METHODTO SECURE CRITICAL TRANSCATIONS: COMBINNING THREE WAY & TWO FACTOR AUTHENTICATION
Keywords:
OnlineTransaction, Card Transaction Security, 3-Way Authentication, 2-Factor Authentication Method, Hash AlgorithmsAbstract
In the current global scenario, people have migrated from being citizens to netizens where card transactions
are most prominent at Automatic Teller Machines (ATM), Online transactions and Point of Sale(POS) terminals. Card
breaches are also increasing that leads to many billion dollars of loss by compromising the merchant’s server to get card
details including account number,Personal Identification Number (PIN) and Card Verification Value (CVV). At present, PIN
is the only factor that authenticates any transaction. Apart from that, a very few banks send One Time Password (OTP) for
ATM and online transactions which is not completely secure. Present systems do not have enough mechanisms to validate or
check who initiates the transaction. This paper proposes to introduce a system in which the user’s smart phone is used to
secure card transactions by combining 3 way authentication and 2 factor authentication. Firstly, it checks the card holder’s
biometric viz., Finger print while a transaction is initiated. Secondly, OTP is neither sent nor received but it is autogenerated in the user’s smart phone which sends a trigger to the bank server that generates the same random number. This
system proposes to use a secure OTP generator algorithm that uses combinedSecure Hash Algorithm 1(SHA1), Hash Based
Method Authentication Code (HMAC) HMAC-SHA256 and HMAC-MD5. The user enters the OTP after entering the PIN and
it gets validated that the authorized person is the one who has initiated the transaction. Thus, reasonably securing a card
transaction as it mandates the presence of the card holder for every transaction to be authenticated.
