passwords
always dependent on an untrustworthy client. Despite the (OTPs) as a method of user verification and the
fact that secure revolving payments are employed, the user establishment of a common OTP verification center.
is usually unable to claim that the knowledge displayed on
the screen truly matches the knowledge signed by the Currently, online financial transactions use security
revolving payment. This shortcoming is common to any cards and public key certificates as a method of user
type of electronic transaction that requires some type of verification, but recently one-time passwords have been
signature by the user. Examples include online banking and introduced. A one-time password is a password that can
electronic signatures of contracts. The most significant only be used once, requiring the user to authenticate with
drawback is that data on the client can be carelessly altered a new password key each time. This ensures security
by malicious code. As a countermeasure, financial even if a hacker exploits the password on the network or
institutions are focusing on One Time Password (OTP) and the user loses the password. OTPs are also anonymous,
have introduced OTP co-confirmation canters as one of the portable, and scalable, preventing information leakage.
user confirmation measures; OTP is anonymous, immutable, Types of devices used to generate OTPs include smart
and scalable, and can prevent knowledge leakage. cards, USB keys, and fingerprint authentication. Our
online banking authentication system uses "mobile OTP,"
A. Background of Study one of the OTP-generating devices that offer the same
Online banking gives you complete control over security as existing OTPs, but with the convenience of
your bank account using a computer or mobile device mobile functionality and semi-permanent use. This not
connected to the Internet. This operation includes only reduces deployment costs but also facilitates the
transferring funds, depositing checks, and paying bills download of deployment disciples in the case of financial
electronically. Traditional banks with branches generally deployments. In addition, users do not need to pay any
allow you to access your account via the Internet. additional fees, except for the initial download cost.
However, online banks and access providers primarily
offer mobile access. You never see a banker in person,

IJISRT23JUL179 www.ijisrt.com 3124


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
On the other hand, the use of electronic banking is Importance of this research
gradually increasing in daily life. Currently, online
banking requires the use of a security card from the  The objective of this research is to develop a system that
respective bank. However, current security card-based can manage user authentication and ensure proper
services are not suited to the modern mobile environment security when connecting to an online bank
because it is impossible to know when and where online  This research is important for both the bank and the
banking transactions will take place. In an emergency, it customer because it reduces the risk of unauthorized
is impossible to perform online banking without a access to the customer's bank account
security card. To overcome these weaknesses and  It would be important for students, especially computer
shortcomings of security cards, we proposed an science students, as a reference for designing their
authentication system that uses two-dimensional barcodes projects
(2D barcodes) instead of security cards. Barcodes are a  Professors who teach systems analysis and design can
fast, easy, accurate, and automatic data collection also use it as a guide when teaching their students
method. Barcodes can track products efficiently and  Presenters of workshops and conference papers could
accurately at speeds not possible with manual data entry. benefit, especially those who present or have presented
work related to the design and implementation of
This paper proposes an authentication system for authentication systems.
online banking that can provide higher security and
convenience by using mobile OTP with QR codes, one of D. Scope of the Study
the 2D barcodes used in current international and national This study focuses on the design and implementation
standards. The bank generates a QR code from the login of an online banking authentication system using Mobile-
information entered by the user, and the user uses his/her OTP with QR-Code.
cell phone to read or scan the barcode. The cell phone
then generates an OTP code from the login information This system will not be developed to integrate all the
and the user's hashed password. The user then enters the features of online banking but will focus only on the
generated OTP code to complete the login process. features mentioned above. This system will not be
responsible for any data loss in case its environment
To achieve the above objectives we have introduced (network/installed system) is destroyed.
OTP (One Time Password) and QR code (2D barcode).
We have described our new scheme and an analysis of II. REVIEW OF RELATED LITERATURE
the proposed authentication system. Additionally, we
ended this paper with a concluding section. This chapter provides an overview of the literature
review on online banking authentication systems using
B. Problem Statement mobile OTPs with QR codes and other papers detailing their
As fast web frameworks are created and individuals implications. It also describes the theoretical development of
gain access to information, even budgetary businesses are online banking and its authentication systems, integrating
occupied with web domains. In the field of pc organization, previous research and complementing existing systems.
hacking is a specialized effort to control the normal behavior
of system-related and associated frameworks. Today's A. Theoretical Developments
online banking frameworks are exposed to hacking threats Internet banking emerged in the 1980s in the form of
and their consequences and cannot be overlooked (Onu et. telephone banking and came into existence when it was used
al, 2015). In the past, personal information has been in homes (Muniruddeen, 2007). During this period, banks
disclosed through sophisticated techniques such as phishing and financial companies in Europe and the United States
and pharming to steal customers' login names and began to work on the concept of "home banking." Since
passwords. Therefore, mechanisms to protect customer computers and the Internet were not yet widespread, the
information have become more fundamental and important. focus shifted to telephone banking (Sarel and Marmorstein,
In this study, we proposed an alternative online banking 2003; Gregory, et al. 2022). The first online banking
authentication system that uses mobile OTP mixed with QR applications appeared in the United States, and prominent
codes, a variant of two-dimensional standardized identifiers. banks such as Citibank and Wells Fargo began offering the
service to their customers in 2001 (Gefen, Pearson, and
C. Research Aims and Objectives Straub, 2008).
The main objective of this study is to design and
implement an online banking authentication system using a B. History of Online Banking
combination of mobile OTPs and QR codes, and to achieve Banking has advanced significantly from the days of
it through one objective: to propose a new online banking routine trips to the teller window. Customers can now
authentication system that uses a combination of mobile deposit checks into their checking or savings accounts by
OTP and QR codes as a variant of 2D barcodes. taking a photo of them with their smartphone, or they can
sign up to receive text message alerts from banks. Online
banking was first developed in the 1980s, when it was much
less common and practiced differently than it is now.

