Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
1
A BIOMETRIC PLATFORM FOR SECURING BANKING
TRANSACTIONS
BY
OMOGBHEMHE IZAH MIKE
MATRIC NO: AAU/SPS/FNS/CSC/PhD/13/04353
DEPARTMENT OF COMPUTER SCIENCE,
FACULTY OF PHYSICAL SCIENCES,
AMBROSE ALLI UNIVERSITY,
EKPOMA, EDO STATE.
SEPTEMBER, 2017.
2
A BIOMETRIC PLATFORM FOR SECURING BANKING
TRANSACTIONS
BY
OMOGBHEMHE IZAH MIKE
MATRIC NO: AAU/SPS/FNS/CSC/PhD/13/04353
B.Sc., M.Sc. (Ekpoma)
A THESIS IN THE DEPARTMENT OF COMPUTER SCIENCE,
SUBMITTED TO THE SCHOOL OF POSTGRADUATE STUDIES, IN
PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE
AWARD OF THE DOCTOR OF PHILOSOPHY IN COMPUTER
SCIENCE, AMBROSE ALLI UNIVERSITY EKPOMA, NIGERIA.
SEPTEMBER, 2017.
3
CERTIFICATION
This is to certify that this study was carried out by Omogbhemhe Izah Mike
in the Department of Computer Science, Ambrose Alli University, Ekpoma.
…………………………….. ……………………………….
PROF. I. B. A. MOMODU DATE
(Supervisor)
Department of Computer Science
Ambrose Alli University
………………………………. ………………………………..
PROF. I. B. A. MOMODU DATE
(Head of the Department)
Department of Computer Science
4
Ambrose Alli University
DEDICATION
This project is dedicated to God Almighty whose love, grace and mercies
kept me till today.
5
ACKNOWLEDGEMENT
I wish to express my sincere appreciation and profound gratitude to God
Almighty for his faithfulness, mercies, provision, grace and love that has helped
me to accomplish this phase of my education.
I am indeed most grateful to my supervisor, Professor I. B. A. Momodu, for
his patience, understanding, and contributions to this work.
My special thanks to Prof. F. O. Ikpotokin for his fatherly counsel and
incomparable training right from my undergraduate days.
My appreciation also goes to Prof. F. M. Okoro, Prof. C.U Onianwa and Dr.
S. E. Nnebe, for their encouragement and supports for the success of this work and
other lecturers in the Department of Computer Science that contributed to the
success of this work whose names are: Mr F.I Sadiq, Mr. E.O. Oshioribhor and
Mr. P. A. Aliga.
My appreciation goes to my parents Mr. and Mrs. Omogbhemhe for their
prayers and encouragement. I also appreciate all my brothers and sisters; John,
Emmanuel, Okoro, Friday, Ebokhasomhi, Mrs Akhaba, and Ayabimhe for their
support. My special thanks to my childhood friend in the person of Abu Peter, God
bless you.
6
I thank all my spiritual fathers who dedicated their time praying for me day
and night; Pastor John, Pastor Julius, Pastor Joseph, Pastor Omodia, and Pastor Obi
I say God bless you all.
TABLE OF CONTENTS
Title page i
Certification iii
Dedication iv
Acknowledgement v
Table of contents vi
Abstract xviii
CHAPTER ONE INTRODUCTION 1
1.1 Background to the Study 1
1.2 Statement of Problem 7
1.3 Aim and Objectives of the Study 8
1.4 Justification of the Study 8
1.5 Scope and limitation of the Study 10
1.6 Research Methodology 10
1.7 Limitation of the Study 11
7
CHAPTER TWO LITEARTURE REVIEW 12
2.1 Preamble 12
2.2 Why Biometric 15
2.3 The Biometric Banking System 18
2.4 Multimodal Biometric System 20
2.5 Fusion in Multimodal Biometric System 22
2.6 Types of Biometric 24
2.7 Review of Various Biometric Techniques 26
2.8 Banking Security Challenges 28
2.9 Bank Frauds 29
2.10 Computer Security in Banking 31
2.11 Existing Security Models/Architectures in Banking 32
CHAPTER THREE SYSTEM ANALYSIS AND METHODOLOGY 66
3.1 Preamble 66
3.2 Data Gathering Techniques 66
3.2.1 Interview 67
3.2.2 System Observation 69
3.2.3 Strength of Interview and System observation 69
3.2.4 Weakness of Interview and System observation 70
3.3 Site Visit 70
8
3.3.1 Strength of Site Visit 70
3.3.2 Weakness of Site Visit 71
3.4 Analysis of the Existing System 71
3.4.1 Problems of Existing System 75
3.5 The Proposed System 81
CHAPTER FOUR SYSTEM DESIGN 84
4.1 Preamble 84
4.2 System Design Methodology 85
4.3 The Open Group Architecture Framework 86
4.4 The Design Science Approach 89
4.5 Description of the Conceptual Design of the Proposed System 91
4.6 System Architectural Design 98
4.7 Software Development Methodology 115
4.7.1 Feature Driven Development 115
4.8 Software Development Tools 117
4.9 System Design Specification 119
4.10 Database Design 121
4.11 Application Algorithm 124
4.12 Programming Languages used 127
4.12.1 Why these Languages 128
9
4.13 Application Dataflow Diagram and Flowchart 129
4.14 Modeling the Application using the Unified Modeling Language (UML) 134
4.14.1 Class Diagram 134
4.14.2 Sequence and Component Diagram 135
4.14.3 Activity Diagram 137
4.14.4 Information Engineering 142
CHAPTER FIVE SYSTEM IMPLEMENTATION 145
5.1 Development of Application Database 145
5.1.1 Development of the Application Database Tables 148
5.2 Development of Application Interfaces 150
5.2.1 Development of the Application Forms 153
5.3 Connecting the Application to the Database 155
5.4 Application Interfaces Control Mechanism 159
5.5 System Implementation Technique 162
5.6 System Requirements 162
5.6.1 Input/output Format Specification 162
5.7 Minimum Hardware Requirements 163
5.7.1 Server Software Requirements 163
5.7.2 Client Software Requirements 164
5.8 System Documentation 164
10
5.9 System Maintenance 164
5.10 System Testing/Result 165
CHAPTER SIX SOFTWARE PERFORMANCE EVELUATION 174
6.1 Preamble 174
6.2 Software Performance 174
6.3 Material and Method of Evaluation 175
CHAPTER SEVEN CONCLUSION AND RECOMMENDATION 183
7.1 Conclusion 183
7.2 Recommendations 184
7.3 Contributions to Knowledge 184
References 185
Program Listing 198
11
LIST OF FIGURES
Figure 2.1 Digital Banking Software Security Model 38
Figure 2.2 Random Data Banking Software Model 39
Figure 2.3 Flowchart of Transaction 40
Figure 2.4 Password Based Model Source 40
Figure 2.5 Bank Adaptive Architecture 41
Figure 2.6 Class Model View of Banking Software 41
Figure 2.7 Tier Banking Solution Model 42
Figure 2.8 Search Bank Security Model 42
Figure 2.9 Online Banking Authentication Model 43
Figure 2.10 Password Based Authentication Model 43
Figure 2.11 Bank Pattern Security Model 44
Figure 2.12 Online Banking Architecture 44
Figure 2.13 Bank Transaction Model 45
Figure 2.14 Bank Software Use-Case diagram. 45
Figure 2.15 QR-Code Bank Model 46
Figure 2.16 Password Simulated Bank Model 46
Figure 2.17 Mobile Payment Security Architecture 47
Figure 2.18 Fund Transfer Model 48
Figure 2.19 IBM Banking Model 49
12
Figure 2.20 Frame of Reference for Integrated GRC 49
Figure 2.21 Internet Banking Software Security Model 50
Figure 2.22 Identity Banking Software Security Model 51
Figure 2.23 Layered Banking Software Security Model 51
Figure 2.24 Card Data Banking Software Security Model 52
Figure 2.25 Password Fraud Prevention Pillar 52
Figure 2.27 Block Bank Model 53
Figure 2.28 Secure Money Exchanging Model 54
Figure 2.29 Inference Flow Model 55
Figure 2.30 Entrust Grid Card 55
Figure 2.31 Banking Services Conceptual Framework 56
Figure 2.32 Model Driver Online Banking 56
Figure 2.33 Bank Entity Protocol Model 57
Figure 2.34 PIN Validation Model 57
Figure 2.35 System Security Model 58
Figure 2.36 Hybrid Authentication Model 58
Figure 2.37 E-Payment Gateway. 59
Figure 2.38 PayPal Security Model 59
Figure 2.39 Mobile Banking System Architecture 60
Figure 2.40 Bank Transaction Model 60
Figure 2.41 PIN Transaction Model 61
Figure 2.42 Bi-PIN Transaction Model 61
Figure 2.43 PIN/Fingerprint Transaction Model 62
Figure 2.44 Fingerprint Banking Software Security Model 62
Figure 2.45 Three Level Model Interaction 63
Finger 2.46 Database Transaction Details Model 63
Figure 2.47 Three Level Pin Security 64
13
Figure 2.48 Banking Solution Secured Bank-end 64
Figure 2.49 Banking Security Flowchart 65
Figure 2.50 PIN/Username Transaction Model 65
Figure 3.1 Conceptual Design of Existing System 79
Figure 3.2 Use-case Diagram of Existing System 80
Figure 3.3 Use-case Diagram of Proposed System 81
Figure 4.0 The Open Group Architectural Framework 89
Figure 4.1 System Conceptual Design 92
Figure 4.2 Fingerprint Matching Block Diagram 93
Figure 4.3 Face Matching Block Diagram 95
Figure 4.4 Combined Decision Flowchart 97
Figure 4.5 System Logical Design 99
Figure 4.6 Architectural Design of the System 101
Figure 4.7 Input Processing Output Architectural View of the System 102
Figure 4.8 System Framework 103
Figure 4.9 Biometric Verification Flowchart 105
Figure 4.10 Biometric Authentication Flowchart 105
Figure 4.11 File Management Flowchart 106
Figure 4.12 Data Login Flowchart 106
Figure 4.13 Database Biometric Flowchart 107
Figure 4.14 Transaction Management Flowchart 107
Figure 4.15 Database Recovery Flowchart 108
Figure 4.16 Biometric Access Flowchart 108
Figure 4.17 Record Update Flowchart 109
Figure 4.18 Record Integrity Flowchart 109
Figure 4.19 System Controls Framework 110
Figure 4.20 Dataset Flowchart 113
14
Figure 4.21 Data Adapter Flowchart 113
Figure 4.22 Object Command Flowchart 114
Figure 4.23 Object Connector Flowchart 114
Figure 4.24 Application Dataflow Diagram 130
Figure 4.25 Application Flowchart 131
Figure 4.26 User Flowchart 132
Figure 4.27 Admin Flowchart 133
Figure 4.28 Application Class Diagram 136
Figure 4.29 Withdraw Services Activity Diagram 138
Figure 4.30 System Activity Diagram 140
Figure 4.31 System Sequence Diagram 141
Figure 4.32 Component-level Design for Withdrawal Service 142
Figure 4.33 Withdrawal Services and Customer Association Diagram 143
Figure 4.34 Relation of Customer and Withdrawal Services Diagram 144
Figure 5.1 Database Server Connection 146
Figure 5.2 Database Creation Screen 147
Figure 5.3 Database Name Screen 147
Figure 5.4 Database Tables Creation Command 149
Figure 5.5 Database Tables 150
Figure 5.6 System Compiler Home Page 152
Figure 5.7 System Master Page 152
Figure 5.8 System Forms Codes 154
Figure 5.9 System Form File 155
Figure 5.10 Database Connection Tool 156
Figure 5.11 System Connection Type 156
Figure 5.12 SQL Server Connection 157
Figure 5.13 System Database 157
15
Figure 5.14 Database Connection String 158
Figure 5.15 Establishing the Application Connection String 158
Figure 5.16 Connection Testing 159
Figure 5.17 Application Button Creation 160
Figure 5.18 Sample Coding Environment 161
Figure 5.19 Sample of Application Codes 161
Figure 5.20 System Login Page 165
Figure 5.21 System Main Menu 166
Figure 5.22 New User Creation 166
Figure 5.23 Existing Staff Data Interface 167
Figure 5.24 Customer Registration Interface 167
Figure 5.25 Customer Fingerprint and Face Registration 168
Figure 5.26 Customer Database List 168
Figure 5.27 Customer Transaction Detail 169
Figure 5.28 General Ledger Form 169
Figure 5.29 Checking Customer 170
Figure 5.30 Customer Transactions 170
Figure 5.31 Biometric Authentication of Transaction 171
Figure 5.32 Face/Fingerprint Biometric Parameters 171
Figure 5.33 Successful Transaction Screen 172
Figure 5.34 Personal Ledger Interface 172
Figure 5.35 Face/Fingerprint Biometric Features Used 173
Figure 5.36 Exiting Application 173
Figure 6.1 Jmeter Screen Shot 178
Figure 6.2 Finacle/Biometric Application Minimum Response Time Graph 181
Figure 6.3 Finacle/Biometric Application Maximum Response Time Graph 182
16
LIST OF TABLES
Table 1 Customer Account Registration Table Design Layout 121
Table 2 Withdrawal Table Design Layout 122
Table 3 Payin Table Design Layout 123
Table 4 Application Staff Table Design Layout 123
Table 5 General Ledger database 124
Table 6 Result captured for Existing System 179
Table 7 Result Captured for the Biometric System 180
17
ABSTRACT
Guaranteed solutions to the current transaction security challenges facing banking
industries may not be possible on a large scale, if the solutions are not developed to
prevent third party transaction in the used software. Thus, this research lends its
voice in support of the move to develop a biometric platform for preventing third
party transaction in the banking system. It is meant to use both human face and
fingerprint in securing payment platform in the banking software. Hence, the study
is motivated by the need to develop a payment platform that is self-secured and be
able to prevent third party transaction. In carrying out this research, an in-dept
analysis of the existing banking software (Finacle 10.8) used in United Bank for
Africa (UBA) was carried out to ascertain its existing security features, also the
existing up-to-date banking security models were reviewed in order to establish the
gap filled by this research. The data for this research were collected through the
use of Key Informant Interview Method (KIIM), site visit and system observation
techniques. It was seen that the existing software does not prevent third party
transaction and made the software to be secured for customer but not secure for
people entrusted with the software (staff). Hence we proposed the used of human
face and fingerprint to secure the payment platform in this software as against the
use of account number. In designing the platform, the Unified Modeling language
such as Use-Case, Class diagrams etc were used as the modeling tool. Similarly,
the platform was developed using Object Oriented Analysis and Design
Methodology (OOADM) with Rapid Unified Process (RUP) model to manage the
software processes. In examining the designed architecture, the Open Group
Architectural Framework and the Design Science approach were used to evaluate
the architecture/design and the control mechanism framework. During the
implementation of the platform, Microsoft Visual Studio 2008 was used as the
Integrated Development Environment (IDE) and Microsoft SQL Server 2008 was
used as the backend. Similarly, Visual C#.NET programming language was used to
program the application control mechanism and ASP.NET was used to develop the
application interfaces. The implementation of the software and the testing shows
that the platform could secure the banking system using both human face and
fingerprint biometric. This thereby makes the software to be able to prevent third
18
party transaction. Similarly, this platform was subjected to load performance
testing using Jmeter performance testing package in order to ascertain the system
performance, that is, tail tolerance and scalability. The result captured from the use
of the Jmeter was graphically presented using excel. The result shows that the tail
tolerance of the platform build using our architecture is significantly better than its
equivalent. Specifically, we established that our biometric platform is better than
the current platform used in securing banking transaction and can prevent third
party transaction.
CHAPTER ONE
INTRODUCTION
1.1 BACKGROUND OF THE STUDY
Over the years, there has been a lot of advancement in information processing.
Since computers form the major tools used in processing data and manipulating
information in many sector (e.g. banking sector), there is need to have adequate
security for these computers. Meanwhile Michael and Herbat (2005), define
computer security as the need to secure physical location, hardware and computer
software from outside threats. There exist multiple layers of computer security
namely- physical security, personal security, operational security, communication
security, network security and information security. All these layers of computer
security have received series of researchers’ attentions since the information age
19
and a lot of improvements have been recorded on them. It is true that computer
software are used to process data and store customers account details in the
banking sectors. These computers need vigorous software security because any
little compromise by the system, can lead to loss of large amount of money which
can create problem for the banks and their customers. Banks need more intrusive
security procedure in their software than many other applications (Sommerville,
2011). It is important to note that the banking sectors have been using account
number, account name and customers signature for account verification and
authentication. These methods of verification and authentication of bank customers
has make banking operation to be very easy for the literate and highly difficult for
the illiterate and have so many challenges like; poor customer data security,
allowing third party transaction, and enabling transaction falsification. This is true
because, people can easily copy someone account number, forge his/her signature
to commit fraud on that persons account. Also many people who are not familiar
with the concept of Personal Identification Number (PIN) and account number are
unlikely to memorize and recognize it (Jiang and Yan, 2007), this is mainly
applicable to the illiterate customers. These have made many aged people mainly
the illiterate ones not to be making use of banks in carrying out their transaction.
Thus, there is need for an easy to use banking system, that will be well secured,
reliable, simple to access and use by everyone. In the same vein, alots have been
20
recorded about how many people (bankers) entrusted with the banking solutions,
used it to commit fraud, and the software will be unable to prevent it (Paul, 2016,
Adebayo, 2016 and Anaba, 2016).
With this in mind, the banking sector have be making more efforts in introducing
biometrics as a means of customers account verification and authentication. In
order to improve security measures in many data-driven applications,
authentication like biometric plays important roles (Rashmi, 2015). It was pointed
out that “Biometrics provide very powerful tools for the problems requiring
positive identification and provide enabling technology that have potential to make
our society safer, reduce fraud and lead to user convenience” (Jain et.al., 2000 and
Gunajit and Pranav, 2010). Compared to other security measures, application of
biometric technology may provide a better method to curb online fraud, since it
uses certain physical and behavioral traits that are distinctive to an individual to
identify and verify the person through authentication (Shouvik et.al., 2012 and
Okediran, 2014). According to Selina and Jane (2012), “Institutions offering
Internet-based products and services to their customers should use effective
methods to authenticate the identity of customers using those products and
services”. Conventry et.al.(2003) and Amtul (2011) affirmed that fingerprint
technology in particular, can provide a much more accurate and reliable user
21
authentication method. It can help to reduce fraudulent practices in payment
transaction in the banking sector.
Meanwhile, the Central Bank of Nigeria (CBN) has recently makes it mandatory
for all bank customers to register their biometric information, this is to ease the
identification of customer using their physiological characteristics. Biometric is the
utilization of physiological characteristics to differentiate an individual. It utilize
biological characteristics or behavioral features to recognize an individual. It is a
new way to verify authenticity (Rupinder and Narinder, 2014). The reason
biometric is gaining more attention in the banking sectors is because, its use has no
need for PIN and signature.
Biometric fingerprint are unique to every human, they are generations of numerous
ridges and valleys on the surface of human figure. A fingerprint is the flows of
ridges patterns in tip of the human finger. Among all biometric traits, fingerprint
has one of the highest levels of reliability (Conventry et.al., 2003, Keerthi et.al.,
2014). In the rapid growth of information security, fingerprints are highly used to
secure information system and are highly reliable. These make many researchers to
be agitating for the full use of this technology in securing information in different
sectors. Fingerprint has so many application like banking security, Automated
Teller Machine (ATM) security, card transaction, physical access control, voting,
identification of criminals as recorded by (Vidya and Aswathy, 2014). Similarly,
22
Adeoye (2014) shows how a fingerprint can be used to control examination
screening. The possibilities of using fingerprint to perform verification and
authentication is determined by the pattern of ridges and furrows as well as the
minute points. Catalin et.al., (2015) maintained that the idea of using biometric for
bank user authentication is a new idea that need more attention. With the success
of fingerprint biometric system in many fields such as conducting election, keeping
attendeance register in company, used in education and many others, many
researchers support the opinion of using this kind of technology in our banking
services in Nigeria. Since fingerprint biometric system can accept artificial
fingerprint it is therefore true that it cannot be 100 percent reliable in securing
banking withdrawal transaction as claimed by Selina and Jane (2012), Akinyemi
et.al. (2010), Rana and Mumtaz (2012) and Dhurgham and Mohammad (2012).
Hence there is need for a multimodal biometric system for banking services.
According to Ross and Jain (2006), a multibiometric system can have multiple
sources of information: multi-sensor, multialgorithm, multi-instance, multi-sample
and multimodal (many biometrics combined, like iris, fingerprint, facial
recognition, etc.). Multiple biometric systems can be combined in order to increase
the security of specific applications. In our case, using fingerprints and facial
recognition will lead to an extremely enhanced authentication method. This system
use more than one human physiological (face and fingerprint) feature to provide
23
strong security during direct payment in the banking system. Thus, this research is
to provide an improved methodology and framework in using biometric features
for securing payment module in the banking system.
The move to the direction of multimodal is as a result of the fact that some of the
limitations imposed by unimodal biometric systems can be addressed through
multimodal source of information for establishing identity (Ross and Jain, 2003).
Multimodal source are expectedly more reliable due to their multiple, (fairly)
independent pieces of evidence (Kuncheva et.al., 2000). They also provide
stringent performance requirements imposed by various applications and also
address the problem of non-universality. They also deter spoofing since it would be
difficult for an impostor to spoof multiple biometric traits of a genuine user
simultaneously. Furthermore, they facilitate a challenge response mechanism by
requesting the user to present a random subset of biometric traits thereby ensuring
that a ‘live’ user is indeed present at the point of data acquisition (Ross and Jain,
2004). A generic biometric system has four important modules; namely sensor,
feature extraction, matching and decision modules (Ross and Jain, 2004 and Ahuja
and Chabbra, 2013).
