Using Keystroke Dynamics and Location Verification Method for Mobile Banking Authentication.

With the rise of security attacks on mobile phones, traditional methods to authentication such as Personal Identification Numbers (PIN) and Passwords are becoming ineffective due to their limitations such as being easily forgettable, discloser, lost or stolen. Keystroke dynamics is a form of behavioral biometric based authentication where an analysis of how users type is monitored and used in authenticating users into a system. The use of location data provides a verification mechanism based on user’s location which can be obtained via their phones Global Positioning System (GPS) facility. This study evaluated existing authentication methods and their performance summarized. To address the limitations of traditional authentication methods this paper proposed an alternative authentication method that uses Keystroke dynamics and location data. To evaluate the proposed authentication method experiments were done through use of a prototype android mobile banking application that captured the typing behavior while logging in and location data from 60 users. The experiment results were lower compared to the previous studies provided in this paper with a False Rejection Rate (FRR) of 5.33% which is the percentage of access attempts by legitimate users that have been rejected by the system and a False Acceptance Rate (FAR) of 3.33% which is the percentage of access attempts by imposters that have been accepted by the system incorrectly, giving an Equal Error Rate (EER) of 4.3%.The outcome of this study demonstrated keystroke dynamics and location verification on PINs as an alternative authentication of mobile banking transactions building on current smartphones features with less implementation costs with no additional hardware compared to other biometric methods. Keywords: smartphones, biometric, mobile banking, keystroke dynamics, location verification, securit

Investigating the possibility to use differentiated authentication based on risk profiling to secure online banking

Purpose – The purpose of this paper was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk profile. Online security remains a challenge to ensure safe transacting on the Internet. User authentication, a human-centric process, is regarded as the basis of computer security and hence secure access to online banking services. The increased use of technology to enforce additional actions has the ability to improve the quality of authentication and hence online security, but often at the expense of usability. The objective of this study was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk profile. Design/methodology/approach – A web-based survey was designed to determine online consumers’ competence resecure online behaviour, and this was used to quantify the online behaviour as more or less secure. The browsers used by consumers as well as their demographical data were correlated with the security profile of respondents to test for any significant variance in practice that could inform differentiated authentication. Findings – A statistical difference between behaviours based on some of the dependant variables was evident from the analysis. Based on the results, a case could be made to have different authentication methods for online banking customers based on both their browser selected (before individual identification) as well as demographical data (after identification) to ensure a safer online environment. Originality/value – The research can be used by the financial services sector to improve online security, where required, without necessarily reducing usability for more “security inclined” customer

Predictive Modelling of Retail Banking Transactions for Credit Scoring, Cross-Selling and Payment Pattern Discovery

Evaluating transactional payment behaviour offers a competitive advantage in the modern payment ecosystem, not only for confirming the presence of good credit applicants or unlocking the cross-selling potential between the respective product and service portfolios of financial institutions, but also to rule out bad credit applicants precisely in transactional payments streams. In a diagnostic test for analysing the payment behaviour, I have used a hybrid approach comprising a combination of supervised and unsupervised learning algorithms to discover behavioural patterns. Supervised learning algorithms can compute a range of credit scores and cross-sell candidates, although the applied methods only discover limited behavioural patterns across the payment streams. Moreover, the performance of the applied supervised learning algorithms varies across the different data models and their optimisation is inversely related to the pre-processed dataset. Subsequently, the research experiments conducted suggest that the Two-Class Decision Forest is an effective algorithm to determine both the cross-sell candidates and creditworthiness of their customers. In addition, a deep-learning model using neural network has been considered with a meaningful interpretation of future payment behaviour through categorised payment transactions, in particular by providing additional deep insights through graph-based visualisations. However, the research shows that unsupervised learning algorithms play a central role in evaluating the transactional payment behaviour of customers to discover associations using market basket analysis based on previous payment transactions, finding the frequent transactions categories, and developing interesting rules when each transaction category is performed on the same payment stream. Current research also reveals that the transactional payment behaviour analysis is multifaceted in the financial industry for assessing the diagnostic ability of promotion candidates and classifying bad credit applicants from among the entire customer base. The developed predictive models can also be commonly used to estimate the credit risk of any credit applicant based on his/her transactional payment behaviour profile, combined with deep insights from the categorised payment transactions analysis. The research study provides a full review of the performance characteristic results from different developed data models. Thus, the demonstrated data science approach is a possible proof of how machine learning models can be turned into cost-sensitive data models

Secure privacy-preserving computing applications on cloud using homomorphic cryptography

