An Improved Security Model for Nigerian Unstructured Supplementary Services Data Mobile Banking Platform

Abstract

Unstructured Supplementary Services Data (USSD) is a menu driven, real time communication technology used for value added services. It is adopted by banks for financial transactions due to its ease of operation. However existing USSD are used by fraudster to commit identity theft through Subscriber Identification Module (SIM) swap, phone theft and kidnap, in other to access funds in the bank. One of the reasons this is made possible is because existing USSD platforms use Automated Teller Machine (ATM) Personal Identification Number (PIN) as second level authenticator and this compromises the ATM channel and violets one of the stated guidelines for USSD operation in Nigeria. More so, the PIN is entered bare on the platform and so can easily be stolen by shoulder surfing. Therefore, in this paper we developed and simulated an improved USSD security model for banking operations in Nigeria. The security of existing USSD platform was enhanced using answer to a secret question as another level of authentication. This was with the view to minimise identity theft. This secret question is registered in the bank during account opening for new customers while existing customers will have to update their details in the banks data base before registering for USSD services. This is done the same way customers verify their ATM PIN in the bank. Hence the answer is known by the customer alone. The model was implemented using php on XAMPP platform and simulated using hubtel USSD mocker. Results showed that security of the proposed system was enhanced through another level of authentication provided by the answer to the security question.