The sensor module captures the trait (raw biometric data), while the feature
extraction module processes the data to extract a feature set that is a compact
representation of the trait. The main function of the matching module is to generate
24
the matching scores based on comparison of the extracted feature set with the
templates in the database by a classifier. Based on a matching score, the decision
module rejects or confirms a claimed identity. Important considerations for the
design of multi-modal biometric system include architecture, choice of biometric
modality, total number of modalities, level of accumulation of evidences, level and
methods for fusion, safety and user friendliness and cost versus the matching
performances. Others are level of security and reliability, mode of operations,
assigning weights to biometrics and multimodal database (Khatoon and Ghose,
2013 and Chandran and Rajesh, 2009). Challenges confronting multimodal
biometric systems include failure of sensors to show consistency in various
operating environments, poor design due to lack of proper understanding of
biometric technologies and public confidence. Other challenges are complex and
unverifiable matching algorithms, misleading results due to poor scalability and
lack of standard guidelines for auditing biometric system and records (Mane and
Judhav, 2013).
1.2 STATEMENT OF THE PROBLEM
Recently, the Central Bank of Nigeria (CBN) introduced the used of customer
biometrics (Biometric Verification Number) in the banking sector that helped
Nigerian banks in implementing secure and reliable banking system mainly at the
payment or withdrawal module and the fund transfer or quick teller module.
25
Hence, many banks have started documenting customer’s fingerprints that can help
them provide secured and reliable banking services. Meanwhile, since recent
discovering shows that fingerprint can be hacked and when hacked cannot be
regain, it is important to use alongside with it other biometric features like facial
biometric before its implementation. Hence, the need for a multimodal biometric
platform in securing payment module in the banking system cannot be
underestimated. Thus, the major problem at hand is how can we develop a
multimodal biometric platform that will provide an improved security measures
using both fingerprint and facial biometric in authenticating direct payment
transaction( cash withdraw platform) in the banking software that will be easy to
use while taking cognizance of system security, customer data security and
reliability.
1.3 AIM AND OBJECTIVES OF THE STUDY
The main aim of this research is to design and implement a multimodal biometric
platform for an improved security measures using both fingerprint and facial
biometric while making payment (withdrawal) with the banking system.
Hence, the specific objectives of the study are stated as follows:
a. Develop a multimodal biometric architecture using both fingerprint and
facial biometric features for implementing a secure payment platform
(module) in the banking software.
26
b. Develop a framework that helps to understand and ease the development
process of a secure biometric payment platform (module) in the banking
software.
c. Design the functionalities of the multi modal biometric architecture.
1.4 JUSTIFICATION OF THE STUDY
With the recent move by the Central Bank of Nigeria (CBN) to register customer
biometric data in the banking sector, this sector has made it compulsory for all
customers to have their biometric data register in their database. This is to help
improve the security of these systems. Meanwhile, usernames, password, signature
and PIN have been used to secure payment module in banking system in Nigeria.
However, usernames, password, signature and PIN authentication is vulnerable to
hacking (Vandommele, 2010 and Jung, 2014). Hence, there is need for a secured
and reliable payment platform using the fingerprint biometric. Sri et.al.(2011) and
Emuoyibofarhe et.al.(2011) proposed the use of fingerprint biometric for a secured
and reliable payment services. This was strongly supported by Akinyemi et.al.
(2010), Akazue and Efozia (2010) and Favour (2013). However, with the recent
successful hacking of the Germany Defense Minister fingerprint (Zoe, 2014), it is
therefore true that fingerprint biometric cannot be 100 percent reliable in securing
payment module in the banking system. The possibility of the fingerprint scanner
to allowing artificial fingerprint to gain access to any fingerprint biometric system
27
has been a major setback in using this technique for securing monetary systems.
Hence, there is need for a multimodal biometric payment platform in order to
implement a secured and a reliable payment module in the banking software.
Joseph et.al. (2015) carried out a study on how best to secure fingerprint biometric
systems. They stated clearly that future researches should look at how more than
one human physiological feature can be used to secure biometric system. The
issues (poor system security, difficult to use system, not preventing fraud, higher
system operational resources) that are central to biometric system as documented
by Joseph et.al. (2015) led to the research that is being addressed in this thesis.
This platform provide multi-stage of security for securing payment module in the
banking system, the system prototype is highly secured and reliable when
compared with the existing method used by this module (i.e account number,
signature etc).
1.5 SCOPE OF THE STUDY
The banking software is very broad as such this research has only covered the
direct payment module (i.e. cash withdrawal platform) of the banking software by
implementing a multimodal biometric security technique suitable for this module
(using both fingerprint and facial biometric) in order to enhance its security
features. It also covers customer’s biometric information (mainly facial and
fingerprint images) and how they can be used for securing the payment or
28
withdrawal platform in the banking software. The study also shows that using these
features, we can still carry out other transaction like transfer fund, deposit, general
ledger etc.
1.6 RESEARCH METHODOLOGY
In this research, detail literature about biometric system and their application in the
banking sector were reviewed. The existing banking system security models
developed by different researchers were reviewed. Similarly, site visit and system
observation techniques were used to gather the data needed by the banking sector
in managing customer’s account details. The Key Informant Interview Method,
(KIIM) was used to gather key information from bankers mainly from the ICT and
control units of United Bank for Africa (UBA). Object Oriented Analysis and
Design Methodology (OOADM) were used to analyze and design the system while
Rapid Unified Process (RUP) model was used to manage the software processes.
Similarly, the entire system was implemented using C# programming language.
Visual studio was used as the system Interface Development Environment (IDE)
which was also used as the test bed for the developed application and SQL Server
2008 was used to implement the database. Jmeter was used to analyze the software
performance and the results recorded were presented graphically using excel
package.
1.7 LIMITATION OF THE STUDY
29
The software developed can only process data where the original owner of an account
is directly involved in the transaction. That is to say, the system cannot allow third
party transaction. This therefore conditioned the system for a specific aspect of the
banking transaction (mainly withdrawal transaction with direct account owner).
Hence, the study is limited to withdraw module of the banking solution when the
owner of the account is directly involved in the transaction. Similarly, the study is also
limited to how best to secure such transactions using customer’s physiological
features like fingerprint and facial features in logical access control.
CHAPTER TWO
LITERATURE REVIEW
2.1 Preamble
Money is the medium of exchange for making payment, settlement of debt and
other business obligations. Meanwhile before the introduction of money, trade by
barter which is the system of exchanging goods for goods and services for services
was the medium of payment before two parties. The introduction of money has
help to eliminate the problems associated with the barter history (Taiwo et.al.,
2011). Money has served as the only medium of payment for a very long time. In
the course of time, new and interesting system has been introduced. Such a
progression is the introduction of electronic payment system that can be found
everywhere today in Nigeria banks. Electronic transaction is a new industry which
30
allows people to interact with their banking account via the internet from virtually
anywhere in the world (Sri and Smt, 2011). According to Rashmi (2015), e-
transaction refers to the automated process of exchanging monetary values among
parties in business transaction and transmitting the value over the electronic
medium. In Mukherjee and Nath (2003), it was stated that e-transaction system can
be grouped under four major category namely online card payment, online
electronic cash, electronic check and smart card based electronic payment system.
Knowing fully well that every electronic means of transaction is faced with a lot of
security challenges, the electronic payment system is not an exemption, this call
for the need of strong security in this kind of system. Thus any electronic
transaction system must be able to guarantee strong security, privacy, integrity,
compatibility, efficiency, convenience, mobility and low financial risk among
others which are the characteristics of biometric system (Biometrika, 2011). In
Rashmi (2015), it was stated that identity theft has been one of the major and most
prominent problem in banking system. Hence, the need for strong security platform
for this system cannot be under estimated.
Introducing e-banking system, the Central Bank of Nigeria (CBN) rolled out the
methodologies of moving Nigeria from a cash based economy to a cashless
economy through the cash-lite policy by introducing several e-payment systems.
CBN noted that the aim is to reduce the use of physical cash in the Nigeria
31
economy and encouraging electronic based transaction. However, with Nigeria
gradually eliminating the long existing cash based economy through e-payment
system, cyber criminals are taking advantages of the poor security nature of this
system in sabotaging the country’s effort and aim to use the technology for
financial fraud. Some of the major problems of this system are recorded by
Marketplace (2011), Fajfar (2004), Drygojio (2011) and Ayo and Ukpera (2010).
Similarly, those that are authorized in using the system for transaction cannot be
left out for using such system for fraud. Meanwhile many financial analysts have
warned these institutions to work out modalities and methodologies in providing
strong security for e-banking systems. In Shah (2012), Ahmad and Mahmood
(2013), it was added that the inadequate security potentials in e-banking system
lead to financial lost in these systems. All this can be solved by introducing
biometric as a medium of accessing e-banking services. Biometric fingerprint are
unique to every human. They are generations of numerous ridges and valleys on
the surface of human figure. A finger print is the flows of ridges patterns in tip of
the finger. Among all biometric traits, fingerprint has one of the highest levels of
reliability (Keerthi et.al., 2014). Meanwhile biometric is the utilization of
physiological characteristics to differentiate an individual. It utilizes biological
characteristics or behavioral features to recognize an individual. It is the science of
authentication by measuring the person physiological or behavioural features
32
(Adeoye, 2014). Biometrics measures physiological or behavioural characteristics
that allow variable identification and some well-known of these biometric (a good
example is the iris) are used for forensic identification today (Guruprasad and
Sandeep, 2015).
Biometric is a new way to verify authenticity in many transaction systems
(Ruppinder and Naringer, 2014). Biometric has been used in area like examination
screening (Adeoye, 2014), electronic voting (Olowookere and Awode, 2014), to
mention a few. Due to the success recorded in these areas, there is need to
implement such in banking system. Password and card pin are no more enough to
authenticate holder identity but biometric measures seems appropriate and secured
(Vandommele, 2010 and Jung ho, 2014).
2.2 WHY BIOMETRICS?
While theoretically a powerful tool, commonly used PINs and passwords for e-
banking authentication are in practice, a cognitive burden for users who have to
remember multiple passwords and PINs which often leads to security risks where
users choose memorable words or dates of birth, use the same password and often
ignore advice for creating a secure password (Gunson et.al., 2011). A secure,
functional and effective alternative is the use of biometrics to verify and
authenticate a user remotely. Biometrics, described as “the science of recognising
an individual based on his or her physical or behavioural traits” (Jain et.al., 2006),
33
range from the use of physical features including voiceprints, fingerprints and iris
recognition, to behavioural features including gait and handwriting recognition.
Biometrics are inherently difficult to copy, share and distribute; difficult to forge;
cannot be lost or forgotten because the individual has to be physically present. As
such, biometric systems are considered more reliable than the established password
based authentication systems and are the logical and arguably inevitable future of
secure authentication.
Despite this, widespread implementation remains limited and research in Europe
and the USA has identified the importance of understanding usability and
accessibility criteria as critical to addressing this limited expansion of biometrics in
different commercial application environments (Gunson et.al., 2011). Although not
yet commonplace, biometrics themselves have reached a certain level of maturity,
where developments in biometric sensors (smaller, cheaper, more ergonomic)
means they are increasingly found in IT devices such as PCs, PDAs and flash
drives and are being applied in contexts driven by government initiatives such as
air travel and immigration/border control. Studies have already shown that
usability and acceptance of e-services secured by biometric technology are affected
by the context of use and application environments (Byun and Byun, 2015).
However, biometrics research within different contexts is still in its infancy and
while biometrics offer a wide range of opportunities they are currently mainly
34
driven by government initiatives centred on border control applications and
national ID programmes.
In one widely reported instance, the Iris Recognition Immigration System costing
over £9 million, introduced in the UK to speed up airport passport control
processing queues, failed to deliver on efficiency improvements and led to the
“quiet” scrapping of the whole system in February 2012 (Jung, 2014). Biometric
technology has already been identified as potentially playing a major role in
protecting banking assets and safeguarding the e-banking environment (Ross and
Jain, 2006). Biometric ATMs have already been successfully implemented and
widely used around the world. However the lacklustre uptake of biometrics in
banking ATMs, in Western Europe in particular, has been attributed to a dearth of
commercial incentive. But as more of our everyday devices are linked to
biometrics – for instance voice recognition on mobile devices (e.g. iPhone’s SIRI),
fingerprint recognition on laptops and flash drives, face recognition on
smartphones – customers will increasingly demand such devices to enhance
security of their bank accounts which are currently reliant on easily cracked
passwords and “clunky three-factor authentications with a one-time password
generator” (Skinner, 2012).
Since biometric technology can effectively address security concerns in e-banking,
both technically and behaviourally, the proposed solution was developed to
35
demonstrate operational features of biometric-banking to potential users to gauge
their response to it by using Brooke’s (1996) modified System Usability Scale
(SUS). SUS was developed as part of the usability engineering programme in
integrated office systems development at Digital Equipment Co. Ltd., Reading,
United Kingdom and this case study is to evaluate its application to the biometric
interface to online banking discussed in more detail.
2.3 The Biometric Banking System
According to Dilip and Yeonseung (2008), the main priority of every bank is to
provide a safe and secure environment for their clients to perform online banking
transactions. Based on the security policy of each bank the main considerations of
framing a security policy are accountable, confidentiality, availability, integrity
and non-repudiation are the primary concerns. Therefore the banks implement the
access controls based on the concerns mentioned above by making use of physical
devices such as the support access cards, and other automated monitoring system
which has the ability to accept and deny the usage of any particular object in the
system. To date, there has been no commercialised development of biometric
banking services. The biometric banking system proposed here, was developed and
based on the use of biometric fingerprint and facial recognition hardware and
software used to authenticate each individual user based on public/private key
36
encryption protocols. In a test of different biometric technologies; fingerprint,
facial, voice and signature verification, users found fingerprint biometrics to be
most easy to use and was considered the most secure of the modalities and was
most preferred among others. Interestingly, fingerprint biometrics were found by
users to have the most impact on privacy, and evoked a higher degree of
confidence than voice or signature recognition. (Toledano et.al., 2006). Thus
fingerprint recognition biometrics are used in this system. Banks traditionally play
a critical role in securing financial transactions through provision of technical
infrastructures such as encryption, authentication and firewalls, which impact
consumer trust in the institutions’ technology. Consequently, we include the bank
in the process of authentication in the biometric banking system and expect this to
impact user trust and improve the system performance in service delivery. In this
kind of system, users would first physically visit the bank to register their
fingerprints in a secure manner. A fingerprint reading device would be provided to
the user with their user’s unique fingerprint information and embedded secured
facial biometric. To access their bank account details, they would insert the device
in a PC USB port and place their finger on the scanning device to authenticate
themselves. Once authentication is established, the device will launch a web
browser on the PC that cannot accept any Uniform Resource Locator (URL) input.
Using a browser that cannot accept URLs will prevent any potential tampering
37
with web addresses that may redirect the Internet connection to a different address.
The key that is securely stored on the device will then establish a secured
connection with the correct bank (using a built-in URL belonging to the bank). The
key will logon the authenticated user. Users can freely access their accounts and
carry out transactions by authenticating with the facial biometric, until the users
log out. If the wrong fingerprint or facial biometric is used a number of times
determined by the bank, then the key will lock itself and users will need to go back
to the bank for re-validation.
The benefits of using this approach include (a) less data vulnerability: as there is
no communication with the PC before the user is authenticated, (b) improved data
security: upon user identification, there will be no access to usernames and
passwords, (c) ease of access: no input from the user is needed apart from their
fingerprint, (d) limited virus/malware damage: the browser is stored in the
hardware with no write access to it thus viruses, worms, etc. cannot be injected,
and (e) reduced phishing impact: because no user data input is needed, harvesting
information becomes ineffective.
2.4 MULTI MODAL BIOMETRIC SYSTEM
Multi modal biometric systems utilize more than one physiological or behavioural
characteristic for enrolment, verification or identification. The reason to combine
different modalities is to improve recognition rate and system security. The aim of
38
multi biometrics is to reduce one or more of the following while increasing high
security:
False accept rate (FAR)
False reject rate (FRR)
Failure to enroll rate (FTE)
Susceptibility to artefacts
Multi modal biometric systems take input from single or multiple sensors
measuring two or more different modalities of biometric characteristics. For
example a system with fingerprint and face recognition would be considered
“multimodal” even if the “OR” rule was being applied, allowing users to be
verified using either of the modalities (Feng, 2004).
2.4.1 Multi algorithmic biometric systems
Multi algorithmic biometric systems take a single sample from a single sensor and
process that sample with two or more different algorithms.
2.4.2 Multi-instance biometric systems
Multi-instance biometric systems use one sensor or possibly more sensors to
capture samples of two or more different instances of the same biometric
characteristics. Example is capturing images from multiple fingers.
2.4.3 Multi-sensorial biometric systems
39
Multi-sensorial biometric systems sample the same instance of a biometric trait
with two or more distinctly different sensors. Processing of the multiple samples
can be done with one algorithm or combination of algorithms. Example face
recognition application could use both a visible light camera and an infrared
camera coupled with specific frequency.
2.5 FUSION IN MULTIMODAL BIOMETRIC SYSTEMS
A Mechanism that can combine the classification results from each biometric
channel is called as biometric fusion. Multimodal biometric fusion combines
measurements from different biometric traits to enhance the strengths. Fusion at
matching score, rank and decision level has been extensively studied in the
literature. Various levels of fusion are: Sensor level, feature level, matching score
level and decision level.
i. Sensor level Fusion: We combine the biometric traits taken from different
sensors to form a composite biometric trait and process.
ii. Feature level Fusion: Signal coming from different biometric channels are
first pre-processed, and Feature vectors are extracted separately, using
specific algorithm and we combine these vectors to form a composite feature
vector. This is useful in classification.
40
iii. Matching score level fusion: Rather than combining the feature vector, we
process them separately and individual matching score is found, then
depending on the accuracy of each biometric matching score which will be
used for classification.
iv. Decision level fusion: Each modality is first pre-classified independently.
Multimodal biometric system can implement any of these fusion strategies
or combination of them to improve the performance of the system.
Biometric technologies should be considered and evaluated giving full
consideration to the following characteristics:
i. Universality: Every person should have the characteristic. People who are
mute or without a fingerprint will need to be accommodated in some way.
ii. Uniqueness: Generally, no two people have identical characteristics.
However, identical twins are hard to distinguish.
iii. Permanence: The characteristics should not vary with time. A person's face,
for example, may change with age.
iv. Collectability: The characteristics must be easily collectible and measurable.
v. Performance: The method must deliver accurate results under varied
environmental circumstances.
vi. Acceptability: The general public must accept the sample collection routines.
Nonintrusive methods are more acceptable.
41
vii. Circumvention: The technology should be difficult to deceive.
2.6 TYPES OF BIOMETRICS:
There are two types of biometrics: behavioural and physical.
Physical Biometrics:
a. Fingerprint - Analyzing fingertip patterns.
b. Facial Recognition - Measuring facial characteristics.
c. Hand Geometry - Measuring the shape of the hand.
d. Iris recognition - Analyzing features of colour ring of the eye.
e. Vascular Patterns - Analyzing vein patterns.
f. Retinal Scan - Analyzing blood vessels in the eye.
Behavioural Biometrics:
a. Speaker Recognition - Analyzing vocal behaviour.
b. Signature- Analyzing signature dynamics.
c. Keystroke - Measuring the time spacing of typed words
42
2.6.1 Applicability of Biometrics in Banking for Authentication
Utilizing biometrics for internet banking is becoming convenient and considerably
more accurate than current methods (such as the utilization of passwords or PINs).
This is because biometrics prevent a ituation hereby a password or token may be
used by someone other than the authorized user and is convenient (nothing to carry
or remember), accurate (it provides for positive authentication), can provide an
audit trail and is becoming socially acceptable and inexpensive.
2.6.2 Advantages of Using Biometric in Banking Systems
Using biometrics for identifying human beings in banking offers some unique
advantages given as follows:
a. Biometrics can be used to identify you as you.
b. Tokens, such as smart cards, magnetic stripe cards, photo ID cards, physical
keys and so forth, can be lost, stolen, duplicated, or left at home.
c. Passwords can be forgotten, shared, or observed. Moreover, today's fast-
paced electronic world means people are asked to remember a multitude of
passwords and personal identification numbers (PINs) for computer
accounts, bank ATMs, e-mail accounts, wireless phones, web sites and so
forth.
d. Biometrics holds the promise of fast, easy-to-use, accurate, reliable, and less
expensive authentication for a variety of applications.
43
e. Another key aspect is how "user-friendly" a system is. The process should
be quick and easy, such as having a picture taken by a video camera,
speaking into a microphone, or touching a fingerprint scanner.
f. As biometric technologies mature and come into wide-scale commercial use,
dealing with multiple levels of authentication or multiple instances of
authentication will become less of a burden for users.
2.7 Review of Various Biometric Techniques
There exist many biometric techniques, among them are fingerprint, iris, Lips,
facial and voice recognition. These few ones are discussed in this research because
of their popularity and easy adaptability features by the users.
Facial Recognition
This is the use of facial features to verify an individual from a digital image or
video system. It involves evaluating selected facial features from the image
captured and compares it with the one in the database to ascertain whether the
person is legitimate or not. The advantage of this technique is that they can
perform massive identification which other biometric can’t perform (Rabia et.al.,
2009). The technique doesn’t require any direct contact with the person in order to
verify his/her identity. However the disadvantages associated with this technique is
44
that it does not work effectively with bad/poor weather. It is a costly technique
when compare with the finger print technique.
Fingerprint
Every human being has some uniqueness in their fingerprint because of the
numerous ridges and valley on the surface of the finger. Fingerprint feature
extraction and matching approach relies on the fact that the uniqueness of
fingerprint can be determined by detecting prominent singular point known as
minutiae. It is therefore possible to use this as a means of authenticating
transaction in the banking system. The advantage is that they are largely universal.