IJISRT23JUL179 www.ijisrt.com 3125


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
In 1981, the first iteration of what is now known as The level of protection against risk offered by each of
internet banking was introduced. Four major banks— these technologies varies. The choice and use of
Citibank, Chase Manhattan, Chemical Bank, and authentication technology and methods should be dictated
Manufacturers Hanover—offered home banking to their by the results of the financial institution's risk assessment
customers in New York for the first time in the country and process.
were the first to test this cutting-edge business strategy of
providing remote services. The first online banking service Multi-factor authentication schemes are more difficult
in the UK was made available to consumers by Bank of to compromise than one-factor authentication schemes.
Scotland under the name Homelink. To pay bills and Therefore, properly designed and implemented multi-factor
transfer money, people had to have a phone or television authentication methods are more reliable and have a
connection to the Internet. In October 1994, Stamford stronger deterrent effect against fraud. For example, the use
Federal Credit Union became the first financial organization of an ID/password is a one-factor authentication (i.e.,
in the United States to offer Internet banking services to all something the user knows), whereas ATM transactions
of its members. This was the beginning of online banking as require multi-factor authentication that combines something
we know it today. the user has (i.e., a card) and something the user knows (i.e.,
a PIN). Multi-factor authentication methods may also
Online banking grew in popularity in the e-commerce include "out-of-band" checks to mitigate risk. The success
sector over time as it continued to develop. Online banking of a particular authentication method is not merely
appeared to gain traction among customers as major banks dependent on the technology. It also depends on appropriate
started to offer online goods and services. In the United policies, procedures, and controls. An effective
States, more than 80% of banks offered online banking authentication method must be acceptable to customers,
services in 2006, making it a popular practice. Online and provide reliable performance, be scalable to accommodate
mobile banking are expanding faster than the Internet, growth, and be interoperable with existing systems and
according to a 2010 report by financial services technology future projects.
company Fiserv on customer billing and payment trends.
Since its beginning, Bank of Internet USA has been a D. OTP (One-Time Password)
pioneer in mobile banking programs for well-known mobile A randomly generated password, the OTP is only
devices, mobile check deposit, Popmoney for money good for one use. A gadget that can produce the OTP
transfers by SMS or email, and EMV chip technology. using an algorithm and cryptographic key is given to the
Online banking has continued to advance with technical user. The authentication server uses the same technique
innovation and ease. and key on the server side to validate the password's
validity. For example, OTPs can be generated using a
Despite its slow adoption in the early days of online variety of software and devices, including PDAs, cell
banking, online banking is proving to be here to stay: phones, and specialized hardware tokens. A PIN to
whereas in the 1980s you had to use a landline to pay bills, unlock the OTP generator and the OTP smart card itself,
today you can transfer funds, pay bills, and deposit checks which you own, are the two factors of two-factor
with the click of a mouse or the use of a mobile device. authentication used by the most secure smart card OTP
Payments, check deposits, online banking features, and generators to ensure tamper protection.
services have evolved considerably since the early days of
