Professional Documents
Culture Documents
This work is licensed under a Creative Commons Attribution-Non Non Commercial 4.0
International License subject to proper citation to the publication source of the work.
Disclaimer: The scholarly papers as reviewed and published by the Srinivas Publications
(S.P.), India are the views and opinions of their respective authors and are not the views or
opinions of the SP. The SP disclaims of any harm or loss caused due to the published content
to any party.
ABSTRACT
Every now and then mobile users are increasing in exponentially all over the world, which
leads to the growth of mobile-enabled services like mobile banking. The smart phone now
available in the market having the ability to do all the functions that people can do olden days
using their personal computers. The introduction of mobile communication technology
modernization, innovation and globalization are increasingly driving the banking services to
become ubiquitous, personalized, convenience, disseminative and secured. Mobile Banking
Authentication has evolved over time to include several parameters such as Biometric,
Location, Context, History, Profile etc. In this paper, we discuss new mobile banking services
like Digital deposit apps, advanced bill payment apps, and Electronic meeting for mini loan
services and Mobile payment apps. We can provide higher security for these new services
through an intelligent multi-modal Authentication with Location Awareness. Here the
location, where the mobile banking transaction has been executed is captured giving the
additional option for a Bank to verify if the transaction has been executed normally or if the
parameters are at variance with normal practice. If the Location happens to be very in a
different country, an additional verification process can be introduced adding to the entropy
of Authentication. If the Location happens to be a Bank Branch or an ATM, where there is a
proper iBeacon or GPS providing additional information about identification, then in such a
situation the Authentication can be further simplified based on the type of transaction. In this
paper, we discuss in detail location based authentication and how these can be effectively
applied in enhancing the mobile banking services.
Keywords: Location Based Authentication, iBeacon, GPS, Biometric, Digital deposit apps.
1. INTRODUCTION: is the another innovative distribution channels
established by the banks with more emphasis
The drastic development of mobile
on ubiquitous nature of service availability [1].
telecommunication system leads to increased
Researchers used various terms for mobile
mobile phone users all over the globe. The
banking, Amin et al., (2006) referred mobile
smart phone style, functions, and facilities are
banking as pocket banking, Ivatury and Mas,
continuously changing, which leads to drastic
(2008) as branchless banking, while Donner
development and incorporation of innovative
and Tellez, (2008) called m-payments, m-
services in mobile banking services. Mobile
transfers, m-finance and Liu et al., (2009)
Banking (m-banking) is considered to be one
named as m-banking [3-6].
of latest and widest online banking services to
Even though mobile personal devices,
its customers. Even though Automated Teller
typically with a fixed display and keyboard,
Machine (ATM), Telephone, and Internet
are well-positioned to provide a practical
banking are banking services outside the banks
solution for reducing fraud, security is
and offers successful delivery channels for
considered to be one of the biggest hindrance
traditional banking products, mobile banking
K. Krishna Prasad et al, (2017); www.srinivaspublication.com PAGE 49
decide the identity of an individual, which can problems like low computational resource and
be effectively used on any computer or mobile memory space. They implemented the system
systems [22]. Seo, H.et.al., (2012) proposes a and also found execution time and also found
very special method of biometrics for the equal error rate for face, iris, and
intelligent mobile devices for which existing fingerprint as 1.50%, 1.68%, and 4.53%
physical and behavioral biometrics are respectively [27]. Xi, K., & Hu, J. (2009, June)
unsuitable, by analyzing users input patterns proposed a new fingerprint fuzzy vault based
such as finger's touch duration, pressure level on multiple or composite features which are
and the touching width of the finger on the affective, reliable, distortion tolerant and
touch screen. They found using the empirical registration free. They modeled and tested
method that the new method identifies the user their results on the public database and found
with 100% efficiency [23]. that the new schema can improve verification
De Marsico, et.al., (2014) suggested a new performance considerably [28]. Tao, Q., &
method of biometrics for mobile engagement, Veldhuis, R. N. (2006, July) proposed an
using face and iris recognition, multimodal authentication method using facial recognition
biometrics referred as "FIRME" which is for the mobile personal device in a personal
specially designed and embedded in mobile network and found that authentication method
devices using the android operating system. is the effective method with an equal error rate
Both design and implementation of face and 1.2% [29]. Thirumathyam, R., & Derawi, M.
iris are considered as the separate module, O. (2010, May) proposed a nontraditional
whose flow of work separate and finally two XML-database which supports biometric
modules are fused. They claim that this template and due to the large use of biometrics
multimodal authentication can be effectively system, template are vulnerable to attacks.
used to find the identity of the user [24]. This research points out the requirement for
Adesuyi, F, et.al.,(2013) proposed a secure template protection and analyses it using
authentication for mobile banking using facial various template protection schema [30].