Only 2% of the world population cannot use fingerprint due to skin damage
(Davies, 2009), it is very easy to use and the operation requirements are less
expensive. Hence, it will be suitable for authenticating banking transaction.
However, fingerprint scanner can be cheated with artificial fingerprint thus there is
need for multimodal biometric features to authenticate users if high security is
needed.
Iris
This is one of the biometric authentication techniques with very low false
acceptance. Once taken, it is compare with the one in the database. It offers one of
the secured strategies of authentication and recognition. Everybody has different
and independent iris texture, this make it possible to use it as a means of
45
identification. One of the advantage of this technique is the easy recognition of
fake iris (e.g. when the person wear colour contact) and it has a very low
processing time. One of it disadvantages is that it perform poorly at a distance
because of it small nature (Penny, 2000). Also, iris scanners are expensive (Rabia
et.al., 2009).
Voice Recognition
Voice recognition is a technology through which sound, phrases and word voice by
human beings are transformed into electrical signals and these signals are
converted into code design. This kind of technology can be used by people with
damage skin for identification. It fit everybody and does not require much training
to operate it. However this technique may make mistake if there is noise and
disturbance and is very expensive to implement.
Lip identification
Human lip can be used to identify a particular person. It originated from felony and
forensic process (Rabia et.al.,2009). Lips form and colour can be used to recognize
human identity. One advantage is that lips attributes are usually distinct from every
person, thus can serve as a means of identification. Similarly, sizes of lip are small,
thus, can easily be process with a computer program. One demerit is that a smile
by the person can cause difficulties in identifying the person.
2.8 BANKING SECURITY CHALLENGES
46
System security has been a major concern of every ground breaking technology
like the banking system. The introduction of banking system has come with its
security challenges. According to Masocha (2010), these ranges from technology
adoption, financial limitation, limited internet access, cultural barriers etc. Security
has been rated as the most important issues in banking services (Auta, 2010).
Angelatopoulos (2011) noted that security has a great concern for the adoption of
banking services. Hence, understanding these challenges in more detail provides a
road map of adopting them. Shah et.al.(2012) noted that the inadequacy of security
potentials leads to financial loss in every system. Thus its relevance in the study of
payment module in banking system cannot be under estimated. In banking, fraud is
a major contributory factor to the term security and need to be managed closely.
Giles (2010) noted that banking system offer most if not all incentives for fraud.
Hence, there is need for robust fraud prevention and system security
methodologies such as using biometric measures. Meanwhile financial institutions
suffer losses through crimes in online banking, cheques, card frauds among others.
Developing strategies will help to address the risk of customers losing confidence
in banking services. However, despite the fact that the banking system has been
faced with a lot of challenges, there is no doubt that there has been a lot of success
in fraud detection and control around the world using these systems which includes
47
detecting staff irregularities, protecting customer’s information, providing check
and balances at the end of daily transactions (Chang, 2011).
2.9 BANKING FRAUDS
Wisegeek (2013) define fraud to wrongful or criminal deception that result in
financial or personal gains. In banking, fraud is the use of deliberate
misrepresentation in order to fraudulently obtain money or other assets from a
bank. Benjamin and Samson (2011) noted the type of fraud that is commonly
experience by financial institutions. Aransiola (2011) noted that collaborating with
security agents and bank official are also form of fraud encountered in our
financial institutions. Similarly phishing is one of the mechanisms that fraudsters
use to obtain customers personal details leading to the use for fraudulent activities.
Meanwhile, phishing challenges result in financial institutions loosing thousands of
assets to criminals. Thus, there is need for biometrics to help checkmate such
activities (Amtul, 2011). It was noted by Vandommele (2010) that conventional
method of authentication via usernames and passwords are no longer sufficient,
biometric technology has been identified as one of the potential technology of
improving banking security (Akinyemi, 2010). Many researchers have proved that
biometric security measures can help decrease banking frauds. Hence Murdock and
Anderson (2010) emphasized that authentication in payment module banking
solution need to be technologically and economically viable if full potentials of the
48
system must be achieved. Similarly, because of the kind system prevention or
authentication measures used by most banking systems, customers have
vulnerability to fraud (Choplin, 2011) and transparency and security knowledge
and awareness also contributed to this menace (Koskosas, 2011, Akindele, 2011).
In dealing with the security challenges of using banking, Ahmad and Mahmood
(2013) summarized the factors along with their sources affecting banking security
under strategic, managerial, operational and technical factors. Their work will help
to have a quick understanding about the factors affecting effective payment system
in banking solution.
2.10 COMPUTER SECURITY IN BANKING
Over the years, a variety of computer system technologies is provided to customers
by banking industry (Chan and Lu, 2004, Lai and Li, 2005, Sachan and Ali, 2006
and Wresch and Fraser, 2006). Previous research outcomes has shown that
computer security self-efficacy plays a leading role in defining and using computer
related applications and technologies ( Brown et.al., 2010, Dennis et.al., 2003, Lee
et.al., 2005). In Tendelkur (2013), a suspected cyber attack brought down system
and computers at some of Korea’s major banks and broadcasters and that affected
the local equity market which declined by 1.0%.
Electronic banking system users still face the security risks with unauthorized
access into their banking accounts via identity theft. Identity theft is one of the
49
fastest growing crimes in which a criminal obtains key pieces of personal
information or person’s identity in order to use for personal gain or in some way
that involves fraud or deception (Zakaria, 2013, Gercke, 2011 and Harry, 2002). A
similar fraud type involves the use of individual’s credit card or corresponding data
for payment of goods and services while the owner of the card and the issuer of the
card are unaware (Simic, 2005). According to Raghavan & Parthiban (2014), there
are a number of e-fraud types witnessed in the banking sector like ATM fraud,
cyber money laundering and credit card fraud and in general all the fraud types are
executed with the ultimate goal of gaining access to user’s bank account. Dzomira
(2014) noted that electronic fraud is classified into two categories namely direct
fraud (e.g. money laundering, employee embezzlement) and indirect fraud (e.g.
malware, phishing, identity theft). All these call for improved banking systems
security.
2.11 EXISTING TRANSACTION SECURITY MODELS IN BANKING
SYSTEM
Over the years, electronic banking development has improved the efficiency of
banking sector. This has drastically reduced the resources and time spent in
carrying out financial transaction in this sector. The evidence of this is that, today,
long queues in banking hall has drastically reduced and their operation efficiency
has been improved. However, the emergence of electronic banking brings security
50
issues and necessity in implementing high security measures for bank users
(Joseph et al., 2015). Friday et.al. (2012) claimed that wide range application of
poor information technology software has also led to emerging threat and attack
mainly in the form of computer crimes. It is important to note that as more people
are exposed to information super-highway, private information security is
indispensible in the area of improving banking transactions. Matthew et.al. (2012)
stated that most of the defense on e-banking attack has been reactive. Laorto et.al.
(2011) stated that existing banking security model focuses on fraud identification
instead of fraud prevention. This shows that many of these models allow fraud to
be committed before taking action of detecting the fraud, the knowledge of this has
made many researchers in providing different models for improved security in
electronic banking transaction.
Laerte et.al. (2011) developed a banking security model. This model as shown in
Figure 2.1 uses password to secure transaction within the system. Mahadevi and
Sukumar (2015) also developed a banking security model (see Figure 2.2) that uses
username and password to secure the system transaction. The model presented by
Nayer (2013) uses username and password to secure transaction. This model is as
shown in Figure 2.3. Nadeem (2014) developed a banking security model (see
Figure 2.4). The model uses username and password to secure banking transaction.
Melappwre et.al. (2012) developed a model for preventing fraud using password
51
and searching of existing relations of the password. This model is as shown in
Figure 2.5. Meanwhile, Figure 2.6 shows the model developed by Shafeeq and
Vipin (2012). This model uses username and password to secure transaction.
Figure 2.7 shows the model developed by Daniel (2003) that uses username and
password to secure banking transaction. Beatriz (2012) developed a similar model
(see Figure 2.8) that uses password to secure banking transaction. The model
developed by Bogdan (2014) is as shown in Figure 2.9. This model uses username
and password to secure banking transaction. Gregory (2006) developed a banking
security model (see Figure 2.10) that uses password to secure banking transaction.
Similarly, Maciappane and Prasanna (2013) developed a model (see Figure 2.11)
that uses username as system pattern security to secure transaction .The model was
presented by them in form of class diagram. Kamyer (2012) developed a banking
system model that uses username and password to secure transaction. The model is
as shown in Figure 2.12. The model in Figure 2.13 was developed by Mahmood
(2012) in securing banking transaction using username and password. Ane(2011)
developed a banking transaction application model (that uses username and
password) in the form of use-case diagram (see Figure 2.14). Jaideep et.al. (2013)
developed a banking security model (see Figure 2.15) that uses username to
authenticate any transaction in cryptographic hashing. Mohammed (2011)
developed a model (see Figure 2.16) for banking transaction that uses password to
52
authenticate any transaction. A similar model was presented by Temitope (2009).
The model (see Figure 2.17) uses password to secure its transaction. In addition,
Ebubeogu (2015) developed a banking transaction model (see Figure 2.18). The
model uses password to secure transaction within the system. The banking system
model presented by IBM (2011) is as shown in Figure 2.19. This model also uses
password and username to secure transaction. In the same vein, Nicolas et.al.
(2014) developed a banking system model (see Figure 2.20) that uses username
and password to secure transactions. Hence, in all the above researches and their
respective banking software models, username and password were used to secure
transaction. Consequently, the use of username and password that can be
compromised poses serious limitations in these models to achieving better
transactions security in the banking system.
In addition, Adegiga et.al. (2011) developed a banking transaction model that uses
Personal Identification Number (PIN) to secure transaction. This model is as
shown in Figure 2.21. A banking transaction model was also developed by Khaled
(2015), the model (see Figure 2.22) uses smart card PIN to secure banking
transaction. Kritiger and Von Solm (2012) developed a banking transaction model
(see Figure 2.23) that uses security code given to user to secure transaction. PIN
and card number and the parameters used to secure banking transaction in the
model (see Figure 2.24) presented by Shewangu (2015). In Larte et.al. (2013), PIN
53
and username were used as the parameter suitable for securing banking transaction
in their model, see Figure 2.25. Prabonk (2011) developed a banking security
model in the form of block diagram. The model (see Figure 2.26) uses password
and PIN to access the transaction menu. In the model presented by Rana (2012),
PIN and saved data are the paramenters needed to perform transaction. This model
is as shown in Figure 2.27. Majid (2010) developed a model (see Figure 2.28) that
uses PIN and password to secure banking transactions. Rodrigo et.al. (2015)
presented a model for securing banking transactions using keyword PIN. The
model is as shown in Figure 2.29. Entrust (2005) developed a model (see Figure
2.30) that uses Grid card number to authenticate any transaction in the banking
system. Similarly, Qureshi and Khan (2008) developed a banking security model
that uses PIN to secure transaction. The model presented by them is as shown in
Figure 2.31. Avomrmicului and Brestelean (2012) developed a model (see Figure
2.32) that uses PIN to secure the banking transaction. Figure 2.33 shows the model
developed by Houssam et.al. (2014). This model uses PIN in securing banking
transaction. Ayo and Ukpera(2010) developed a model that uses PIN in three-
stage-level to secure banking transaction. This model is as shown on Figure 2.34.
Jiang and Yang (2007) developed a model (see Figure 2.35) that secure banking
transaction using PIN. The model (see Figure 2.36) developed by Sandeep et.al.
(2011) uses phone number and PIN in securing banking transactions. Ailya et.al.
54
(2014) developed a model (see Figure 2.37) that uses PIN in securing transaction
in two-level-state. Figure 2.38 shows the model presented by Ranjit et.al. (2016)
that uses PIN in securing banking transaction. Narendiran et.al. (2008) presented a
model (see Figure 2.39) that uses PIN in securing transactions. Similarly, Anthony
(2014) developed a model (see Figure 2.40) that uses PIN in securing transactions.
The model presented by Mukherjee and Nath (2003), uses PIN and password to
secure transactions. This model is as shown in Figure 2.41. Mathew and Simon
(2007) developed a model (see Figure 2.42) for securing banking transactions
using PIN and password. In the above mentioned models, PIN was used in
securing transactions. The fact that PIN can also be compromised render these
models unsafe for providing better security to banking software.
Similarly, Emeka (2014) developed a transaction security model that uses
fingerprint and PIN in securing transaction. This model is as shown in Figure 2.43.
Adegboyega (2015) developed a model for banking transaction. The model (see
Figure 2.44) uses fingerprint and password to securing transactions. Maknahiv
(2015) developed a model (see Figure 2.45) for securing banking transaction using
PIN and staff image. The model (see Figure 2.46) that uses multiple database
server with PIN in securing transaction was developed by Falaye (2013). Vivek
et.al. (2014) developed a model that uses text based questions to authenticate
special transactions in the banking system. This model is as shown in Figure 2.47.
55
The model developed by Costantin and Catalin (2008) uses PIN and image in
securing banking transaction, this model is as shown in Figure 2.48. The model
shown in Figure 2.49 was presented by Hameed (2014) for securing banking
transactions using PIN and image. Taiwo et.al. (2011) also developed a banking
transaction security model (see Figure 2.50) that uses PIN and image in securing
transaction.
Meanwhile, the parameters used in the aforementioned models can be hacked and
compromised, further researches is therefore required. Hence, in this research, we
used fingerprint and facial recognition parameters in developing the banking
transaction security model.
CAPITCH
A
Positive
Identification
Device
identificatio
n one-time
password
Digital
certificate
One-time
Password
Card Browse
Profession Virtual
Keyboar
d
56
Figure 2.1: Digital Banking Software Security Model Source: (Laerte et.al 2011)
Login
Read user ID
Fetch user profile
Show image
Detect mouse
position
Register
Get user ID
Select sound
signature
Select tolerate
level
Select image
user profile
Want more
image
Mouse
position OK
Play sound signature
Play random sound
Prepare login vector
No
No
Yes
Yes
57
Start
Registration and
Authentication
Define Rule by
Verified
Perform Transaction
Finish
Figure 2.3: Flowchart of Transaction. Source:
Nayer et.al. (2013).
Start
User
authentication
IP
address
charged
Contro
l Block
Generate
Access
Yes No
Figure 2.2: Random Data Banking Software Model. Source: Mahadevi and Sukamar (2015)
58
User
User
Password
Sub
system
Modulo
Authenticate
Engine Perform
Transaction
Client
operation
Figure 2.5: Bank Adaptive Architecture. Source: Melappare et.al.(2012).
Transaction
software
Bank Transaction
User Authenticate
59
User Interface Login
Domain Layer
Technical Layer
Figure 2.7: Tier Banking Solution Model. Source: Daniel (2003).
Identification
Search
Exist
No
Yes
Use
Subscription
60
Figure 2.8: Search Bank Security Model. Source: Beatriz (2012).
Service Service Service Admin
Service
Virtual
Machine
Virtual
Machine
Virtualization
Network Computer Storage
devices
Enable
Figure 2.9: Online Banking Authentication Model. Source: Bogdan (2014).
Solution Solution
Password Password
61
Figure 2.10: Password Based Authentication Model. Source: Gregory (2006).
Figure 2.11: Bank Pattern Security Model. Source: Maciappane and Prasanna (2013).
Customer
+ name
+ id
+ type
+ pay ()
Request
+ request type
+ id
Get request ()
Transaction
+ name
+ id
+ amount
Get request ()
Pass request ()
Branch Manager
Name
Amount
Zonal Manger
Name
Amount
Head Office
Name
Amount
Customer
APP
Application
Server
62
Client
Connection
Application
Login
Forget
password
Server
TSP
Account
Information
Other Menu
Figure 2.13: Bank Transaction Model. Source: Mahmood (2012).
Create Account
Create Signature
Create Transaction
Log
63
User Side
User I
User
Data
User
Secreat
Cryptographic
Hash
Server Side
User Table
User
Data
User
Secreat
Cryptographic
Hash
Equal
OK/NOT
Code
Figure 2.15: QR-Code Bank Model. Source: Jaideep et.al. (2013).
Client
Chanel
Front End
Chanel
Bank End
Chanel
Internet
Password
64
Mobile Device
Issuer
Certificate Authorization
Point of sale
Acquire
Password Authorization
Figure 2.17: Mobile Payment Security Architecture. Source: Temitope et. al. (2009).
65
Login
Enter Password
Perform
Transaction
Transfer Fund
Enter Amount
Transfer
Successful
Layout
66
Figure 2.20 Frame of Reference for Integrated GRC. Source: Nicolas et al (2010).
Figure 2.18: Fund Transfer Model. Source: Ebubeogu (2015).
Figure 2.19: IBM Banking Model. Source: IBM (2011).
67
Figure 2.21. Internet Banking Software Security Model. Source: Adegiga et.al (2011)
Neural network
Detector
User
Interface/Pin
Transaction
Bank
68
Figure 2.22 Identity Banking Software Security Model. Source: Khaled (2015)
Private key generator
Master
public key Master
Private key
BANK A
Use bank ID to
generate key
Sign and send
message
Cloud computing
storage
Obtaining master
Receive Bank A
Encrypt and send
Role-played
Government
-
-
-
-
-
-
-
Banks
Establish Africa
security
Create security
registration
Facilitate
security
Implementation
Monitoring &
reporting
Na
tura
l B
ot
for
cy
ber
sec
uri
ty
Inte
ract
ion
al
Bo
t fo
r cy
ber
sec
uri
ty
Cyb
er s
ervic
es
BOT CYBER
Figure 2.23. Layered Banking Software Security Model. Source: Kritiger and Von Solm et.al (2012)
69
Figure 2.24: Card Data Banking Software Security Model. Source: Shewangu
(2015)
Reg
istr
ati
on
Tea
chin
g
Gover
nm
ent
Ed
uca
tion
Ris
k m
an
agem
ent
Credit card
Phishing
Credit card
Hacker
Fraudster
Counterfeiting
Retrieving
Credentials
Victim
BA
NK
Online
Login with
PIN
Withdra
w
Withdra
w
Security Policy
Connecting All Bank
Enabling Payment
Figure 2.25: Password Fraud Prevention Pillar. Source: Prabonk (2011).
Developing Security Tracking
70
Figure 2.27 Block Bank Model. Source: Rana (2012).
End call
into Bank
Block
Access
Successful
Read Data
Compared to
saved data
Perform all
transaction
YES
YES
NO
End
71
Figure 2.28: Secure Money Exchanging Model. Source: Majid et al (2010).
Receive
message
Start
Buyer lock up
message
Send accept
message
Receive cost
Accept
message
Send buyer lock
up message
Receive Accepting
Message
Send Cost
Do Distributed
Transaction
Terminator
72
Username
Figure 2.30: Entrust Grid Card. Source: Entrust (2005).
Password
Identify card
SM
Storage
devices
Figure 2.29 Inference Flow Model. Source: Rodrigo et al (2015).
Identify
Keywords
Embedded
file hashes
Same
developer
Malware Hash
Message
Recipient
Downloader
URL £B
Link relevant
data
Shared
resources
YES
NO
73
Figure 2.31: Banking Services Conceptual Framework. Source: Qureshi and Khan (2008).
Banking Services
Access to account
Control account
Usage account
Awareness
Interest
Adoption
Satisfaction
Commitment
Services
Recommend
Login
Interrogation
Transactions
Modification
Layout
Information
Transaction
Figure 2.32: Model Driver Online Banking. Source: Avomrnicului and Bresfelean (2012).
74
Figure 2.33: Bank Entity Protocol Model. Source: Houssam et al (2014).
Certificate Authority
PIN
Merchant
Payment
Gateway
Inter Bank
Network
Issuer
Bank
SEPT Protocol
Figure 2.34: PIN Validation Model. Source: Ayo and Ukpera (2010)
FAISE
Login
Validate
Password
Generate
Random
Number
Store
Validation
Enable
Transaction
Deny
Transaction
75
CARD
Issuer
Business
Bank
Authentication by PIN
Certification
User
Business
Authentication A
uth
enti
cati
on
Authentication by PIN
Figure 2.35: System Security Model. Source: Jiang and Yang (2007).
Authentication
Figure 2.36: Hybrid Authentication Model. Source: Sandeep. et al (2011).
Sever
Data Gatherer
Authentication Decider
Mobile Phone
User
HMM Model
Detection
76
Figure 2.37. E-Payment Gateway. Source. Ailya et.al (2014)
Figure 2.38. PayPal Security Model. Source: Ranjit et.al. (2016)
77
Figure 2.39: Mobile Banking System Architecture. Source: Narendiran et.al (2008)
Figure 2.40: Bank Transaction Model. Source: Anthony (2014).
Start
PIN
Correct?
Successful
Services
Authenticate
Enable
transaction
NO
YES
NO
End
YES
78
Figure 2.41: PIN Transaction Model. Source: Mukherjee and Nath (2003).
Identification
Password
Exist
END
No
Yes
Use
PIN
Enable Transaction
Transaction
End
Transaction
software
Bank Transaction
PIN PIN
USER Perform Transaction
Figure 2.42: Bi-PIN Transaction Model. Source: Mathhew and Simon (2007)
79
User Interface
Client
Encryption
Fingerprint PIN
Banking server
Banking server
Network
Module
Server Slide
Figure 2.43: PIN/Fingerprint Transaction Model. Source: Emeka (2014)
ONLIN
E
STORE
Existing
Fingerprint
Recent cap
time finger
Verification
domain
Store
program
PIN/Finger
Computer
User
BANK
Figure 2.44: Fingerprint Banking Software Security Model. Source: Adegboyega (2015)
80
User interface
Image PIN
Client
Encryption
Kerberos server
Internet banking
server
Figure 2.45: Three Level Model Interaction. Source: Maknahiv (2015)
Finger 2.46. Database Transaction Details Model. Source: Falaye (2013).
