Designing E-Banking Cardless Transaction Services Framework for Banking Sectors in Ethiopia

E-banking cardless technologies, enable to withdraw cash from ATM without virtual or any physical card. It increases enhanced utilization of ATM banking services and improve flexibility of services to customers. The purpose of this research was to develop cardless e-banking services. The study used design Science research methodology. The study uses requirement elicitation method to identify and analyze existing system challenges then to design E-banking cardless transaction services framework. Based on the proposed framework, the software was developed that allows customer to withdraw cash from ATM machine using their mobile phone. Based on the study result, card expiration, captured, dispute and forgotten were the main challenges to the exiting ATM based banking services. All of the respondents were used Mobile and ATM services. Domain experts were evaluated both the framework and the prototype, acceptable result was found from the evaluation. The integration of ATM and Mobile banking services and the ECTS framework development can enhance utilization of E-banking services

Security Analysis of Mobile Payments: Direct Carrier Billing

Payments are a compensation for a product or a service received. The funds are transferred from one party (consumer) to another (merchant). Mobile payments are a particular form of electronic payment where a mobile device serves as the key instrument to initiate, authorize or complete a payment. The payment methods have been continuously changing to adjust to cashless trends. Seeking to reach a larger number of customers has promoted the development of different solutions to provide means of payment. With an increasing number of mobile subscribers, mobile solutions such as carrier billing, SMS-based payments, and mobile wallets are gaining importance, permeating different markets, such as public transportation, digital content, advertisements and charity. This thesis investigates and analyses mobile payment solutions. The main purpose is, primarily, to identify and describe the security protocols that occur during the payment transaction. Subsequently, to distinguish the mechanisms utilised to identify and authenticate consumers and the mechanisms providing integrity to the payment data. Additionally, to recognize the possible security threats overlooked during the design and deployment of payment solutions. The analysis and tests carried out showed opportunity areas for the service providers to improve the security level of their services. We found vulnerabilities that jeopardise the integrity and authenticity of transactions from the merchant and consumer sides. The major vulnerabilities found lead to conclude that despite the development of protocols and technologies to strengthen security, an appropriate analysis is required to design and develop secure solutions. Neglecting security requirements in exchange for simplicity could come at a high price for the parties involved in mobile payments, specially, in direct carrier billing

Cooperating broadcast and cellular conditional access system for digital television

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.The lack of interoperability between Pay‐TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay‐TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay‐TV systems. This paper presents a novel end‐to‐end system architecture for Pay‐TV systems cooperating mobile and broadcasting technologies. It provides a cost‐effective, scalable, dynamic and secure access control mechanism supporting converged services and new business opportunities in Pay‐TV systems. It enhances interactivity, security and potentially reduces customer attrition and operational cost. In this platform, service providers can effectively interact with their customers, personalise their services and adopt appropriate security measures. It breaks up the rigid relationship between a viewer and set‐top box as imposed by traditional conditional access systems, thus, a viewer can fully enjoy his entitlements via an arbitrary set‐top box. Having thoroughly considered state‐of‐the‐art technologies currently being used across the world, the thesis highlights novel use cases and presents the full design and implementation aspects of the system. The design section is enriched by providing possible security structures supported thereby. A business collaboration structure is proposed, followed by a reference model for implementing the system. Finally, the security architectures are analysed to propose the best architecture on the basis of security, complexity and set‐top box production cost criteria

An improved port knocking authentication framework for mobile cloud computing

The latest developments in mobile cloud computing (MCC) have changed user's priorities for computing. However, the change towards MCC brings new challenges to cloud service providers and administrators. Authentication is one among the challenges categorized in the classification of security issues for MCC. Port knocking authentication method eliminates user's collaboration during the authentication process. Thus, such technique has the potential to be applied on the MCC environment which can ensure reliable communication. However, current port knocking authentication techniques lack of addressing the issue of knock-sequence length. It is challenging to deploy appropriate length sequence for port knocking authentication for the reason that shorter length knock sequence degrades security, whereas, deploying longer length sequence involves performance issues in terms of time and buffer management. This paper proposes a dynamic length port knocking authentication framework which addresses the issue of security degradation and optimizes performance in terms of time up and buffer managment. We employ MikroTik RouterOS for the evaluation of the proposed technique. Analysis of the results shows that dynamic length port knocking authentication technique improves performance in terms of time up to 23% and buffer management up to 28% by reducing the imposed load. Furthermore, by deploying dynamic length (DL) and pool of length (PoL), the proposed method reveals high security, which decreases the probability of hacking knock-sequence near to zero for a number of parallel authentication requests. Hence, dynamic length port knocking authentication technique provides an optimal solution for reliable communication in MCC

