BIOMETRIC AUTHENTICATION OF AN AUTOMATIC TELLER MACHINE USING FINGERPRINT AND PASSWORD

4,000

CHAPTER ONE

INTRODUCTION

         1.1  Background to the Study

In the olden days, financial institution in Nigeria did almost all their transactions manually, to allow customers perform their financial transactions and other banking processes. The customers have to form a queue which ends up consuming a lot of consumer’s time and is not always efficient. In view of this and the fast wind of  IT sweeping through Nigeria, had lead the bank to the utilization of an electronic device known as Automatic Teller Machine (ATM) for performing transaction without the physical presence of a bank delegate. Automated teller machine is a mechanical device that has its roots embedded in the accounts and records of a banking institution. It is a machine that allows the bank customers to carry out banking transactions like deposits, transfers, balance enquiries, mini statement, withdrawal and fast cash e.t.c. The ATM has gained wide utilization due to the 24 hours service it provides to customers. Khatmode R. K. et al,(2014).

            Nearly 10 years since its introduction in Nigeria, the ATM has become the favored channel of financial transaction by most Nigerians. However, the expanding and wide acceptance of the ATM by the member of the public has led to a need to further build and enhance the security and integrity of the system. Utilization of ATM (Automatic Teller Machine) is helpful for monetary transaction. ATM transaction is initiated by inserting the ATM card and typing the PIN (Personal Identification Number) of that specific card. Despite the fact that bank allows their customers to choose their PIN, this system is not safe to use because anybody can access the system if they have the card and PIN number. The system looks at the code against a stored list of approved authorized passwords and users. PIN typically in a form of four digit combination of numbers that is entered via the ATM panel. If the code is genuine, the system permits access at the security level approved for the owner of the account. The strength of PIN as a security system is weakened and the likelihood of the code leaking to other people is high. In recent time, due to fraudsters advancements and technological improvement it is now possible to fix ATM Card scanners in ATM Machine to acquire encoded information from ATM Card, which is again used to create a copy of the ATM card and to make fraudulent transactions. This is the primary impediment of the current system. Conventional ATM systems authentication method has some limitations. Using ATM card and password cannot;

Verify the client's identity exactly. Protect the card user against theft. It is easy for fraudsters to get the PIN and perform fraudulent transactions. Protect customers from Vulnerabilities and the increasing wave of criminal activities occurring at Automated Teller Machines (ATMs.)

 This has called for a more secure method of authentication at the ATM terminals. Biometrics based authentication is a potential technique in increasing ATM security. Among all the biometrics, fingerprint based identification is one of the most mature and proven technique. Biometric is a Greek Words, Bio means life and metric means measuring some objects that have life. Biometric measures both physiological and behavioral characteristics. These characteristics are finger prints, Voice patterns, hand measurements, irises and others (although this project will be limited to fingerprints alone). These characteristics are used to identify an individual, they are connected to an individual and cannot be forgotten, stolen, shared or easily hacked like passwords.

            Finger Print technology is the initial biometric science that uses unique features of the fingerprint to identify or verify the identity of an individual. Finger Print technology is the most deployed technology among other biometric characteristics and it application ranges from physical access to logical access. Each and every human have unique characteristics and patterns. A Finger Print pattern or sample consists of lines and spaces and these lines are referred to as Ridges while the spaces between these ridges are called valleys. These ridges and valleys are matched for verification and authorization. These unique finger print traits are referred to as “minutiae” and comparisons are made on these traits. There has been a significant surge in the use of Biometric based user authentication system in recent years because Bio-metric authentication offers several advantages over other authentication methods. The advantages that Biometrics presents are that the information is unique for each individual and that:

It can identify the individual in spite of variations in the time. It provides strong authentication It can be easily implemented on existing system. There are very less chances of two people having same fingerprint.

Fingerprint is currently being used as variables of security during voting, operation of bank account among others. It is also used for controlling access to highly secured places like offices, equipment rooms, control centers and so on.The proposed system will be self manipulative, simple, fast and yet much more secure. It will provide a secure online transaction to protect the user against ATM Card frauds.

1.2       Statement of the Problem

         The existing system is plagued with the following problems;

Traditional authentication systems cannot discriminate between an impostor who fraudulently obtains the access privileges and the real owner.  Passwords and PINs can be illicitly acquired by direct covert observation.  Easily guessed PIN's and passwords e.g. birthday, 1234 etc. Malware can be placed at the ATM terminal by fraudsters to capture magnetic stripe data and PIN codes from the private memory space of transaction processing application installed on the ATM.

1.3      Aim and Objectives of the Study

The aim of this project is to design an ATM simulator that will combine PIN (Personal Authentication Number) verification system with finger print biometric system for more reliable authentication. The system is designed with the following objectives.