online banking. As technology continues to advance, online The three processes necessary to generate OTP are
banking will become easier and more integrated into the shown in Figure 1. These include gathering external data,
average consumer's lifestyle. such as the time for synchronous OTPs and the challenge
for asynchronous OTPs; using an encryption scheme with
C. Authentication for Online Banking a shared secret key between the device and the
Effective authentication systems are necessary to meet authentication server; and, finally, formatting the OTP to
the requirements of protecting customer information, specify its size (usually 6 to 8 digits).
preventing money laundering and terrorist financing,
reducing fraud, combating identity theft, and promoting the Prior to recently, OTP solutions relied on patented,
enforceability of electronic contracts and transactions. In an proprietary algorithms based on time and events. In 2005,
online banking environment, the risk of dealing with the top businesses in the industry established OATH-
unauthorized or misidentified persons can result in financial HOTP as an open standard. The supply of numerous
loss and reputational damage through fraud, disclosure of OTP-generating devices and authentication servers from
customer information, data corruption, or breach of contract. various suppliers is made possible by this open standard.
There are a variety of technologies and methodologies that Standard algorithms like SHA-1 and HMAC are used by
financial institutions can use to authenticate customers. the HOTP algorithm, which is based on a secret key and
These methods include the use of passwords, personal counter that are shared by the client and server and uses a
identification numbers (PINs), digital certificates using shared secret key and counter.
public key infrastructure (PKI), physical devices such as
smart cards, one-time passwords (OTPs), QR codes, USB Because OTP does not require the installation of
plug-ins, and other types of "tokens," transaction profile smart card readers, drivers, or PC software, it has
scripts, biometric authentication and other uses. advantages over PKI.

IJISRT23JUL179 www.ijisrt.com 3126


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Installing smart card readers, drivers, or PC software man-in-the-middle attacks like phishing scams. Since
is not necessary. However, OTP just offers identification there is no mutual authentication between the PC and the
and authentication in terms of functionality, but PKI also ISP server, hackers can use fake websites to intercept the
offers further encryption and signature. Because OTP is OTP and pretend to be the user on the actual website.
password-based authentication, it is also susceptible to

Fig 1 The Generation of One-Time Passwords

E. QR-Code (Two-Dimensional Barcode)


The ISO DataMatrix uses both open standards and proprietary two-dimensional barcodes, including Somacodes,
Spotcodes, Rohs'visualcodes, ColorCode, Cybercode, MobileTag, VeriCode, ShotCode, eZcodes PDF417 (Portable Data
File), and MaxiCode. (ISO/IEC 16022:2000) and QR-code (ISO/IEC 18004:2000) are well-known 2D barcode media, and
there is no license fee for using DataMatrix or QR-code. No license fee is charged for the use of DataMatrix and QR-code.

Studies comparing these citations explain the superiority of encoding, but QR-code is more common in Asia and
especially popular in Japan.

Fig 2 The Development of QR-Code

IJISRT23JUL179 www.ijisrt.com 3127


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
The Japanese company Denso Wave invented the two-dimensional barcode known as the QR code in 1994. Originally
employed for inventory control in the production of automobile parts, this kind of barcode is now widely used across a number of
industries. The acronym "QR" stands for "Quick Response," which expresses the developer's goal to enable rapid decoding of the
code's contents.

