European Journal of Scientific Research

ISSN 1450-216X Vol. 91 No 3 November, 2012, pp.437-451

© EuroJournals Publishing, Inc. 2012
http://www.europeanjournalofscientificresearch.com

Enhanced Banking Framework for Improved

Transaction Security

Sivakumar M
Research Scholar, Anna University of Technology, India
E-mail: sivala@gmail.com

Arthanariee A. M
Dean, Department of Science and Humanities Nehru Institute of Technology
Kaliyapalayam, Coimbatore – 105, India
E-mail: arthanarimsvc@gmail.com

Abstract

The new virtual ATM simulator developed with a new design interface for banking
services is presented with increased security in mind. The menu structure is changed based
on the amount of money involved in a transaction and level of security needed. Human
behavioral psychology is considered as major factor and human computer interaction
principles are applied in design and used as security parameters. A group of 120 members
are involved in evaluating this virtual design experiment for this simulator. The
experimental results are furnished here for review and it proves to provide increased
security from the ATM machines used today. We use mainly two kinds of parameters,
static and dynamic, for evaluations of security on banking transactions systems.

Keywords: Human-Computer Interaction (HCI); Automatic Teller Machine (ATM); One

Time Password (OTP), Security, ATM, Biometric, transaction security,
banking framework, social security.

1. Current ATM Banking Transaction System

Current ATM Banking System performs more validation and verification during log-on process and
not on the transaction process. An ATM has limited security authentication for customers for their
transaction with the Bank, which makes them more vulnerable to their safety and Security. Major
concerns on current ATM System are:
1. Carrying ATM card is life risk for everyone.
2. Illiterates find difficult to operate current ATMs.
3. Authentication during logon time is given importance; authentication level is not increased
based on the value of transaction.
4. Fixed method is adopted for authentication and authorization process.
5. System expects right response instead of the right person.
6. Security is not proportional to the value of transaction.
Enhanced Banking Framework for Improved Transaction Security 438

2. Proposed Newimproved Security Check Authentication System

Proposed system will increase the transaction security with increasing transaction values. This paper
sketches a theoretical explanation on how security can be increased in banking transactions thereby
allowing banks to maximize their customers and shareholder value using the ATM and internet
Banking Security Check methods and Matching Criteria given below:

2.1. ATM Security Specification

Banking networks are vulnerable to many kinds of attacks like Spoofing, Eavesdropping, Unauthorized
Access, Forgery, and Denial of Services, but very often the possibilities are underestimated. The
proposed system will reduce the possibilities of all attacks to a great extent because even though they
accept username and password, authentication can fail in this simulated system. Banking ATM
Security Specification describes four important aspect of security: confidentiality, data integrity,
accountability, and access control. In the ATM Security Framework [2] ten necessary functions, AF-
SEC-1 to AFSEC-10, are proposed:

2.2. AF-SEC-1: Verification of Identities

AF-SEC-2: Controlled Access and Authorization;
AF-SEC-3: Protection of Confidentiality;
AF-SEC-4: Protection of Data Integrity;
AF-SEC-5: Strong Accountability;
AF-SEC-6: Activity Logging;
AF-SEC-7: Alarm Reporting;
AF-SEC-8: Audit;
AF-SEC-9: Security Recovery;
AF-SEC-10: Management of Security.
In this simulated framework the focus is on AF-SEC-2, controlled access and authorization for
the customer resources.

2.3. Criteria and ComputeLevel of Security Deployed

Level of Security criteria applied is directly proportional to the value of each transaction processed. For
every increased transaction values, the level of security increases by addition of security steps. Analyze
personal identity of customer; after cleared identification checkpoint, evaluate current transaction value
with history of day/week and compute level of security needed to execute.

2.4. Personal Identification checks for Authorization

A person can walk in to the ATM with bare hands and the banking system need to check the person
and then understand who he/she is and authorize for limited amount of transaction. The methods
adopted for validating personal identity of customers include identifying the body Texture of Human as
Male/Female and face recognition with least 80 percent as acceptance criteria matched by processing
the image in camera with existing customer data [5]. Measuring the weight by installing a weighing
machine below where the person stands and height of individual by installing a sensor on top to
compare the data with history of customer. Identify boot size and texture by deploying sensor in the
bottom, compare with identified customer history. Biometric check on finger print impression of
customer [7], teeth structure and Voice recognition matching. Authentication method is not fixed and it
should be a dynamically composed sequence using random methods but recorded after completion for
statistics purpose.
439 Sivakumar M and Arthanariee A. M
Figure 1: Simulator features like palm scan, figure scan, teeth texture scan, high and weight measurement,
more than one man at secure area, punch power

