Documente Academic
Documente Profesional
Documente Cultură
Sivakumar M
Research Scholar, Anna University of Technology, India
E-mail: sivala@gmail.com
Arthanariee A. M
Dean, Department of Science and Humanities Nehru Institute of Technology
Kaliyapalayam, Coimbatore – 105, India
E-mail: arthanarimsvc@gmail.com
Abstract
The new virtual ATM simulator developed with a new design interface for banking
services is presented with increased security in mind. The menu structure is changed based
on the amount of money involved in a transaction and level of security needed. Human
behavioral psychology is considered as major factor and human computer interaction
principles are applied in design and used as security parameters. A group of 120 members
are involved in evaluating this virtual design experiment for this simulator. The
experimental results are furnished here for review and it proves to provide increased
security from the ATM machines used today. We use mainly two kinds of parameters,
static and dynamic, for evaluations of security on banking transactions systems.
Figure 2: Screen shots of Simulator system offers image to select for memory
you are travelling and therefore the transaction will be denied without any reason for current user.
However, a log will be added against your account. Today, most of the users have a mobile phone. For
increased transaction value, increased security check can be performed by verifying the mobile phone
location with the help of Mobile service provider’s real-time data and ATM’s locality. If the data is
unavailable, identify the last connected locality of the customer and compute the geographical transfer
feasibility. Fig. 3 represents this security check by identifying the physical location of the user’s
mobile.
Validate IP
address of user
Network
Client System
Bank Compute r
If any online transaction request comes outside the declared area that transaction is denied. Let
us consider that a user is in India but a transaction request originates from Korea, the request is failed.
Following are simple raw steps used in our simulator to collect data about unknown ip address.
• step1: open command prompt
• step2: type tracert (trace root) domain name (companyname.com)
• step3: the people who visited , the ip's would be listed
• step4: open http://www.ip-adress.com/ip_tracer/72.14.198.233
• step5: type the ip's found out and the details regarding location of the ip, service provider
would be listed
where dsthost is the host, dstport is the port number of the destination system, and waitstr is a string to
wait from the remote system. If you decide to connect to your own mailserver, connect to it first using
telnet and see which SMTP greeting string it prints out upon connection, and use this string as waitstr.
3. Conceptual Architecture
This simulator system will assume that customers are in contact with banking system through mobile,
online, and ATM system. All the existing features are supported as it is with additional level of
security and will be designed for the customer to utilize for their safety. This system model is an
abstraction of well-known branchless banking implementations. The security feature for enhancing the
ATM was designed using the loosely coupled model of client server approach. There will be a link
between the customer’s identification information, customer’s accounts and records in the bank. Huge
importance is given in collecting log on activities related to bank account and its transactions time.
Behavioral aspect of human-computer interaction is kept in mind for this design. This simulator
designed to deliver banking services and products over electronic and communication networks
directly to customers. It is the automated towards Designing with help of static and dynamic biometric
Measure of customers as input for enhancing ATM Security.
Figure 6: Conceptual architecture diagram banking application server with security features
Height
DNA
Iris
Finger Print
Weight
Palm print
Foot
bottom Signature
scan Active database
Voice
Reg.
Face I mage
Proce s s ing
Teeth
Man/women
Texture
Last
Punch bag transaction
amount
This simulator based electronic banking system serves customer’s demand anytime anywhere.
It solves increasingly complex back-office integration challenges. Simulator has features like access to
banking accounts, review most recent transactions, request a current statement, fund transfer, view
current bank rates, and other product information. There are three different kinds of client systems that
will interact with this banking system namely ATM, Online banking, and Mobile banking. The
deployment of banking services and products over electronic and communication networks directly to
customers.