Control Sever
View Account
Detail User
Perform
Transaction Sign
out
81
Figure 2.47: Three Level Pin Security. Source: Vivek et.al. (2014).
User
Text Based
Authentication
Image base
Authentication
Authentication
Login to
System
Figure 2.48: Banking Solution Secured Bank-end. Source: Constantin and Catalin (2008).
Banking
Application
Back-end
connector
Application Server
Business Services
Back-end
message
Business Service
Government
Bank core
application
82
Figure 2.49: Banking Security Flowchart. Source: Hameed (2014)
Open System
Main Screen
YES
Lock Close
Key
Picture
Valid?
Lock and Key
Code by SMS
Figure 2.50: PIN/Username Transaction Model. Source: Taiwo et al (2011)
Start
Authentication
PIN
Correct?
Error Username
Correct?
END
Exit
No
Yes No
Transaction
YES
83
CHAPTER THREE
SYSTEM ANALYSIS AND METHODOLOGY
3.1 Preamble
This chapter discusses the data gathering techniques used in this study and the
methodology used in analyzing the existing system of authenticating banking
transaction. Meanwhile, in analyzing the existing system, Object Oriented Analysis
methodology (OOAM) was used. The object-oriented approach to software analysis
focuses on real-world objects. It is based on the premise that there exists a
fundamental human limitation to manage more objects or concepts at one time. This
methodology is used to analyse the existing system being the best method that can
visit all the modules of the existing system from scratch.
3.2 Data Gathering Techniques
For any existing system to be understood, facts about the system must be compiled.
The exact input operations and output of the system must be determined. There are
many techniques used for data gathering in any research which are: Interview,
Questionnaires, Observation, System Study, etc. However, during the process of
gathering data for this system interview, site visit and system observation techniques
were used.
84
3.2.1 Interview
Interview is a formal meetings or conversation with someone designed to elicit
information about the operation of an existing system as a requirements for the
proposed system. It is a formal meeting where the analyst can obtain information
about the operation of the present system and requirement of any planned replacement
(Chiemeke and Egbokhare, 2006). This technique was used to gather data for this
research. In an interview with the control unit officer of the United Bank for Africa
(UBA), first-hand information about transaction authentication in the existing system
were collected. The Key Informant Interview Method (KIIM) was used to conduct the
interview with two control unit officers and two ICT officers of UBA.
KIIM can be defined as a discussion with someone knowledgeable about a
problem, or its possible solution (Cooper and Schindler, 2003). KIIM are semi-
structured interview, as such, they are flexible in nature, and do not require a
standard set of questions, in order to be included in the interview guide. In this
form of interview, the interview guide consists of a list of themes, and these
themes largely guide the questions asked. However, questions vary from
respondent to respondent.
According to Cooper and Schindler (2003), this method of interviewing is used to
discuss a subject with a knowledgeable person: the `key informant'.
Hochschild(2009), Marshall and Rosman (2011), and Tansey (2007) shed light on
85
some of the advantages of KIIM. These advantages are outlined below. The
interviewer has the opportunity to triangulate information among interviewees
without revealing the names of any other respondents. Key informant is more
capable of providing a general view of a particular subject. The interviewees are
able to provide valuable information, as a result of their respective positions. With
KIIM, the interviewer has the opportunity to probe a topic in depth, in order to gain
more insight and understanding on a particular subject. The subject in this case is
securing banking transaction using human biometric. Thus, the chosen key
informant should be knowledgeable on the subjects of banking transaction with
biometric. Marshall and Rossman (2011) define key informant as someone who is
influential, prominent and well- informed about a particular area in the research
study. Hochschild (2009) further maintains that the person's position is also a
contributing factor when considering key informant. Smith (2006) argues that
researchers define the term key informant in a manner that is subjective to the
relevant respondents. By contrast, this research will not seek a new definition for
the term key informant; it will merely adopt the definition provided by Marshall
and Rossman (2011).
Owing to the nature of key informant, gaining access can be a challenge (Mikecz,
2012). However, in the case of this research, access was gained comparatively
easily. Contrary to Conti and O'Neil (2007), who recommend the use of formal
86
letters, followed by phone calls to make contact with key informant, emails were
used. This decision was influenced by the electronic nature of the modern day. As
such, using emails to contact the key informant proved to work well, as they
provided prompt responses. In this study, the key informant where chosen, based
on their line of work, experience and knowledge in the field of banking transaction,
security, and particularly in the aspect of applying biometric for securing
transaction in the banking sector.
3.2.2 System Observation
System observation is one of the most effective data collection techniques for
obtaining important details about a system. It is a fact finding techniques were the
researcher participates in or watches a person performing activities on a system to
learn about the system (Chiemeke and Egbokhare, 2006). It was used in this research
to support the interview technique to gather system information.
3.2.3 Strength of Interview and System Observation
i. Interview gives the analyst an opportunity to motivate the interviewee to
respond freely and openly to questions
ii. Interview allows analyst to probe for more feedback from the interviewee.
iii. Data gathering by observation can be highly reliable
iv. Through observation the system analyst will be able to see exactly what is being
done.
87
3.2.4 Weakness of Interview and System Observation
i. Interview is time consuming and therefore it is a costly fact finding approach.
ii. The analyst human relational skills play a great role in the success of interview
technique.
iii. Some tasks may not always be performing in the manner in which they are
observed by the system analyst.
iv. Some system activities may take place at odd times, causing a scheduling
inconvenience for the system analyst.
3.3 Site Visits
The main objective of site visit is to examine the existing system closely and
record the activities of the system (Vivian, 2009). This was carried out by visiting
the UBA head office at UBA House, 57, Marina, Lagos, Nigeria. In the process,
we watched the activities of different cashiers and control officers that authenticate
transaction and we recorded the data used to authenticate transaction like account
number, names, date, signature, teller number, username and password. We
compared these data with the ones collected during KIIM. The comparison, shows
that the data provided by the key informant about the existing system agreed with
what we saw when we visited the site at UBA head office.
3.3.1 Strength of Site Visits
i. The process of recording facts from site visits is highly reliable.
88
ii. Site visits take place to clear doubts and check the validity of the data collected
using other technique.
iii. Site visit is inexpensive when compared to other fact finding techniques.
iv. In this technique, we will be able to see the processes at first hand.
v. The systems analyst can easily understand the complex processes with site visit.
3.3.2 Weakness of Site Visits
i. People usually feel uncomfortable when being watched; they may unwillingly
perform their work differently when being observed.
ii. Due to interruptions in the task being observed, the information that is collected
may be inaccurate.
iii. Site visits are done during a specific period and during that period; complexities
existing in the system may not be experienced.
iv. There may be scheduling problems for the systems analysts when the activities
take place during odd hours.
v. Sometimes, people may be more careful to adopt the exact procedure which
they do not typically follow.
3.4 Analysis of the Existing System
The existing system used by UBA banks is the Finacle Banking Core Solution
version 10.8 software. It is used for all transactions and daily running of their
businesses. Before now they used Flexqube software, upgraded to Finacle 7.0
89
version and later this year upgraded to Finacle 10.8 version. All these upgrade are
as a result of the current version having a higher security measures than the earlier.
The major transaction menu in Financial Banking core solution 10.8 version are:
1. Help Account Current Information (HACLI) use for account Enquiring
2. Help Transaction Maintenance (HTM) use for transaction maintenance
3. Help Account Financial System Maintenance (HAFSM) use for account
financial maintenance
4. Help Maintenance System Order Information Report (HMSOIRP) use for
maintenance report
5. Help Account Current Ledger (HACL) use for accounting information
6. Automatic Teller Machine (ATM) used for ATM transaction etc.
The software enables only one operation at a time. It has an account inquiry menu
that enables account information to be viewed and the system is programmed to
centrally record all transactions and all fraudulent activities. Similarly, the system
has a module called the Transaction Menu (TM) and is used for transmitting debit
and credit transactions to customer’s account. The system also has Account
Financial System Maintenance (AFSM) menu which is a software device menu
installed to disallowed unauthorized members of the organization to view account,
expect they are under the following restriction which may be due to;
a. Dormancy: Account under one year six months not operated
90
b. Freezed/frozen: Due to fraudulent activities
c. Account inactive: Six months of operations
d. Memo pad: Exercising due check
e. Fraud Alert: Fraudulent dealing
f. Red alert respectively (investigation)
g. PND: Post No Debit
In the same vain, Help Maintenance System Order Report (HMSOR) is a module
in the software that can be use to view transaction histories by way of download
the statement of accounts. This module does not allow transactions on account
numbers that has discrepancies with the name of account and transaction back
dates, post dates and pre dates cannot be adjusted by the staff. In a nutshell, every
adjustment is centrally controlled and managed at the head office. Similarly, the
system has an ATM menu that take care of all ATM transactions. As a part of
security devices the software displaces alert/ information on the screen when a card
is wrongly used.
Consequently, the objective of the software is to enable UBA staff to manage
customer’s information with their daily banking transactions, and to protect their
information thereby providing security to the financial details, and manipulations
using the software. With this, the software prompt staffs to enter his/her
authenticating information (username and password) before the full menu to
91
process the customer’s data are being displayed. After a successful authentication
by staff of the organization or any other authorized user, he/she will have full
privilege to manipulate any account information provided. To further portrait this,
when a customer of the bank submit his/her teller for withdraw, the staff collect the
slip and attend to the transaction at the software level before full update of his/her
information. Looking at the entire system of operation in this bank, it is clear that
the software does not provide authentication privilege to the customer for their
transaction.
Basically, the existing process of banking allow customers to fill a teller with
name, signatures and account number, this is used by the staff to authenticate that
the holder of a particular teller is the valid owner of the very account information
that appear on the teller and it will further be used for checking or auditing of the
customer’s account transaction details. After the customer has presented a valid
teller, it needs no authentication from the software (Financle 10.8) level. This
shows that it is the staffs that verify the customer and authenticate his/her
transaction but not the software. Hence, the Financle software only authenticates
the staff for using the system but not the customers. This give staff full privilege to
using this software to commit frauds.
Truly, the objectives were partially met in the sense that, the system can
display the transaction details of a particular account number with ease before
92
manipulation is enabled in the account, which in the actual sense make the process
faster and accurate. On the contrary, there are some problems confronting the
software potentials to meeting the security needs in the banking sector. In addition
to our findings from the ICT unit and control unit of the bank, there exist a lot of
problems in the existing system up till now.
3.4.1 Problems of the Existing System
1. Poor Software Security Method: Till date, the Finacle 10.8 banking software
which is the highest version released in 2015 uses username and password to
authenticate users. To use the system, the software prompts users to enter his/her
username and password for verification of the authenticity of the user. Meanwhile
in this research, we have been intimated with the problems associated with the use
of username and password as a method of securing system. This is security
challenges and dangers in using username and password in securing a system. To
further portrait our point let look at a scenario like this.
Assuming a particular staff of the same bank copy the username and the password
of his/her colleague and use it to open and carry out transactions on the software,
the software will record that transaction on account of the rightful owner of that
username and password but not knowing that its was used by another staff to
commit fraud. This shows that using username and password is dangerous which
93
require an urgent attention. In addition, the username and password can be stolen,
it is therefore not efficient in protecting banking software.
2. Software Inability to Prevent Staff from Financial Fraud. The Finacle 10.8
software cannot prevent staff of the organization from committing financial fraud
with it. After the staff successfully login to the system, the staff can manipulate
customer information as he/she wishes without the software preventing such
transaction/manipulation. To further portrait our point, lets look at a scenario like
this.
Assuming a staff successfully login to the software with his/her valid username
and password and he/she wished to withdraw money from customer account. The
system, will enable the transaction without knowing that it is a fraud from the staff.
Since the software lack the ability to prevent staff from committing fraud with it, it
is therefore not efficient in protecting fraudulent transaction on customer’s
account.
3.Lack of Customer Information Privacy:- The current software is such that, any
time, a particular customer wishes to make withdraw from the bank, he/she must
fill the withdrawer slip with his/her detail account information like account name,
number, signature and submit it to the bank staff for processes. These teller are
been deposited in a box which anybody can have access to. It is true, that without
this activity the customer cannot withdraw from his/her account, in fact, no
94
banking staff will attend to you. To further portrait our point, let us look at a
scenario like this.
Assuming a customer fill a teller for withdrawal or application for a
transaction with the bank, with all his/her account details, after the processes, a
copy of the withdraw slip is deposited in a box. This gives room for other persons
to have access to the account details of such customer. This shows that there is no
customer account information privacy.
4. Lack of Customer-to-Software Transaction Authentication: The current
banking software (Finacle 10.8) lacks the software capabilities to providing
customer-to-software authentication. This is to say, any transaction submitted by
the customer to the staff for processes, cannot be authenticated by the customer
before final transaction is enable by the software. With this not in place, poses a
serious challenge, in allowing the staff to commit fraud with the software. This
further shows that the software does not have the facilities to allow or not allow an
authentication of a particular transaction by imposture.
5. Fraud Detection not Prevention
The analysis we carried out on the current software (Finacle 10.8) shows that it can
only detect fraud when at the end of the day, week, or month, there is no balance in
the transaction made over such period. When such occur, the bank audit unit will
carry out their operation in order to trace the fraud and from whose desk it was
95
committed. However, the current software, lack the ability to prevent such fraud
from occurring. Hence we can boldly say we have a fraud detecting software but
not fraud preventing software. As such, if our system must attain full customers
information security in the banking sector, we must implement a software that
prevent and detect fraud and not a software that only detect fraud.
Meanwhile, the current software used (Finacle 10.8) is a web-enabled application
usually developed with a server-side technology such as Active Server Pages
(ASP), ASP.Net and so on. The graphical description of the current system using
Asp.Net technology is as shown in Figure 3.1. The sub modules in the system are:
a. Per User Client: This is used to access the operations of the entire system. It
is used to provide the transaction request at a particular point in time. The
ASP.NET is the technology behind the sub module.
b. Business Logic: This is the sub module that holds the entire logic of the
system. It carries out the processes required by the client on the system
database.
c. Database: This is where the entire data for all transaction is stored and can
be requested from for further processes.
96
Figure 3.1 Conceptual Diagram of Existing Software
Similarly, the use case diagram of the existing software is as shown in Figure 3.2.
The Sub modules in this use case diagram are:
a. Authentication: This is the sub module that enables the bank staff to get
access to the banking services provided by the platform. Using this sub
module requires entering of the username and password in order to validate
if such information have the priviledge to use this platform.
b. Create Account: This sub module enable customer account information to be
register in the system database. It’s help to create account for a new
customer.
c. Withdraw: This module is used to process withdrawal transaction data. It is
used to access customer account/financial information and perform update
on the information based on the customer’s request
d. Payment: This module is used to update customer’s account if the customer
makes new payment or deposit to the account.
Username & password =>
For authentication
Database
Request/Response
Perusers on client
Business
Login
Client
Requet
97
e. Check: This is the module that is used to access the up to date account
information of a particular customer.
f. Database: This is the module that holds all the data needed for all
transaction.
It is important to note that all these modules were implemented in the business
logic of the system discussed in the conceptual diagram.
Figure 3.2: User-case Diagram of Existing Software
In the same vain, the use case diagram of the proposed system is as shown in
Figure 3.3
Admin Staff
Create Account
Withdrawal
Pay into Account
Check Account
Authentication
Database
98
Figure. 3.3. Use-Case Diagram of the Proposed System
3.5 The Proposed System
As a result of the problems highlighted above, we need a new and better system
that can address the highlighted problems. The proposed system provide better
security method to banking transaction by using human biometric before granting
access to the customers information. The proposed system also have a method that
enable customers to authenticate transaction before full update on customers
account is granted by the software. Hence the proposed system help to address the
problems of the existing system in this order:
1. Improve Software Security Method: The proposed system used facial and
finger print biometric to provide security to the software. These biometric
Staff Admin
Create
Withdrawal
Pay into Account
Check Account
Authentication
Biometric Database
99
will completely replace the username and password or account numbers,
signatures and account names currently in used till today.
2. Security Measures to Prevent Fraud from Staff: The major problem with
most of the existing software today is that people entrusted with the system,
that is, people that have the privilege to use the system, use it to commit
fraud and the system cannot prevent such from happening. Therefore we
need a better system that will help to prevent fraud from people entrusted
with the system. The proposed system can do this, through, the use of human
biometrics. The system have security features that enable a customer to
authenticate any transaction on his/her account details before the software
can effect such transaction on direct payment.
3. Provision of High Privacy to Customer Information: The proposed
system used only human biometric to access the customers data from the
software. Thus, the customer can walk to the banking hall, go straight to a
cashier, perform his/her transaction (withdrawal). Since transaction can be
made with human biometric, the customer’s information may not be expose
to others for future security breaches. Thus, the proposed system provide
high data security.
4. Enable Customer-to-Software Transaction Authentication: The
proposed system have a mechanism that enable customer to authenticate any
100
transaction on his/her account details at the software level, before the
software can validate the transaction. The existing system do not allow
customer to authenticate any transaction, people entrusted with the system
can manipulate customers information without the customers knowledge and
the system will allow such fraud. However, with the proposed system,
transaction can only be completed when there is an agreement between the
customer’s biometric data at the time of the transaction and the biometric
data captured during the opening of the account. As such, a staff cannot
authenticate any transaction without valid biometric parameter.
5. Fraud Prevention and not Detection Software: The existing software only
detect fraud that has been committed by people entrusted with the system.
However, the proposed software do not detect fraud only but prevent fraud,
since the valid owners of the account must be present at the time of such
transaction and authenticate the transaction with his/his biometric.
6. Use Multimodal Biometric as Security Method: The proposed system
enable authentication on customer account using both facial and fingerprint
biometric features. Thus, when one does not have agreement with another
the entire transaction will not be enabled by the system. Hence, to enable
valid and complete transaction both the customer’s facial and fingerprint
biometric must correspond to the ones in the database.
101
CHAPTER FOUR
SYSTEM DESIGN
4.1 Preamble
In this chapter a short overview is given of the system design, system modelling,
architectural framework used its characteristics, methods and architectural views.
This is meant to provide a basic understanding and familiarity with the general
concepts included within the models used later to develop the architecture. In
developing the system architecture the Open Group Architecture Framework is
used (as a good architectural framework for developing enterprise application as
suggested by Ana, 2011) and therefore a short description is included to clarify the
general scope and approach within this framework. Similarly, the approach used in
producing and evaluating the system design is the design science approach that is
also described in this chapter.
Meanwhile, software design is a description of the structure of the software to be
implemented, the data models and structures used by the system, the interfaces
between system components and, sometimes, the algorithms used. Designers do
not arrive at a finished design immediately but develop the design iteratively. They
add formality and detail as they develop their design with constant backtracking to
correct earlier designs (Sommerville, 2011).
102
Software design process is a series of steps that allow the designer to describe all
aspects of the software to be built. However, it is not merely a recipe book; for a
competent and successful design, the designer must use creative skill, past
experience, a sense of what makes “good” software, and have a commitment to
quality (Sommerville, 2011). Software design displays both external and internal
quality factors. External quality factors are those factors that can readily be
observed by the user, (e.g. speed, reliability, correctness, usability). Internal quality
factors have to do with technical quality more so the quality of the design itself.
4.2 System Design Methodology
In designing the system, Object Oriented Design methodology (OODM) was used.
The object-oriented approach to software design focuses on system modules as
real-world objects. This methodology is used to design the system being the best
method that is modular-based in designing a system. It was adopted been the most
suitable methodology in software development that is 100% adequate for such
banking solution (Hakeem and Oke, 2016).
Similarly, the Rational Unified Process (RUP) model was used as the software
process model. According to Krutchen (2003) and Arlow and Neustadt (2005),
RUP is an example of a modern process model that has been derived from work on
the UML and the associated Unified Software Development Process. It is a good
103
example of a hybrid process model. It brings together elements from all of the
generic process models to suit software development exercise.
4.3 The Open Group Architecture Framework (TOGAF)
In order to construct an architecture, different concepts and components are used.
They are part of an architectural framework. The Open Group Architecture
Framework (TOGAF) is a detailed method and a set of supporting tools for
developing an enterprise architecture (Ana 2011).
The original development of TOGAF was based on the Technical Architecture
Framework for Information Management (TAFIM), developed by the US
Department of Defense (DoD) (Ana 2011). Within this framework it was
established that the purpose of enterprise architecture is to optimize processes and
functionality across enterprise, eliminating fragmented legacy processes (both
manual and automated). According to Ana (2011), an integrated environment that
is responsive to change and supportive of the delivery of the business strategy
generates advantages like:
a. A More Efficient IT Operation: It lower software development, support,
and maintenance costs, increased portability of applications, improved
interoperability and easier system and network management, improved
ability to address critical enterprise-wide issues like security, easier upgrade
and exchange of system components.
104
b. Better Return on Existing Investment: It reduced risk for future
investment, reduced complexity in IT infrastructure, maximum return on
investment in existing IT infrastructure, flexibility to make, buy, or out-
source IT solutions, reduced risk overall in new investment, and the costs of
IT ownership.
c. It has a faster, simpler, and cheaper procurement.
In order to standardize the new approach in 2007, ISO defined architecture as, the
fundamental organization of a system, embodied in its components, their
relationships to each other, the environment, and the principles governing its
design and evolution (Thompson, 2011). This made TOGAF to be popular in
implementing enterprise application, since the framework agree with the ISO
definition.
TOGAF also provides four domains as subsets of enterprise architecture for
detailed understanding of the system to be design which are:
a. Business Architecture: This defines the business strategy, governance,
organization, and key business processes.
b. Data Architecture: This describes the structure of an organization’s logical
and physical data assets and data management resources.
105
c. Application Architecture: This provides a blueprint for the individual
application systems to be deployed, their interactions, and their relationships
to the core business processes of the organization.
d. Technology Architecture: This describes the logical software and hardware
capabilities that are required to support the deployment of business, data,
and application services. This includes IT infrastructure, middleware,
networks, communications, processing, and standards.