2.5. Memory Checks Point for Authorization

Utilizing the last time authentication process without performing the entire effort by asking simple
memory based question to ensure that the same person performed last transaction also. The simulator
will offer random group of images in the screen to keep in server memory. User will select one of
Symbols displayed on ATM Screen, verify with the symbol selected at last transaction by user, last
transaction or two values, and authorize transaction for cleared computed level of security by the
system. Fig. 2 illustrates how the simulator offers the user to select any image to store in memory; the
same image should be selected by the user during the next log on. If the user forgets the image selected
during the last session, he/she will be directed for advanced verification methods or recommended to
perform physical verification.

Figure 2: Screen shots of Simulator system offers image to select for memory

2.6. Security Check by External Processing

Let us take scenario where you are out of your city for a business travel and someone is trying to use
your ATM card. The existing system will dispatch the money if the personal identification number is
correct, but the proposed system will check your mobile’s physical location using your mobile number
supplied to bank. If your mobile’s location does not match with your location, the ATM concludes that
Enhanced Banking Framework for Improved Transaction Security 440

you are travelling and therefore the transaction will be denied without any reason for current user.
However, a log will be added against your account. Today, most of the users have a mobile phone. For
increased transaction value, increased security check can be performed by verifying the mobile phone
location with the help of Mobile service provider’s real-time data and ATM’s locality. If the data is
unavailable, identify the last connected locality of the customer and compute the geographical transfer
feasibility. Fig. 3 represents this security check by identifying the physical location of the user’s
mobile.

Figure 3: Transaction by Mobile physical location Check

2.7. Internet Transaction Processing and Security Check

Even for online transactions, in addition to the existing OTP models for transactions, additional
security checks can be performed for increased transaction values. For example verifying the system’s
IP address with help of internet service provider’s real-time data, finding the physical location of
customer by verifying the mobile phone location with the help of Mobile service Provider real-time
data, and other security checks including typing rhythm, Memory test by dynamically changing the last
transaction symbol, Last transacted amount or both. In the proposed simulator, the users travel
behavior is also collected. Let us consider Bank collects initial samples based on a person’s nature of
job and where he will be physically present during next whole year. A customer who is in the sales
department travels mostly to cities like Chennai, Bangalore, Bombay ( % of time 30%,30%,30%) in a
year. His account physical transaction will be allowed only on the above three cities. Let us take
another executive declares to his bank that he will live most of his time in Chennai and Delhi ( 80%,
20%),.The banking system will allow his transactions only in these two cities. Transaction performed
in other places will result in increased security questions comparatively. Suppose a user plans to travel
out of the country, the user can alert the bank which in turn will enable transactions to be performed
from this country. The new system will restrict misuse of credit card from outside the country for
online transactions.
441 Sivakumar M and Arthanariee A. M
Figure 4: IP address validation for online transactions

Bank details – Have

user IP details

Validate IP
address of user
Network

Client System

Bank Compute r

If any online transaction request comes outside the declared area that transaction is denied. Let
us consider that a user is in India but a transaction request originates from Korea, the request is failed.
Following are simple raw steps used in our simulator to collect data about unknown ip address.
• step1: open command prompt
• step2: type tracert (trace root) domain name (companyname.com)
• step3: the people who visited , the ip's would be listed
• step4: open http://www.ip-adress.com/ip_tracer/72.14.198.233
• step5: type the ip's found out and the details regarding location of the ip, service provider
would be listed

Figure 5: IP address location finder

66.249.94.170 IP address location & more:

IP address : 66.249.94.170
IP country code: US
IP address country: United States
IP address state: California
IP address city: Mountain View
IP postcode: 94043
IP address latitude: 37.4192
IP address longitude: -122.0574
ISP of this IP: Google
Organization: Google
Local time in United States: 2012-10-05 09:07