recognition. The number of online banking Usually, finger prints are unique for every
users rapidly increased in Nigeria and this human being means there will not be two
made the researchers find some convenient people finger print identical. But researchers at
and secure method for customers to do New York University, Tandon School of
banking transactions remotely, keeping this Engineering found that there is a partial
aspect in mind they proposed new similarity between finger print two persons if
authentication method. The proposed system is that is used in Mobile or other electronic
expected to provide the higher level of device for the security or authentication
authentication, which is multifactor purposes is more vulnerable to security threats
authorization and makes the system vulnerable [31].
to attacks bare minimum [25]. Kumar, D., &
3. Location Authentication:
Ryu, Y. (2009) surveyed biometric payment
system used for various kinds of payment Location authentication is used in mobile users
systems, in contrast to username and password to retrieve user's current location and further
no need of remembering anything. They also process that data to acquire more information
suggest in their study that when more and near to their current location and to
more customer uses the biometric system, cost authenticate against individual's claimed
of biometric reader will decrease and even identity. In order to know the current location
small business firms also can use biometric of the users GPS and GPRS used in phone and
systems [26]. web services respectively [32]. Location based
Yoo, J. H. et.al., (2007, December) describe authentication is the special procedure to prove
the design of the embedded biometric system individual person’s identity or authenticity on
that authenticates the person by using face- emergence by identifying or detecting its
fingerprint or iris-fingerprint multimodal presence at a separate locations. In order to
biometrics technology which is a new system accomplish location authentication some
compared to existing embedded system that prerequisites components are essential; (i) The
time. The existing embedded system had persons whom want to identified and
authenticated should present some symbol or maps or any other location identification
icon of identity, (ii) The person needed to software.
identified should carry at least one human The proximities or coverage of location
authentication factor that should be able to identification is based on technology used for
recognize from any location, (iii) The distinct identification purpose if GPS is used it will be
location must be already known or identified having more coverage or identification
location. capacity compare to iBeacon. The application
of location authentication or identification is
Proximity Component extended to different applications like grant
(Near to Door, Entering, access to the particular nearby location by
and Leaving) detecting the person at an entrance or at door.
The system must have the capacity to
discriminate between person entering and
leaving. SolidPass security token combines the
feature of location authentication along with
Authentication Factor two-factor authentication for the purpose of
Component high-security solutions. In GPS-enabled
(Eye recognition, Finger mobile devices where there is a continuous
Print, Face recognition, track of locations. Location authentication
OTP) adds an extra feature for security as "Where
you Are", for the already existing features like
"What you Know", "What you Are", "What
You Have".
Global Positioning System (GPS) is presently
Location Awareness used in all most all smart phones for the
Component purpose of entertainment and sports and
(Google map) games. However, in future, we can witness
GPS system used for security problems that
Figure 1: Primary Components of Location are encountered in an online transaction like
Authentication internet banking or mobile banking [33-35].
As shown in Figure 1, primary components of With the explosive growth of smart phones
Location Authentication are Proximity based payment system location based
component, Authentication Factor authentication technique can be used as key
Components and Known Location authentication technique along with
Components. Proximity Component is used to multifactor authentication, relating user
identify the person when person comes to location with transactions in order to
proximity of certain area or location. This successively reduce fraud. Location
includes person comes to near the door, information can be successively correlated
leaving a room and entering room etc. If with credit card transaction in order to enhance
iBeacon is used then proximity component security.
coverage is very limited say 100 meters or 200
4. Enhanced Mobile Banking Services:
meters. On the other hand if GPS is used
proximity component coverage will be very With the aid of One Time password, Location
wide. Authentication Factor Components is authentication, Global Positioning System and
used to identify the user or person using some other advanced technology, banks can
human authentication factors. Human make some innovation and customization in
authentication factors include any one factor mobile banking services [6]. These services
like facial recognition, iris recognition, face can be accessible for users as omnipresent.
recognition and OTP etc. Location Awareness Location based ID is the main component of
Components is used to know the distinct location based authentication, which is
location, which must be already known or responsible for storing user location and
identified location with the help of Google authorization policies or regulations. As shown
in figure-2, in Enhanced Mobile Banking
Services, we discuss mainly six attributes as paper, we discuss a new approach to process
Digital Deposit, Mini loan services, Advanced Mini Loan services. The different steps are;
ATM Security, Advanced Bill Payment, Credit (1) The customer has to first fill the personal
Card Security and Auxiliary Services. details like salary details expenditure and some
other details other than the details provided at
the time of opening an account. Loan details
Digital Mini Loan also provide to the bank.
Deposit Services (2) By verifying the customer details, the bank
should provide details of different document
required for availing the loan services through
an email.
Enhanced Mobile (3) One or two level of Electronic meeting will
Banking Services be conducted between the user and bank
representative.
(4) A copy of the document is submitted to the
bank through email.
