Abstract
With the expansion of smartphone and financial technologies (FinTech), mobile money emerged to improve financial inclusion in many developing nations. The majority of the mobile money schemes used in these nations implement two-factor authentication (2FA) as the only means of verifying mobile money users. These 2FA schemes are vulnerable to numerous security attacks because they only use a personal identification number (PIN) and subscriber identity module (SIM). This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications. It uses a novel approach combining PIN, a one-time password (OTP), and a biometric fingerprint to enforce extra security during mobile money authentication. It also uses a biometric fingerprint and quick response (QR) code to confirm mobile money withdrawal. The security of the PIN and OTP is enforced by using secure hashing algorithm-256 (SHA-256), a biometric fingerprint by Fast IDentity Online (FIDO) that uses a standard public key cryptography technique (RSA), and Fernet encryption to secure a QR code and the records in the databases. The evolutionary prototyping model was adopted when developing the native mobile money application prototypes to prove that the algorithm is feasible and provides a higher degree of security. The developed applications were tested, and a detailed security analysis was conducted. The results show that the proposed algorithm is secure, efficient, and highly effective against the various threat models. It also offers secure and efficient authentication and ensures data confidentiality, integrity, non-repudiation, user anonymity, and privacy. The performance analysis indicates that it achieves better overall performance compared with the existing mobile money systems.
Highlights
The advent and expansion of financial technologies (FinTech) coupled with the availability of affordable highspeed internet and widespread usage of the latest smartphones have revolutionized the financial service industry
This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications where subscribers will be authenticated using a personal identification number (PIN), one-time password (OTP), and biometric fingerprint
We present the different ways of securing user authentication credentials such as PIN and OTP using secure hashing algorithm-256 (SHA-256), biometric fingerprint by Fast IDentity Online (FIDO) services that use the public-key cryptography technique (RSA), and a quick response (QR) code and records in the databases by Fernet encryption
Summary
The advent and expansion of FinTech coupled with the availability of affordable highspeed internet and widespread usage of the latest smartphones have revolutionized the financial service industry. This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications where subscribers will be authenticated using a PIN, OTP, and biometric fingerprint. It uses a fingerprint and QR code to confirm money withdrawal. The existing proposed algorithms, though promising, are vulnerable to several security attacks None of those studies mentioned above implemented combining PIN, OTP, and biometric fingerprint for mobile money authentication where. We propose a secure and efficient multi-factor authentication algorithm for mobile money applications where PIN, OTP, and biometric fingerprints authenticate users.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