2.8. Deny for all Anonymous Proxy Transcations

Based on multiple longitude and latitude data, you can find if the user is on the move or in a fixed
location. Some hacker may use some anonymous proxy to steal bank customer information. As far as
the bank is concerned every online transaction request need to be verified even it comes from an
anonymous proxy. Every banking system need to know whenever any machine runs such service or
not. The nmap tool (available at nmap.org) which is used for scanning ports on a network or a single
computer can be used to find open ports on a given network. Proxy check: Open Proxy checker utility
can be used to conduct this check, Usage is as follows. In simplest case, specify:
proxycheck -vv -ddsthost:dstport -c chat::"waitstr" list-of-IPs
Enhanced Banking Framework for Improved Transaction Security 442

where dsthost is the host, dstport is the port number of the destination system, and waitstr is a string to
wait from the remote system. If you decide to connect to your own mailserver, connect to it first using
telnet and see which SMTP greeting string it prints out upon connection, and use this string as waitstr.

2.9. Transcation Enable &Disabel State for my Account

This simulator introduces a new menu and option in the banking system which can lock and freeze
fund outgoing transactions for any fixed amount of time without bank person involvement. It gives
high level of security to limit movement of funds. Most of us will use actively during an initial 10 days
of a month for all transactions and less number of transactions during the reaming days of a month

2.10. Positive delay Time for Transcations

In general banking practice, customer will be intimated after the transaction is completed by email,
SMS, and sometimes through a phone call after the debit or credit card transaction. This simulator
introduces a positive delay time for transaction, which means that the customer will be informed before
transaction is executed like amount INR 1,00,000 will be debited your account after five hours. This
time delay can be configured by any interval by the customer. Here customers have time to respond to
bank to stop payment.

3. Conceptual Architecture
This simulator system will assume that customers are in contact with banking system through mobile,
online, and ATM system. All the existing features are supported as it is with additional level of
security and will be designed for the customer to utilize for their safety. This system model is an
abstraction of well-known branchless banking implementations. The security feature for enhancing the
ATM was designed using the loosely coupled model of client server approach. There will be a link
between the customer’s identification information, customer’s accounts and records in the bank. Huge
importance is given in collecting log on activities related to bank account and its transactions time.
Behavioral aspect of human-computer interaction is kept in mind for this design. This simulator
designed to deliver banking services and products over electronic and communication networks
directly to customers. It is the automated towards Designing with help of static and dynamic biometric
Measure of customers as input for enhancing ATM Security.

Figure 6: Conceptual architecture diagram banking application server with security features

BACKUP BANKING APPLICATION SERVER

BANKING APPLICATION SERVER

Secondary
SECURITY LAYER Transaction Transaction
security log files security log files

Height
DNA
Iris
Finger Print
Weight

Palm print
Foot
bottom Signature
scan Active database
Voice
Reg.
Face I mage
Proce s s ing
Teeth
Man/women
Texture
Last
Punch bag transaction
amount

static layer Dynamic layer

Secondary copy of bank data

443 Sivakumar M and Arthanariee A. M

This simulator based electronic banking system serves customer’s demand anytime anywhere.
It solves increasingly complex back-office integration challenges. Simulator has features like access to
banking accounts, review most recent transactions, request a current statement, fund transfer, view
current bank rates, and other product information. There are three different kinds of client systems that
will interact with this banking system namely ATM, Online banking, and Mobile banking. The
deployment of banking services and products over electronic and communication networks directly to
customers.
It is the automated delivery of new enhanced traditional banking services directly to customers
through electronic, interactive communication channels with high level of security layer. This network
is very carefully monitored with firewalls. There are multiple application servers available with similar
capacity to support load balance and failover capabilities. There are 26 different types of parameters
that are considered for this experiment. Most of them have working prototype attached to server and
some are dummy response planned to users. Application servers are connected to active banking
database and are connected to secondary databases for multiple replicas. This simulator has additional
transaction database servers that will be connected to active transaction database and linked with
secondary application servers.
Static layer verifies physical constant parameters and dynamic security layer verifies
parameters based on mental response rather than physical response. This simulator is offering
customers to ask or form their own questions and responses to make more convenient to users.
Response time is kept in transaction database to calculate user thinking time.
1. What is your place of birth?
2. Your place of birth starts with which letter?
3. What is your birth year
4. What is your birth Month?
5. What is your birth day?
6. What is your birth day of week?
7. What is your first telephone vendor name?
8. What is last 3 digits of your home phone number?
9. What is first 3 digits of your mobile phone number?
10. What is your first employee number 4 digits?
11. What is your height?
12. What is your weight?
13. what is your First name last 3 letters?
14. What is your Address pincode?
15. How many zero is on your Phone Number?
16. Is Date of Birth year leap year?
17. Is your Place of Birth is urban or rural?
18. What is your Mother's Maiden Name first letter?
19. Last 2 digits of Social Security Number?
20. what is mid 4 digit of Bank Account Number?
21. What is first 4 digit of your Credit Card Number?
22. What is your Place of Employment?
23. who is your first Employer?
24. Have you been to doctor for checkup in last 30 days?
25. Does your Anniversary Date falls on Sunday?
Punching bag or electronic punch observer will be placed as part of the ATM to understand the
punching power of individual. At any point of time, the range will varies but the difference between
max will not vary. Let us take a person capable of punching 20Kg can’t punch for 70Kg range.
ATM machine will ask user to tread letters EEEEEE it will enable scanner to scan user teeth
structure to evaluate [4]. Dental biometrics about teeth, including tooth contours, relative positions of
neighboring teeth, and shapes of the dental work (e.g., crowns, fillings, and bridges) are checked. The
Enhanced Banking Framework for Improved Transaction Security 444