Fig 3 The Structure of QR-Code

Each QR Code symbol consists of an encoding area For camera phones and PDAs that do not have a QR
and a functional pattern as shown in Figure 2. Functional code reader, additional tools are available to decode the
patterns include registration patterns, separation patterns, QR code by simply placing the device in front of the QR
synchronization patterns, and alignment patterns. Search code. This operation is done automatically in the stream,
patterns located at the three edges of the symbol are and the user does not need to take a picture of the QR
intended to make it easy to identify the position, size, and code. Good examples of free tools using this technique
tilt of the symbol. are the Quick-Mark reader and the 1-nigma reader, which
are available for a wide range of models and devices.
QR Code is a matrix code that was developed and Quick-mark offers an additional feature to QR codes,
published with the main goal of being a symbol that can allowing partial or total encryption of the code. This
be easily interpreted by a scanner. While conventional option encodes binary data (e.g., images) in the form of
barcodes contain data in only one direction (usually QR Code strings that can be scanned by the user to
vertical), QR codes contain information in both vertical recover the original content.
and horizontal directions. Compared to 1D barcodes, QR
codes contain 7,089 numeric characters, 4,296 This option encodes binary data (e.g., images) in the
alphanumeric characters, 2,953 binary (8-bit) bytes, and form of a string of QR codes that can be scanned by the
1,817 kanji and kana The QR Code can hold a very large user to recover the original content. If the end user only
amount of information: 7,089 numeric characters, 4,296 needs to scan the code and view the resulting message,
alphanumeric characters, 2,953 binary (8-bit) bytes, and the above software is sufficient. However, for developers
1,817 kanji and kana characters. Furthermore, QR Code who need to manage QR codes, several SDKs (Software
has an error correction function. Even if a large portion of Development Kits) have been released and some are
the code is distorted or damaged, the data can be already commercially available. For example, the
recovered. Microsoft Windows Live Barcode project, OpenNetCF,
QRCode Library for .NET Compact Framework, and
Items are labeled and estimated according to the QR Google ZXing (Zebra Crossing) project will be available
Code standard so that the internal code may be read. Five soon. Twit88 offers open source projects related to QR
steps are involved in barcode recognition: (1) edge codes.
detection, (2) shape detection, (3) identification of the
control bar, (4) use of the control bar to determine the
barcode's orientation, size, and bit density, and (5)
calculation of the barcode's value.

