DESIGN OF TWO-FACTOR AUTHENTICATION (PIN AND SMS PASSWORD) FOR AN AUTOMATED TELLER MACHINE (ATM)

DESIGN OF TWO-FACTOR AUTHENTICATION (PIN AND SMS PASSWORD) FOR AN AUTOMATED TELLER MACHINE (ATM)

ABSTRACT

Most ATMs employ one means of authentication (single factor authentication) by using the PIN. These kinds of ATMs are vulnerable to ATM frauds like Card Skimming: where a device placed at the slot for the ATM Card copies all the information stored in ATM cards including the PINs and then copies of the original cards will be made, afterwards money will be stolen from the accounts concerned. This work presents the design of ATM software that employs a two factor authentication method that utilises the PIN and a One Time Password (OTP) which will be sent to the client’s mobile phone through SMS. This process will be initiated by the ATM as soon as the user slots his ATM card and the system accepts it. By employing this technology, a fraudster who has access to someone’s ATM Card and PIN will still not gain access to their bank account if he has no access to the SMS containing the One Time Password. This work employed Object Oriented Analysis and Design (OOAD) as its methodology and this includes the use of the Unified Modelling Language (UML). In order to realise the system using the OOAD approach, C#, an oriented programming language was used. The result obtained at the end of this project is the prototype of ATM software that employs two factor authentication. Finally, the performance of the system while it was being tested shows that the objective of providing additional security using two factor authentication was achieved to a large extent.

CHAPTER ONE

INTRODUCTION

1.1 Background to the Study

Brief History of the ATM

The concept of self-service in retail banking has evolved through various stages. These stages include cash machines developed in the early 1960s through independent and simultaneous efforts of engineers in Britain, Sweden and Japan. The first of such commercial cash machines was put into use in the UK on the 27th of June 1967 by the Barclays Bank. These and other developments (which were championed by efforts in Asia, Europe and America) gave rise to the automated (automatic) teller machine (ATM). The first modern ATM came into use in December 1972 and was designed by IBM for Lloyd Banks. The machine was called the IBM 2984 and popularly known as the CIT: Cash Issuing Terminal. The CIT was considered the first true cash point and is similar to what we have nowadays [1]. The ATM is a networked computer terminal that provides Bank clients with access to financial transactions from a public space without the need for one to visit the bank branch.