Research Paper on SECURING CREDIT CARDS USING BIOMETRIC FINGERPRINT

SECURING CREDIT CARDS USING BIOMETRIC FINGERPRINT

1. Online payment using biometric fingerprint

1.1How does it work?

            Biometrics involves a human’s unique physical and behavioral features that are practically sensed by electronic machines. Moreover, there is an interpretation by PCs so that the biometric features may be applicable as proxies for individuals to utilize in the digital platform. Biometrics works in such a way that they bond with digital data. The data matches a person’s identity with considerable accuracy and there is retrieval of data using computers in a rapid and automated fashion (Bamfield 2012, p.39). Recent studies have identified online payments that use the biometric features such as voice recognition, fingerprints through the thumb, facial features, and the iris pattern. Behavioral biometrics recognizes the voice, signature patterns and writing style (Campisi 2013, p.45). Financial institutions will capture the client’s image that pertains to a particular feature and then store its unique characteristics as a mathematical template. Then a matching algorithm compares the stored template with subsequent images captured of the user’s fingerprint, face, iris, or any other feature. After this co-relation is when authorization of payment is successful  and in order to gain access to a payment system the user is asked to place the registered finger directly on the fingerprint reader (Chirillo & Blaul 2003, p.73). If authorization is successful, there is an execution of the planned action. As the diagram below depicts, the users enroll their fingerprint information into an advanced digital form and the data is stored by the system in an encrypted format within a secure database (Cook 2008, p.89).

Description: Description: Diagram1

(Source: http://www.nividbiometrics.com/Products/Online_Authentication.asp)

1.2 Implementation process

The implementation process is as follows:

  1. “Enrollment scans – An individual’s fingerprints are scrutinized and matched with the credentials that pertain to that particular person in the identity management system. Thus, this is a supervised process to allow for preventing false creation and propagation by any external influences (Das & Debbama 2011, p.94).
  2. Template creation and storage- A biometric sample is created from biometric components that originate from the scanned fingerprint. The enrollment sample becomes the fingerprint biometric entry for a particular user (DeLuca, Langheinrich & Hussmann 2010, p.98). In some instances, the fingerprint scan may also be stored.
  3. Live scan- Each time a person requests access to the payment system, an examination of the fingerprint occurs, and a sample originates from that scan. The scanner executes an aliveness measurement, and this is to differentiate between an unnatural sample of the fingerprint and an actual fingerprint. Thus, there is a confirmation of the identity of the fingerprint sample (Dunstone & Yager 2008, p.69).
  4. Automated matching – The fingerprint sample is a standardized template, and it is necessary to obtain a similarity score. Scores higher than a set benchmark are considered a match. When the automated matching has been achieved then an authorization is made (Galbally 2008, p.55). The diagram below depicts the involved processes.
Description: Description: http://www.isaca.org/Images/@member/journal/images/jrnlv403f4b.jpg

 (Source: http://www.isaca.org/Images/@member/journal/images/jrnlv403f4b.jpg)

1.3 How Biometric online payment will help increase security for credit

            Victims of fraud are conversant with the difficulties of proving that a theft has occurred. Law enforcement agencies have trouble with this crime, and the unpredictable nature of the vice makes is difficult to prevent. A biometric system would go a long way towards the prevention of identity theft since it is based on an individual’s specific features (Gates 2011, p.78). These features are unique and impossible to duplicate. The above analysis does not suggest that biometric systems are without vulnerabilities.

            In Singapore, an excellent system has been developed known as Biometric Fingerprint System Singapore (Gregory & Simon 2009, p.79). The system has helped in the implementation of biometric payment, the system has been successful, and it incorporates the following advantages in regards to security for credit.

Majority of the payment systems are reliant on PINs and passwords or debit cards, a lot of high degree of accuracy is produced by biometric systems. The systems use fingerprints and other tokens, which offer the users unique and accurate methods of knowing the customer. The biometric features used are not readily and easily duplicated. The customers who are given permission will be able to have access in regards to secured information and transactions (Jain, Bolle & Pankanti 2009, p. 104).

Prevent identity theft- Biometric system of transacting is a sure and convenient way and requires no passwords or any secret codes. This cannot begin to compare to credit card payment systems and any other modes that can be considered wireless. These systems are also economical in their use as one user can deal with many service providers (Jain, Bolle & Pankanti 2006, p.205).

Biometric fingerprinting does not have PIN numbers and passwords to remember, because all the customer will need is to place their index finger on the scanner and the payment file will be authorized to facilitate the transaction to completion. In card payment, system the customer is required to recognize PINS and passwords and sometimes this can cause a bigger challenge when dealing with more than one service provider. In our daily lifestyles there is an extensive use of debit cards, shopping cards, transport cards and so on which present a tension pact kind of experience or worst losing a credit card (Lei et al. 2008, p.123).