In the same vain, TOGAF has integrated an Architecture Development Method
(ADM) to provide a tested and repeatable process for developing architectures
divided in multiple phases (Ana, 2011). The Architecture Development Method
process can be adapted to deal with number of different usage scenarios, including
different process styles (like the use of iteration) and also specific specialist
architectures (such as security). Because TOGAF is a generic framework, it
provides a flexible and extensible content framework that underpins a set of
generic architecture deliverables, it may be used either on its own (with generic
deliverables), or may be replaced or extended by a more specific set, defined in
any other framework. Figure 4.0 shows the TOGAF.
106
Figure 4.0: TOGAF. Source: Ana (2011)
4.4 The Design Science Approach
This approach was defined in the work of (Pe-er et.al., 2006) as a good approach
that provides a method for conducting design research and provides a model for
the research output. Hence, this design research was carried out using this
approach. Using the design science approach, the steps enumerated below were
followed:
a. Identification and definition of the Problem: This is the process of
establishing the problem to be solved.
107
b. Possible Solution: This is the identification of the possible solutions to the
identified problem
c. Model Design: This is developing the solution to the problem in form of a
model.
d. Demonstration: Demonstrating how efficient will the model solve the
problem
e. Evaluation: Observing how good the model supports the solution to the
problem.
These steps were followed as a guide in each of the method identified in this
chapter for the system design. Evaluation is a very important component in the
design science approach steps. Through it, the extent to which the model supports
the solution to the problem can be determined (Pe-er et.al., 2007)
To prove the extent to which the design bring the desired solution, the evaluation
and demonstration steps for the model were carried out by using the Key
Informant Interview Method (KIIM). KIIM can be defined as the discussion with
someone that has detail knowledge about a problem and its possible solution. This
kind of interview is semi-structured interview which do not require a standard
steps of questions and is flexible to conduct. The method is used to discuss a topic
with knowledgeable person in a particular area. As cited from the work of William
et.al.(2006), Key informant interviews are designed to provide in-depth
108
information from people, usually those identified as knowledgeable about a
particular subject. Because these interviews are conducted in a face-to-face setting,
they tend not to terminate early and tend to allow participant contemplation, which
provides for more complete thought and answers to open-ended questions
(McCracken, 1988, Bailey, 1994, Rubins and Rubins, 1995 and Luloff, 1999).
Informants are traditionally identified on the basis of their organization and
community positions, knowledge of the issues under study, and reputation (Bailey,
1994). Similarly, Robyn (2012) used this method to gather a lot of issues on
MHealth implementation in his locality.
In using this method, gaining access to key informant is always a definite problem.
However in this research access was gained by using email and phone number to
contact the key informant. The approach used in choosing this informant was
based on their line of work, knowledge and experience in the banking sector. The
design science approach was used because of its success in the work of Noluxolo
and Rossouw (2014) for developing a conceptual design in their research.
4.5 Description of the Conceptual Design of the Proposed System
The proposed system is divided into three sub-systems, as listed below:
a. The Fingerprint Matcher: This sub system is used for the customer’s
fingerprint
109
b. The Face Matcher: This sub system is used for the customer’s facial
properties
c. The Combined Decision Matcher: This sub system is for comparing
decision made by all other two sub system with the matcher template. The
conceptual design of the system is as shown in Figure 4.1
Figure 4.1 System Conceptual Design
The Fingerprint Matcher: This sub model is used for generating fingerprint
template through the use of fingerprint scanner and comparing it with the existing
fingerprint in the database to ascertain if the fingerprint exist or not. The modules
in this sub model are
Accept/Reject
Matching System1
Finger
Sensor
Matching
Function 1
Template
Combined
Decision
Module
Template
Matching System2
Face
Camera
Matching
Function 2
Template
110
a. Fingerprint scanner that is used for capturing the fingerprint image and pass
it to the matching function.
b. Matching function: This is the function that compares the fingerprint
captured with the one in the database. It will then ascertain whether the
captured fingerprint is valid or not and return the result to the combined
decision sub model
c. Template: This consists of the existing fingerprint that is captured during
customer’s registration. It is the fingerprint database that can be checked by
the matching function to ascertain if a particular fingerprint exists or not.
The detail design of this sub system using a block diagram is as shown in Figure
4.2
Figure 4.2 Fingerprint Matching Block Diagram
Finger Features
Extraction
Features Matching
Template
Decision
111
Similarly, the fingerprint matching algorithm is as shown below:
/*MATCHES takes two minutiae and returns true if they match (as determined by
diverse
parameters to the algorithms) and false if they don’t.*/
function MATCHES(minutia-1, mintuia-2 ) returns true or false
input:
minutia-a, a minutia
minutia-b, a minutia
if ABS(minutia-a.x − minutia-b.x ) ≤ X-TOLERANCE and ↔ InstanceFinger1
if ABS(minutia-a.y − minutia-b.y ) ≤ Y-TOLERANCE and ↔ InstanceFinger2
if ABS(NORMALIZE(minutia-a.angle ) − NORMALIZE(minutia-b.angle )) ≤
ANGLE-TOLERANCE and ↔ InstanceFinger3
if COMPATIBLE-TYPES(minutia-a, minutia-b)
return true
else
return false
The Face Matcher:
This sub model is used to process the facial features of the individual. The
modules in this sub model are
a. Face camera that is used for capturing the facial image and pass it to the
matching function.
b. Matching function: This is the function that compares the faces in the
database. It will then ascertain whether the face is valid or not and return
the result to the combined decision sub model
c. Template: This consists of the existing face that is captured during
customer’s registration. It is the facial database that can be checked by the
matching function to ascertain if a particular face exists or not.
112
The detail design of this of this sub system using a block diagram is as shown in
Figure 4.3
Similarly, the facial matching algorithm is as shown below
/*This MATCHES takes two Facial Dataset and returns true if they match (as
determined by diverse
parameters to the algorithms) and false if they don’t.*/
function MATCHES_FACE(FacialCaptured-1, FacialDataset-2 ) returns true or
false
input:
Face-a, a face
Face-b, a face
if ABS(Face-a.x − Face-b.x ) ≤ X-TOLERANCE and ↔ InstanceFace1
if ABS(Face-a.y − Face-b.y ) ≤ Y-TOLERANCE and ↔ InstanceFace2
if ABS(NORMALIZE(Face-a.angle ) − NORMALIZE(Face-b.angle )) ≤
ANGLE-TOLERANCE and ↔ InstanceFace3
Fig. 4.3 Face Matching Block Diagram
Face Feature
Extraction
Feature
Matching
Template
Decision
113
if COMPATIBLE-TYPES(Face-a, Face-b)
return true
else False
Combined Decision Sub Model:
This is the sub-model that determines whether the valid fingerprint and face belong
to one person. This model has a database that record all the information
(fingerprint, face, and account data) belonging to a particular person. If the
information provided in other sub model (fingerprint, face) is valid, it is the job of
the combined decision model to check if the information belongs to one person. If
the information belongs to one person access will be granted else access will be
denial. Similarly, the flowchart in Figure 4.4 is used to represent the detail
operations carried out in the conceptual design of the system.
114
Figure. 4.4: Combined Decision Flowchart
Start
Minutia
Face Features
Complete?
Check abstraction of
X-Tolerance
Check abstraction of
Y-Tolerance
Check abstraction of
Angle Tolerance
Check for
compatibility
Compatible?
Valid
Stop
Error
Error
No
No
Yes
Yes
115
4.6 SYSTEM ARCHITECTURAL DESIGN
After the analysis phase of the system is complete, the design of the proposed
system begins. This research presents its design in the form of an artifact to best
understand the system. The design of the proposed system is divided into:
1. Logical design
2. Physical design
Logical design: This is the part of the system that focuses or concentrates on the
business aspect of the system. The business aspect of our proposed system
(Biometric-enable banking software) is the input stage of the biometric image, the
verification stage and the decision stage of the system. Thus, the logical design of
the system is present in Figure 4.5. Similarly, the Input-Processing-Output (IPO)
architecture that shows how operations is carried out at different stages of the
system is as shown in Figure 4.7
116
Figure 4.5 System Logical Design
Physical design: In physical design, the logical design is turned into a physical
ready structure of the entire system that shows how the system carry out its
security objectives of any transaction using the biometric features. According to
Capture
Process
Capture
Process
Capture
Process
Co
mb
ined
ver
ific
atio
n m
odu
le
Store
Enabled
operation
Denied
operation System process
phase
System inputs
phase
Biometric 2
Biometric 1
Verification
Create
117
Sommervilla (2011), software architectures can be designed at two levels of
abstraction, which are architecture in the small and architecture in the large:
1. Architecture in the small level is concerned with the architecture of individual
programs. At this level, we are concerned with the way that an individual program
is decomposed into components.
2. Architecture in the large level is concerned with the architecture of complex
enterprise systems that include other systems, programs, and program components.
These enterprise systems are distributed over different computers, which may be
owned and managed by different companies. This physical design (which is the
architecture in large abstraction) forms the architecture of the entire system which
is showed in Figure 4.5. Similarly, Figure 4.6 forms the architecture of the system
in the small abstraction.
118
Feature
extractio
n module
Matchin
g module
Decision
module
Repor
t
B
F
Repo
rt
D
M
Matchin
g module
Feature
extractio
n
Module
B
F
D
M
Decisio
n
module
Withdra
w
Apply
Check
Deniel
with
message
Decisio
n
Validate
with
message
CO
MB
INE
D B
IOM
ET
RIC
DE
CIS
ION
MO
DU
LE
DA
TA
BA
SE
DA
TA
BA
SE
Repor
t
Repor
t
Decisio
n
Decisio
n
Databas
e
Figure 4.6: System Architecture
119
In the same vain, the system framework using the TOGAF standard is as shown in
Figure 4.8 and Figure 4.19 below:
Get
customers
account biometric
Validate
biometric
account
biometric
Select
service
account
biometric
Query
account
account
biometric
Validate
Account
with
biometry
account
biometric
Update
Account
account
biometric
ERROR
Succession
Enable
INPUT PROCESS OUTPUT
SOFTWARE DATABASE SOFTWARE
Figure. 4.7. IPO System Architecture
120
The system framework is divided into
PLATFORM – LEVEL
PROTECTION
APPLICATION – LEVEL
PROTECTION
RECORDING – LEVEL
PROTECTION
Record access
Biometric
Authorization
Record update
Biometric
Authorization
Record
integrity
management
Data
Login
Database
Biometric
Authorizati
on
Database
Recovering
Figure 4.8. System Framework
Transaction
management
System
Biometric
VERIFICATI
ON
System
Biometric
Authentication
File integrity
Management
121
To further explain the framework, the description of its sub modules is as given
below:
a. Platform Protection Level
This is the level at which the system carries out biometric data verification,
biometric data authentication and file integrity management operations. All these
operations formed the sub module of this level. To explore this platform, we
presented the detail operations of the level using flowchart. The flowcharts in
Figure 4.9 through Figure 4.11 show how the sub modules in this level are being
implemented.
b. Application Protection Level
This is the level at which login of data, database biometric authorization,
transaction management and database recovering is achieved. These major tasks
are also the sub modules within this platform and they can be fully implemented by
following their respective flowchart as shown from Figure 4.12 to Figure 4.15.
These flowcharts overhauled all the details of these sub modules.
c. Recording Protection Level
At this level, every record within the system is given maximum protection. Both
the data management information and the biometric data are given maximum
protection at this level. The sub modules in this level are record access biometric
authorization, record update biometric authorization and record integrity
122
management. The flowchart from Figure 4.16 to Figure 4.18 explain the details
activities within these sub modules and how they are been implemented.
Figure 4.9 Biometric Verification Flowchart Figure 4.10 Biometric Authentication Flowchart
START
TOLERANCE
ABSTRACTION
NORMALIZED
ABSTRACTION
COMPARE ALL
ABSTRACTION
BIOMETRIC
AUTHENTICATION
DOES
IT
EXIST
STOP
No
YES
START
TOLERANCE
ABSTRACTION
BIOMETRIC
ACCOUNT
TIE ACCOUNT TO
BIOMETRIC
SUCCE
SSFUL
?
VALIDATE
TRANSACTION
STOP
123
Figure 4.11 File Management Flowchart Figure 4.12 Data Login Flowchart
START
INPUT ALL
BIOMETRIC
VERIFY THE
BIOMETRIC
CREATE THE
ACCOUNT
INFORMATION
PROCESS TO
DATABASE
STOP
START
INPUT USERNAME
AND PASSWORD
PROCESS INPUTS
SUCCE
SSFUL
?
ENABLE LOGIN
STOP
CALL DATABASE
AUTHORIZATION
INVALID
LOGIN
124
Figure 4.13 Database Biometric Flowchart Figure 4.14 Transaction Management Flowchart
START
GENERATE
BIOMETRIC TRAIT
TO AUTHORIZE
AUTHORIZED
BIOMETRIC
DISPLAY
SUCCESSFUL
STOP
START
INPUT
TRANSACTION TO
MANAGE
PROVIDE
TRANSACTION
UPDATE
DISPLAY
SUCCESSFUL
STOP
125
Figure 4.15 Database Recovery Flowchart Figure 4.16 Biometric Access Flowchart
START
ESTABLISH DB
CONNECTION
GET CONNECTOR
SUCCE
SSFUL
?
SEND APPRIOPIATE
RECOVERY UPDATE
STOP
PROCESS
ERROR
MESSAGE
SUCCE
SSFUL
?
No
YES
START
INPUT BIOMETRIC
RECORD
VALID
?
ENABLE ACCESS TO
RECORD
STOP
PROCESS
ERROR
MESSAGE
126
Figure 4.17.Record Update Flowchart Figure 4.18 Record Integrity Flowchart
No
YES
START
INPUT BIOMETRIC
RECORD
VALID
?
ENABLE ACCESS TO
RECORD
STOP
PROCESS
ERROR
MESSAGE
START
INPUT RECORD
PROCESS UPDATE
WITH FINGER
BIOMETRIC
FINGERPRINT
BIOMETRIC AS
PRIMARY KEY
PERFORM ALL
OPERATION WITH
KEY
STOP
127
Connected Data Disconnected Data
Figure 4.19 System Controls Framework
The system control framework is as given in Figure 4.19. This framework is sub
divided into the following sub modules:
a. The Application module: This is the general description of all the interfaces
that are needed in this platform. This is where the user can interact with the
system database through the controls in the design. This module comprises
of sub modules that are used for different operation like updating
information, checking information and creating new information etc. The
T
HE
AP
PL
ICA
TIO
N
D
AT
AS
ET
OB
JE
CT
OO
OB
JE
CT
DATA ADAPTER
OBJECT
SELECT
COMMAND
UPDATE
COMMAND
CHECK
COMMAND
SUBMIT
COMMAND
OBJECT
COMMAND
OBJECT
COMMAND
OBJECT
COMMAND
OBJECT
COMMAND
CONNECTIO
N
CONNECTIO
N
CONNECTIO
N
CONNECTIO
N
O
BJ
EC
T C
ON
NE
CT
ION
ST
RIN
G
R
DB
MS
(S
QL
SE
RV
ER
)
128
implementation of this module is through the use of a scripting language
called the ASP.NET.
b. The DataSet: The DataSet is a cache of information that has been queried
from your database. The innovative features of the DataSet are that it’s
disconnected (see the next section) and can store more than one table. For
example, a DataSet could store a list of customers, a list of products, and a
list of customer orders. You can even define all these relationships in the
DataSet to prevent invalid data and make it easier to answer questions such
as “What biometric trait did mike requested for”? Using dataset enable
disconnected data to be manipulated. The C# has a feature to implement the
DataSet through abstraction and creation of class instances. The flowchart in
Figure 4.20 further explains how the dataset module carries out its
operations.
c. Data Adapter: The data adapter is used as a connected data to the
disconnected data. It adapts data to the right command form the dataset. It
can also be implemented through the creation of the adapter class instance.
The sub commands under the data adapter are select, update, submit and
check command. The can all form the methods in this adapter. The flowchart
in Figure 4.21 further explains how the data adapter module carries out its
operations.
129
d. Object Command: The object command are used to talk to the right object
that will execute the right command receive from the interface of the
application. The object command has its own connections that perform a
particular command. Different object can exist within a class of codes but
with the object command the right object needed can be executed. The
flowchart in Figure 4.22 further explains how the object command module
carries out its operations.
e. Connection String: This is where the real connection to the database is
executed. This sub module has the key to access the database. This is
implemented using ADO.NET connectivity. The flowchart in Figure 4.23
further explains how the connection string module carry out its operations.
f. Database Server: This is where the exact data is stored. This was
implemented in this application using the SQL Server with SQL used to
manipulate its operations.
130
Figure 4.20 Dataset Flowchart Figure 4.21 Data Adapter Flowchart
START
RECORD DATA
FROM INTERFACE
CHECK DATA FOR
ACCURACY
DATA
ACCU
RATE?
CALL ON THE
OPERATION
STOP
CALL APPRIOPIATE
DATA ADAPTER
ERROR
MESSAGE
APPRI
OPIAT
E?
No
YES
No
YES
START
CHECK DATA
ADAPTER OBJECT
SELECT EXACT
OBJECT
CALL OBJECT
CONNECTOR
CONNECTOR TO
OBJECT
STOP
131
Figure 4.22 Object Command Flowchart Figure 4.23 Object Connector Flowchart
START
CHECK IF
CONNECTOR EXIST
IF NOT CANCEL
OPERATION
CONNECT COMMAND
TO GENERAL
CONNECTION
PRESENT ALL COMMAND
TO CONNECTOR
STOP
START
CALL DATA
SOURCE
VERIFY COMMAND
CONNECTOR
CONNECT ONLY
COMMAND
CONNECTOR
CLOSE OTHER
CONNECTOR
STOP
CLOSE ALL
CONNECTOR IF
COMMAND ENDS
132
4.7 Software Development Methodology
There exist a lot of software development methodologies like Structured Systems
Analysis and Design Methodology, Object Oriented Analysis and Design
Methodology (OOADM). Meanwhile, the Object Oriented Analysis and Design
Methodology (OOADM) was used as the methodology in analyzing and designing
the application in this research. It was adopted being the most suitable
methodology in software development that is 100% adequate for a module based
application like this.
4.7.1 Feature Driven Development
This was chosen because it permits modification in case of future changes in the
application. This paves way for iterative and incremental software development.
Object Oriented Programming (OOP) is a programming approach that provides a
way of modularizing programs by creating partitioned memory area for both data
and functions that can be used as templates for creating copies of such modules on
demand. Thus, an object is considered to be a partitioned area of the computer
memory that stores data and set of operations that can access that data. Since the
memory partitions are independent, the objects can be used in a variety of different
programs without modifications. The features include:
i. Emphasis is on data rather than procedure.
ii. Programs are divided into what is known as objects.
133
iii. Data structures are designed such that they characterize the objects.
iv. Functions that operate on the data of an object are tied together in the data
structure.
v. Data is hidden and cannot be accessed by external functions.
vi. Objects may communicate with each other through functions.
vii. New data and functions can be easily added whenever necessary.
viii. Follows bottom-up approach in program design.
3.7.2 Why Using OOP For Program Development?
The principal advantages of using OOP are:
i. We can eliminate redundant code and extend the use of existing classes
through inheritance.
ii. We can build programs from the standard working modules that
communicate with one another, rather than having to start writing the code
from scratch. This leads to saving of development time and higher
productivity.
iii. The principle of data hiding helps the programmer to build secure programs
that cannot be invaded by code in other parts of the program.
iv. It is possible to have multiple instances of an object to coexist without any
interference.
134
v. It is possible to map objects in the problem domain to those in the program.
vi. It is easy to partition the work in a project based on objects.
vii. The data-centered design approach enables us to capture more details of a
model in implementable form.
viii. Object-oriented systems can be easily upgraded from small to large systems.
ix. Message passing techniques for communication between objects makes the
interface descriptions with external systems much simpler.
x. Software complexity can be easily managed.
4.8 Software Development Tools
The following tools were used for the development of the application.
i Microsoft Visual Studio: Visual Studio Compiler is one of the most important tools
needed for the development of this application. It is the client interface development
tool that enables us to develop applications (web, windows, console etc.) by using C#
programming language and other related tools. It serves as the interface development
environment (IDE) for the application frontend. It is used in developing the
application interfaces and the codes that work within them. It has some built-in
graphical user interface needed to develop a full application.
Reason for Using Microsoft Visual Studio
i. The Common Language Runtime (CLR): Visual studio has a common
language runtime features that provide low level work (plumbing) services to
135
any application that is developed using it (mainly online applications). This
feature saves the programmer a lot of stress encountered in other development
environment. It makes programs in this application to be executed as if the
programmer used machine language to code the application.
ii. The .NET Framework Class Library (FCL): Microsoft Visual Studio also
support the .Net framework class library, offering literally thousands of
reusable types. Organized into namespaces, the FCL contains code supporting
all the .NET technologies, such as Windows Forms, Windows Presentation
Foundation, ASP.NET, ADO.NET technologies etc.
iii. The Common Language Specification (CLS): With this feature the visual
studio compiler can support more than one language in implementing a
particular application.
iv. Microsoft visual studio also offer enhanced security than other IDE (like
Dreamweaver)
v. Microsoft visual studio web development technology
vi. To a large extent Microsoft visual studio support all dot net languages.
ii. SQL Server: In developing the application in this research, SQL SERVER is
needed to be installed in the designing machine. This system allows the creation of the
application database and tables. The system serves as the backend (database) of the
136
application. It uses structure query language (SQL) syntax for scripting database
queries. It is commonly used for any data driven application.
Reasons for Using SQL Server
i. Provide strong protection for data
ii. Allow developer to encapsulate some of their codes
iii. Allow the use of stored procedure in its application
iv. Free technical support is given to its users
v. It is an open source application
vi. Can easily be use with visual studio through ADO.NET
vii. It can accommodate more information than Microsoft Access.