IJISRT23JUL179 www.ijisrt.com 3128


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
III. SYSTEM ANALYSIS  Upon receiving the OTP authorization from the
certification authority (CA), the server (bank) checks
A. Proposed Authentication System the entered OTP code against the user's consistent
One of the most crucial components of the value and the user's digital signature. If the OTP value
authentication system needs is security. When a user is is not approved, the connection is canceled.
authenticated by a server utilizing data supplied by their
mobile device, this procedure must be secure to ensure B. Assumptions
that only authorized users can be served. Security and The proposed authentication system is based on the
convenience are both crucial, and any shortcoming of an following assumptions
authentication system may eventually cause its use to be
discontinued. The authentication method must therefore  The user and the certification authority (CA) share
be user-friendly and offer the highest level of security. hashed login information (LI) to the user's online
banking account through a secure process
Because of this, one crucial strategy suggested in  The user can use an authentication application, such as
this article is the usage of mobile OTPs, which at the Google Authenticator, to recognize and decode a QR
moment create QR codes instead of protecting bank code on their mobile device
cards. The user must be identified in order to scan the QR  Assume that communications are protected by SSL/TLS
code on a mobile device, and the OTP code is created by exchange between the user (PC), the certification
the bank using the user's login information and the cell authority (CA), and the service provider (bank)
phone's authentication application. By inputting the  The user must download and use the mobile OTP
produced OTP code on the screen, the user completes the program (algorithm) provided by the certification
connection. The suggested approach makes the security authority (CA) or service provider (bank)
of communication between the user's computer and the  The OTP algorithm is generated between the user and
certifying authority an assumption. the certification authority (CA) synchronized by the
time-event coupling method.
Additionally, existing online banking authentication
systems can be used to issue and register the user's C. System Architecture
certificate and digital signature, simplifying the System architecture is a conceptual model that defines
authentication process. the structure, behavior, and views of the system. The system
architecture used in the proposed project is a three-tier
 The user logs in using his/her login information to architecture
initiate login authentication
 The server sends the entered login information (LI) to D. Presentation Layer
the certification authority (CA) and at the same time The presentation layer of the proposed project is the
converts the information displayed on the screen into front-end layer, also known as the user interface. The
a QR code with a random number value (RN`) presentation layer is built on HTML5, Bootstrap, JavaScript,
 The certification authority (CA) generates a QR code and Tailwind, a CSS framework for a fast workflow.
from the received login information (LI).
 The user converts the QR code on the screen with a E. Application Layer
mobile terminal: First, the user reads the random The application layer of the proposed project consists
number value (RN) displayed on the screen with a of the functional logic that drives the core functionality of
mobile terminal (smartphone) and confirms the the application. It is written in PHP Laravel using the
random number value (RN`). If the random number Jetstream API.
value is correct, the user proceeds to the next step to
check the converted connection information. If the F. Data Layer
information is correct, the user generates an OTP code The data layer consists of the database system, the
to the mobile device. If the information does not database layer, and the data access layer. The database used
match, the connection is canceled. for the proposed system is the MYSQL database. The
 When the user executes the generated QR code, the application layer accesses the data through API calls.
mobile device scans the QR code and generates an
OTP, and the generated OTP is also shared with the IV. SYSTEMS DESIGN
certification authority (CA).
 When the user enters the OTP code generated from A. Design Methodology
the mobile device on the screen, the server (bank) An method to software engineering called object-
sends the OTP to the certification authority (CA) and oriented analysis and design (OOAD) models a system as a
receives the OTP from the user. collection of interconnected objects. Each object in the
 The certification authority (CA) compares the OTP model represents a relevant entity. These models can be
code (OTP1) received, generates an OTP code represented using a variety of notations, including unified
(OTP2), and sends it to the server (bank) for approval modeling languages.
of the OTP code

IJISRT23JUL179 www.ijisrt.com 3129


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
In object-oriented analysis, the most important defining a set procedure, the UML definition is meant to be
objective is to identify objects and describe them helpful as a component of an interactive development
appropriately. Since objects must be given responsibilities, process. A system's static structure and dynamic behavior
and responsibilities are the functions that the objects are both detailed in UML (James et. al., 2016).
perform, the following design work becomes easier once
these objects have been effectively identified (Onu et al, In order to understand and manage dependencies, a
2015). The result of object-oriented analysis is a description complex system is divided into manageable components in
of what the system needs to do functionally in the form of a software using the organizational framework provided by
conceptual model (James et. al., 2016). This model is UML for grouping models into packages.
typically presented in the form of a set of use cases.
C. Use Case Diagrams
B. Unified Modeling Language A use case diagram, in its most basic form, depicts the
For the purpose of creating conceptual software relationship between the user and the many use cases in
diagrams, the Unified Modeling Language (UML) is a which the user is involved. It also shows how the user
graphical notation. It can also be characterized as a general- interacts with the system. Figure 4 depicts the use case
purpose visual modeling language used to specify, depict, diagram for the suggested system.
and create software system documentation. Instead than

Fig 4 The Use Case Diagram of the Proposed System

IJISRT23JUL179 www.ijisrt.com 3130


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165

Fig 5 The Flowchart of the Proposed Online Banking Authentication System

IJISRT23JUL179 www.ijisrt.com 3131


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
D. Database Design
The database used in developing this web application is the structured query language (MYSQL). The following tables were
used in developing this web application.

