1 International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 10 No: Towards Designing a Biometric Measure for Enhancing ATM Security in Nigeria E- Banking System Ibidapo, O. Akinyemi, Zaccheous O. Omogbadegun, and Olufemi M. Oyelami Abstract Security measures at banks can play a critical, contributory role in preventing attacks on customers. These measures are of paramount importance when considering vulnerabilities and causation in civil litigation. Banks must meet certain standards in order to ensure a safe and secure banking environment for their customers. This paper focuses on vulnerabilities and the increasing wave of criminal activities occurring at Automated Teller Machines (ATMs) where quick cash is the prime target for criminals rather than at banks themselves. A biometric measure as a means of enhancing the security has emerged from the discourse. A Keywords Security, ATM, Biometric, Crime. I. INTRODUCTION utomated teller machine is a mechanical device that has its roots embedded in the accounts and records of a banking institution . It is a machine that allows the banks customers carry out banking transactions like, deposits, transfers, balance enquiries, and withdrawal. Notwithstanding, we lived in a world where people no longer want to encounter long queues for any reason, they don t not want to wait on queue for too long a time before they are attended to and this has led to the increasing services being rendered by banks to further improve the convenience of banking through the means of electronic banking. On this note the advent of ATM is imperative, although with its own flaws. Crime at ATM s has become a nationwide issue that faces not only customers, but also bank operators . Security measures at banks can play a critical, contributory role in preventing attacks on customers. These measures are of paramount importance when considering vulnerabilities and causation in civil litigation and banks must meet certain standards in order to ensure a safe and secure banking environment for their customers. Manuscript Received November 10, 2010 I. O. Akinyemi is a Lecturer in the Department of Computer and Information Sciences, Covenant University, Ota, Ogun State, Nigeria where he is currently doing his PhD programme. He is member of Nigeria Computer Society. Z. O. Omogbadegun is a Lecturer in the Department of Computer and Information Sciences, Covenant University, Ota, Ogun State, Nigeria where he is currently doing his PhD programme. He is member of Nigeria Computer Society. O. M..Oyelami is a Lecturer in the Department of Computer and Information Sciences, Covenant University, Ota, Ogun State, Nigeria where he is currently doing his PhD programme. He is member of Nigeria Computer Society. Basically, the ATM scam involves thieves putting a thin, clear, rigid plastic sleeve into the ATM card slot. When you insert your card, the machine can't read the strip, so it keeps asking you to re-enter your PIN number. Meanwhile, someone behind you watches as you tap in your number. Eventually you give up, thinking the machine has swallowed your card and you walk away. The thieves then remove the plastic sleeve complete with card, and empty your account. The way to avoid this is to run your finger along the card slot before you put your card in. The sleeve has a couple of tiny prongs that the thieves need to get the sleeve out of the slot, and you'll be able to feel them. The primary focus of this work is on developing a biometric strategy (Fingerprint) to enhance the security features of the ATM for effective banking transaction. The rest of the paper arranged thus: section 2 presents the methodology employed for the work, section 3 examines related work, section 4 presents the system design and the general concept of the implementation, and section 5 concludes the work II. METHODOLOGY The security feature for enhancing the ATM was designed using the client/server approach. There will be a link between the customer s identification information, customer s accounts and records in the bank (server). The network is designed to support a large number of users and uses dedicated server to accomplish this. The reason for choosing Client/Server model for this application is because it provides adequate security for the resources required for a critical application such as Banking. Similarly, a descriptive conceptual approach which includes Unified Modeling language (UML) tools such as Use case models, class diagrams etc is adapted. Microsoft Access 2003 as a database software is employed to create database to store cardholder s information. The work is implemented using Visual Basic 6.0 software tool, used to design the user interfaces and/or cardholder interaction with the ATM Machine. III. ELECTRONIC BANKING E-banking can be defined as the deployment of banking services and products over electronic and communication networks directly to customers . It is the automated
2 International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 10 No: delivery of new and traditional banking products and services directly to customers through electronic, interactive communication channels . These electronic and communication networks include Automated Teller Machines (ATMs), direct dial-up connections, private and public networks, the Internet, televisions, mobile devices and telephones. Among these technologies, the increasing penetration of personal computers, relatively easier access to the Internet and particularly the wider diffusion of mobile phones has drawn the attention of most banks to e-banking. However, the continuing convergence of information, communications and media technologies is also opening up new electronic channels (such as "pod-banking") of delivering banking services. Significant differences exist among banks in terms of their e-banking capabilities. These differences can take two main dimensions. The