proposed system has two main stages: feature extraction and matching. The feature extraction stage
uses linear filter to enhance the images and knowledge based method to segment the dental work and
store the features in the database for identification. The matching stage has three sequential steps:
tooth-level matching, computation of image distances, and subject identification.

Figure 7: Overall flow chart of proposed ATM Banking System.

The picture scanner is placed at the bottom of the ATM man foot holder. The moment man is
on, scan will be performed and image will be sent for processing. Side scanners will identify the heal
size of the shoe [3]. Full shoe print recognition system based on the DCT (Discrete Cosine Transform)
components analysis in FLD (Fisher Linear Discriminant) with PCA (Principal Component Analysis)
and partial shoe print recognition using overlapping block method. The input image is divided into
several horizontal and vertical blocks, with each block sizing 8x8. So, in this case, N is typically 8 and
the DCT is applied to each row and column of the block. The result is an 8 × 8 transform coefficient
array in which the (0,0) element (top-left) is the DC (zero-frequency) component and entries with
increasing vertical and horizontal index values represent higher vertical and horizontal spatial
frequencies. With reference to [18], the DCT coefficients are reordered by the zigzag scan. This scan
method reorders all the DCT coefficients from low frequency to high frequency. For most images, it is
equivalent to sorting according to importance, since the perturbation in the low frequency components
is generally more perceivable to human eyes than high frequency components. Zigzag scanning
process is performed on DCT coefficients. After zigzag scanning, (1x64) vector is produced. This
vector contains coefficients of DCT block from low frequency to high frequency. Low-pass, Band-
pass, High pass filters are applied to this vector for constructing a feature vector about whole spectrum
range of the sub block. After this, FLD and PCA are performed on the DCT coefficients.
To identify more than one person present in Sensitive Area Monitoring at ATMs, this simulator
restricts during normal behavior only one person should be available within sensitive area. Sensitive
area picture will be scanned constantly for more than one human presence. If there is more than one
person present, message will be given to user to contact their bank. In ATM, kids tend to stand next to
their parents but still it will take their concentration away. So, we recommend during the transaction
only one person must be present to interact with the ATM machine.
DNA kind of verification is not possible for all customers and all transactions but if a customer
is doing heavy and very high value transaction like 1000 million to one of his generation as part of his
will. This transaction may be executed after the triggering person life time. That time bank will charge
more for this kind of transactions and bank need to develop this kind of system to ensure transaction is
authorized to right person.
445 Sivakumar M and Arthanariee A. M

3.1. Cardless Banking

This simulator is being carried out for the sole purpose of designing a multi-factor authentication using
static and dynamic metrics that is listed in the table. The ATM is capable of identifying the person
based on his features and there is no need to carry the ATM card. Any customer walking into the ATM
will be asked to select his branch using the map given as branch locator in the ATM terminal. The
customer needs to put his finger print initially. People may think a bank has millions of records even
identifying through finger will take long time. Since customer is already chosen his branch the search
is going to happen within number of records in that branch. So response will be quick. There is various
security checks performed when the user is present in front of ATM machines, such as sex, weight,
boot size, heals size, boot & height measurement will be calculated. Customer mobile network check
also not required interacting with customer but that will give assessment of user authorized physical
locality. These are sample check for verifying physical characteristics at next level to ensure mental
evaluations. Here there are two major stuffs like personal related questions and during last transactions
related questions. It will ensure that the person who is interacting is authorized. This architecture is
given high level of importance to logging because lot of cross check logic is executed through this
data. Like response time for every interactive question is logged and compared with previous
iterations.