Table 1 The Users Table


FIELD NAME FIELD TYE FIELD LENGTH DESCRIPTION
ID Bigint 25 Primary key
Name Varchar 15
E-mail Varchar 20 Secondary key
E-mail_Verified_At Timestamp
Password Varchar 20
Two_Factor_Secret Text
Two_Factor_Recovery_Codes Text
Remember_Token Varchar 150
Created_at Timestamp
updated_at Timestamp

Table 2 The Personal Access Token Table


FIELD NAME FIELD TYE FIELD LENGTH DESCRIPTION
Id Bigint 20 Primary key
Tokenable_Type Varchar 255 Secondary key
Tokenable_Id Bigint 20 Secondary key
Name Varchar 15
Token Varchar 64 Secondary key
Abilities Text
Last_Used_At Timestamp
Created_At Timestamp
Updated_At Timestamp

Table 3 The Sessions Table


FIELD NAME FIELD TYE FIELD LENGTH DESCRIPTION
Id Varchar 225 Primary key
User_Id Bigint 20 Secondary key
Ip_Address Varchar 45
User_Agent Text
Payload Text
Last_Activity Int 11 Secondary key

Table 4 The Password Resets Table


FIELD NAME FIELD TYE FIELD LENGTH DESCRIPTION
Email Varchar 20 Secondary key
Token Varchar 225
Created_At Timestamp

V. SYSTEM IMPLEMENTATION Web technologies were used in the construction of


this project for the following reasons
This chapter identifies the overall picture of the
system analyzed in the previous chapter and describes its  Very flexible
requirements, the choice of the programming language  Easy integration and compatibility
used to conduct this study, and the development  Efficient performance
environment. The chapter also presents screenshots of the  Cost-effective
implemented online banking authentication system.  Good compatibility with the most common database
A. Choosing a Development Environment B. System Platform
The project was implemented using web application The solution was developed using the Microsoft
programming languages: hypertext preprocessor (PHP) Windows operating system (Windows 10) and HP
with the Laravel framework, hypertext markup language personal computers (PCs).
(HTML), and relational database MySQL for storing user
information.

IJISRT23JUL179 www.ijisrt.com 3132


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
C. Integrated Development Environment D. Implementation Architecture
The integrated development environment used to The implementation architecture shows the different
implement this software application is Microsoft visual components of the research work and their links. A
studio code and Xamp. diagram of the implementation architecture, including the
following elements, is shown below.

Fig 6 The Implementation Architecture of the Online Banking Authentication System

E. Software Testing
Software testing was conducted at each stage of development to ensure that the software was bug-free. After implementation,
the software was evaluated by a number of users to obtain feedback for improvement. The software was also tested on localhost
using Xampp, which acts as a local server that renders the web application in conjunction with the MySQL database. The software
showed no signs of bugs.

Below are screenshots of the web application, from the home page to the registration, to the user interface of the client
module, to the administration module.

IJISRT23JUL179 www.ijisrt.com 3133


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165

Fig 7 The Landing Page of the Online Banking Authentication System

IJISRT23JUL179 www.ijisrt.com 3134


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165

Fig 8 The Login, Registration and Reset Password Page of the Online Banking Authentication System

IJISRT23JUL179 www.ijisrt.com 3135


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165

Fig 9 The Authentication Page of the Online Banking Authentication System

Fig 10 The Dashboard of the Online Banking Authentication System

IJISRT23JUL179 www.ijisrt.com 3136


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165

Fig 11 The Edit Profile and Enable Authentication page of the Online Banking Authentication System

VI. DISCUSSION OF RESULTS legitimate user and block the use of malicious users. In
addition, the time value used to generate the OTP code
This section provides an overview of the outcomes of cannot be arbitrarily changed since the transfer time
the project. requested by the user is used.

A. Security Analysis B. Responsive User Interface


We assume that the communication is protected by an It was an important requirement for this system that the
SSL/TLS tunnel between the users (PC), the Certificate application responds to any screen. To achieve this, we
Authority (CA), and the service provider (bank). As a result, developed the system's user interface using Bootstrap and
our proposed system uses the camera of the mobile device to Tailwind, a CSS front-end framework. This allowed the user
recognize the QR code and does not separate the interface to work on all types of screens, including
communication between the user's PC and the mobile smartphones, tablets, laptops, and desktops. It also responds
device, so a malicious user cannot analyze the content of the to device proximity. The application interface automatically
communication. In addition, the user and the certification adapts to the size of the device, whether it is held
authority (CA) share hashed login information (LI) in a horizontally or vertically; Bootstrap and Tailwind CSS also
secure process during initial registration. In the proposed have the ability to reorganize page elements to fit the screen.
system, the OTP value is changed every 30 seconds to To compare the results of using an automated system versus
prevent phishing attacks. After verifying the legitimacy of standing in line, 10 people simulated a queue management
the service provider, the login information is converted. At system, and another 10 people simulated using a web
the same time, the proposed system requires pre-input of application. The results showed that the 10 people using the
login information via QR code and authentication with a web application completed their orders in less than 3
public certificate in order to generate an OTP. Through this minutes per person, while those in line took 15 minutes
process, the system can confirm that the OTP user is a longer.