Advanced Credit (5) By verifying all the documents a message
ATM Card is delivered to customer from the bank stating
Security Security
that whether the loan can be sectioned or not.
(6) Bank Persons will do the inspection of
sight if required
Advanced
Advanced (6) Customer will submit original document
ATM
DigitalSecurity
Deposit: ATM are to the bank.
The rapid growth of internet, wireless and
Security (7) After final document verification loan is
mobile communication technologies made sectioned.
depositing a cheque very simple compared to Here we can effectively use Location
hassle task2:
Figure ofEnhanced
waiting in aMobile
long queue in order
Banking information before providing the loan. If the
to deposit a cheque. In digital deposit, user can customers are only within the particular
Services
deposit a cheque through online by sending the geometric circle loan is provided or they
image of a cheque to the bank through their should have very good financial status. The
mobile phone. The image is scanned copy or user Location histories of three months are
photo of two sides of the cheque previously analyzed before sectioning loan.
taken through the mobile camera or any other Advanced ATM Security:
digital image capturing method. Here user Security of the ATM machine is the biggest
location information is captured through challenge for the bank to in order to
iBeacon or GPS and which acts one more accomplish a smooth and safe transaction of
added level of security. If the parameters are in its customers. Every ATM machine will be
variance from normal practice a secret having iBeacon or in the bank if its bank is
question answer is validated before further nearby. When the user comes near to the door
processing transaction request. of ATM machine, iBeacon recognizes and a
Mini Loan Services: message is sent to the respective bank, where
Usually, almost all banks find some customers having his/her account. After
constraints to provide Loan services through matching the details bank will send a request
online or through mobile banking. A loan to user mobile to enter secret question answer
requires several documents and which should that customer only knows. Here iBeacon will
be verified and processed carefully before extract customer location information and
sectioning loan to a customer. The bank should basic account details to know the identity of
study the customer income and also should the user. Account Number is passed to the
check the repayment capacity. In order do all respective bank as a parameter and response
these things; there is a need for multiple will be requested to enter the answer for the
sittings or conversations between Bank secret question.
representative person and customer. In this Advanced Bill Payment:
Initially, user's credit or debit card details are Existing Smart phone and GPS
stored in mobile. If users are having multiple technologies can be affectively used
cards, then all card details are stored in the for location information and
mobile or mobile app. Out of Multiple cards, authentication and user does not have
one card is selected by the user in their mobile to use some specific or extra devices
phone. This information is given to mobile and or hardware.
in-store reader of the mobile reads these Digital images of the cheque and bill
details. These details are encrypted and stored act as a proof for the transactions.
in mobile. The location information of the user Automatic bill payment through
is extracted through iBeacon or GPS and mobile phone avoids waiting in a
secret answer or OTP is entered by the user, queue.
which is verified and finally, the transaction is The use of existing technologies in
completed. smart phone avoids additional
Credit Card Security: hardware cost.
When credit card or debit card is read by the The customer can find eligibility for
scanner or reader of the retailer or seller, there mini loan and loan request is
are more chances of security loopholes like processed online saves customer
extracting or hacking the password and valuable time.
misusing it for different purposes. In this With the help of Auxiliary service, the
paper, a new approach is explained for reading smart phone acts as multipurpose
the credit card information. Through mobile gadgets for all electronic payment,
payment apps specified amount of money is which act as add-on services other
transferred from user account to seller's than mobile banking services.
account. Here also location information of the The security of the ATM can be
user can use as an added security for the effectively enhanced with the help of
transactions. Advanced ATM security of enhanced
Auxiliary Services: mobile banking services.
The mobile phone can be used for multiple
Credit Card can be secured from
auxiliary purposes like mobile recharge, D2H
unauthorized access, cloning and
recharge or for paying grocery and vegetable
password hacking with the help of
or for any other shopping purposes. Before
location information and
authenticating the transaction Location
authentication.
information of the user are extracted and used
All bills can be paid through the
as an added level of authentication.
finger-tip ubiquitously without any
5. Analysis of Enhanced Mobile Banking constraint of time, place and location.
Services using location Authentication: The Advanced security improves user
Enhanced Mobile Banking Services, which trust over ATM machines or ATM
includes different attributes as Digital Deposit, transactions.
Mini loan services, Advanced ATM Security, Benefits:
Advanced Bill Payment, Credit Card Security Expansion Smart phone banking
and Auxiliary Services is analyzed using its services in all areas globally.
advantages, Benefits constraints, and The number of users and usage of
disadvantages [36-46]. mobile banking can be improved due
Advantages: to ubiquitous services, higher security,
All the services are authenticated with innovative services and user
the help of location information which friendliness.
acts as added security for already The ability to take advantage of new
existing security technologies. technologies like iBeacon, GPS, and
Location authentication can be easily smart phone through the digital
flexible and integrated to any other deposit and mini loan services.
type of security solutions. Improves and enhances reputation or
name and fame of the banking
[22] Delac, K., & Grgic, M. (2004, June). A Authentication Systems. IEEE Transactions
survey of biometric recognition methods. In on Information Forensics and Security; 1 DOI:
Electronics in Marine, 2004. Proceedings 10.1109/TIFS.2017.2691658.
