CHAPTER
ONE
INTRODUCTION
1.1 Background
to the Study
In the olden days, financial institution in Nigeria
did almost all their transactions manually, to allow customers perform their
financial transactions and other banking processes. The customers have to form
a queue which ends up consuming a lot of consumer’s time and is not always
efficient. In view of this and the fast wind of
IT sweeping through Nigeria, had lead the bank to the utilization of an
electronic device known as Automatic Teller Machine (ATM) for performing transaction
without the physical presence of a bank delegate. Automated teller machine is a mechanical device that has its roots
embedded in the accounts and records of a banking institution. It is a machine
that allows the bank customers to carry out banking transactions like deposits,
transfers, balance enquiries, mini statement, withdrawal and fast cash e.t.c. The
ATM has gained wide utilization due to the 24 hours service it provides to
customers. Khatmode R. K. et al,(2014).
Nearly
10 years since its introduction in Nigeria, the ATM has become the favored
channel of financial transaction by most Nigerians. However, the expanding and
wide acceptance of the ATM by the member of the public has led to a need to
further build and enhance the security and integrity of the system. Utilization
of ATM (Automatic Teller Machine) is helpful for monetary transaction. ATM transaction
is initiated by inserting the ATM card and typing the PIN (Personal
Identification Number) of that specific card. Despite the fact that bank allows
their customers to choose their PIN, this system is not safe to use because
anybody can access the system if they have the card and PIN number. The system looks
at the code against a stored list of approved authorized passwords and users.
PIN typically in a form of four digit combination of numbers that is entered via
the ATM panel. If the code is genuine, the system permits access at the
security level approved for the owner of the account. The strength of PIN as a
security system is weakened and the likelihood of the code leaking to other
people is high. In recent time, due to fraudsters advancements and
technological improvement it is now possible to fix ATM Card scanners in ATM
Machine to acquire encoded information from ATM Card, which is again used to create
a copy of the ATM card and to make fraudulent transactions. This is the primary
impediment of the current system. Conventional ATM systems authentication
method has some limitations. Using ATM card and password cannot;
1. Verify the client's identity exactly.
2. Protect the card user against theft.
3. It is easy for fraudsters to get the PIN and perform
fraudulent transactions.
4. Protect
customers from Vulnerabilities and the increasing wave of criminal activities
occurring at Automated Teller Machines (ATMs.)
This has called for a more secure method of
authentication at the ATM terminals. Biometrics based authentication is a
potential technique in increasing ATM security. Among all the biometrics,
fingerprint based identification is one of the most mature and proven
technique. Biometric is a Greek Words, Bio means life and metric means
measuring some objects that have life. Biometric measures both physiological
and behavioral characteristics. These characteristics are finger prints, Voice
patterns, hand measurements, irises and others (although this project will be
limited to fingerprints alone). These characteristics are used to identify an individual,
they are connected to an individual and cannot be forgotten, stolen, shared or
easily hacked like passwords.
Finger Print technology is the
initial biometric science that uses unique features of the fingerprint to
identify or verify the identity of an individual. Finger Print technology is
the most deployed technology among other biometric characteristics and it application
ranges from physical access to logical access. Each and every human have unique
characteristics and patterns. A Finger Print pattern or sample consists of
lines and spaces and these lines are referred to as Ridges while the spaces
between these ridges are called valleys. These ridges and valleys are matched
for verification and authorization. These unique finger print traits are referred
to as “minutiae” and comparisons are made on these traits. There has been a
significant surge in the use of Biometric based user authentication system in
recent years because Bio-metric authentication offers several advantages over
other authentication methods. The advantages that Biometrics presents are that
the information is unique for each individual and that:
1. It
can identify the individual in spite of variations in the time.
2. It
provides strong authentication
3. It
can be easily implemented on existing system.
4.
There are very less chances of two people having
same fingerprint.
Fingerprint is currently being used as
variables of security during voting, operation of bank account among others. It
is also used for controlling access to highly secured places like offices,
equipment rooms, control centers and so on.The proposed system will be self manipulative, simple, fast and yet much
more secure. It will provide a secure online transaction to protect the
user against ATM Card frauds.
1.2 Statement
of the Problem
The
existing system is plagued with the following problems;
1. Traditional
authentication systems cannot discriminate between an impostor who fraudulently
obtains the access privileges and the real owner.
2. Passwords and PINs can be illicitly acquired
by direct covert observation.
3. Easily guessed PIN's and passwords e.g. birthday,
1234 etc.
4. Malware
can be placed at the ATM terminal by fraudsters to capture magnetic stripe data
and PIN codes from the private memory space of transaction processing
application installed on the ATM.
1.3 Aim and Objectives of the Study
The
aim of this project is to design an ATM simulator that will combine PIN
(Personal Authentication Number) verification system with finger print
biometric system for more reliable authentication. The system is designed with
the following objectives.
1.
