Two Factor Authentication and transaction validation using a mobile phone
Maina, Caroline W
MetadataShow full item record
Online Banking provides speed, flexibility, and efficiency, the Internet has become the means for conducting growing numbers of transactions between suppliers and large international corporations. In this way, the Internet has opened new markets to the world and has accelerated the diffusion of knowledge. Internet markets or online business are widely used in these days (Hamdan et al., 2010). Currently there are there are 43 licensed commercial banks and 1 mortgage finance company in Kenya. A number of banks offer internet banking. In the same breadth there are companies that have e- commerce sites in Kenya selling goods and services (Kenya Bankers Association (KBA), 2011). In a study carried out by Phone Factor, they found out that real-time attacks from online banking Trojans (ZeuS, Clampi, etc.), also referred to as Man-In-The-Middle attacks, are seen as the greatest threat to online banking today for more than half (51%) of survey respondents. Insecurity is also in the case of the personal data that may be stolen and also man in the middle attacks. Some of the attacks happen at the time of logging into the website or in the process of doing the transactions. This is usually done during authentication of the user of the website. (P.T.Joseph, 2005) identifies the risks as Data Protection, Data reliability and Taxation. A Prototype application was designed that used a mobile phone to provide second factor authentication. To do a transaction a user entered their name and password into the website, once the details were authenticated they got a code on their phone that they used to do transaction. Once the transaction is complete a second code was sent to the mobile phone of the registered user or second account holder to log into the system and validate a transaction that has been done. The significance of the study will be to help institutions of different sizes to be able to secure their clients data as well as reduce the impact of Man in the middle attacks. The study Was able to demonstrate that a solution can easily be obtained at a cost that is not prohibitive without the reduction in service.