Elmar 2004. 46th International Symposium
[32] YounSun Gho, L. Bao, M.T. Goodrich,
(pp. 184-193). IEEE.
"LAAC: A Location-Aware Access Control
[23] Seo, H., Kim, E., & Kim, H. K. (2012). A Protocol", Mobiquitous, Third Annual
novel biometric identification based on a users International Conference on Mobile and
input pattern analysis for intelligent mobile Ubiquitous Systems, Networking, and Services,
devices. International Journal of Advanced pp.1-7, 2006.
Robotic Systems, 9, 1-10.
[33] Zhang, F., Kondoro, A., & Muftic, S.
[24] De Marsico, M., Galdi, C., Nappi, M., & (2012, June). Location-based authentication
Riccio, D. (2014). FIRME: face and iris and authorization using smart phones. In
recognition for mobile engagement. Image and Trust, Security and Privacy in Computing and
Vision Computing, 32(12), 1161-1172. Communications (TrustCom), 2012 IEEE 11th
International Conference on (pp. 1285-1292).
[25] Adesuyi, F. A., Oluwafemi, O., Oludare,
IEEE.
A. I., Victor, A. N., & Rick, A. V. (2013).
Secure Authentication for Mobile Banking [34] M. Balakrishnan, I. Mohomed, and V.
Using Facial Recognition. Ramasubramanian(2009), “Where’s that
phone?: geolocating IP addresses on 3G
[26] Kumar, D., & Ryu, Y. (2009). A brief
networks,” in Proceedings of the 9th ACM
introduction of biometrics and fingerprint
SIGCOMM conference on Internet
payment technology. International Journal of
measurement conference. ACM, 2009, pp.
advanced science and Technology, 4, 25-38.
294–300.
[27] Yoo, J. H., Ko, J. G., Chung, Y. S., Jung,
[35] Anon, IP Address Geolocation to Identify
S. U., Kim, K. H., Moon, K. Y., & Chung, K.
Website Visitor’s Geographical Location.
(2007, December). Design of embedded
Available at: http://www.ip2location.com/
multimodal biometric systems. In Signal-
[Accessed April 29, 2017].
Image Technologies and Internet-Based
System, 2007. SITIS'07. Third International [36] Aithal, P. S., Shailashree V. T & Suresh
IEEE Conference on (pp. 1058-1062). IEEE. Kumar P. M., (2016). Analysis of ABC Model
of Annual Research Productivity using ABCD
[28] Xi, K., & Hu, J. (2009, June). Biometric
Framework. International Journal of Current
mobile template protection: a composite
Research and Modern Education (IJCRME),
feature based fingerprint fuzzy vault. In 2009
1(1), 846-858. DOI :
IEEE International Conference on
http://doi.org/10.5281/zenodo.62022.
Communications (pp. 1-5). IEEE.
[37] Aithal P. S. & P.M. Suresh Kumar,
[29] Tao, Q., & Veldhuis, R. N. (2006, July).
(2016). Opportunities and Challenges for
Biometric authentication for a mobile personal
Private Universities in India. International
device. In Mobile and Ubiquitous Systems-
Journal of Management, IT and Engineering
Workshops, 2006. 3rd Annual International
(IJMIE), 6(1), 88-113.
Conference on (pp. 1-3). IEEE.
[38] Sridhar Acharya P. And Aithal P. S.,
[30] Thirumathyam, R., & Derawi, M. O.
(2016). Concepts of Ideal Electric Energy
(2010, May). Biometric template data
System FOR production, distribution and
protection in mobile device environment using
utilization. International Journal of
XML-database. In Security and
Management, IT and Engineering (IJMIE),
Communication Networks (IWSCN), 2010
6(1), 367-379.
2nd International Workshop on (pp. 1-7).
IEEE. [39] Padmanabha Shenoy, and Aithal P. S.,
(2016). A Study on History of Paper and
[31]Aditi Roy, Nasir Memon, Arun Ross.
possible Paper Free World. International
MasterPrint (2017): Exploring the
Journal of Management, IT and Engineering
Vulnerability of Partial Fingerprint-based
(IJMIE), 6(1), 337-355.
K. Krishna Prasad et al, (2017); www.srinivaspublication.com PAGE 57
International Journal of Management, Technology, and Social SRINIVAS
Sciences (IJMTS), ISSN : 24XX-XXXX, Vol. X, No. X, 2017 PUBLICATION