GOPE: A MVC driven mobile framework using HTML5 for pervasive device container

Mobile devices such as smart phones and tablets have become part of our life these days. Well designed mobile applications for business specific mobile commerce are still very lacking. GOPE is designed to allow group-buy consumers to access to an online group-buy commerce portal with ease, efficiency and flexible functional needs. The GOPE mobile application offers few key features: location selecting option, deals viewing and selecting option, deals sharing, mobile log in, payment on-the -move, and user account management. The proposed mobile framework is designed using Model-View-Controller (MVC) design pattern with ‘hoke’ to enrich the group buy flexible functional requirements. The GOPE MVC ‘hoke’ technique has successfully fulfill the objective of the project. The GOPE prototype has been tested with a select group of testers and it has demonstrated to have achieved goals of the project

An investigation into the usability and acceptability of multi-channel authentication to online banking users in Oman

Authentication mechanisms provide the cornerstone for security for many distributed systems, especially for increasingly popular online applications. For decades, widely used, traditional authentication methods included passwords and PINs that are now inadequate to protect online users and organizations from ever more sophisticated attacks. This study proposes an improvement to traditional authentication mechanisms. The solution introduced here includes a one-time-password (OTP) and incorporates the concept of multiple levels and multiple channels – features that are much more successful than traditional authentication mechanisms in protecting users' online accounts from being compromised. This research study reviews and evaluates current authentication classes and mechanisms and proposes an authentication mechanism that uses a variety of techniques, including multiple channels, to resist attacks more effectively than most commonly used mechanisms. Three aspects of the mechanism were evaluated: 1. The security of multi-channel authentication (MCA) was evaluated in theoretical terms, using a widely accepted methodology. 2. The usability was evaluated by carrying out a user study. 3. Finally, the acceptability thereof was evaluated by asking the participants in study (2) specific questions which aligned with the technology acceptance model (TAM). The study’s analysis of the data, gathered from online questionnaires and application log tables, showed that most participants found the MCA mechanism superior to other available authentication mechanisms and clearly supported the proposed MCA mechanism and the benefits that it provides. The research presents guidelines on how to implement the proposed mechanism, provides a detailed analysis of its effectiveness in protecting users' online accounts against specific, commonly deployed attacks, and reports on its usability and acceptability. It represents a significant step forward in the evolution of authentication mechanisms meeting the security needs of online users while maintaining usability

Leveraging Cellular Infrastructure to Improve Fraud Prevention

Abstract—The relationship between physical security and crit-ical infrastructure has traditionally been unidirectional- the former being necessary to sustain the latter. However, certain pieces of critical infrastructure hold the potential to significantly improve the security of individuals and their most sensitive information. In this paper, we develop a pair of mechanisms for cellular networks and mobile devices that augment the physical security of their users ’ financial credentials. In particular, we create FrauVent, a multi-modal protocol that provides users with information related to a pending questionable transaction (e.g., transaction value, location, vendor) in a way that improves the available context for approving or rejecting such exchanges. Through protocol design, formal verification and implementation of an application for the Android platform, we develop a robust tool to help reduce the costs of fraud without requiring financial institutions to significantly change their extensively deployed end systems (i.e., card readers). More critically, we provide a general framework that allows cellular infrastructure to actively improve the physical security of sensitive information

Mobile Payments in the Netherlands: Adoption Bottlenecks and Opportunities, or… Throw Out Your Wallets