first is the use of electronic channels and the second is the sophistication of banking services delivered over an electronic channel. Many established banks in developed countries began with ATMs and evolved through Personal Computer-banking, Telephone-banking, Internet-banking, TV-banking, and Mobile-banking. However, this evolution is not visible in recently established banks and in most of the African countries with the exception of South Africa. It appears that e-banking has dawned in Africa with Internetbanking . E-banking systems can vary significantly in their configuration depending on a number of factors. Financial institutions should choose their e-banking system configuration, including outsourcing relationships, based on four factors, therefore strategic objectives for E-Banking; scope, scale, and complexity of equipment, systems, and activities; technology expertise; and security and internal control requirements In terms of e-banking services sophistication, this ranges from one way information-push services where customers receive information about the bank, its products and services to information-download where customers can download (or ask in case of telephone-banking) account information and forms to full-transaction services where customers can perform most banking transactions (such as transfer between accounts, bill payment, third party payment, card and loan applications, etc) electronically (see for example , . Some banks do also provide new banking products (such as e-saving) that are only accessible electronically . Some of the key drivers of offering e- banking services include reducing transaction costs, increasing convenience, availability and timeliness of transactions, and improving accessibility for better fund administration . Achieving these objectives tend to contribute strategic benefits in terms of better customer relationship management, increased customer base, and improved market image . 2006). In Nigeria today, all the financial services industry has been subject to dramatic changes over the past three years, as a result of advances in IT, capitalization, deregulation, and globalization. These changes have reduced margins in traditional banking activities, leading banks to merge with other banks. The forces of consolidation are also having a profound impact on the operation of securities exchanges, as well as the brokerage and asset management industries . The merger programme of the banking institutions has resulted in the consolidation of 51 banking institutions into 10 banking groups. The mergers, which involved the consolidation of 96% of the total assets of the banking institutions was achieved with minimum disruption and dislocation to the system. This has been a major accomplishment by the domestic banking industry. The domestic banking groups are now in a position to reap greater benefits from economies of scale, through greater investment in technology and the more substantive pool of skilled staff. This will allow the banking institutions to make further gains on efficiency and competitiveness. As a result of this development, virtually all the new 25 banks offers Internet banking facilities while one (GTBank) has introduced mobile banking. The adoption of chip technology now also offers new forms of payment choices and higher security to the public. The introduction of the magnetic stripe ATM cards is indeed an important step forward. IV. SYSTEM DESIGN AND IMPLEMENTATION This research is being carried out for the sole purpose of designing a three factor authentication metrics, that is, the ATM ID number, the PIN number and the Biometric feature (fingerprint). It is expected that the customer should possess an ATM card, to know and remember his/her PIN number and to enroll his/her fingerprint into the fingerprint device/reader adapter into the system. After which the fingerprint database compares the live sample provided by the customer with the template in the database. On confirmation that the information provided is true, that customer is granted access to the ATM system. For the design of this system Unified Modeling language tools (use case models and activity diagram) to represent how the user (bank customer) interacts with the proposed system are employed. Use cases are scenarios for understanding system requirements. A use-case model can be instrumental in project development, planning, and documentation of system requirements. A use case is an interaction between users and a system; it captures the goal of the users and the responsibility of the system to its users. It describes the uses of the system and shows the courses of events that can be performed as well as defining what happens in a system. In essence, the use case model tries to systematically identify uses of the system and therefore the system s responsibilities. A use case model provides an external view of a system or application; it is directed towards the users or the actors of the systems, not its implementers. In the design of the ATM application, the actor of the bank system is the bank customer. The bank customer must be able to deposit certain amount to and withdraw any amount from his or her accounts (provided he/she has up such amount in the account) using the bank application. Figure 1 below show the use case diagram for our system design, where customers can perform transaction by inserting their ATM card and carry out the Approval Process by entering PIN Number and Confirm Fingerprint. After the approval, customer is requested type of transaction (deposit of
3 International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 10 No: money or withdrawal of money), and the transaction is carried out accordingly. At the completion of the transaction, the customer exit Application and remove his/her card. A detail description of the system is shown in the activity diagram in figure2.
