Abstract
Information and communication technology has altered businesses’ operations, with a host of established and new banks launching online banking products and services. Banks encourage their customers to use online banking facilities because these facilities reduce transaction costs, improve customer retention, increase the customer share of wallet, and enhance customer services. Many customers also prefer Internet banking channels because of their convenience and the freedom they offer. Although Internet banking offers substantial benefits and opportunities, it does involve security risks associated with sensitive transactions and accessing critical information over public networks. To secure Internet banking activities and maintain the trust and confidence of customers, numerous banks have adopted technical countermeasures, such as two-factor or multi-factor authentication, to prevent cyberattacks, online fraud, and unauthorized access to bank accounts. However, the use of two-factor authentication is inadequate for protecting customers’ accounts against takeover by cyber criminals. Multi-factor authentication services along with related security techniques lead to two considerable barriers: (1) the high cost of deployment and maintenance and (2) the complex integration between authentication processes and online banking systems. This paper presents an alternative model for the authentication of online banking customers and transactions through use of a hash-based multi-server authentication scheme in conjunction with a smart card. The proposed system provides strong security features and low maintenance costs for financial institutions’ Internet banking platforms. The proposed mechanism can be associated with a customized interface and thus easily integrated into existing banking systems for use in Internet banking applications.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Amin A, Haq I, Nazir M (2017) Two factor authentication. Int J Comput Sci Mob Comput 6(7):5–8
Barnes R, Thomson M, Pironti A, Langley A (2015) Deprecating secure sockets layer version 3.0. https://tools.ietf.org/html/rfc7568. Accessed 29 May 2020
Barman S, Shum HPH, Chattopadhyay S, Samanta D (2019) A secure authentication protocol for multi-server-based e-healthcare using a fuzzy commitment scheme. IEEE Access https://ieeexplore.ieee.org/document/8620682. Accessed 30 Nov 2019
Burrows M, Abadi M, Needham R (1989) A logic of authentication. ACM SIGOPS Oper Syst Rev 23(5):1–13
Capital One (2018) Bank securely. https://www.capitalone.com/applications/identity-protection/commitment/. Accessed 10 June 2018
Chatterjee K, De A (2016) A novel multi-server authentication scheme for e-commerce applications using smart card. Wirel Pers Commun: Int J 91(1):293–312
Chaturvedi A, Das AK, Mishra D, Mukhopadhyay S (2016) Design of a secure smart card-based multi-server authentication scheme. J Inform Secur Appl 30(2016):64–80
Chaudhry SA (2016) A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed Tools Appl 75(20):12705–12725
Chauhan V, Choudhary V (2015) Internet banking: challenges and opportunities in Indian context. Apeejay-J Manag Sci Technol 2(3):29–40
Chavan J (2013) Internet banking-benefits and challenges in an emerging economy. Int J Res Bus Manag 1(1):19–26
D’Costa-Alphonso MM, Lane M (2010) The adoption of single sign-on and multifactor authentication in organisations: a critical evaluation using TOE framework. Issues Inform Sci Inform Technol 7:161–190
de Borde D (2012) Two-factor authentication. https://web.archive.org/web/20120112172841/http://www.insight.co.uk/files/whitepapers/Two-factor%2520authentication%2520(White%2520paper).pdf. Accessed 25 May 2018
Electronic Banking Group (EBG) of the Basel Committee on Banking Supervision (2003) management and supervision of cross-border electronic banking activities. The bank for international settlements, BIS Report. https://www.bis.org/publ/bcbs99.pdf. Accessed 12 May 2018