Weaknesses
i. Number of concurrent user is limited compared to Oracle.
ii. Being an open source software hacker can take advantage of it.
iii. Automatic update of the database identities is highly difficult.
4.9 SYSTEM DESIGN SPECIFICATION
System specification can be formal or informal. The informal system specification
is used in this research. It is a kind of system specification that describes various
aspect of the system verbally. Informal system specification can also use diagram
137
to carry out system design specification. However, it is not compulsory to use
diagrams provided the description of the system is well given.
Meanwhile the major functional requirement specification of this system is that it
must authenticate transaction in customer’s account using biometric features. The
system design consists of interface specification, program specification and
database specification.
Interface Specification
The interface is where data can be supplied to the system. It has a menu that is
used to register new customer’s data, a menu that is used to update customer data,
a menu that is used to read customer’s information. However, all these menus can
only make progress in their processes by using the human biometric features as
against the use of password, username or account numbers in the existing system.
All these menu interfaces are implemented with different tools (like label tool,
checkbox tool, button tool, textbox tool) from the tool box of the compiler. The
interface of the system has a common design for uniformity purpose as one of the
good quality of interface design.
Database Specification
The database consists of registered staff, customers and their daily transactions.
The fields of the database tables should be according to the information needed in
138
that field. The names and other personal details should have variable characters,
date has datetime and other can be implemented with characters.
Program Module Specification
The program used to control the entire system is divided into four parts; input
program, update program, read program and control measure program. All these
programs have different data binding techniques that is been used to bind the data
from the application with the corresponding database using the biometric features
of the individual.
4.10 Database Design
Table 1 to Table 5 below show the design layout of the database tables that exist in
this application.
Table 1. Customer Account Registration Table Design Layout
Field Name Data Type Size Description
ID INT Database table unique ID
AccountNo char 10 Account Number
Customer Name varchar 20 Customer surname
Sex varchar 6 Customer sex
Phone char 26 Customer phone number
Home Address varchar 100 Customers Address
139
Email char 25 Customer’s Email
Date of birth Datetime None
Amount char 15 Account opening amount
AccountType varchar 20 Type of Account
OfficeAddress char 60 Customer Parent Address
FingerPrint Image null Customer Fingerprint Image
FaceImage Image Null Customer Facial Image
Table 2. Withdrawal Table Design Layout
Field Name DataType Size Description
PIN INT Database table unique ID
AccountNo char 10 Customer Account
CurrentBalance char 15 Current account balance
Account Name char 50 Account Name
Date datetime none Date
AmountWithdrawn char 15 Amount
TransactionRefCode char 25 Transactionreference code
140
Table 3. Payin Table Design Layout
Field Name DataType Size Description
PIN INT Database table unique ID
AccountNo char 10 Customer Account
CurrentBalance char 15 Current account balance
Account Name char 50 Account Name
Date datetime none Date
AmountPay char 15 Amount
TransactionRefCode char 25 Transactionreference code
Table 4. Application Staff Table Design Layout
Field Name DataType Size Description
PIN INT Database table unique ID
Username char 20 Staff username
Password varchar 20 Staff password
ConfirmPassword varchar 20 confirmation
Sex varchar 7 Staff sex
Department varchar 20 Staff department
141
Table 5. General Ledger database
Field Name DataType Size Description
PIN INT Database table unique ID
Credit char 10 The credit
Balance char 10 The balance
Debit char 10 The debit
Date datetime none Date
Account No char 10 accountNo
Transaction Date Datetime None Date
ValueDate Datetime None Date
PostDate Datetime None Date
4.11 APPLICATION ALGORITHM (PSEUDOCODES)
Algorithm is the sequence of steps that must be taken in order to solve a
particular problem that is already defined. Algorithms create flexibility in solving a
problem already well defined by the existing manual system; the algorithm for the
system is implemented using pseudocodes as shown below:
/* Pseudocode to register customer*/
INPUT: F: Fingerprint
N: Name
CF: Face
ACC: Account
142
ACCT: Account Type
AD: Address
AM: Amount
DB: Date
EM: Email
SX: Sex
NF: Number of Fields
For (int Ninput=1; Ninput<NF; Ninput=Ninput+1)
{
Get Entry()
}
IF Exist (Report)
ELSE
{
Create ACC
}
OUTPUT: ACC
: F
: CF
: N
END
/* Withdrawal Update Pseudocodes*/
INPUT: N: Name
F: Fingerprint
CF: Face
ACC: Account
ACCT: Account Type
AM: Amount
DB: Date
NF: Number of Fields
For (int Ninput=1; Ninput<NF; Ninput=Ninput+1)
{
Get Update()
}
IF (Corresponded)
{
Successful Update
143
}
ELSE
{
Report Error
}
OUTPUT: Successful
: Not Successful
END
/* Multimodal pseudocodes*/
INPUTS: TS: Transaction
FA: Capture Fingerprint
FT: Fingerprint Template
F: Facial Template
IF (Provided)
{
ImplementationStyle()
}
ELSE
{
Exit()
}
OUTPUT: Successful
: Error
FUNCTION ImplementationStyle (All Instances)
INPUT: InstanceFace1();
: InstanceFinger1();
: InstanceFinger2();
: InstanceFace2();
: InstanceFinger3();
: InstanceFace3();
IF ALL_INSTANCE_COMPACTIBLE (Finger_Instance, Face_Instance)
{
Return True
}
ELSE
{
Return False
144
}
OUTPUT: Successful
: Error
END
4.12 Programming Languages Used
The programming languages used for the implementation of this application
are as follows:
i. C-Sharp (C#) Programming Language: - This is a programming language
suitable for all forms of computer applications numerical, graphical,
scientific, database, and commercial programming. It was released by
Microsoft in about twelve years ago. It is an object oriented programming
language. It is quite flexible and effective in database manipulation,
accessing and retrieval of information. It is an event driven language,
program developed with it are highly interactive in nature as they respond to
event like button clicks.
ii. SQL: - SQL is an acronym for structure query language. It is a database
language which helps to manipulate database data. It can also be used to
write database script that will generate database tables and their relations.
iii. ADO.NET:- This is the language used to connect the application interface
to the corresponding database.
145
iv. CSS:- This is used to generate the application colours and a place holders
for all the controls. It is also used to style the application.
4.12.1 WHY THESE LANGUAGES (C#, ADO.NET and SQL)?
i. C# has a constructor and destructor properties that permit system data
security and easy manipulation of biometric data.
ii. Data access security, code access security and exception handling is an
exceptional security features of C# for better system implementation.
iii. We can eliminate redundant code and extend the use of existing classes
through inheritance.
iv. We can build programs from the standard working modules that
communicate with one another, rather than having to start writing the code
from scratch. This leads to saving of development time and higher
productivity.
v. The principle of data hiding helps C# language user to build secure
programs that cannot be invaded by code in other parts of the program.
vi. It is possible to have multiple instances of an object to coexist without any
interference.
vii. It is possible to map objects in the problem domain to those in the program.
viii. The data-centered design approach enables C# language user to capture
more details of a model in implementable form.
146
ix. Object-oriented systems can be easily upgraded from small to large systems.
x. Message passing techniques for communication between objects makes the
interface descriptions with external systems much simpler.
xi. Software complexity can be easily managed with these languages.
xii. SQL is used because of its simplicity and it is most widely used for
implementing database queries for almost all RDBMS. Similarly the server
used for the back end only understands this SQL.
4.13 Application Dataflow Diagram and Flowchart Diagram
The dataflow diagram of this application is shown in Figure 4.24. This diagram is
used to clarify the behaviour of the application with respect to data movement.
Similarly, the system flowchart described the data flow in the system. It is a logical
diagram that shows the steps involved in the system operation. With the flowchart the
developer can easily describe the system for easy understanding of the operations. The
system flowchart reflects relationship between the major inputs, processing and
outputs. The flowchart of the system is shown from Figure 4.25 to Figure 4.27.
147
Figure 4.24 Application Dataflow Diagram
Multimodal Biometric System Database
Upload
Database
APPLICATION
New
Registration Withdraw Payment Check
Account
Upload
Database
Upload
Database
Upload
Database
View
Account
Fill the form Biometric
identity
Verify
Account Login
Verify the
form
Check
Database
Fill update
form Eligible?
148
Figure 4.25 Application Flowchart
START
LOGIN
Error message
VALID?
Choose operation
Stop
Process other information
No
Yes
Yes
USER
No
Admin
A
B
149
Figure 4.26 User Flowchart
Apply Transfer Check User module withdraw
Process data Process data Process data Process data Process data
Output error message Validate with user biometric
Output
Error
Output
Message
Successful?
VALIDATE
VALID? No
No No No
No No
Yes YES
YES YES YES YES
NO
STOP
A
150
Figure 4.27 Admin Flowchart
No
Check Transfer
Admin
create
account Apply withdraw
Process
data Process
data Process
data Process
data Process
data
Carry out
operation Validate with biometric Error
message
Carry out Operation
Valid?
Output success
message
Yes Yes
Yes Yes Yes Yes
Create User
Process
B
STOP
Valid?
Yes
NO NO NO NO NO
NO
151
4.14 MODELLING THE SYSTEM USING UNIFIED MODELLING
LANGUAGE (UML)
There are many object-oriented methods currently in use. The most popular in
recent times is the Unified Modelling Language (UML) which was formulated by
BOOCH, Rumbergh and Jacobson in 1997 and UML has become widely accepted
as a standard for communicating system requirement (Chiemeka and Egbokhare
2006). UML is a general-purpose visual modeling language whose vocabulary and
rules focus on the conceptual and physical representation of the system. It was
designed to incorporate current best practices in modeling techniques and software
engineering (Jim and Ila, 2004). UML is used because it provides a visual syntax
that can be used to construct models (artifacts). Jim and Ila (2004) stated that, prior
to 1994, the OO method was a bit of mess, but UML is itself a designed, and
architected system. It is worthy of note that the unified modeling language is only
suitable when the software methodology used in a model or design is object
oriented analysis and design methodology (OOADM). In this research, the
following UML diagrams were used to model the application.
4.14.1 Class diagram: Class is a set of objects that share the same attributes and
behaviour. It is sometimes referred to as object class. Figure 4.28 shows the class
diagram of the application with the various object classes of the services in the
system.
152
4.14.2 Sequence and Component-Level Diagrams: Interaction diagrams describe
interaction between the objects. They show their relationships, including messages
between the objects. Interaction diagram explains dynamic view of the system.
Sequence diagram emphasizes the order of the application messages. Figure 4.29
shows the application sequence diagrams. Similarly, Figure 4.30 shows the
component-level diagram of the system.
153
get parameter ( )
validate parameter ( )
save parameter ( )
Outcome message ( )
PAYMENT
Account No=3456278234
AccountName=Izah Mike
Amount=20.000
Date=13/8/2016
TransactionRef=4578900
ACCOUNT CHECKER
Phone number= 07034456768
AccountNo = 0089332456
get parameter ( )
validate parameter ( )
send parameter ( )
CallAcount Detail Server()
get parameter ( )
validate parameter ( )
UpdateAccount ( )
Withdraw From Account Registration Account
Figure 4.28 Application Class Diagram
Staff Login
Fingerprint = Image
Facial Feature = Image
Get parameter ( )
Validate parameter ( )
Confirm parameter ( )
Name = Mike
Sex = M
Phone number= 07034456768
AccountNo = 0089332456
Fingerprint = Image
Facial print =Image
AccountType= Savings
Fingerprint=Image
Date=12/7/2016
Amount=20,000
AccountNo ()=0089332456
Facialprint=Image
TrasactionRef=75684944
get parameter ( )
validate parameter ( )
save parameter ( )
UpdateAccount ( )UsingFacial( )
VOTES = 32
APPLICATION
Form
get parameter ( )
validate parameter ( )
send parameter ( )
Take Biometric( )
154
4.14.3 Activity Diagram: An activity diagram illustrates the dynamics nature of
the system by modeling the flow of control from activity to activity. Activity
diagrams are used to model the workflow and internal operations in the system.
Figure 4.29 shows the activity diagram to register/verify information into/within
the system. The sub modules in this diagram are:
a. User Name Module: This module prompts the user to enter his/her username to
verify if he/she has the privilege to use the services of the system. It’s follows it up
with password of the user and enable user if such is valid but reject user if not
valid.
b. Services Module: These are the services provided by the system to the user.
These services include update of customer account, checking account details,
transferring money from account.
To perform any of the operation within these services, the customer biometric must
be used as the authentication measures for such transaction to be enabled. This
diagram works in a way that when a user enters the user name and password, it
validates the information and provides the services of the platform. When any of
the services is to be activated like customer’s account withdrawal update, the
system perform such update authentication using the customer biometric
parameters, else such update will not be committed to the database.
155
Figure 4.29 Withdraw Services Activity Diagram
Valid
Invalid
Enter
UserName/passwo
rd
Select services
Username/
Password
Generate Face
Enter
Fingerprint
Prompt for re-
entry
Multimodal
Match
PROCESS
Enter Image
Invalid Image
Valid Image
End of this
interface
156
Similarly, Figure 4.30 shows the activity diagram of the entire function of the
system. This diagram comprises of three major modules, which are:
a. Authentication Module: This is use to validate the user of the system. This is
the first system module that prompt user to enter authentication information
before selecting their needed services.
b. User Module: This module is for any user authorized by the administration
to use the system. It provide the services that any user needs within the
system in performing transactions. The services provided in this module are
withdrawal services that enables withdraw from customer account, transfer
services that enable user to transfer cash from one account to another, apply
services that enable user to make request, update services that enable
payment to be made into customer’s account, check services that enable user
to check current account status. All these services are authenticated user the
customer biometric.
c. Admin Module: In this module, the admin perform his/her transaction. The
only different sub module in the admin services is the ability to create more
user of the system.
157
Figure 4.30 System Activity Diagram
Authentication
USER
Use Modules
ADMIN
Use Modules
Withdraw Apply
Transfer
Check
Update Validate
Biometric
Wrong
Biometric
Correct Biometric
Create
account Transfer Appl
y Withdraw
Check
Update Validate
Biometric
Wrong
Biometric
Correct Biometric
Exit
Wrong
Correct
158
Make Bank request registration
Send out data Display Necessary data
Fill & conform customer
<<exception>>
Invalid identity
Perform operation
Output success message
Authenticate customer
Customer Biometric OK
Output Account Data
Check Account
Confirm Holder
<<exception>>
Invalid identity
Display Account Data
Display Account Data
Display Result
Figure 4.31 System Sequence Diagram
Staff
Withdraw from Account Request account data
Send out account data Display account data
Fill & send withdraw data
<<exception>>
Invalid identity
Perform operation
Output success message
Update with Biometric
Information OK
APPLICATION DATABASE
Click Login identity
identity OK Request identity
Send identity
<<exception>>
Invalid identity
Validate Biometric Identity
Customer OK
159
Foreign key: A relationship between one or two database tables
Withdraw
Elaborate Module
4.14.4 INFORMATION ENGINEERING
This is a model – driven and data-centered, but process – sensitive technique to
plan, analyzed and design information system. This method may include some
combination of modern structured design, prototyping and object oriented analysis
and design. (Jeffry et.al., 2001). Figure 4.33 and Figure 4.34 shows the information
Withdraw operation
Deisgn component
Is login
Withdraw Service
In: Biometric.
In: Date
IN: Amount
Out: Success Message
Out: Failure message
Islogin (Fingerprint)
Isvalid (Biometric No)
Isupdate (Facial)
Figure 4.32 Withdrawal Service Component-level Design
160
engineering techniques of the system under review. The major modules in these
diagrams are:
a. Customer Database Module: This module has a memory of the entire
customer’s information. It is needed to know the exact task to be done on
customer database.
b. Money Withdrawal Module: This module is used to process information
about the money to be withdrawn from the customer database. Thus, there
exist a relationship between customer database module and this module, this
help to ensure authentication of data.
In the parent-to-child entity relationship diagram presented in Figure 4.33,
fingerprint biometric and facial biometric are used as the key parameters to enable
any withdrawal transaction that is to be committed on customer account
CUSTOMER DATABASE
Authenticate user ( ) booloan
Validate User ( )
Update with Multimodal ( )
MONEY WITHDRAW
Fingerprint = Image
Amount = 30,000
Date=12/3/2016
Figure 4.33 Association Diagram of Customer Database and Withdraw Service
161
Figure 4.34 Foreign Key Relationship of Customer and Withdrawal services.
CUSTOMER
Fingerprint (Primary key)
Facial (Primary key)
WITHDRAW INTERFACE
Biometric: (primary key)
Amount: Data
Date:Data
FingerPrint (foreign key)
Facial Image (foreign Key)
Child entity
Cash is Paid
BY
Parent entity
162
CHAPTER FIVE
SYSTEM IMPLEMENTATION
5.0 Preamble
This chapter discusses the steps taken to implement the application and the different
screen shots captured during the implementation. Similarly, the chapter also discusses
the system requirement needed to fully implement the software in customer’s site. The
result of the system when tested is also discussed in this chapter.
5.1 Development of Application Database
The application is divided into the backend and the frontend. The backend is the
database while the frontend is the interface. To design the database, after a successful
installation of the Relational Database Management System (RDBMS) in the
machine used for the application design (as one of the basic development tool), the
following steps are taken to develop the database
Click on Start button
Click on Program
Click on SQL Server
Click on “connect to server”
From the displayed menu, “Right click on databases”
Click on “new database”
Enter database name
163
Click on Ok
After the above operation has been carried out, a database with the name supplied by
the developer (as for our application AccountSecure) was created on the RDBMS. The
steps given above are as shown pictorially in Figures below. The first output in Figure
5.1, is the screen shot for connecting to the database server while Figure 5.2 shows the
process of providing the database name during database creation and Figure 5.3 shows
a sample of the database in the RDBMS after the database creation was successful
Figure 5.1 Database Server Connection
164
Figure 5.2 Database Creation Screen
Figure 5.3 Database Name Screen
165
5.1.1 Development of the Application Database Tables
Database tables consist of different columns that store each unit of information. There
exist several database tables in this application. To develop these tables, we wrote an
SQL SCRIPT using notepad which was later copied to the execution environment of
the RDBMS and executed in the application database. The script was developed, using
the SQL (structure query language) to implement the database table design structure
as presented in chapter four. Similarly, during the tables’ creation, some relationships
were created within some of the tables; these relationships were used to implement
some set of security measures in the system. These relationships were implemented
with the help of foreign keys (for example the account table has a relationship with the
payment table through a foreign key called ACC_ID etc). Similarly, all these tables
are implemented with database primary keys and the unique property in SQL is been
used in order to uniquely identify different records in each table. After a successful
development of the application database tables creation codes using SQL, the
following steps were followed to execute the script in the RDBMS (SQL Server).
i. Select the database name
ii. Click on “new query”
iii. Copy and paste the script codes from the notepad
iv. Click on “execute” at the top menu
166
After the above steps, there were no errors in the script, all the database tables were
created with all the command implemented in the script. Meanwhile, Figure 4.4 and
Figure 4.5 show the screen shot of the database tables creation during the application
development.
Figure 5.4 Database Tables Creation Command
167
Figure 5.5 Database Tables
5.2 Development of Application Interfaces
These are the input screens where user can enter information they want to process to
the application database. After a successful installation of the visual studio 2008 as
the Integrated Development Environment (IDE) in the machine, to create user
interfaces, we have to first create the application homepage otherwise called the
master page of the application. This page help to store all the application forms.
Hence, the following steps were taken in creating this master page.
i. Click on start button
ii. Click on program
168
iii. Click on visual studio
iv. From the displayed visual studio menu, click on file
v. Click on desktop application
vi. Select the language to be use
vii. Enter the name of the app
viii. Select the storage location
ix. Click on Ok
x. From the solution explorer right click on the name
xi. Choose “ADD”
xii. Choose “NEW ITEM”
xiii. From the display menu select “MasterPage”
xiv. Click on OK
The screen shots of the application interface creation are given in the Figure 5.6 and
Figure 5.7 respectively
169
Figure 5.6 System Compiler Home Page
Figure 5.7 System Master Page
170
5.2.1 Development of the Application forms
There are many desktop forms in this application which are used to process user’s
information to the database. To create the first form, the steps below are taken
i. From solution explorer right click on the application name
ii. Click on “New Item”
iii. Select a form from the display items
iv. Enter the name of the form ( e.g. Payment)
v. Select the master page
vi. Click on OK
The above operations created an empty form in the system. The form was developed
to perform our set aim, using the tools from the compiler toolbox (by dragging and
dropping the tools into the development environment). Some of the tools used in this
application are; textboxes for user text inputs, label for address specification,
DropDownList for option selection, FailureText for reporting error in the form and
button to perform effects (the codes that control each page is embedded in the button
in each of the forms), among others.
The screen shots of the above steps during the process of developing the interface of
the form are as shown in Figure 5.8 and 5.9 below. Similarly, other interfaces in this
application were developed using the same format of the first interface but with little
171
modification in their outlook and control codes. The design codes are as shown in the
program listing in the Appendix.
Figure 5.8 System Forms Codes
172
Figure 5.9 System Form File
5.3 Connecting the Application to the Database
A data driven application needs direct communication to the database, thus, in this
application, its connection to its database was created with the help of ADO.NET
connectivity technology. The steps taken to create the connection are as shown in
Figure 5.10 through Figure 5.16 respectively.
