Combining PIN and Biometric Identifications as Enhancement to User Authentication in Internet Banking
Internet banking (IB) continues to face security concerns arising from illegal access to users accounts. Use of personal identification numbers (PIN) as a single authentication method for IB users is prone to insecurities such as phishing, hacking and shoulder surfing. Fingerprint matching (FPM) as an alternative to PIN equally has a downside as fingerprints reside on individual mobile devices. A survey we conducted from 170 IB respondents of 5 different banks in Brunei established that majority (65%) of them preferred use of biometric authentication methods. In this work, we propose a two-level integrated authentication mechanism (2L-IAM). At the first level, the user logs in to their IB portal using either PIN or FPM. At the second level, user is authenticated by means of face recognition (FR) should they initiate a transaction classified as sensitive. The merits of the introduced 2L-IAM are 3-fold: - (1) FR guarantees the identity of the rightful user irrespective of the login device; (2) By classifying banking products sensitivity, the sensitive transactions are more effectively secured; (3) It is accommodative of different users authentication preferences. Adoption of this framework could thus improve both users and banks experiences in terms of enhanced security and service delivery respectively.