The application of multi-server authentication scheme in internet banking transaction environments

Abstract

Information and communication technology has altered businesses’ operations, with a host of established and new banks launching online banking products and services. Banks encourage their customers to use online banking facilities because these facilities reduce transaction costs, improve customer retention, increase the customer share of wallet, and enhance customer services. Many customers also prefer Internet banking channels because of their convenience and the freedom they offer. Although Internet banking offers substantial benefits and opportunities, it does involve security risks associated with sensitive transactions and accessing critical information over public networks. To secure Internet banking activities and maintain the trust and confidence of customers, numerous banks have adopted technical countermeasures, such as two-factor or multi-factor authentication, to prevent cyberattacks, online fraud, and unauthorized access to bank accounts. However, the use of two-factor authentication is inadequate for protecting customers’ accounts against takeover by cyber criminals. Multi-factor authentication services along with related security techniques lead to two considerable barriers: (1) the high cost of deployment and maintenance and (2) the complex integration between authentication processes and online banking systems. This paper presents an alternative model for the authentication of online banking customers and transactions through use of a hash-based multi-server authentication scheme in conjunction with a smart card. The proposed system provides strong security features and low maintenance costs for financial institutions’ Internet banking platforms. The proposed mechanism can be associated with a customized interface and thus easily integrated into existing banking systems for use in Internet banking applications.