173
Figure 5.10 Database Connection Tool
Figure 5.11 System Connection Type
174
Figure 5.12 SQL Server Connection
Figure 5.13 System Database
175
Figure 5.14 Database Connection String
Figure 5.15 Establishing the Application Connection String
176
Figure 5.1 Connection Testing
5.4 Application Interfaces Control Mechanism
Application interface control codes are the program or instructions that help to control
all the objects used in designing the interfaces in the application. Designing the
interface of an application alone cannot make all the objects used to be active. Thus,
these codes otherwise called control mechanism can be used to make the objects
active. After a successful development of the different forms (interfaces) of the
application as shown above, the interface codes were also developed (using c#) to
control them in order to be able to process inputs from the interface to the system
database. The codes are divided into different sections, these are; the codes that
perform the various submission action, the codes that perform the data checking
action, the codes that perform the update action, the codes that perform the read
177
operation and the one that perform the biometric verification etc. Each code has
different buttons that create effects for them. The reason for check codes is to allow
for input authentication before processing the input to the database. After a successful
development of these codes, the outputs of the codes are also given in the Appendix.
Similarly, the screen shot during the process of developing the application codes are
as shown in Figure 5.17, Figure 5.18 and Figure 5.19 respectively.
Figure 5.17 Application Button Creation
178
Figure 5.18 Sample Coding Environment
Figure 5.19 Sample of Application Codes
179
5.5 System Implementation Techniques
This is the technique used in implementing the system. There are different
technique used in implementing a system, some of them are refactoring, Line of
Codes (LOC), modular programming etc (Pressman 2010). In this research, the
modular programming technique was used. It’s involved taking the system module
by module to carry out the entire implementation of the system. To implement the
biometric security using this technique, we use the constructor and the destructor to
generate and arrange the biometric trait, module by module and used a parent
module to checking if all the necessary trait has be generated for decision making
during the transaction.
5.6 System Requirements
For effective implementation of computer application, certain requirements are to
be fulfilled. The system requirements are considered on both the hardware and
software basis, therefore, the consideration will be given to both the hardware and
the software requirements of the developed application.
5.6.1 Input/output Format Specification
The input will be entered from the keyboard of the input devices used. The field of
personal details will need only variable character datatype and others will need
character datatype. The system output will be in alphabet and numbers. The system
will give message to the user at every point in time.
180
5.7 Minimum Hardware Requirements
Before the developed system can be implemented, the following hardware
requirement must be satisfied.
i. Pentium IV Processors or other 1BM compatible system such as AMD
Pentium IV compactable processor (1.8 Ghtz)
ii. 1GB of Random Access Memory with 5MHz Font bus speed (RAM) and
above
iii. Hard disk of size 60GB and above.
iv. System web camera for capturing face
v. Fingerprint scanner with a defined SDK
5.7.1 Server Software Requirement
The minimum software requirements for the developed system are outlined
below.
i. Network based software operating system such as Windows Vista, Window
7, Window XP, Window 8, etc.
ii. Server application software for the purpose of this work, SQL Server will be
used.
iii. Server security software such as firewall and software based intrusion
detection system (IDS), etc.
181
5.7.2 Client Software Requirements
Computer system that will use the developed application must satisfy the
following minimum requirements:
i. Web browsers such as Internet explorer, Safari, Google Chrome, Firefox,
Opera, etc.
ii. Network based operating system such as Window XP, Vista, Linux, Solaris,
MAC OS, etc.
iii. Internet Information Services (IIS).
iv. .NET framework 4.5
v. Fingerprint SDK
5.8 System Documentation
Documentation is essential towards the effective utilization of the newly
developed software. This will serve as a guide to every user on how to effectively
use the system.
5.9 System Maintenance
System maintenance is necessary when there are errors in the system or
when there is a change in the user requirements. In case of errors in the developed
system OR changes in the requirements, the error can only be debugged by the
system developer.
182
5.10 System Testing/Result
After the successful development of this application, the application was
tested by registering account information of customers with amount in the account
and we manipulated this amount in the accounts using our software to ascertain the
extent of the software meeting its biometric data manipulation security objective.
The screen shots are as shown below:
Figure 5.20 System Login Page
183
Figure 5.21 System Main Menu
Figure 5.22 New User Creation
184
Figure 5.23 Existing Staff Data Interface
Figure 5.24 Customer Registration Interface
185
Figure 5.25 Customer Fingerprint and Face Registration
Figure 5.26 Existing Customer List
186
Figure 5.27 Customer Transaction Detail
Figure 5.28 General Ledger Form
187
Figure 5.29 Checking Customer
Figure 5.30 Customer Transactions
188
Figure 5.31 Biometric Authentication of Transaction
Figure 5.32 Face/Fingerprint Biometric Paramenters
189
Figure 5.33 Successful Transaction Screen
Figure 5.34 Personal Ledger Interface
190
Figure 5.35 Face/Fingerprint Biometric Features Used
Figure 5.36 Exiting Application
191
CHAPTER SIX
SOFTWARE PERFORMANCE EVALUATION
6.1 Preamble
Software performance evaluation is used to uncover performance problems that
can result from lack of server side resources, inadequate database capabilities,
inadequate coding style, poor design functionalities and other hardware issues that
can lead to degraded performance. The intent of software performance evaluation
is to understand how the system responds to loading (i.e , number of user, number
of transaction and overall data volume), to collect data that will lead to design
modification to improving software performance. Performance evaluations are
designed to simulate real World loading situations. As the number of simultaneous
user grows or the number of transaction increases, or the amount of data increases,
the evaluation will reveal the performance of the system when deployed.
6.2 Software Performance
According to World Wide Web consortium (W3C), performance is defined in
terms of its throughput, response time, execution time and transaction time.
However, the execution time and latency are sub-concepts of the W3Cs definition
of response time (Repp et.al., 2007). Meanwhile the response time for a request is
the total execution time and the waiting time of that request. A service response
time for a request, R, can be represented mathematically as shown below:
192
Response time (R) = Execution time + Waiting time
The execution time is the duration of performing service functionality. The waiting
time is the amount of time for all possible mediate events including message
transaction between service consumer and producer (Yang et.al., 2006). From the
service consumer perspective we can see response time as the duration starting
from the issue of a request to the end of the receipt of the service response. On the
other hand service producer see response time as not been different from the
execution time of a service, so it does not include all possible mediate events,
which are seen as incontrollable variables during service execution (Yang et.al.,
2006).
6.3 Materials and Method of Evaluation
Marcel (2013) pointed out three main types of biometric performance evaluation as
measured in terms of the number of uncontrolled variables which are technology,
scenario, and operational. Meanwhile, the technology of the fingerprint and the
camera has a lot of influence to determining the performance of any biometric
system like this. Therefore, in order to arrest the performance issues in the aspect
of the sensors technology, there is need to use scanner (mainly the fingerprint
biometric scanner) of high resolute with high number of sensors embedded on
them. The improvements recorded in scanner technology have helped to solve the
performance issues in this area of any software that uses scanners for it operations.
193
On the other side, application architecture, coding and pattern presentation
performance were tested using the jmeter. It was used to test how the application
will behave (perform) when many users are accessing it at a time.
Jmeter is a performance testing package, used for load testing and capturing the
maximum and the minimum response time of any application when faced with
testing loads. We used jmeter for testing the system performance because it is open
source and has easy to use user interface and has been used by many software
developers in testing the performance of application by capturing the average,
median, maximum and minimum response time of the application ( Coventry et.al.,
2003, Ekuobase and Onibere, 2013 and Ekuobase and Anyaorah, 2014). According
to Halili (2008), jmeter is not only a load generator but a load and performance
testing tool.
To ascertain the performance of the biometric system, we requested for the
performance results of the payment platform in Finacle banking solution from
National Cash Register (NCR) at number 6 Broad Street, Lagos Island, Lagos. This
was denied but with the intervention of the control unit officer at UBA and some
software engineers at Information Engineering Technology Company ( IETECH),
performance results of this platform was given to us. NCR plays a vital role in the
management of the Finacle solution. NCR are in charge of developing and
implementing all the ATM software solution in Nigeria and as such the solution
194
must have a hand-shake with the Finacle solution. We requested for performance
testing results of 2000 request per 5 seconds using the jmeter on the payment
platform of the Financle solution but we were given 1000 request per 5 seconds
using the jmeter which is still good result to ascertain the system performance.
The resultant parameters recorded during the testing were minimum and maximum
response time of the different applications. Table 6 shows the resultant maximum
and minimum response time results recorded by the jmeter for the Financle
solution as provided by NCR and table 7 shows the ones recorded for our
biometric application.
In using the jmeter for our biometric application, we built different test plan
ranging from 5 to 1000 request per 5 seconds; added a thread group and a listener
that generated the maximum and minimum response time. The follow steps were
followed to perform the testing on the jmeter.
a. Open the jmeter
b. Add Test Plan
c. Add Thread
d. Click on Thread Group
e. Set Thread Group properties to: Number of Thread 1000; Ramp-up Period 5;
Loop count 1.
f. Add the platform address through the Config Element
195
g. Add the cookie Manager
h. Add the Listener that will record the result either in graph form or in tableau.
However, we used the tableau for our application recording the maximum
and the minimum response time results.
i. Save the Test Plan and Run it from the button at its menu.
The screen shot in Figure 6.1 shows the jmeter used to generate our results.
Figure 6.1 Jmeter Screen Shot
The result from the table affirm the scalability, tail tolerance and good response
time of our architecture and coding pattern over the existing architecture/software.
196
Table 6: Results Captured for Existing System
Results Captured From Using The Existing System
No of Sample Minimum Maximum
5 2 6
10 2 8
20 4 8
30 5 9
40 5 23
50 4 41
100 4 88
200 6 138
300 6 197
400 3 212
500 3 262
1000 3 1007
197
Table 7: Results Captured for the Biometric System
Results Captured From Using The Biometric System
No of Sample Minimum Maximum
5 2 5
10 2 8
20 3 9
30 4 10
40 3 14
50 3 5
100 3 21
200 3 5
300 3 10
400 2 16
500 2 22
1000 2 23
For ease of appreciation, Figure 6.2 and Figure 6.3 graphically depict the relative
behavior between the two applications with increasing number of request per unit
time.
198
Figure 6.2 Finacle/Biometric Application Minimum Response Time Graph
Figure 6.2 shows the minimum response time of the two applications. The
implication here shows that the biometric system has a better minimum response
time with increase in request per unit time. This also affirm a more scalable
application when such occur in jmeter results between two applications. (Coventry
et. al., 2003 and Ekuobase and Onibere, 2013).
199
Figure 6.3 Finacle/Biometric Application Maximum Response Time Graph
Similarly, to affirm the scalability of our solution to a greater extent, Figure 6.3
captures the maximum response time of the two solutions. We observed that the
biometric solution maintained a near constant response time with increase in
request per unit time as against the existing solution that skyrocketed its response
time with increase in request per unit time. Coventry et.al. (2003), Dean and
Barroso (2013) and Ekuobase and Anyaorah (2014) affirm that when such occurs,
the solution with near constant response time experience a better maximum
response time over the other and has better scalability, tail tolerance and provide
better performance. Hence, these results affirm the better performance of our
system, with good tail tolerance and scalability.
200
CHAPTER SEVEN
CONCLUSION AND RECOMMENDATION
7.1 Conclusion
Guaranteed solutions to the current transaction security challenges facing banking
industries today may not be possible on a large scale, if the solution are not
software based solution for preventing bank fraud rather than human security
solution currently in place in this sector and existing banking software security
model provided by so many researchers that is geared towards fraud detection and
not fraud prevention. Hence, in this research we have provided a multimodal
biometric platform that is suitable for achieving software based security solutions
in the banking sector that is geared towards fraud prevention mainly from the
aspect of people entrusted with the system in this sector. This platform used both
the face and fingerprint in securing banking transaction. They are used to
authenticate any withdrawal or transfer processes that is to be performed in the
customer’s account. The used of the platform provided in this research will
guarantee high banking transaction security in a large scale that is software based
to any user of the software in the banking sector.
201
7.2 Recommendations
We hereby recommend the following:
a. Biometric should be embrace for securing banking transaction
b. Effort should be made to inform the government and the general banking
sector of the benefits incorporated in this kind of platform.
c. Banking security researches should be shifted from fraud detention to fraud
prevention security models.
d. This kind of platform should be adopted for securing both withdraw and
transfer transaction in the banking sector.
7.3 Contributions to Knowledge
Listed below are the contribution to knowledge from this research
a. Developed a multimodal biometric architecture that is suitable for archieving
software based security capabilities in banking solutions.
b. Developed a biometric system for banking transaction capable of avoiding
third party transaction.
202
REFERENCES
Abaenewe Z, Ogbulu O and Ndugbu M(2013). Electronic banking and bank performance in
Nigeria. West African Journal of Industrial & Academic Research 6(1).
Adams, R. (2010). Prevent, protect, pursue preventing fraud. Computer Fraud & Security,
Journal. 7, (2):5-11
Adebayo W (2016). FG to Prosecute 16 Bankers for #327m Frauds. Available in
http://www.newsbreak.ng/2016/01/fg-to-arraign-16-bankers-for-n327m-fraud/ Retrieved
06/03/2016
Adegboyega A (2015). Secure on-Line Transaction through Augmented Biometrics System.
Global Journal of Computer Science and Technology: G Interdisciplinary 15(2)
Adeoye T.O. (2014). Development of a computerized biometric control examination screening
and attendance monitoring system with fee management. World of Computer Science and
Information Technology Journal 4(6): 76-81.
Adeyiga J.A, Ezike J.O, Omotosho O and Amakulor W (2011). A Neural Network Based Model
for Detecting Irregularities in e-Banking Transactions. Afr J Comp & ICT. 4(3):2-8.
Ahmad, K.U and Mahmood, H.S (2013). Critical Success Factors for Preventing e-Banking
Fraud. Journal of Internet Banking and Commerce. 18(2): 1-14.
Ahuja M.S and Chabbra C (2013). A Survey of Multimodal Biometrics. International Journal of
Computer Science and its Applications, pp. 157-160.
Ailya I, Aihab K, Malik S, Wajeeh J and Shiraz B (2014). Designing and Implementation of
Electronic Payment Gateway For Developing Countries. Journal of Theoretical and
Applied Information Technology. 26(2). 84-90
Akazue, M and Efozia N.F (2010). A Review of Biometric Technique for Securing Corporate
Stored Data. Proceeding of the International Conference on Software Engineering and
Intelligent Systems 1:329-342.
Akindele, R. I. (2011). Fraud as a Negative Catalyst in the Nigerian banking Industry. Journal of
Emerging Trends in Economics and Management Sciences, 2(5): 357-363.
Akinyemi O.I, Zaccheous O.O and Olufemi M.O (2010). Towards Designing a Biometric
Measure for Enhancing ATM Security in Nigeria E-banking System. Internationa Journal
of Electrical and Computer Sciences IJECS. 10(6):68-73.
Amtul F (2011). E-Banking Security Issues: Is There A Solution in Biometrics ? Journal of
Internet Banking and Commerce, 16(2): 1-9.
203
Ana B (2011). Banking 2.0: Developing a Reference Architecture for Financial Services in The
Cloud. Master Thesis submitted to Department of Software Technology Faculty of
Electrical Engineering, Mathematics and Computer Science Delft University of
Technology Delft, The Netherlands. www.wis.ewi.tudelft.nl. Retrieved 2/6/2015
Anaba I (2016). Three Bankers Charged for Forgery and Stealing of #2.8 Million from
Customers Account. Vanguard Newspaper. Available in www.vanguardng.comRetrieved
06/03/2016
Anderson M (2010). Verified by VISA and MasterCard SecureCode: or, How Not to Design
Authentication, Ross Anderson, Steve n Murdoch, at Financial Cryptography 2010 ,
Springer LNCS 6052 pp 336 – 342
Ane D.J (2011). Pro-active Architecture and Implementation of a Secure Online Banking System
that Uses Fingerprint Data as Part of Client Side Digital Signatures. Final Thesis for the
award of an PhD. In Computer Science in University of Copenhagen
Angelakopoulos, G. and Mihiotis, A. (2011). E-banking: challenges and opportunities in the
Greek banking sector. Electronic Commerce Research, 11 (3): 297-319
Anil K. Jain, Arun R and Salil P (2004), “An Introduction to Biometric Recognition.”
www.eris.lak.anilfile.nl Retrieved 2/6/2015
Anthony L (2014). Proposed Framework for Securing Mobile Banking Applications from Man
in the Middle Attacks. Journal of Information Engineering and Applications. Vol.4, No.12
Aransiola, J.O. and Asindemade, S.O. (2011). Understanding Cybercrime Perpetrators and the
Strategies They Employ in Nigeria. Cyberpsychology, Behavior, and Social Networking,
14(12) :759-763
Arlow, J. and Neustadt, I. (2005). UML 2 and the Unified Process: Practical Object-Oriented
Analysis and Design (2nd Edition). Boston: Addison-Wesley.
Auta M. (2010). E-Banking In Developing Economy: Empirical Evidence From Nigeria. Journal
of applied quantitative methods, 5(2)
Avornicului M.C and Bresfelean V.P (2012). Model Driven Development of Online Banking
Systems. International Journal of Engineering Research 8(6). 795-800
Ayo, C.K and Ukpera W.I (2010). Design of a secure unified e-payment system in Nigeria: A
case study. African Journal of Business Management 4(9):1753-1760.
Bailey, K. (1994), Methods of Social Research. Free Press, New York, NY
Beatriz S.M (2012). Evolving Core Banking Enterprise Architecture. Leveraging Business
Events Exploitation.
204
Benjamin, O.A. and Samson, B.S. (2011). Effect of perceived inequality and perceived job
insecurity on fraudulent intent of bank employees in Nigeria. Europe's Journal of
Psychology 3(3):99-111
Biometrika M ( 2011). Introduction to Biometric Systems, s.l.: Biometrika (Italy) Available
at:http://www.biometrika.it/ eng/wp_biointro.html. Retrieved 27/3/2016
Brooke, J. (1996). SUS: A “quick and dirty” usability scale. In P. W. Jordan, B. Thomas, B. A.
Weerdmeester, & A. L. McClelland (Eds.), Usability evaluation in industry. London:
Taylor and Francis. Available from http://www.usabilitynet.
org/trump/documents/Suschapt.doc. Retrieved 20/1/2016
Brown S.A, Dennis A.R and Venkatesh V. (2010). Predicting Collaboration Technology Use:
Integrating Technology Adoption and Collaboration Research. Journal of Management
Information Systems. (27): 9- 53.
Byun, S. and Byun, S.E (2011). Exploring perceptions toward biometric technology in service
encounters: A comparison of current users and potential adopters. Behaviour &
Information Technology, in press. Available online: 30 March 2011.
Catalin L, Vasile-Gheorghiţa G, and Valeriu L (2015). Improving the Security of Internet
Banking Applications by Using Multimodal Biometrics. Journal of Applied Computer
Science & Mathematics, 19 (9) /2015, Suceava
Chandran G. Rajesh C. R (2009). Performanance Analysis of Multimodal Biometric System
Authentication. IJCSNS-International Journal of Computer Science and Network Security,
Vol. 9, No.3
Chan S and Lu M. (2004). Understanding internet banking adoption and use behavior: A Hong
Kong perspective. Journal of Global Information Management. 12: 21.
Chang, W.H. & Chang, J.S. (2012). An effective early fraud detection method for online
auctions. Electronic Commerce Research and Applications, 11(4):346-360 Available from:
http://www.sciencedirect.com/science/article/pii/S1567422312000191.Retrieved 13/3/2016
Chiemeke,S.C. and Egbokhare, F.A.(2006). Principles of System Analysis and Design. Root
Print Publisher, Benin City, .25.
Choplin, J.M., Stark, D.P., and Ahmad, J.N. (2011). A Psychological Investigation of Consumer
Vulnerability To Fraud: Legal And Policy Implications. Law & Psychology Review, (35)
:61-108
Constantin M and Catalin I (2008). Internet Banking Integration within the Banking System.
Revista Informatica Economica. 2(46). 55-59
205
Cooper D. R, Schindler P.S (2003). Business research methods. McGraw-Hill/Irwin New York,
NY, 2003.
Coulouris G, Dollimore J, Kindberg T and Blair G (2012). Distributed Systems: Concepts and
Design. Addison-Wesley, USA. Pp 1047.
Coventry, L., De Angeli, A., and Johnson, G. (2003). Usability and biometric verification at the
ATM interface. In Proceedings of the SIGCHI conference on Human factors in computing
systems (pp. 153-160). ACM.
Daniel D. C (2003). Collaborating Software: Blackboard and Multi-Agent Systems & the Future.
In Proceedings of the International Lisp Conference, New York, New York, October 2003.
Davies W (2009). Fingerprint Biome. Symposium at the International Conference: Social Capital
and Volunteering, City University of Hong Kong, China. Association of Social
Psychology, Wuerzburg, German
Dean j and Bsrroso L.A (2013). The Tail of Scaled Communications of the ACM. 56(2): 74-80.
Dennis A.R , Venkatesh V and Ramesh V (2003). Adoption of Collaboration Technologies:
Integrating Technology Acceptance and Collaboration Technology Research. Working
Papers on Information Systems. 3(2).
Dilip K, and Yeonseung R, (2008) “A Brief Introduction of Biometrics and fingerprint Payment
Technology”, Published by the IEEE Computer Society
Dhurgham T.A and Mohammad H (2012). User Acceptance of Biometrics in E-banking to
improve Security. Business Management Dynamics.2(1): 01-04.
Drygojio, A (2011) Information and Communication Security. LIDIAP Speech processing and
Biometric Group. Institute of electrical Engineering. Ecole polytechnique Federalede.
http//scgwww.epfl.ch/courses
Dzomira, S. (2014). Electronic Fraud (Cyber Fraud) Risk in the Banking Industry, Zimbabwe,
Risk governance & control: financial markets & institutions, 4( 4): 17-27.
Ebubeogu A.F (2015). Bank Customers Management System. International Journal of Scientific
& Technology Research. 4(8) . 326-342.
Ekuobase O.G and Anyaorah I.E (2014). Tail tolerance of Web Services Solutions Built on
Replication Oriented Achitecture. Canadian Journal of Pure and Applied Sciences.