3.2. Rhythm of Typing

Password authentication can be conveniently enhanced through keystroke pattern monitoring. The
method using MK-Means clustering provides an extra-level of security that makes password
authentication stronger. The main benefit of this approach is limiting the effects of password sharing
and password stealing by including additional variables into the authentication equation. Our
experimental results show that this sort of biometric measure effectively identifies legitimate users and
impostors, and the prototype can be fine-tuned to regulate the level of accuracy required for gaining
access to the system. Figure below gives sample password typed by different individual. Even if the
same person is unable to replicate his typing style, we observe in the millimeter scale but the rhythm is
same for multiple times also.

Figure 8: Rhythm of typing known word differ person to person

Person A

Person A

Person B Person C
Person D

Person A
Person A

3.3. Type of Transcation Takes Security Weitage

If a transaction is made for utility payment or regular registered payment by customer who makes
every month, the security check priority will be less but during the registration payment range is
collected. Electricity and telephone bill payments are very rarely paid by the hacker as they will use
your credentials to the place where they can utilize your fund in anonymously. So, simple transactions
Enhanced Banking Framework for Improved Transaction Security 446

or safe transactions like paying school fee, utility bills are given lower verifications because it is easy
to back track.

3.4. Access System Transformation over Decade

Today a man can walk into the ATM machine with woman account holder details and her card to
perform transactions successfully. This simulator will check the person’s sex based on image
characteristics. If there is mismatch, transaction will be denied and log files database will be update
with the wrong person picture. Below are the gradual growths of security system over decade,
a. Username + Password = Access Grant
b. Username/usercard + Password + static security = Access Grant
c. Username + Password + static security + dynamic secure = Access Grant
d. User + Static materials + password = Grant access
e. User + Dynamic security tests = Transaction based access

Figure 9: Over all static & dynamic layer security for banking Process

Security check is not done at a stage; this system is a continual security system, which always
monitors the person through complete process. Default layer is always active, collects data without any
input from user and the moment interaction is started with the machine. Static layers are more focused
on during logon time to ensure authentication but dynamic layer is always very dynamic and utility
logic is used based on value of transaction

3.5. Secure Emotion Picture

Before your current transaction is completed, you will be asked to pose for a picture. You can show
any kind of emotion in your face, for example, closing your left eye, closing your right eye, raising
both eye brows, putting your tongue out, yawning This picture also will be taken as key for next logon.
During next logon time ATM or online system may prompt for your secure emotion picture to match
with your previous emotion for enabling your authentication. This is also taken as one of parameter in
the security layer.

4. Discussion on the Security Evaluation from the Varied user Levels

Evaluating this system, most participants could conveniently operate the security check points. When
they find tough, such as unable to clear the checkpoints, they go back to previous step to clear the
security check point. That means they do not have to come without doing a transaction on ATM, the
system will ask for further security checkpoint for authorizing the identity of customer and decide
which requires completion of the transaction. Besides, the security checkpoint for each authorization of
447 Sivakumar M and Arthanariee A. M

the transaction failure sends notification to the customer through a mobile phone call or message alerts,
email alerts, and postal mail alerts on the level and value of transaction attempted. Participants found
this back-track system function and the indication of total number of security check with current
system step useful. Compared to high net-worth customer groups, the customers transacting lower
values feel bit hard for evaluation on Security check points. These groups are illiterate or semi-illiterate
people. Moderate value customers are more satisfied on level of security and they found tough on
clearing checkpoints on new operation practices. However, most participants can operate the new
framework much better than the tested existing system. The higher value rated customer groups have a
high level of effectiveness, efficiency, and satisfaction, because most of them are literate and often use
the ATM and Internet banking system.