4 International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 10 No: A. User Interface Desig A user interface is a friendly means by which users of a system can interact with the system to process inputs and obtain outputs. It is also a means of communication between the human user and the system through the use of input/output devices with supporting software. This particular ATM application is made up of 6 interfaces, which include; Login Interface, Enroll Fingerprint Interface, Transaction Type Selection Interface, Withdrawal Interface, Deposit Interface, and View statement of Account Interface. 1. User Interface Design This interface is the very first interface the bank customer interacts with on the ATM machine. This interface prompts the customer to insert ATM card and proceeds with the entire authentication processes, that is, inputting the ID (or card number) and PIN number (see figure 3). If the user enters an invalid card number or PIN number, a dialogue box appears prompting an invalid PIN or invalid card number and the system returns enter a valid PIN number. A typical description of this is shown in figure 4. After validating the customer s card and PIN number, the customer is directed to the next phase of the authentication process via the authentication dialogue box for inputting the fingerprint.
5 International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 10 No: Fingerprint Interface This is the final interface the customer interacts with in the authentication process. It requests from the customer the enrollment of his/her fingerprint to be placed on a Fingerprint reader. The fingerprint reader accepts the fingerprint and seeks to match the live sample with the already enrolled templates in the banks database. If match is confirmed it will finally authenticate customer else it will deny customer access to his/her bank account. The fingerprint of an individual is very peculiar to that individual since no two individuals can have the same fingerprint. The fingerprint reader captures the fingerprint features of an individual and search for a match of fingerprint brought up for identification among the stored fingerprints in the database.. The fingerprints stored are kept along side the other ID s (Pin and Card Numbers) and the corresponding biometric templates are kept in the database. When the fingerprint is found correct, the customer is taken to the transaction phase where he/she will choose among the transactions (deposit or withdrawal), otherwise the customer is denied access and the system brings up a dialogue box for which the customer can choose Ok, and as soon as this done the system automatically log off the customer. Figure 5 below depicts this behavior.
6 International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 10 No: Withdrawal Interface This interface enables the customer withdraw money from his/her account. It shows the customers current balance by subtracting the amount withdrawn from the previous account balance. After the customer has completed all his/her withdrawals, a dialogue box pops up notifying the customer of his/her successful withdrawal transaction. The interface is shown below. I. CONCLUSION We have been able to develop a fingerprint mechanism as a biometric measure to enhance the security features of the ATM for effective banking transaction for Banks in Nigeria. The prototype of the developed application has been found promising on the account of its sensitivity to the recognition of the customers finger print as contained in the database. This system when fully deployed will definitely reduce the rate of fraudulent activities on the ATM machines such that only the registered owner of a card access to the bank account.  Brown, I. and Molla, A. (2005) Determinants of Internet and cell phone banking adoption in South Africa. Journal of Internet Banking and Commerce, 10 (1)  Diniz, E. (1998) Web Banking in USA. Journal of Internet Banking and Commerce, 3, (2).  International Monetary Fund (2001), IMF International Capital Markets, Chapter 5 of 6 Financial Sector Consolidation in Emerging Markets, August 22, p. 120, Available at: REFERENCES  Wan, W.W.N.; Luk, C.L.; and Chow, C.W.C. (2005), Customers Adoption of Banking Channels in Hong Kong, International Journal of Bank Marketing, Vol. 23, No. 3, pp  Richard, B.and Alemayehu, M. (2006) Developing E-banking Capabilities in a Ghanaian Bank: Preliminary Lessons. Journal of Internet Banking and Commerce, August 2006, vol. 11, no.2. available online (http://www.arraydev.com/commerce/jibc/) Accessed 0n 24/11/2009.  Singh, B. and Malhotra, P. (2004) Adoption of Internet banking: An empirical investigation of Indian banking Sector. Journal of Internet Banking and Commerce, 9 (2).  Chai, L. G, (2005) E-Banking in Malaysia: Opportunity and Challenges Journal of Internet Banking and Commerce, December 2005, vol. 10, no.3 available online (http://www.arraydev.com/commerce/jibc/).