8(2):2943-2954.
Ekuobase O.G and Onibere E.A (2013). Scalability of Web Service Solution Built on ROA.
Canadian Journal of Pure and Applied Sciences. 7(1):2251-2270.
206
Emeka R. N (2014). Improving the Security of the Internet Banking System Using Three-Level
Security Implementation International Journal of Computer Science and Information
Technology & Security (IJCSITS). 4(6). 2249-9555
Emuoyibofarhe O.J , Fajuyigbe O. Emuoyibofarhe O.N and Alamu F.O. (2011). A Framework
for the Integration of Biometric Into Nigerian Banking ATM System . International Journal
of Computer Applications. 34(4):1-10.
Entrust 1. (2005). Consumer Perspectives on Online Banking Security.
www.entrust.com/resources/download.cfm/22314. Retrieved 6/8/2017
Fajfar, M (2004). Role and Security of Payment Systems in an Electronic Age. IMF Institute
Seminar on Current Development in Monetary and Financial Law in June 2004 . Available
at www.imf.org/external/np/leg/sem/2004/edmfl/eng/faj.pd
Falaye A. A, Osho O, Alabi I.O, Adama N.V and Amanambu V.R (2013). Secure
Authentication for Mobile Banking Using Facial Recognition. IOSR Journal of Computer
Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 10, Issue 3
Favour N (2013). CBN to Lunch Biometric Details of banks customers. Nigeria Vanguard
Newspaper December 11 2013.
Feng G, Dong K, Hu D and David Z (2004). When Faces Are Combined with Palmprints: A
Novel Biometric Fusion Strategy. Proceedings of First International Conference, ICBA
2004, (2004), Springer, 701-707
Friday W, Olumide L and Paul D (2012), “Action speaks louder than words – understanding
cyber criminal behavior using criminological theories,” Journal of internet banking and
commerce.17(1)
Gercke, M. (2011). Understanding Cybercrime: A Guide for Developing Countries. ICT
Applications and Cybersecurity Division. Policies and Strategies Department. ITU
Telecommunications Development Sector 2nd Edition, available at: www.itu.int/ITU-
D/cyb/cybersecurity/legislation.html.
Giles, J. (2010). The problem with online banking. New Scientist, 205, (2745) 18-19 available
from: http://www.sciencedirect.com/science/article/pii/S0262407910602242. Retrieved
1/11/2016.
Gregory D. W (2006). Enhanced Authentication In Online Banking. Journal of Economic Crime
Management Fall 2006, Volume 4, Issue 2
Gunajit S and Pranav K.S(2010). Internet Banking: Risk Analysis and Applicability of Biometric
Technology for Authentication. International Journal of Pure and Applied Sciences and
Technology Int. J. Pure Appl. Sci. Technol., 1(2):67-78
207
Gunson, N., Marshall, D., McInnes, F., & Jack, M. (2011). Usability evaluation of voiceprint
authentication in automated telephone banking: Sentences versus digits. Interacting with
Computers, 23(1):57–69.
Guruprasad, K.V and Sandeep P.H (2015). A modified Thinning Algorithm for Minitiae Feature
Extraction of Fingerprint Image on FPGA. Proceedings of 19th IRF International
Conference. 25th January 2015 Chennai. India.
Hakeem O and Oke A (2016). On securing ATM Transaction Using Bank Verification Number.
International Journal of Scientific and Engineering Research. 7(11). 483-488.
Halili E (2008). Apache Jmeter: A practical beginner’s guide automated testing and performance
measurement for your website. Packet Publishing, United Kingdom. Pp 129.
Hameed U.K (2014). E-banking: Online Transactions and Security Measures. Research Journal
of Applied Sciences, Engineering and Technology 7(19). 4056-4063
Harry S.K. (2002). E-fraud; current trends and International developments, Journal of Financial
Crime, 9(4):347-354.
Hochschild J.L (2009). Conducting Intensive Interviews and Elite Interviews". In Workshop on
Interdisciplinary Standards for Systematic Qualitative Research. National Science
Foundation, 2009.
Hosseini, S., Mohammadi, S. (2012). Review Banking on Biometric in the World’s Banks and
Introducing a Biometric Model for Iran’s Banking System. Journal of Basic and Applied
Scientific Research, 2(9)
Houssam E, Hanane H and Hicham M (2014). A Secure Electronic Transaction Payment
Protocol: Design and Implementation. International Journal of Advanced Computer
Science and Applications. 5(5)172-180
IBM (2011). May [Online]. ftp://170.225.15.40/software//data/sw-
library/industrymodels/sBDWBasel23_WhitePaper_v84.pdf. Retrieve 5/8/2017
Jaideep M, Hemant N, Harshal K, Neha M, Chaitali D (2013) International Journal of
Engineering Research and Applications (IJERA). Vol. 3, Issue 2,
Jain, A.K., Prabhakar, S., Hong, L. and Pankanti, S. (2000), “Filterbank-based fingerprint
matching” IEEE Trans. on Image Processing, pp.846-859.
Jain, A. K., Ross, A., and Pankanti, S. (2006). Biometrics: A tool for information security. IEEE
Trans. Information Forensics and Security, 1(2), 125–143.
Jeffrey, L.W., Lonnie,D.B. and Kevin,C.D.(2001). System Analysis and Design Methods.
Mcgraw Hill/Irwin, North America, 397.
208
Jiang H and Yang J (2007). On-line Payment and Security of E-commerce. Proceedings of the
2007 WSEAS International Conference on Computer Engineering and Applications. 545-
550.
Jim,A and Ila, N.(2004). UML 2.0 and the Unified Process. Second Edition. Practical Object
Oriented Analysis and Design, Addison Wesley Pearson Education, Canada 1-4.
Joseph M,Steven K and Micheal K (2015). A Study of Approaches and Measures aimed at
Securing Biometric Fingerprint Templates in Verification and Identification Systems.
International Journal of Computer Applications Technology and Research. 4(2):108 – 119.
Jung ho, E (2014). The Design of Robust Authentication Mechanism using User’s Biometrics
Signals. International Journal of Security and Its Applications 8(6):71-80
Keerthi P.P. Deepak R.G. Swathi K. and Rupali N. (2014). Secure Fingerprint Using Mosaicing.
IOSR Journal of Computer Science 3(2):73-79.
Khaled A.N (2015). A Framework for Secure Online Bank System Based on Hybrid Cloud
Architecture. Journal of Electronic Banking Systems. Vol. 2015 (2015), Article ID 614386,
13 pages. http://www.ibimapublishing.com/journals/JEBS/jebs.html. Retrieved 24/2/2017
Khatoon K, and Ghose M.K (2013). Multimodal Biometrics: A Review. International Journal of
Computer Science and Information Technology & Security, Vol. 3, No.3,
Koskosas, I. (2011). E-banking security: A communication perspective. Risk Management, 13
(12):81-99 available from:
http://search.ebscohost.com/login.aspx?direct=true&db=eoah&AN=24754949&sit
e=ehost-live. Retrieved 20/4/2015
Krutchen, P. (2003). The Rational Unified Process—An Introduction (3rd Edition). Reading,
MA: Addison-Wesley.
Kuncheva L I, Whitaker C.J, Shipp C.A, and. Duin R.P.W(2000). Is independence good for
combining classifiers?. Proceedings of Int’Conf. on Pattern Recognition (ICPR), Vol. 2,
(Barcelona, Spain), pp. 168–171
Laerte P Marcelo D. Holtz, Bernardo M. David, Flavio G. Deus and RafaelTimóteo de Sousa
(2011). A formal classification of internet banking attacks and vulnerabilities. International
Journal of Computer Science & Information Technology (IJCSIT).3(1). DOI :
10.5121/ijcsit.2011.3113
Lai V.S and Li H. (2005). Technology Acceptance Model for Internet Banking: An invariance
Analysis. Information and Management. 42(13).
Lee S, Raghav V and Sharman M. (2005). Secure Knowledhe Management and The Semantic
Web. Communications of the ACM. 48: 6.
209
Lupu, C. Lupu V,(2014). The beginnings of using fingerprints as biometric characteristics for
personal identfication purposes. Annals of the Constantin Brancusi University of Targu Jiu,
Engineering Series, No. 3/2014, pp. 53-56
Lupu C (2015). Development of optimal filters obtained through convolution methods, used for
fingerprint image enhancement and restoration. The USV annals of Economics and Public
Administration. 14(20):156-167, ISSN 2285–3332 (printed), 2344–3847 (online)
Mahadevi P and Sukumar, R (2015). Modeling Anti Phishing System for E-Banking Based on
Graphical Password Authentication Scheme. International Journal of Innovative Research
in Science, Engineering and Technology 4(5)
Maknahiv (2015). Internet Banking System Model Using Image and PIN. Journal of Computer
Science and Technology Security (JCSTS). 8(18). 112-119.
Mahmood A(2012). Distributed Online Banking. University of Illinois at Springfield 2356
William Maxwell Lane Apt # 403, Springfield, Illinois-62703
Mane V.M and Judhav D.V (2013). Review of Multimodal Biometrics: Applications, Challenges
and Research Areas. International Journal of Biometric and Bioinformatics, Vol. 3, Issue 3
Marcel, S. (2013). BEAT–biometrics evaluation and testing. Biometric technology today, (1), 5-
7.
Marshall C and Rossman G.B (2011). Designing Qualitative Research. Sage, 5th ed. edn., 2011.
Marketplace, A (2011) Nigerian Bank Deploys country first biometric ATM. ATM marketplace.
Industrial Report on 2015 ATM and Self-Service Software Treads.
Majid T, Mohammad A, and Mohammad R (2010). Mobile Based Secure Digital Wallet For
Peer To Peer Payment System. International Journal of UbiComp (IJU), Vol.1, No.4. DOI :
10.5121/iju.2010.1401 1
Masocha, R., Chiliya, N. and Zindiye S, (2010). ‘E-banking adoption by customers in the rural
milieus of South Africa: A case of Alice, Eastern Cape, South Africa’. [online] Available
at:<http://www.academicjournals.org/AJBM/PDF/pdf2011/4Mar/Masocha%20et%20
al.pdf> Retrieved 7/8/2016
Matthew J and Simon M (2007). A new approach to e-banking In U´ lfar Erlingsson and Andrei
Sabelfeld, editors, Proc. 12th Nordic Workshop on Secure IT Systems (NORDSEC 2007),
pages 127–138. Retrieved from http://www.matthew.ath.cx/publications/2007-Johnson
ebanking.pdf. Retrieved 7/8/2016
McCracken, G. (1988). The Long Interview. Sage Publications, Thousand Oaks, CA.
210
Meiappane A, Prasanna V.V, Jegatheeswari V, Kalpana B And Sarumathy U (2012). Pattern
Based Adaptive Architecture for Internet Banking. Annals of the Constantin Brancusi
University of Targu Jiu, Engineering Series, No. 1/2012, pp. 22-34
Meiappane A, and Prasanna V.V (2013). Request and Notification Pattern For An Internet
Banking System. International Journal of Computer Science and Information Technology
Research. Vol. 1, Issue 1, pp: 1-8
Michael E.W. and Herbat J.N. (2005), Principles of Information Security. Thomson course
Technology Printed in Canada.
Mikecz R (2012) Interviewing Elites Addressing Methodological Issues". Qualitative inquiry,
vol. 18, no. 6, pp. 482:493, 2012.
Mohammed A(2011). Strengthening One-time password authentication through usability.
International Journal of Computer Science and Information. 2(6) 48-53
Mukherjee, A and Nath P. (2003). A model of trust in online relationship banking. International
journal of Bank Marketing. 21(1):5-15
Murdoch, S. & Anderson, R. (2010), "Verified by Visa and MasterCard SecureCode: Or, How
Not to Design Authentication," In Financial Cryptography and Data Security, 6052 ed. R.
Sion, ed., Springer Berlin Heidelberg, pp. 336-342.
Nadeem A (2015). A Model for Protecting Online Banking Using Transaction Monitoring.
International Journal of Computer Networks and Communications Security VOL. 3, NO. 3.
78–82
Narendiran C, Albert R.S and Rajendran N (2008). Performance Evaluation on End-to-End
Security Architecture for Mobile Banking System. IEEE Commun 2008; August.
Nayer A. H, Mahdi R.G. K, Alireza N, Ali H, Bill R (2013). Personalized Security Approaches
in E-Banking Employing Flask Architecture over Cloud Environment. The 4th
International Conference on Emerging Ubiquitous Systems and Pervasive Networks
Nicolas R, Edgar W, and Andreas S (2010). A Process Model for Integrated IT Governance,
Risk, and Compliance Management," in Ninth Baltic Conference on Databases and
Information Systems , Riga, Latvia., 2010, pp. 155-170.
Noluxolo K and Rossouw von S (2014). A conceptual framework for cyber-security awareness
and education in SA. SACJ. 38. 80-106
Okediran O. O (2014) A Biometric Identification Based Scheme for Secured EPayment. Journal
of Computation in Biosciences and Engineering. 1(2):1-5
211
Olowookere A and Awode T (2014). Design of a Secured Electronic Voting System Using
Biometrics. International Journal of Innovative Research in Computer and Communication
Engineering. 2(12):101-106.
O'Neil M and Conti J.A (2007). Studying Power: Qualitative Methods and the Global Elite".
Qualitative Research, vol. 7, no. 1, pp. 63-82.
Paul I (2016). Female Banker, Accomplice Face Trial Over N67.9m Fraud. Available in
http://www.pmnewsnigeria.com/2016/01/18/female-banker-accomplice-face-trial-over-
n67-9m-fraud/ Retrieved 21/04/2016
Penny K (2013). SANS Security Essentials (GSEC) Practical Assignment Version 1.3,” Iris
Recognition Technology for Improved Authentication”.
Pe_ers K, Tuunanen T, Gengler C.E, Rossi M, Hui W, Virtanen V and Bragge J (2006). The
design science research process: A model for producing and presenting information
systems research". In Proceedings of the first international conference on design science
research in information systems and technology (DESRIST 2006), pp. 83-106.
Pe_ers K, Tuunanen T, Rothenberger M.A and Chatterjee S (2007) .A design science research
methodology for information systems research". Journal of management information
systems, 24(3):45-77
Prabowo, H.Y. (2011). Building our defense against credit card fraud: a strategic view, Journal
of Money Laundering Control, Vol. 14, No. 4, pp. 371-386. Emerald Group Publishing Ltd.
Pressman R.S (2010). Software Engineering: A practitioner’s Approach. Addison Wesley, 7th ed.
Qureshi T.M and Khan M.B (2008). Customer Acceptance of Online Banking in Developing
Economies. http://www.arraydev.com/commerce/jibc/2008- 04/Tahir%20Masood.pdf.
Retrieve 6/8/1017
Rabia J and Hamid R. A (2009). A Survey of Face Recognition Techniques. Journal of
Information Processing Systems. 5(2).
Raghavana, A.R., Parthiban, L. (2014). The effect of cybercrime on a Bank’s finances,
International Journal of Current Research & Academic Review. 2(2):173-178.
Rana T and Mumtaz A.K (2012). Evaluating Biometrics for Online Banking: The case for
usability, International Journal of Information Management. 32:489-494.
Ranjit D. Patil1 S.P. Patil, V.H. (2016). To Study the Security Aspects in the Online
Transactions Using PayPal. International Journal of Innovative Research in Computer and
Communication Engineering 4(1). 936-942
212
Rashmi H. (2015). Biometrics Authentication Technique with Kerberos for Email Login.
International Journal of Advances in Engineering and Technology. 7 (6):1735-1744.
Robyn W. (2012), “Issues in mHealth: Findings From Key Informant Interviews”. Online
Information journal. 30: 63-88
Rodrigo C, Michael G and Sadie C (2003. Applying Semantic Technologies to Fight
OnlineBanking Fraud.European Intelligence and Security Informatics Conference
Ross, K. Nandakumar, A.K. Jain M (2006), “Handbook of multibiometrics”, Springer, 2006,
ISBN 978-0-387-22296-7
Ross A and. Jain A. K (2003), “Information fusion in biometrics,” Pattern Recognition Letters,
Vol. 24, pp. 2115– 2125
Ross A and Jain A.K (2004), “Multimodal Biometrics: An Overview”, Proceedings of 12th
European Signal Processing Conference (EUSIPCO), (Vienna, Austria), pp. 1221-1224
Rubins, H., and I. Rubins. (1995), Qualitative Interviewing.
Sage Publications, Thousand Oaks, CA.
Ruppinder S and Naringer R. (2014). Comparison of Various Biometric Methods. International
Journal of Advances in Science and Technology 2(1).
Sachan A and Ali A. (2006). Competing in the age of information technology in a developing
economy: Experiences of an Indian Bank. Journal of Cases on Information Technology. 8:
19.
Sandeep P.S , Shiv S.P, Shukla ,Nitin R and Vipin T (2011). Problem Reduction in Online
Payment System Using Hybrid Model. International Journal of Managing Information
Technology. 3(3). 62-71.
Selina O and Jane O (2012). Enhanced ATM Security System Using Biometrics. International
Journal of Computer Sceince Issues. 9(5):352-357.
Simic, D. (2005). Reducing Fraud In Electronic Payment Systems. The 7th Balkan Conference
on Operational Research BACOR 05 Constanta, Romania.
Smith K (2006) Problematizing Power Relations in Elite Interviews". Geoforum, vol. 37, pp.
643:653, 2006.
Sommerville, I. (2011). Software Engineering. Addison Wesley, 9th ed.
Sri S.D and Smt J.D (2011). Designing a Biometric Strategy (Fingerprint) Measure for
Enhancing ATM Security in Indian E-Banking System. International Journal of
Information and Communication Technology Research. 1(5):197-203.
213
Shafeeq A and Vipin M (2012). Domain-Driven Architecture for Object-Oriented Software
System. Ubiquitous Computing and Communication Journal .3(5).
Shah, M.H., (2012). Critical Success Factors in e-Banking: A Study of Two UK Retail Bank.
Shewangu D (2015). Cyber-banking fraud risk mitigation conceptual model. Banks and Bank
Systems, 10(2)
Shouvik B, Anamitra B, Roy,K Ghosh M and NilanjanD (2012). A Biometric
Authentication Based Secured ATM Banking System. International journal of Advanced
Research in Computer Science and software Engineering. 2(4):178-182.
Skinner, C. (2012). Who the hell needs biometrics in banking? Financial services club Blog.
(26.1.2012). http://thefinanser.co.uk/fsclub/2012/01/who-the-hell-needsbiometrics- in-
banking.html. Retrieved 9/8/2015
Taiwo O.A, Tajudeen J.A and Ebeneza Y.A (2011). Electronic Payment System in Nigeria:
Implementation, Constraints and Solutions. Journal of Management and Society.1(2):16-
21.
Tansey O (2007). Process Tracing and Elite Interviewing: a case for non-probability sampling".
PS: Political Science & Politics, vol. 40, no. 04, pp. 765:772, 2007.
Temitope O, Pavol Z, Ron R and Dale L (2009. Security Modeling of Mobile Payment System
Architecture . Proc. of International Conference on Availability, Reliability and Security
(ARES ’09), pp. 695-700
Tendelkur, R. (2013). Cyber-crime, securities markets and systematic risk, Joint Staff Working
Paper of the IOSCO Research Department and World Federation of Exchanges.
Tiang X and Yau W. (2000). Fingerprint Minutiae Matching Based on the Local and Global
Structures. 5th Int. Conf. Pattern Recognition 2:1038-1041.
Thompson G. (2011). Why firms should think twice before storing sensitive data down south.
Ottawa Business Journal. [Online]. Available: http://www.obj.ca/Opinion/2011-01-
20/article-2139749/Cloud-computing,-the-Patriot-Act-and-you/1 Retrieved 2/8/2015
Toledano, D. T., Pozo, R. F., Trapote, A. H., & Gomez, L. H. (2006). Usability evaluation of
multi-modal biometric verification systems. Interacting with Computers, 18:1101–1122.
Vandommele T (2010). Biometric Authentication Today. Available at
http://www.csc.hut.fi/en/publications/B/11/papers/vandommele.pdf. Retrieved 2/6/2015
Venkatesh V and Bala H. (2008). Technology Acceptance Model 3 and a Research Agenda on
Interventions. Decision Sciences.39(1).
214
Vidya P and Aswathy R.S. (2014). Privacy Improvement for Fingerprint Recognition Based on
RSA International Conference on Innovations and Advance in Science Engineering and
Technology. 3(5):340-345.
Vivian N (2009), “Advanced Systems Analysis And Design. National Open University of
Nigeria.102”.
Vivek A, Vinay K, Vishal G and Komal T(2014). Multi Banking Transaction Interface Using
MVC2 Architecture. International Journal of Computer Science & Engineering
Technology. 5(4), 384-388.
William F. Elmendorf and Luloff A.E .(2006), “Using Key Informant Interviews to Better
Understand Open Space Conservation in a Developing Watershed, Arboriculture & Urban
Forestry 32(2).
WiseGeek. (2013). What is Bank Fraud?. [Online] Available at:<url:
http://www.wisegeek.com/what-is-bank-fraud.htm> Retrieved 12/06/2016
Wresch W and Fraser S. (2006). Managerial strategies used to overcome technological hurdles:
A review of e-commerce efforts used by innovative Caribbean managers. Journal of Global
Information Management. 14: 16.
Yang S.J, Zhang J and Lan B.C (2006). Service Level agreement based Qos Analysis for web
services Discovering and composition. International Journal of Internet and Enterprise
Management. Inderscience. 1251-1271.
Zakaria, S. (2013). The Impact of Identity Theft on Perceived Security and Trusting E-
Commerce, Journal of Internet Banking and Commerce, 18(2):1-12.
Zoe K (2014). Politician Fingerprint Cloned from Photos by Hacker. 31st Annual Chaos
Computer Conference in Hambury Germany. Available at BBC New Technology.
215