Two Factor Authentication and transaction validation using a mobile phone
Abstract
Online Banking provides speed, flexibility, and efficiency, the Internet has become the means for conducting
growing numbers of transactions between suppliers and large international corporations. In this way, the Internet has
opened new markets to the world and has accelerated the diffusion of knowledge. Internet markets or online
business are widely used in these days (Hamdan et al., 2010).
Currently there are there are 43 licensed commercial banks and 1 mortgage finance company in Kenya. A number of
banks offer internet banking. In the same breadth there are companies that have e- commerce sites in Kenya selling
goods and services (Kenya Bankers Association (KBA), 2011).
In a study carried out by Phone Factor, they found out that real-time attacks from online banking Trojans (ZeuS,
Clampi, etc.), also referred to as Man-In-The-Middle attacks, are seen as the greatest threat to online banking today
for more than half (51%) of survey respondents.
Insecurity is also in the case of the personal data that may be stolen and also man in the middle attacks. Some of the
attacks happen at the time of logging into the website or in the process of doing the transactions. This is usually
done during authentication of the user of the website. (P.T.Joseph, 2005) identifies the risks as Data Protection, Data
reliability and Taxation.
A Prototype application was designed that used a mobile phone to provide second factor authentication. To do a
transaction a user entered their name and password into the website, once the details were authenticated they got
a code on their phone that they used to do transaction. Once the transaction is complete a second code was sent
to the mobile phone of the registered user or second account holder to log into the system and validate a
transaction that has been done. The significance of the study will be to help institutions of different sizes to be able
to secure their clients data as well as reduce the impact of Man in the middle attacks. The study Was able to
demonstrate that a solution can easily be obtained at a cost that is not prohibitive without the reduction in service.
Citation
Master of Science Information SystemsPublisher
University of Nairobi School of Computing and Informatics