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
Securing Microsoft s Cloud Infrastructure This paper introduces the reader to the Online Services Security and Compliance team, a part of the Global Foundation Services division who manages security for
Institute of Architecture of Application Systems University of Stuttgart Universittsstrae 38 D 70569 Stuttgart Diplomarbeit Nr. 3538 Risk assessment-based decision support for the migration of applications
JANUARY 2013 REPORT OF THE DEFENSE SCIENCE BOARD TASK FORCE ON Cyber Security and Reliability in a Digital Cloud JANUARY 2013 Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
THE ROLES OF AUTHENTICATION, AUTHORIZATION & CRYPTOGRAPHY IN EXPANDING SECURITY INDUSTRY TECHNOLOGY [Please note: This (QTU) presents information about a number of industry-impacting developments (such
Reports & Publications Impact of Mobile Technologies on Enterprises: Strategies, Success Factors, Recommendations A study by Stefan Stieglitz and Tobias Brockmann published by the Vodafone Institute for
March 2012 The Virtual Office Running your Business from a Distance Contents 1 Introduction... 4 2 Online Banking... 4 2.1 Banking Services... 6 2.2 First Nations Bank Small business accounts... 7 2.2.1
Standards for Internal Control in New York State Government October 2007 Thomas P. DiNapoli State Comptroller A MESSAGE FROM STATE COMPTROLLER THOMAS P. DINAPOLI My Fellow Public Servants: For over twenty
Analysis, Design and Implementation of a Helpdesk Management System Mark Knight Information Systems (Industry) Session 2004/2005 The candidate confirms that the work submitted is their own and the appropriate
Getting Physical with the Digital Investigation Process Brian Carrier Eugene H. Spafford Center for Education and Research in Information Assurance and Security CERIAS Purdue University Abstract In this
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
White paper The future of Service Desks - vision Service Desks require strategic consideration and innovation to raise user productivity and to support business goals. Fujitsu has the experience and feedback
Standard: PIN Transaction Security Program Requirements and PCI Data Security Standard Date: August 29 Author: PCI SSC PIN Transaction Security Working Group Information Supplement: Skimming Prevention
GUIDELINES FOR E-REFERENCE LIBRARY SERVICES FOR DISTANCE LEARNERS and other remote users by Ian M. Johnson Dr. Peter H. Reid Dr. Robert Newton with assistance from Graeme Baxter Claire Killen 20 May 2011
New York State Office of the State Comptroller Division of Local Government and School Accountability LOCAL GOVERNMENT MANAGEMENT GUIDE Information Technology Governance Thomas P. DiNapoli State Comptroller
IP TELEPHONY POCKET GUIDE BY BARRY CASTLE 2nd Edition September 2004 ShoreTel, Inc. 960 Stewart Drive Sunnyvale, CA 94085 408.331.3300 1.800.425.9385 www.shoretel.com firstname.lastname@example.org TABLE OF CONTENTS
Card-Not-Present Fraud Working Committee White Paper: Near-Term Solutions to Address the Growing Threat of Card-Not-Present Fraud Version 1.0 Date: April 2015 About the EMV Migration Forum The EMV Migration
econstor www.econstor.eu Der Open-Access-Publikationsserver der ZBW Leibniz-Informationszentrum Wirtschaft The Open Access Publication Server of the ZBW Leibniz Information Centre for Economics Van Ooteghem,
Consulting White Paper Supplier Finance: An alternative source of financing? b-process, an ARIBA Company, is a European electronic invoicing leader, with a network of nearly 30,000 interconnected companies
Identity and Access Management in Multi-tier Cloud Infrastructure by MohammadSadegh Faraji A thesis submitted in conformity with the requirements for the degree of Master of Science Graduate Department
Audit Manual PART TWO SYSTEM BASED AUDIT Table of content 1. Introduction...3 2. Systems based audit...4 2.1. Preparing for & planning the audit assignment...5 2.2. Ascertaining and recording the system...7
Inspiring leaders to improve children s lives Schools and academies Diploma of School Business Management Professional development Diploma of School Business Management Contents Introduction 1 1 Aims of
Software-as-a-Service (SaaS) and Physical Security Management for Federal Systems Adapting to the forces of HSPD 12, Convergence, and FISMA April 18, 2008 1 Abstract Working to meet the requirements of
Identity and access management as a driver for business growth February 2013 Identity and access management (IAM) systems are today used by the majority of European enterprises. Many of these are still
Summary of Responses to an Industry RFI Regarding a Role for CMS with Personal Health Records Table of Contents EXECUTIVE SUMMARY... 4 1. INTRODUCTON... 7 2. CMS ROLE WITH PHRs... 9 What PHR functionalities
Arbeitsberichte der Hochschule für Wirtschaft FHNW Nr. 28 Enterprise Architectures for Cloud Computing Laura Aureli, Arianna Pierfranceschi, Holger Wache ISSN Nr. 1662-3266 (Print) Nr. 1662-3274 (Online)