IJISRT23JUL179 www.ijisrt.com 3137


Volume 8, Issue 7, July – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
C. User Guide REFERENCES

 To use the software application, the user must follow [1]. Gefen, Pearson & Straub, 2003. An Exploratory Study
these instructions into the Adoption of Internet Banking in a Developing
 Register with the web application and access the user Country: Malaysia, Journal of Internet Commerce,
dashboard interface May 2008, vol. 16, no.3-13
 Upon successful registration, proceed to the Profile page. [2]. FU Onu, PU Osisikankwu, CE Madubuike, G James,
 On the Profile page, enable authentication. Impacts of Object Oriented Programming on Web
 Once authentication is enabled, scan the QR code with Application Development. International Journal of
Google authenticator and save the recovery code in a Computer Applications Technology and Research
safe place. Volume 4– Issue 9, 706 - 710, 2015, ISSN: 2319–
8656.
VII. CONCLUSION [3]. Muniruddeen L., An Examination of Individual’s
Perceived Security and Privacy of the Internet in
In this paper, we have designed an online banking Malaysia and the Influence of This on Their Intention
authentication system that protects the online banking to Use E-Commerce: Using An Extension of the
login process via a web application. This system reduces Technology Acceptance Model, Journal of Internet
unauthorized access to a user's account. The ultimate goal Banking and Commerce, December 2007, vol. 12, no.3
of developing this system is to improve the security of http://www.arraydev.com/commerce/jibc/
online banking, and this approach will undoubtedly have [4]. Sarel, D., & Marmorstein, H. (2003). Marketing
a positive impact on the security of users' accounts and Online Banking Services: The Voice of the Customer.
increase their trust in banks. Journal of Financial Services Marketing, 8, 106-118.
[5]. James, Gabriel Gregory, Okpako Abugor Ejaita &
Although the use of electronic banking services is Inam, I. A. Development of Water Billing System: A
gradually increasing in daily life, existing online banking Case Study of Akwa Ibom State Water Company
services require the use of the respective bank's security Limited, Eket Branch. The International Journal of
card, which is not compatible with the modern mobile Science & Technoledge. Vol 4 Issue 7 July, 2016
environment where one never knows when and where (ISSN 2321 – 919X), www.theijst.com.
online banking services will be used In the event of an [6]. Gregory Gabriel James, Abugor Ejaita Okpako, C.
emergency, the security card must be used to access Ituma, J.E. Asuquo. Development of Hybrid Intelligent
online banking services. In an emergency, online banking based Information Retreival Technique. International
cannot be used without a security card. To eliminate the Journal of Computer Applications (0975 – 8887)
discomfort of security cards, an online banking Volume 184– No.34, October 2022.
authentication system using 2D barcodes instead of
security cards has been proposed.

The bank must generate a QR code using the user's


login information, recognize the user by reading the code
with a cell phone, generate an OTP code using the QR
code, and finally authenticate the user by entering the
generated OTP code on the screen.

This paper proposes a new authentication system for


online banking that is more secure and convenient by
using QR codes and mobile OTP, one of the 2D barcodes
used in current international and national standards.

In electronic financial services, the importance of


security and ease of use are like two sides of a coin: what
appears on one side determines its supply. Therefore, it is
necessary to seek security features that satisfy all of the
ease-of-use and security requirements of electronic
financial services.

RECOMMENDATIONS

Since this research work focuses only on login


authentication, it can be extended to all aspects of
electronic banking that require authentication, such as
"transaction authentication".

IJISRT23JUL179 www.ijisrt.com 3138

You might also like