Figure 10: Transaction Value (Vs) Security Level

This study was tested in a laboratory environment because security of the banking system,
participants. In addition, a previous comparison between laboratory and field testing reported similar
trends between the two environments. Testing in the laboratory environment is also more convenient
for participants without having to worry about time limitation. The results were used to develop the
new framework, and were obtained as follows:
1) Participants: A total of 120 participants were divided into three groups based upon their rated
value on bank account and assets. The participants can be also categorized by age in the
following ranges: 16 – 25, 26 – 35, 35-55, and >55 years old, respectively.
2) Questionnaire: HCI principles were used to guide the questionnaire design. A total of 30
questions were created. The first part focused on the user’s background, including gender, age
range, and occupation, whilst the second part enquired about aspects of the user’s satisfaction
with the ATM and Internet banking system framework design.
3) Procedure: Each participant randomly chose one of the seven security Check points and then
performed the task on the simulator. If they could not finish the check on the first time, they
must continuously perform it until the check is completed. Finally, the participant completes
the questionnaire.

5. Exprements and Results

The key concept in our authentication model is to define the creditability of the banking business to
wider security check and value customer directly proportional to transaction value. However, it also
brings one of the challenging issues: how to reduce the potential increase of risks? The distributed
attributes of internet makes it hard to identify a potential client's identify and creditability. Therefore,
ATM and internet banking encounter client's creditability risks, which mean that a client will not fulfill
a contract with the bank and results in customer's loss. In order to prevent the loss, internet banking
should require all online clients fill out or update detailed application forms with dynamic Security
Enhanced Banking Framework for Improved Transaction Security 448

questioner recorded for future security checkpoint on ATM also with its authorized online services.
Now a potential client, who we can build new banking management systems controlling the transaction
based on security check points and value of transactions.

Figure 11: Customer net-worth Value (vs) Satisfaction level

Figure 12: Feature Comparison of existing and Proposed Banking systems.

S.No Existing Banking system Proposed Banking System

1 Required ATM card to access ATM machine No ATM card is required
2 Single layer security system Multi-layer security system for ATM
3 Not Applicable Security level depends on transaction amount
4 Not Applicable Mobile Network usage for location identity
5 Not Applicable IP address verification for boundary verification
6 Not Applicable Dynamic security verification for transactions
7 Not Applicable Recognizing user by his/her physical attributes
8 Not Applicable User authentication by his memory
9 Not Applicable Authorization by behavioral pattern

The table shows simple feature comparison with existing and proposed banking system based
on transaction based high level of security feature. It gives confidence to the user in this complex day
to day growing technological growth environment. Novel part is ATM card will become optional over
period.

Figure 13: Success and Failure rate with correspondence to customer age

100%

80%

60%

Failure rate
Success rate
40%

20%

0%
<25 <35 <45 <50 <60 >60

Age of the person

449 Sivakumar M and Arthanariee A. M
Figure 14: Success and Failure rate with correspondence to customer age

Customer Age Success rate Failure rate

<25 98% 2%
<35 95% 5%
<45 90% 10%
<50 85% 15%
<60 75% 25%
>60 65% 35%

Figure 15: Customer execution time and story point values

35

30

25

20

15

customer Execution Time mins

10 Story point

Figure 16: Customer execution time and story point values

customer Applicable for

Need
Authentication method Story point Execution Time Online, ATM,
interaction?
minutes Mobile
Person Height 3 2 N A
Person Weight 3 2 N A
Eye retina 8 15 Y A
Iris 9 15 Y A
Boot Size/Boot Texture 5 5 N A
Boot Heal height 6 12 N A
Foot bottom scan 5 5 N A
FaceThermogram 4 10 N A
Sex - M/F - Body texture 5 10 N A
Ear 9 15 Y A
Odor - Electronic nose 7 25 N A
Face Recognition Image Processing 5 20 N O,A,M
Check Mobile phone network Coverage Area 3 15 N O,A,M
Check Locality of ATM 2 2 N A
OTP for high level of transactions 6 5 Y O,A,M
Voice Recognize 2 20 Y O,A,M
Enhanced Banking Framework for Improved Transaction Security 450
Figure 16: Customer execution time and story point values - continued

Finger Print 3 5 Y O,A

Palm print 5 15 Y A
Signature 5 10 Y O,A,M
Punch bag to measure power 9 20 Y A
Rhythm of typing 10 20 Y O,A,M
DNA 8 25 Y A
Hand Vein scan 8 20 Y A
Teeth Texture verification 7 15 Y O,A,M
Check IP address 3 5 N O
Check anonymous proxy 3 5 N O