It is the automated delivery of new enhanced traditional banking services directly to customers
through electronic, interactive communication channels with high level of security layer. This network
is very carefully monitored with firewalls. There are multiple application servers available with similar
capacity to support load balance and failover capabilities. There are 26 different types of parameters
that are considered for this experiment. Most of them have working prototype attached to server and
some are dummy response planned to users. Application servers are connected to active banking
database and are connected to secondary databases for multiple replicas. This simulator has additional
transaction database servers that will be connected to active transaction database and linked with
secondary application servers.
Static layer verifies physical constant parameters and dynamic security layer verifies
parameters based on mental response rather than physical response. This simulator is offering
customers to ask or form their own questions and responses to make more convenient to users.
Response time is kept in transaction database to calculate user thinking time.
1. What is your place of birth?
2. Your place of birth starts with which letter?
3. What is your birth year
4. What is your birth Month?
5. What is your birth day?
6. What is your birth day of week?
7. What is your first telephone vendor name?
8. What is last 3 digits of your home phone number?
9. What is first 3 digits of your mobile phone number?
10. What is your first employee number 4 digits?
11. What is your height?
12. What is your weight?
13. what is your First name last 3 letters?
14. What is your Address pincode?
15. How many zero is on your Phone Number?
16. Is Date of Birth year leap year?
17. Is your Place of Birth is urban or rural?
18. What is your Mother's Maiden Name first letter?
19. Last 2 digits of Social Security Number?
20. what is mid 4 digit of Bank Account Number?
21. What is first 4 digit of your Credit Card Number?
22. What is your Place of Employment?
23. who is your first Employer?
24. Have you been to doctor for checkup in last 30 days?
25. Does your Anniversary Date falls on Sunday?
Punching bag or electronic punch observer will be placed as part of the ATM to understand the
punching power of individual. At any point of time, the range will varies but the difference between
max will not vary. Let us take a person capable of punching 20Kg can’t punch for 70Kg range.
ATM machine will ask user to tread letters EEEEEE it will enable scanner to scan user teeth
structure to evaluate [4]. Dental biometrics about teeth, including tooth contours, relative positions of
neighboring teeth, and shapes of the dental work (e.g., crowns, fillings, and bridges) are checked. The
Enhanced Banking Framework for Improved Transaction Security 444
proposed system has two main stages: feature extraction and matching. The feature extraction stage
uses linear filter to enhance the images and knowledge based method to segment the dental work and
store the features in the database for identification. The matching stage has three sequential steps:
tooth-level matching, computation of image distances, and subject identification.
The picture scanner is placed at the bottom of the ATM man foot holder. The moment man is
on, scan will be performed and image will be sent for processing. Side scanners will identify the heal
size of the shoe [3]. Full shoe print recognition system based on the DCT (Discrete Cosine Transform)
components analysis in FLD (Fisher Linear Discriminant) with PCA (Principal Component Analysis)
and partial shoe print recognition using overlapping block method. The input image is divided into
several horizontal and vertical blocks, with each block sizing 8x8. So, in this case, N is typically 8 and
the DCT is applied to each row and column of the block. The result is an 8 × 8 transform coefficient
array in which the (0,0) element (top-left) is the DC (zero-frequency) component and entries with
increasing vertical and horizontal index values represent higher vertical and horizontal spatial
frequencies. With reference to [18], the DCT coefficients are reordered by the zigzag scan. This scan
method reorders all the DCT coefficients from low frequency to high frequency. For most images, it is
equivalent to sorting according to importance, since the perturbation in the low frequency components
is generally more perceivable to human eyes than high frequency components. Zigzag scanning
process is performed on DCT coefficients. After zigzag scanning, (1x64) vector is produced. This
vector contains coefficients of DCT block from low frequency to high frequency. Low-pass, Band-
pass, High pass filters are applied to this vector for constructing a feature vector about whole spectrum
range of the sub block. After this, FLD and PCA are performed on the DCT coefficients.
To identify more than one person present in Sensitive Area Monitoring at ATMs, this simulator
restricts during normal behavior only one person should be available within sensitive area. Sensitive
area picture will be scanned constantly for more than one human presence. If there is more than one
person present, message will be given to user to contact their bank. In ATM, kids tend to stand next to
their parents but still it will take their concentration away. So, we recommend during the transaction
only one person must be present to interact with the ATM machine.