The advancement of cloud computing technologies has provided users and business organisations with various cloud-based options to store and access information externally, across multiple platforms and geographic locations. The cloud also has the ability to deliver scalable and high-performance computing services on demand and in a cost-effective manner while helping users to avoid the trouble of maintaining large data centres and complex computing facilities. The economies of scale increase revenue for cloud providers and lower costs for cloud users. The resulting on-demand model of computing allows providers to achieve better resource utilization through statistical multiplexing, and enables users to avoid the costs of resource over-provisioning through dynamic scaling. However, there are major security and privacy concerns when data is stored in external cloud storage systems. For example, when personal information is stored in unencrypted formats on the cloud, service providers can learn many details about the users such as their preferences, past behaviours and biometric identities. The widely distributed nature of cloud architectures means that server farms can be located in many countries or geographic locations that might be under different laws and regulations regarding user privacy. Furthermore, cloud service providers may encrypt data in-transit, but not while user data is stored on their servers, causing the reluctance of many business organisations to outsource the storage of their sensitive and valuable data, which can be major targets for attacks coming from both outside attackers and insiders. Therefore, encrypting the data when it is stored on the cloud is an important task to guarantee the confidentiality and privacy of users data. However, traditional cryptographic techniques make it difficult for processing tasks such as searching, updating or checking the integrity of encrypted data without asking clients to download and decrypt large amounts of data from the cloud. To realise the full potential of cloud computing, better cryptographic schemes are required. They should enable the cloud to perform various computing operations on encrypted data and return encrypted results to customers. Another desirable feature is how a cryptographic scheme can allow different parties to combine their encrypted data and perform some computing tasks on the cloud without compromising the confidentiality and privacy of the data of each party. Recently, homomorphic cryptography has increasingly been the focus of researchers because this technology has a great potential to provide the desirable features described above. Homomorphic encryption can be implemented either as a symmetric or a public-private asymmetric key paradigm. This technique allows many types of computing operations to be performed on ciphertext and output encrypted results which, when decrypted, are found to be identical to the results of the same operations performed on plaintext data. With a homomorphic cryptosystem, many computational circuits can now be homomorphically evaluated, producing programs that might be run on encryptions of their inputs to produce an encryption of their output. Since the inputs of such programs are encrypted, a computation task can be performed on an untrusted cloud without revealing any inputs and internal states. In this thesis, we focus the design and implementation of various application models of homomorphic cryptography so that the cloud can be used more effective and securely to store and process sensitive customer data. Our research works throughout many chapters of this thesis also provide valuable information regarding the security of homomorphic cryptography in many use case scenarios. We illustrate how homomorphic cryptography can be applied effectively with all of its flexibility, power and usefulness in many applications ranging from smart grid, e-commerce to secret sharing. In this thesis, we also propose approaches to enhance the efficiency and effectiveness of homomorphic cryptography, so that these cryptographic schemes can be applied not only in current cloud-based application, but also in larger, more mission-critical applications in the future

An Investigation into the Critical Success Factors for E-Banking Frauds Prevention in Nigeria

E-Banking frauds is an issue experienced globally and continues to prove costly to both banks and customers. Frauds in e-banking services occur due to various compromises in security, ranging from weak authentication systems to insufficient internal controls. Although some security frameworks to address this issue of fraud have been proposed, the problem of e-banking fraud remains due to the inability of these framework to deal with organisational issues. With limited research in this area, the study sets out to identify the organisational Critical Success Factors (CSF) for E-Banking Frauds Prevention in Nigeria by applying CSF theory. A framework is proposed to help improve security from an organisational perspective. The study adopted a mixture of philosophical paradigms which led to the triangulation of research methods; Literature Review, Survey and Case Studies. The Literature Review involved the synthesis of existing literature and identified potential CSF for frauds prevention in e-banking. A total of 28 factors were identified and a conceptual framework was proposed. A 5-point Likert scale survey questionnaire was sent to retail bank staff in Nigeria to rate the criticality of the factors. A total of 110 useable responses were received at a response rate of 23.9%. Similar interrelated factors were grouped using a Principal Component Analysis. Finally, case studies with 4 banks in Nigeria were carried out to deepen our understanding. The study identified a total of 10 CSF which spanned across strategic, operational and technological factor categories. These included ‘Management Commitment’, ‘Engagement of Subject Matter Experts’ and ‘Multi-Layer Authentication’ amongst others. In addition, new CSF such as ‘Risk-Based Transactional Controls’, ‘People Awareness & Training’ and ‘Bank Agility via Data Driven Decision Making’ were identified. Finally, these CSF were grouped into an e-banking frauds prevention framework. This study is a pioneer study that extends theory to propose a CSF-based frauds prevention framework for banks in Nigeria