Electronic Frontier Foundation (EFF) (2016) How to enable two-factor authentication on bank of America. https://www.eff.org/deeplinks/2016/12/how-enable-two-factor-authentication-bank-america. Accessed 24 May 2018
Far SB, Alagheband MRS (2018) Analysis and improvement of a lightweight anonymous authentication protocol for mobile pay-TV systems. In: proceedings of the international symposium on telecommunications. https://arxiv.org/pdf/1808.09493.pdf. Accessed 29 Nov 2019
Grassi PA, Garcia ME, Fenton JL (2017) Digital identity guidelines. The national institute of standards and technology (NIST), Special Publication 800–63–3. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf. Accessed 22 Oct 2018
Haque A, Ismail AZH, Daraz AH (2009) Issues of e-banking transaction: an empirical investigation on Malaysian customers perception. J Appl Sci 9(10):1870–1879
Harris L, Spence LJ (2002) The ethics of eBanking. J Electron Commer Res 3(2):59–66
Hole KJ, Moen V, Tjostheim T (2006) Case study: online banking security. IEEE Secur Priv 4(2):14–20
Hongkong and Shanghai Banking Corporation (HSBC) (2018) online security. https://www.business.hsbc.com.tw/en-gb/tw/generic/security. Accessed 17 July 2018
Hsiang HC, Shih WK (2009) Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interface 31(6):1118–1123
Irshad A, Sher M, Alzahrani BA, Albeshri A, Chaudhry SA, Kumari S (2018) Cryptanalysis and improvement of a multi-server authentication protocol by Lu et al. KSII Trans Internet Inform Syst 12(1):523–549
Ivanović M, Vidaković M, Budimac Z, Mitrović D (2017) A scalable distributed architecture for client and server-side software agents. Vietnam J Comput Sci–Open Access J. https://doi.org/10.1007/s40595-016-0083-z
Juniper Research (2016) online payment fraud whitepaper 2016–2020. https://www.experian.com/assets/decision-analytics/white-papers/juniper-research-online-payment-fraud-wp-2016.pdf. Accessed 18 June 2018
Kumar AA, Ariharan S, Immanuvel DA (2016) Internet banking–benefits and challenges. In: proceedings of the international conference on "innovative management practices". https://ijariie.com/AdminUploadPdf/Internet_Banking__Benefits_and_Challenges_C_1138.pdf. Accessed 15 Sept 2018
Kumari S, Li X, Wu F, Das AK, Choo KK, Shen J (2017) Design of a provably secure biometrics-based multi-cloud-server authentication scheme. Future Gener Comput Syst 68(2017):320–330
Li X, Xiong Y, Ma J, Wang W (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769
Liao YP, Wang SS (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interface 31(1):24–29
Ling GM, Yeo SF, Lim KB, Tan SH (2016) Understanding customer satisfaction of Internet banking: a case study in Malacca. Procedia Econ Financ 37:80–85
MIRACL Trust (2017) Multi-Factor authentication demo for Tech City Bank (TCB). https://www.miracl.com/hubfs/Images-2017/pdf-downloads/MIRACL-Trust-TCB-demo-instructions-on-website.pdf?t=1530540920271. Accessed 10 Oct 2018
National Australia Bank (2018) Internet banking. https://www.nab.com.au/personal/banking/nab-internet-banking. Accessed 31 July 2018
National Institute of Standards and Technology (NIST) (2017) NIST Special Publication 800–63B (Digital identity guidelines: authentication and lifecycle management). https://pages.nist.gov/800-63-3/sp800-63b.html. Accessed 21 Aug 2018
Ng B, Lau RWH, Si A, Li FWB (2005) Multi-Server support for large scale distributed virtual environments. IEEE Trans Multimed 7(6):1054–1065
Ometov A, Bezzateev S, Makitalo N, Andreev S, Mikkonen T, Koucheryavy Y (2018) Multi-factor authentication: a survey. Cryptography–Open Access Journal. https://www.researchgate.net/publication/322288752_Multi-Factor_Authentication_A_Survey. Accessed 27 July 2018
PNC Financial Services Group (2018) Security & Privacy Center. https://www.pnc.com/en/security-privacy.html. Accessed 12 Oct 2018
Reddy AG, Das AK, Yoon EJ, Yoo KY (2016) An anonymous authentication with key-agreement protocol for multi-server architecture based on biometrics and smartcards. KSII Trans Internet Inform Syst 10(7):3371–3396