DNA kind of verification is not possible for all customers and all transactions but if a customer
is doing heavy and very high value transaction like 1000 million to one of his generation as part of his
will. This transaction may be executed after the triggering person life time. That time bank will charge
more for this kind of transactions and bank need to develop this kind of system to ensure transaction is
authorized to right person.
445 Sivakumar M and Arthanariee A. M
Person A
Person B Person C
Person D
Person A
Person A
or safe transactions like paying school fee, utility bills are given lower verifications because it is easy
to back track.
Figure 9: Over all static & dynamic layer security for banking Process
Security check is not done at a stage; this system is a continual security system, which always
monitors the person through complete process. Default layer is always active, collects data without any
input from user and the moment interaction is started with the machine. Static layers are more focused
on during logon time to ensure authentication but dynamic layer is always very dynamic and utility
logic is used based on value of transaction
the transaction failure sends notification to the customer through a mobile phone call or message alerts,
email alerts, and postal mail alerts on the level and value of transaction attempted. Participants found
this back-track system function and the indication of total number of security check with current
system step useful. Compared to high net-worth customer groups, the customers transacting lower
values feel bit hard for evaluation on Security check points. These groups are illiterate or semi-illiterate
people. Moderate value customers are more satisfied on level of security and they found tough on
clearing checkpoints on new operation practices. However, most participants can operate the new
framework much better than the tested existing system. The higher value rated customer groups have a
high level of effectiveness, efficiency, and satisfaction, because most of them are literate and often use
the ATM and Internet banking system.
This study was tested in a laboratory environment because security of the banking system,
participants. In addition, a previous comparison between laboratory and field testing reported similar
trends between the two environments. Testing in the laboratory environment is also more convenient
for participants without having to worry about time limitation. The results were used to develop the
new framework, and were obtained as follows:
1) Participants: A total of 120 participants were divided into three groups based upon their rated
value on bank account and assets. The participants can be also categorized by age in the
following ranges: 16 – 25, 26 – 35, 35-55, and >55 years old, respectively.
2) Questionnaire: HCI principles were used to guide the questionnaire design. A total of 30
questions were created. The first part focused on the user’s background, including gender, age
range, and occupation, whilst the second part enquired about aspects of the user’s satisfaction
with the ATM and Internet banking system framework design.
3) Procedure: Each participant randomly chose one of the seven security Check points and then
performed the task on the simulator. If they could not finish the check on the first time, they
must continuously perform it until the check is completed. Finally, the participant completes
the questionnaire.
questioner recorded for future security checkpoint on ATM also with its authorized online services.
Now a potential client, who we can build new banking management systems controlling the transaction
based on security check points and value of transactions.
The table shows simple feature comparison with existing and proposed banking system based
on transaction based high level of security feature. It gives confidence to the user in this complex day
to day growing technological growth environment. Novel part is ATM card will become optional over
period.
Figure 13: Success and Failure rate with correspondence to customer age
100%
80%
60%
Failure rate
Success rate
40%
20%
0%
<25 <35 <45 <50 <60 >60
30
25
20
15
6. Conclusions
Existent security internals used for authentication and authorization is not comprehensive
countermeasures for current technological advancements. So, a secure and safe online financial
transaction service is a necessity and a multi factor authentication is required to use competitive
advantage.
We proposed a new framework for ATM Banking System, based upon the multi security layer
check models for ATM machines and additional check on internet banking transactions. The new
system improves the effectiveness, efficiency and satisfaction of usability. Overall, no preference for
the existing interface over the new one was made. This research can be useful for designers of ATM
banking system and improve exiting internet banking transactions. Static parameters check the identity
of individual and dynamic/interactive parameters controls the transactions. Based on simulator ATM
designer can design ATM without ATM card. Security level increase with respect to transaction value.