6. Conclusions
Existent security internals used for authentication and authorization is not comprehensive
countermeasures for current technological advancements. So, a secure and safe online financial
transaction service is a necessity and a multi factor authentication is required to use competitive
advantage.
We proposed a new framework for ATM Banking System, based upon the multi security layer
check models for ATM machines and additional check on internet banking transactions. The new
system improves the effectiveness, efficiency and satisfaction of usability. Overall, no preference for
the existing interface over the new one was made. This research can be useful for designers of ATM
banking system and improve exiting internet banking transactions. Static parameters check the identity
of individual and dynamic/interactive parameters controls the transactions. Based on simulator ATM
designer can design ATM without ATM card. Security level increase with respect to transaction value.
Multilayer security methods are well received by high net-worth individual and literate mass. Security
eye is always open not just logon time using this features.
Utility Logic is playing very crucial role in selecting transaction authentication utility out of
available methods. It is based on success rate on non-interactive methods. If most of default
assessments give positive response then simple method will be selected for authentication and response
time is comparatively more than other methods are taken into consideration. It is helping banks to take
full responsibility to ensure right person is doing the transactions. A male cannot use a female owner’s
bank account to transact money. Along with physical verification mental verification like response
time is considered as major part in this proposed conceptual architecture. Some of most important
advantages to using of proposed security solution for banks are as following without ATM card, Teeth
texture, IP check, anonymous proxy check, rhythm of typing, response method, time everything getting
stored in transactions, declined transaction performer details like picture is stored for easy tracking
purpose. It will increase resource side to have additional hardware and process to manage but it will
enable to track behaviors of consumers using data warehouse and data mining. This analysis will give
guidelines to take decisions for future need of security.
The security features were enhanced largely for the stability and reliability of owner
recognition. The whole system was built on module based embedded system which makes the system
more safe, reliable, replace and easy to use.

References
[1] http://www.corpit.ru/mjt/proxycheck.html
[2] http://www.kolbitsch.org/research/technical/Introduction_to_ATM_Security.pdf
451 Sivakumar M and Arthanariee A. M

[3] S Rathinavel and S.Arumugam. Article: Full Shoe Print Recognition based on Pass Band DCT
and Partial Shoe Print Identification using Overlapped Block Method for Degraded Images.
International Journal of Computer Applications 26(8):16-21, July 2011. Published by
Foundation of Computer Science, New York, USA
[4] M.Moorthi, Dr. M.Arthanari, M.Sivakumar, The Extraction of the Tooth contour for Biometric
Identification Device, Global Journal of Computer Science and Technology, GJCST, USA,
Volume 10 Issue 5, pp. 59-62 July 2010.
[5] M.Moorthi, Dr. M.Arthanari, M.Sivakumar, Eye Detection in video images with unconstrained
background for drowsy driver detection using Histogram equalization technique, International
J. of Math. Sci. & Engg. Appls. (IJMSEA) ISSN 0973-9424, Vol. 4 No. III (August, 2010), pp.
13-19
[6] Art Conklin1, Glenn Dietrich2, Diane Walz, Password-Based Authentication: A System
Perspective Proceedings of the 37th Hawaii International Conference on System Sciences –
2004
[7] Yun Yang, JiaMi ATM terminal design is based on fingerprint recognition, 2010 2nd
International Conference on Computer Engineering and Technology Vl-95
[8] Xiao-Yuan Jing and David Zhang , ―A Face and Palmprint Recognition Approach Based on
Discriminant DCT Feature Extraction,‖ 2004, IEEE Transactions on Systems, Man, and
Cybernetics—Part B: Cybernetics, vol. 34, no. 6,December 2004
[9] Ning Ding, Yongquan Chen, Zhi Zhong and Yangsheng Xu, Energy-Based Surveillance
Systems for ATM Machines,Proceedings of the 8th World Congress on Intelligent Control and
Automation July 6-9 2010, Jinan, China
[10] BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS; www.easysol.net;
Bogotá, Colombia.
[11] AhnLab, Inc.; Online Banking: Threats and Countermeasures; Seoul, Korea, www.ahnlab.com;
June, 2010.
[12] Ibidapo, O. Akinyemi, Zaccheous O. Omogbadegun, and Olufemi M. Oyelami Towards
Designing a Biometric Measure for Enhancing ATM Security in Nigeria EBanking System
International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 10 No: 06
[13] Nagul Cooharojananone, Kamonwan Taohai, and Suphakant Phimoltares, A New Design of
ATM Interface for Banking Services in Thailand 2010 10th Annual International Symposium
on Applications and the Internet