To explore the problem associated with
the existing password Based system and pose the possible solutions
2.
To develop a payment system simulator with secure authentication using combination
of biometric technology and Password (PIN)
3.
To implement the system with various
customer biometric and PIN data and test its functionality and robustness.
1.4 Significance of the Study
In
present age, security has become an essential and fundamental tool of every
organization. If we talk about money it comes with great importance. In the
banking system, it is also a very confidential issue. The principle motivation
behind ATM machine is to safeguard cash and ensure easy and fast accessibility
to cash. But as of late a few security issues have emerge concerning the ATM. The
significance of this project is the huge benefit it is going to be to the bank
worker, the bank management and the customer at large. For the bank management it will reduce the huge
amount of cash lost to ATM fraud every year. The time spent by bank workers to
resolve cases of ATM fraud too will be reduced thus affording them time for
more pressing issues. Most bank provide the single (PIN) password
authentication to their customers for ATM transactions but now a days it is no
longer enough to guide the data and proof
the identity of the customer. It is so easy for fraudsters to obtain the PIN
and perform fraudulent operation on ATM. To guide against this type of frauds
bank can utilize dual user verification system so that banking operations
becomes more secure.
Furthermore, there is a sense of
mistrust with PINs and Bank customers may feel that it is unsafe because they
are worried that in the event that they lose their card that someone may find
it and some way or the other is able to determine their PIN and steal their
money from the ATM. In other to eliminate this threat, this project will focus
on a consolidated strategy i.e. costumers insert their card & PIN, if
costumers insert valid PIN then access is grant to another security approved
process i.e. biometric fingerprint. Utilizing legitimate PIN & biometric
fingerprint costumer can perform ATM transaction process i.e. deposits,
transfers, balance enquiries, mini statement, Fast cash & withdrawal etc.
By using fingerprint recognition combined with the old PIN method, customers
are more comfortable with the idea of saving their money with the bank because they
understand that if they lose their ATM card, no one can replicate their
fingerprint and take their money. In banking system Biometrics holds the guarantee
of quick, easy to utilize, precise, reliable, and less expensive authentication.
1.5
Scope
of the Study
The
scope of this project describe the simulation of an automated teller machine
with the capability of the combination of both biometric (fingerprint) and
password (PIN) based authentication with a view to provide a more secure Online
banking transaction on ATM: Only banking system is captured. The biometric
authentication system will consists of five main components. These are: sensor,
feature extractor, fingerprint/template database, and matcher and decision
module.
1.6 Limitations
of the Study
Benefits and Limitations are two
side of one coin. Biometric ATM is useful for every aspect, but its limitations
are given below:-
§ It
depends on user acceptability.
§ Obtaining
a clean image upon which to perform matching may be difficult due to Fingerprint
worn out or cut due to hard labor work or age.
§ The
requirement of biometric devices in ATM Machines will improve the cost of ATM
Machine.
§ Since
the simulated system will be design using Visual Basic.Net, it won’t be able to
run on any other operating system beside Microsoft window operating system.
§ Due
to the two step authentication process, the time it takes to perform a
transaction will be increased.
§ Distinctiveness.: while a biometric
trait is expected to vary significantly across individuals, there may be large
inter-class similarities in the feature sets used to represent these traits.
1.7
Definition Of Terms
1.
Biometric
Biometric
is the science and technology of measuring and statistically analyzing
biological data
2.
Simulation
Simulation
is the imitation of the operation of real world process or system over time
3.
ATM
Automated
Teller Machine is an electronic banking outlet which allows customers of
various banking institutions complete basic transaction without the aid of a
bank representative, teller or without being physically present at the bank.
4.
PIN
Personal
Identification Number(PIN) a secret numeric password shared between a
user and the system, that can authenticate the user to the system.
5.
Authentication
This
is the process of identifying an individual usually based on a username and
password with the aim of granting access to a system
6.
Verification
Verification
is the process of determining whether an individual is who he/she claims to be
7.
Debit
This
refers to the money paid out of a customer’s bank account. It is an entry
recorded on the left side of a ledger.
8.
9.
Credit
This
refers to the money paid into a customers bank account, it is an entry recorded
on the right side of a ledger.
10. ATM Card
ATM
card is a small plastic card design with a magnetic strip or chip base, which
can be assign by banks to their customer to provide an authorize access to
his/her account using an electronic card payment system (i..e ATM, POS etc).
Each card contains some features like a card number which contain the bank
code, the customer name and the expiry date. It contains some security features
which normally inculcated in the chip base or magnetic strip portion. The bank code uniquely identifies the bank
within the consortium. The card number determines the account that the card can
access as the card is being linked to the customer’s account.
11. Interface
This
is a point where two system or subjects
meet and interact or communicate it can either be a GUI (Graphical User
Interface) or a CLI (Command Line Interface).
12. Client
Client
is any device or process that request for service from a server.
13. Server
Server
is any device or process that responds to request from a client.