To explore the problem associated with the existing password Based system and pose the    possible solutions To develop a payment system simulator  with secure authentication using combination of biometric technology and Password (PIN) To implement the system with various customer biometric and PIN data and test its functionality and robustness.

 1.4     Significance of the Study     

In present age, security has become an essential and fundamental tool of every organization. If we talk about money it comes with great importance. In the banking system, it is also a very confidential issue. The principle motivation behind ATM machine is to safeguard cash and ensure easy and fast accessibility to cash. But as of late a few security issues have emerge concerning the ATM. The significance of this project is the huge benefit it is going to be to the bank worker, the bank management and the customer at large. For  the bank management it will reduce the huge amount of cash lost to ATM fraud every year. The time spent by bank workers to resolve cases of ATM fraud too will be reduced thus affording them time for more pressing issues. Most bank provide the single (PIN) password authentication to their customers for ATM transactions but now a days it is no longer enough to guide the data  and proof the identity of the customer. It is so easy for fraudsters to obtain the PIN and perform fraudulent operation on ATM. To guide against this type of frauds bank can utilize dual user verification system so that banking operations becomes more secure.

            Furthermore, there is a sense of mistrust with PINs and Bank customers may feel that it is unsafe because they are worried that in the event that they lose their card that someone may find it and some way or the other is able to determine their PIN and steal their money from the ATM. In other to eliminate this threat, this project will focus on a consolidated strategy i.e. costumers insert their card & PIN, if costumers insert valid PIN then access is grant to another security approved process i.e. biometric fingerprint. Utilizing legitimate PIN & biometric fingerprint costumer can perform ATM transaction process i.e. deposits, transfers, balance enquiries, mini statement, Fast cash & withdrawal etc. By using fingerprint recognition combined with the old PIN method, customers are more comfortable with the idea of saving their money with the bank because they understand that if they lose their ATM card, no one can replicate their fingerprint and take their money. In banking system Biometrics holds the guarantee of quick, easy to utilize, precise, reliable, and less expensive authentication.

1.5           Scope of the Study

The scope of this project describe the simulation of an automated teller machine with the capability of the combination of both biometric (fingerprint) and password (PIN) based authentication with a view to provide a more secure Online banking transaction on ATM: Only banking system is captured. The biometric authentication system will consists of five main components. These are: sensor, feature extractor, fingerprint/template database, and matcher and decision module.

1.6     Limitations of the Study

Benefits and Limitations are two side of one coin. Biometric ATM is useful for every aspect, but its limitations are given below:-

It depends on user acceptability. Obtaining a clean image upon which to perform matching may be difficult due to Fingerprint worn out or cut due to hard labor work or age. The requirement of biometric devices in ATM Machines will improve the cost of ATM Machine. Since the simulated system will be design using Visual Basic.Net, it won’t be able to run on any other operating system beside Microsoft window operating system. Due to the two step authentication process, the time it takes to perform a transaction will be increased. Distinctiveness.: while a biometric trait is expected to vary significantly across individuals, there may be large inter-class similarities in the feature sets used to represent these traits.

1.7    Definition Of Terms

1.     Biometric

Biometric is the science and technology of measuring and statistically analyzing biological data

2.     Simulation

Simulation is the imitation of the operation of real world process or system over time

3.     ATM

Automated Teller Machine is an electronic banking outlet which allows customers of various banking institutions complete basic transaction without the aid of a bank representative, teller or without being physically present at the bank.

4.     PIN

Personal Identification Number(PIN)   a secret numeric password shared between a user and the system, that can authenticate the user to the system.

5.     Authentication

This is the process of identifying an individual usually based on a username and password with the aim of granting access to a system

6.     Verification

Verification is the process of determining whether an individual is who he/she claims to be

7.     Debit

This refers to the money paid out of a customer’s bank account. It is an entry recorded on the left side of a ledger.     

9.     Credit

This refers to the money paid into a customers bank account, it is an entry recorded on the right side of a ledger.

10.  ATM Card

ATM card is a small plastic card design with a magnetic strip or chip base, which can be assign by banks to their customer to provide an authorize access to his/her account using an electronic card payment system (i..e ATM, POS etc). Each card contains some features like a card number which contain the bank code, the customer name and the expiry date. It contains some security features which normally inculcated in the chip base or magnetic strip portion.  The bank code uniquely identifies the bank within the consortium. The card number determines the account that the card can access as the card is being linked to the customer’s account.

11.  Interface

This is a point where two system or subjects  meet and interact or communicate it can either be a GUI (Graphical User Interface) or a CLI (Command Line Interface).

12.  Client

Client is any device or process that request for service from a server.

13.  Server

Server is any device or process that responds to request from a client