Abstract:
With the current rise of security attacks existing authentication methods on mobile phones such PINs and passwords are becoming ineffective. Researchers have suggested various alternative authentication solutions such as the use of multi-level authentication, graphical password or biometric password. Behavioral profiling refers to distinguishing users based on their unique activities such as walking, voice or typing. Location authentication is a method of providing authorization to users based on the verification of their location. The objective of this research was to evaluate the limitations of existing authentication methods that have been proposed recently by researchers in their literature and to propose an alternative authentication method based on user behavioral profiling and location based verification characteristics. This research identified the threats and vulnerabilities of mobile banking systems and examined where these authentication methods had been applied. Traditional authentication mechanisms like PINs and passwords being the most widely used authentication techniques suffer from limitations and drawbacks such as shoulder surfing, brute force, guessing attack and phishing attacks. Over a period of 30 days a study was conducted to examine the use of PINS and their limitations and the use of PINs incorporated with behavioral and location authentication in mobile banking and an analysis of the data collected from a sample size of 153 out of 247 through experiments and online surveys who comprised of staffs from Kenya Commercial Bank (KCB) head office branch at Kencom.This study evaluated existing authentication methods and their performance summarized. To address the limitations of PINs this work proposed an alternative authentication method that uses behavioral profiling using Keystroke dynamics and location data. To evaluate the proposed authentication method experiments were done through use of a prototype android mobile banking application that captured the typing behavior while logging in and location data from 60 users. The experiment results were lower compared to the previous studies provided in this paper with a False Rejection Rate (FRR) of 5.33% which is the percentage of access attempts by legitimate users that have been rejected by the system and a False Acceptance Rate (FAR) of 3.33% which is the percentage of access attempts by imposters that have been accepted by the system incorrectly, giving an Equal Error Rate (EER) of 4.3%. The outcome of this study demonstrated keystroke dynamics and location verification on PINs as an alternative authentication of mobile banking transactions building on current smartphones features with less implementation costs with no additional hardware compared to other biometric methods