Multilayer security methods are well received by high net-worth individual and literate mass. Security
eye is always open not just logon time using this features.
Utility Logic is playing very crucial role in selecting transaction authentication utility out of
available methods. It is based on success rate on non-interactive methods. If most of default
assessments give positive response then simple method will be selected for authentication and response
time is comparatively more than other methods are taken into consideration. It is helping banks to take
full responsibility to ensure right person is doing the transactions. A male cannot use a female owner’s
bank account to transact money. Along with physical verification mental verification like response
time is considered as major part in this proposed conceptual architecture. Some of most important
advantages to using of proposed security solution for banks are as following without ATM card, Teeth
texture, IP check, anonymous proxy check, rhythm of typing, response method, time everything getting
stored in transactions, declined transaction performer details like picture is stored for easy tracking
purpose. It will increase resource side to have additional hardware and process to manage but it will
enable to track behaviors of consumers using data warehouse and data mining. This analysis will give
guidelines to take decisions for future need of security.
The security features were enhanced largely for the stability and reliability of owner
recognition. The whole system was built on module based embedded system which makes the system
more safe, reliable, replace and easy to use.
References
[1] http://www.corpit.ru/mjt/proxycheck.html
[2] http://www.kolbitsch.org/research/technical/Introduction_to_ATM_Security.pdf
451 Sivakumar M and Arthanariee A. M
[3] S Rathinavel and S.Arumugam. Article: Full Shoe Print Recognition based on Pass Band DCT
and Partial Shoe Print Identification using Overlapped Block Method for Degraded Images.
International Journal of Computer Applications 26(8):16-21, July 2011. Published by
Foundation of Computer Science, New York, USA
[4] M.Moorthi, Dr. M.Arthanari, M.Sivakumar, The Extraction of the Tooth contour for Biometric
Identification Device, Global Journal of Computer Science and Technology, GJCST, USA,
Volume 10 Issue 5, pp. 59-62 July 2010.
[5] M.Moorthi, Dr. M.Arthanari, M.Sivakumar, Eye Detection in video images with unconstrained
background for drowsy driver detection using Histogram equalization technique, International
J. of Math. Sci. & Engg. Appls. (IJMSEA) ISSN 0973-9424, Vol. 4 No. III (August, 2010), pp.
13-19
[6] Art Conklin1, Glenn Dietrich2, Diane Walz, Password-Based Authentication: A System
Perspective Proceedings of the 37th Hawaii International Conference on System Sciences –
2004
[7] Yun Yang, JiaMi ATM terminal design is based on fingerprint recognition, 2010 2nd
International Conference on Computer Engineering and Technology Vl-95
[8] Xiao-Yuan Jing and David Zhang , ―A Face and Palmprint Recognition Approach Based on
Discriminant DCT Feature Extraction,‖ 2004, IEEE Transactions on Systems, Man, and
Cybernetics—Part B: Cybernetics, vol. 34, no. 6,December 2004
[9] Ning Ding, Yongquan Chen, Zhi Zhong and Yangsheng Xu, Energy-Based Surveillance
Systems for ATM Machines,Proceedings of the 8th World Congress on Intelligent Control and
Automation July 6-9 2010, Jinan, China
[10] BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS; www.easysol.net;
Bogotá, Colombia.
[11] AhnLab, Inc.; Online Banking: Threats and Countermeasures; Seoul, Korea, www.ahnlab.com;
June, 2010.
[12] Ibidapo, O. Akinyemi, Zaccheous O. Omogbadegun, and Olufemi M. Oyelami Towards
Designing a Biometric Measure for Enhancing ATM Security in Nigeria EBanking System
International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 10 No: 06
[13] Nagul Cooharojananone, Kamonwan Taohai, and Suphakant Phimoltares, A New Design of
ATM Interface for Banking Services in Thailand 2010 10th Annual International Symposium
on Applications and the Internet