Information and communication technology has altered businesses’ operations, with a host of established and new banks launching online banking products and services. Banks encourage their customers to use online banking facilities because these facilities reduce transaction costs, improve customer retention, increase the customer share of wallet, and enhance customer services. Many customers also prefer Internet banking channels because of their convenience and the freedom they offer. Although Internet banking offers substantial benefits and opportunities, it does involve security risks associated with sensitive transactions and accessing critical information over public networks. To secure Internet banking activities and maintain the trust and confidence of customers, numerous banks have adopted technical countermeasures, such as two-factor or multi-factor authentication, to prevent cyberattacks, online fraud, and unauthorized access to bank accounts. However, the use of two-factor authentication is inadequate for protecting customers’ accounts against takeover by cyber criminals. Multi-factor authentication services along with related security techniques lead to two considerable barriers: (1) the high cost of deployment and maintenance and (2) the complex integration between authentication processes and online banking systems. This paper presents an alternative model for the authentication of online banking customers and transactions through use of a hash-based multi-server authentication scheme in conjunction with a smart card. The proposed system provides strong security features and low maintenance costs for financial institutions’ Internet banking platforms. The proposed mechanism can be associated with a customized interface and thus easily integrated into existing banking systems for use in Internet banking applications.

信息和通信技术改变了企业的运营，许多成熟的和新的银行推出了在线银行产品和服务。银行鼓励客户使用在线银行服务，因为这些服务可降低交易成本，提高客户保留率，增加钱包用户份额并增强客户服务。由于其便利性和提供的自由度，许多客户也更喜欢Internet银行渠道。尽管互联网银行业务提供了巨大的利益和机会，但确实存在与敏感交易和通过公共网络访问关键信息相关的安全风险。为了确保网上银行的活动并维护客户的信任和信心，许多银行都采取了技术对策，例如两因素或多因素身份验证，以防止网络攻击，在线欺诈和未经授权的银行帐户访问。但是，使用两因素身份验证不足以保护客户的帐户免受网络犯罪分子的接管。多因素身份验证服务以及相关的安全技术导致两个相当大的障碍：（1）部署和维护的高成本；（2）身份验证流程与在线银行系统之间的复杂集成。本文提出了一种替代模型，该模型通过结合使用基于哈希的多服务器身份验证方案和智能卡来对在线银行客户和交易进行身份验证。拟议的系统为金融机构的互联网银行平台提供了强大的安全功能和较低的维护成本。