Fraudulent Internet Banking Payments Prevention using Dynamic Key

As the Internet becoming popular, many sectors such as banking and other financial institutions are adopting e-services and improving their Internet services. However, the e-service requirements are also opening up new opportunity to commit financial fraud. Internet banking fraud is one of the most serious electronic crimes (e-crimes) and mostly committed by unauthorised users. This paper presents a new dynamic key generation scheme that facilitates a fraud prevention mechanism. In the proposed scheme, a combination of a biometric feature such as a fingerprint and smart card is used to effectively confirm the users' identity and prevents illegal attempts. It also eliminates the need for storing a long-term shared key which makes the system insecure during transactions. We show that the new scheme is secure against various kinds of attacks. Keywords: Internet Banking payment, key generation, fraud, payment systems

[1]  Khosrow Dehnad A simple way of improving the login security , 1989, Comput. Secur..

[2]  Cristian Radu Implementing Electronic Card Payment Systems , 2002 .

[3]  C. Corzo,et al.  Using Automated Banking Certificates to Detect Unauthorised Financial Transactions , 2006, Financial Cryptography.

[4]  Salvatore J. Stolfo,et al.  Distributed data mining in credit card fraud detection , 1999, IEEE Intell. Syst..

[5]  D. O'Mahony,et al.  Electronic payment systems for e-commerce , 2001 .

[6]  Claudia Löbbecke,et al.  Smart-card based electronic commerce: characteristics and roles , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[7]  Ioannis Pitas,et al.  Recent advances in biometric person authentication , 2002, 2002 IEEE International Conference on Acoustics, Speech, and Signal Processing.

[8]  Richard Schmalensee,et al.  Paying with Plastic, 2nd Edition: The Digital Revolution in Buying and Borrowing , 2005 .

[9]  Steven M. Bellovin Cryptography and the Internet , 1998, CRYPTO.

[10]  Philippe A. Janson,et al.  The State of the Art in Electronic Payment Systems , 1997, Computer.

[11]  Ee-Peng Lim,et al.  Non-repudiation in an agent-based electronic commerce system , 1999, Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99.

[12]  Joos Vandewalle,et al.  On the Security of Today's Online Electronic Banking Systems , 2002, Comput. Secur..

[13]  Hugo Krawczyk,et al.  The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.

[14]  Ralf Hauser,et al.  Micro-Payments based on iKP , 1996 .

[15]  Yiling Wang,et al.  Hybrid Group Key Management Scheme for Secure Wireless Multicast , 2007, 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007).

[16]  Hugo Krawczyk Blinding of Credit Card Numbers in the SET Protocol , 1999, Financial Cryptography.

[17]  Patiwat Panurach,et al.  Money in electronic commerce: digital cash, electronic fund transfer, and Ecash , 1996, CACM.

[18]  B. Clifford Neuman,et al.  NetCash: a design for practical electronic currency on the Internet , 1993, CCS '93.

[19]  Els Van Herreweghen Non-repudiation in SET: Open Issues , 2000, Financial Cryptography.

[20]  Yiling Wang,et al.  Scalable multi-subgroup key management in wireless networks , 2005 .

[21]  Bala Srinivasan,et al.  A New Group Key Management Structure for Fraudulent Internet Banking Payments Detection , 2007, ICEIS.

[22]  R. L. Brewster,et al.  The use of smart cards in personal communication systems security , 1993 .

[23]  Jon M. Peha,et al.  PayCash: a secure efficient Internet payment system , 2003, ICEC '03.

[24]  Niv Ahituv,et al.  Verifying the authentication of an information system user , 1987, Comput. Secur..

[25]  Lars Rasmusson,et al.  Simulated social control for secure Internet commerce , 1996, NSPW '96.

[26]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[27]  Paul Ashley,et al.  A comparison of SESAME and SSL for intranet and Internet security , 1998 .

[28]  Dino Pedreschi,et al.  A classification-based methodology for planning audit strategies in fraud detection , 1999, KDD '99.

[29]  Bala Srinivasan,et al.  A Limited-Used Key Generation Scheme for Internet Transactions , 2004, WISA.

[30]  Richard Schmalensee,et al.  Paying with Plastic: The Digital Revolution in Buying and Borrowing , 1999 .

[31]  M. H. Sherif,et al.  SET and SSL: electronic payments on the Internet , 1998, Proceedings Third IEEE Symposium on Computers and Communications. ISCC'98. (Cat. No.98EX166).

[32]  Rebecca N. Wright,et al.  Off-Line Generation of Limited-Use Credit Card Numbers , 2001, Financial Cryptography.