Design Of Two-Factor Authentication (PIN And SMS Password) For An Automated Teller Machine (ATM)

Electrical Electronics Engineering

In the contemporary landscape of banking security, the integration of two-factor authentication (2FA) mechanisms, such as Personal Identification Numbers (PINs) and SMS passwords, within Automated Teller Machines (ATMs) has become imperative to mitigate the rising threats of unauthorized access and fraudulent activities. The design entails a robust system where users, upon inserting their bank cards, are prompted to enter their unique PINs, serving as the first layer of authentication, which validates their identity and access rights. Subsequently, a second layer of security is introduced through SMS authentication, where users receive a one-time password (OTP) on their registered mobile devices, further verifying their identity before granting access to the ATM services. This multifaceted approach not only fortifies the security framework of ATMs but also bolsters customer confidence in banking transactions, enhancing overall safety and trust in the digital banking ecosystem. Through the integration of these comprehensive security measures, financial institutions can effectively combat evolving cyber threats and safeguard the integrity of their ATM networks, ensuring seamless and secure banking experiences for customers worldwide.

ABSTRACT

Most ATMs employ one means of authentication (single factor authentication) by using the PIN. These kinds of ATMs are vulnerable to ATM frauds like Card Skimming: where a device placed at the slot for the ATM Card copies all the information stored in ATM cards including the PINs and then copies of the original cards will be made, afterwards money will be stolen from the accounts concerned. This work presents the design of ATM software that employs a two factor authentication method that utilises the PIN and a One Time Password (OTP) which will be sent to the client’s mobile phone through SMS. This process will be initiated by the ATM as soon as the user slots his ATM card and the system accepts it. By employing this technology, a fraudster who has access to someone’s ATM Card and PIN will still not gain access to their bank account if he has no access to the SMS containing the One Time Password. This work employed Object Oriented Analysis and Design (OOAD) as its methodology and this includes the use of the Unified Modelling Language (UML). In order to realise the system using the OOAD approach, C#, an oriented programming language was used. The result obtained at the end of this project is the prototype of ATM software that employs two factor authentication. Finally, the performance of the system while it was being tested shows that the objective of providing additional security using two factor authentication was achieved to a large extent.CHAPTER ONE

INTRODUCTION

1.1 Background to the Study

Brief History of the ATM

The concept of self-service in retail banking has evolved through various stages. These stages include cash machines developed in the early 1960s through independent and simultaneous efforts of engineers in Britain, Sweden and Japan. The first of such commercial cash machines was put into use in the UK on the 27th of June 1967 by the Barclays Bank. These and other developments (which were championed by efforts in Asia, Europe and America) gave rise to the automated (automatic) teller machine (ATM). The first modern ATM came into use in December 1972 and was designed by IBM for Lloyd Banks. The machine was called the IBM 2984 and popularly known as the CIT: Cash Issuing Terminal. The CIT was considered the first true cash point and is similar to what we have nowadays [1].

The ATM is a networked computer terminal that provides Bank clients with access to financial transactions from a public space without the need for one to visit the bank branch.