Salehi M, Alipour M (2010) E-banking in emerging economy: empirical evidence of Iran. Int J Econ Financ 2(1):201–209
Shunmuganathan S, Saravanan RD, Palanichamy Y (2015) Secure and efficient smart-card-based remote user authentication scheme for multiserver environment. Can J Electr Comput Eng 38(1):20–30
Sarma G, Singh PK (2010) Internet banking: risk analysis and applicability of biometric technology for authentication. Int J Pure Appl Sci Technol 1(2):67–78
SAS (2015) Online fraud: increased threats in a real-time world. https://www.sas.com/content/dam/SAS/en_us/doc/whitepaper1/online-fraud-107799.pdf. Accessed 18 Sept 2018
Schneier B (2004) Cryptanalysis of MD5 and SHA: time for a new standard. Computerworld. https://www.schneier.com/essays/archives/2004/08/cryptanalysis_of_md5.html. Accessed 1 Dec 2019
Sheikh BA, Rajmohan P (2015) Internet banking, security models and weakness. Int J Res Manag Bus Stud 2(4):17–22
Singhal D, Padhmanabhan V (2008) A study on customer perception towards Internet banking: identifying major contributing factors. J Nepal Bus Stud 1:101–111
Sood SK, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618
Srinivas V, Wadhwani R (2019) Recognizing the value of bank branches in a digital world: findings from the global digital banking survey. Deloitte insights. https://www2.deloitte.com/content/dam/insights/us/articles/4999_Global-banking-survey/DI_Bank-branches-digital-world.pdf. Accessed 2 Dec 2019
Tahat N (2014) A new signing algorithm based on elliptic curve discrete logarithms and quadratic residue problems. Ital J Pure Appl Mathem 32:125–132
Tatam R (2017) What’s the Difference between two-factor authentication and multi-factor authentication? https://www.helpsystems.com/resources/articles/whats-difference-between-two-factor-authentication-and-multi-factor. Accessed 11 May 2018
TeleSign (2018) How to turn on 2FA for chase. https://www.turnon2fa.com/tutorials/how-to-turn-on-2fa-for-chase/. Accessed 17 Aug 2018
The Committee on Payments And Market Infrastructures (CPMI) and The International Organization of Securities Commissions (IOSCO) (2016) Guidance on cyber resilience for financial market infrastructures. https://www.bis.org/cpmi/publ/d146.htm. Accessed 30 Sept 2018
The Economist (2017) Where are the flaws in two-factor authentication? https://www.economist.com/the-economist-explains/2017/09/13/where-are-the-flaws-in-two-factor-authentication. Accessed 19 Aug 2018
Tsai CH, Hung CW, Su PC (2017) Secure authentication scheme for an agricultural supply chain finance environment. Manag Rev 36(4):139–154
United Services Automobile Association (USAA) (2015) Biometric tipping point: USAA deploys face, voice recognition. https://www.americanbanker.com/news/biometric-tipping-point-usaa-deploys-face-voice-recognition. Accessed 15 Oct 2018
Wang F, Xu G, Wang C, Peng J (2019) A provably secure biometrics-based authentication scheme for multiserver environment. Security and Communication Networks–Open Access Journal. https://www.hindawi.com/journals/scn/2019/2838615/. Accessed 18 May 2020
Widup S, Spitler M, Hylender D, Bassett G (2018) 2018 Verizon data breach investigations report. https://www.documentwereld.nl/files/2018/Verizon-DBIR_2018-Main_report.pdf. Accessed 31 Oct 2018
Witman PD, Roust TL (2008) Balances and accounts of online banking users: a study of two US financial institutions. Int J Electron Financ 2(2):197–210
Zaw T, Yew R (2017) The 10th Annual verizon data breach investigations report. https://www.ictsecuritymagazine.com/wp-content/uploads/2017-Data-Breach-Investigations-Report.pdf. Accessed 21 Sept 2018
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Tsai, CH., Su, PC. The application of multi-server authentication scheme in internet banking transaction environments. Inf Syst E-Bus Manage 19, 77–105 (2021). https://doi.org/10.1007/s10257-020-00481-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10257-020-00481-5