Het doel van dit onderzoek is het analyseren van de marktgrootte van mobiel betalen en de bijbehorende omzetbasis, alsmede de invoering van knelpunten, om inzicht te verkrijgen in de introductie en ontwikkeling van mobiele bankservices in Nederland. Het onderzoek beschrijft verscheidene aspecten van mobiel betalen/mobiel bankieren in Nederland. Onderwerpen als implementatie, wetgeving, geschatte businesscase, aanbevolen businessmodel, ontwikkelingsscenario’s, een SWOT - analyse van technische oplossingen, organisatorische knelpunten, een analyse van de redenen van succes en falen en openstaande problemen en uitdagingen komen aan de orde. Het voornaamste doel van het onderzoek is het trachten te beantwoorden van de vraag of er een markt voor mobiel betalen is in Nederland en een analyse geven van waarom mobiele bankservices niet succesvol zijn geweest in Nederland. Bovendien dient gemeld te worden dat de focus van dit verslag lag op microbetalingen, waar over het algemeen betalingen tot €10 onder verstaan worden.The purpose of this research report is to analyse the mobile payment market size and its revenue basis, as well as adoption bottlenecks, in view of establishing the adoption and deployment of mobile banking services in The Netherlands. The research report describes various aspects with regard to mobile payments/mobile banking in The Netherlands. Issues like implementation, regulatory framework, estimated business case, deployment scenario’s, recommended business model, a SWOT analysis of the technical solutions, organisational bottlenecks, an analysis of the reasons for success and failures, and open issues and challenges are addressed. The main aim is to try to answer the question whether there is a market in The Netherlands for mobile banking services, and providing an analysis of why M-banking services have not been so successful in The Netherlands. Furthermore, it needs to be mentioned that the focus of this paper was on micro-payments, which are generally considered to be payments of up to €10

Cryptography and Computer Communications Security. Extending the Human Security Perimeter through a Web of Trust

This work modifies Shamir’s algorithm by sharing a random key that is used to lock up the secret data; as against sharing the data itself. This is significant in cloud computing, especially with homomorphic encryption. Using web design, the resultant scheme practically globalises secret sharing with authentications and inherent secondary applications. The work aims at improving cybersecurity via a joint exploitation of human factors and technology; a human-centred cybersecurity design as opposed to technology-centred. The completed functional scheme is tagged CDRSAS. The literature on secret sharing schemes is reviewed together with the concepts of human factors, trust, cyberspace/cryptology and an analysis on a 3-factor security assessment process. This is followed by the relevance of passwords within the context of human factors. The main research design/implementation and system performance are analysed, together with a proposal for a new antidote against 419 fraudsters. Two twin equations were invented in the investigation process; a pair each for secret sharing and a risk-centred security assessment technique. The building blocks/software used for the CDRSAS include Shamir’s algorithm, MD5, HTML5, PHP, Java, Servlets, JSP, Javascript, MySQL, JQuery, CSS, MATLAB, MS Excel, MS Visio, and Photoshop. The codes are developed in Eclipse IDE, and the Java-based system runs on Tomcat and Apache, using XAMPP Server. Its code units have passed JUnit tests. The system compares favourably with SSSS. Defeating socio-cryptanalysis in cyberspace requires strategies that are centred on human trust, trust-related human attributes, and technology. The PhD research is completed but there is scope for future work.Petroleum Technology Development Fund (PTDF), Abuja, Nigeria

Taxonomy of the Snowden Disclosures

This brief Essay offers a proposed taxonomy of the Snowden Disclosures. An informed discussion on the legality and constitutionality of the emerging cybersurveillance and mass dataveillance programs revealed by former NSA contractor Edward Snowden necessitates the furtherance of cybersurveillance aptitude. This Essay contends, therefore, that a detailed examination of the Snowden disclosures requires not just a careful inquiry into the legal and constitutional framework that guides the oversight of these programs. A close interrogation also requires a careful inquiry into the big data architecture that guides them. This inquiry includes examining the underlying theories of data science and the rationales of big data-driven policymaking that may drive the expansion of big data cybersurveillance. These technological, theoretical, and policymaking movements are occurring within what has been termed by scholars as the National Surveillance State. Better understanding the manner in which intelligence gathering may be shifting away from small data surveillance methods and toward the adoption of big data cybersurveillance methods—and assessing the efficacy of this shift—can factually ground future debates on how best to constrain comprehensive and ubiquitous surveillance technologies at the dawn of the National Surveillance State