1.4 Discussion and analysis

            With the existence of many other methodologies of transactions, it is important to ensure your data and services are secure. Some systems, for instance, biometric fingerprint are more reliable compared to credit cards. Credit cards pause danger especially when a password can be hacked into or can even be forgotten or someone can guess it (Liu & Margo 2012, p.86). Biometrics can be able to prevent fraud from two service levels:

i- Verification fraud level: Users can sometimes try to circumvent the process during verification where someone can give false documents like giving in a fake ID. However in a biometric system this is curtailed where pretense and fake finger presenting is dealt with. The system ensures that the fingerprints presented are live, which means that the physical presence of the applicant is enhanced. Therefore, there is less likely hood for impersonating an individual’s fingerprint.

ii – Enrollment fraud level, Identity theft, or fraud is blocked when customers are being enrolled to prevent them from giving false information. Biometrics in this case ensure that the customer give who they really are and not details about another person.

iii- Transaction fraud level, Biometrics ensure customers online transaction are done securely because of the checks and balances that are given before an online payment is effected (Lockie 2002, p.203).

It is also a given fact that biometric fingerprinting in facilitates the payment process. More intently, biometric features come in handy in reducing corruption especially in governments and private institutions. The institutions have had trouble in the past, and they were deficient of transparency as a value in their mission and service delivery.

2. Using biometric fingerprint for withdrawing money from Automated Teller Machines, (ATM)

2.1 How does it work?

            The biometric system gives its consumers the luxury of spending with the touch of an index fingerprint on a networked linked to a secure payment station. The vital requirement from the customer is to have their fingerprint scanned at their required end and the processing of the transaction will have been considered done. The enrolling involves a couple of minutes of the potential customer’s time. This potential customer is just required to have their fingerprint scanned, and then they are allowed to enter a PIN code and enter the information on their credit or debit card (Newman 2009, p.201). The system then proceeds to make a transformation of the fingerprint scanned into a unique and personalized formula. This makes it very stable because it is not the full image of the finger that is stored. This keeps away any potential hackers. The customer is required to be at the point-of-sale either in a bank or a supermarket they complete their payment instructions by having their fingerprint scanned, enter their secret code allocated to them then they are given a chance to choose which specific credit card they want to use and their instructions are executed after a few seconds (O’Dell & Hubert 2011, p.44).

            The expected normal operation of an ATM is that it will have magnetic strips and what is referred to as a personal identification number to make the identification of bank account holders, and there are other mechanisms using smart cards with finger validation features (Pejas & Piegat 2006, p.83). The automated teller machine will channel data read from the customer’s card and the customer’s request to a computer host processor, which will forward the received request to the concerned financial or banking institution. If the card owner is requesting or asking for cash, the computer host processor will give a signal instructing the transfer agent to execute a transfer to the customer’s bank account from the computer host processor’s account. The moment the transfer is successful, the ATM receives an approval code that authorizes it to dispense cash (Ratha & Govindaraju 2007, p.114). The communication, verification, and authorization occur in several ways. The ways include a leased line, dial-up or wireless data links, and these are the tools used to achieve a valid connection to a computer host system. The process occurs efficiently in consideration of the reliability and the cost of the available infrastructure. The computer host systems will usually be maintained at the customer’s institution and they will incorporate the FFT network (Reid 2004, p.304). The EFT network supports the fingerprint authentication. The point-of- sale services that use biometric solutions are also achievable.

2.2 Implementation process

            The illegal executor of instructions is able to have a march of other systems in the online transactions but the biometric system provides constant and high level features. At the time when the customer is registering for their account, the bank takes the customer’s fingerprint and the extra features from the enrollment to create a digital file. This particular digital file is stored in a very secure system with a unique number allocated to it. This number comes into use when processing to act as the temporary identity of the customer issuing payment instructions. When this enrolled customer wants to use the ATM the first time, the system will ask for this particular temporary status. Immediately the correct number is keyed into the ATM through the biometric system the physical attributes are verified and then compared to those stored in the banking system. When a mach is found, the user is allowed to into their account. At times when there is an illegal entry, the machine will have a display with the words wrong user. At every instance of user issuing payment instructions, they are to use their fingerprints and ensure their instructions are safe, free from any misuse by unauthorized parties.

atm

   (Source: http://techcrunch.com/2013/03/25/paytango/)

2.3 How implementation of biometric fingerprint on Automated Teller Machines will help increase security for credit cards

            Biometrics provides a more reliable system than and ATM cards which you will always need to carry and remember passwords. Biometrics eliminates this need. Other unauthorized parties as the recent bank frauds that are on the rampage easily cut ATMs. While when you think of a biometric system we see that, every human has unique features, and cannot be easily penetrated by fraudulent persons posing to be real account holders (Rodgers 2012, p.76). Establishments need to make provision for these products and services at affordable prices. Moreover, there is a need for convenient locations with a limit in infrastructure development and consumer literacy levels. All these challenges require a single solution, and the solution is fingerprint ATM adoption and utilization. The following are the benefits achieved with this adoption.

  1. ATMs also have a lapse of reliable connectivity where they require no need for user identification while biometrics will always need human identification thereby making them secure in their transaction exchange. ATMs security of just providing the ability to only use a password have been bypassed many times when you consider biometric system it provides a high level of security when making payments of any kind for seller to buyer kind of relationship (Salmon 2012, p.97).
  2. Biometrics authentication, however, requires the presence of an individual who is receiving the payment and allows for the generation of a transaction-level receipt (Samuels 2009, p.160). These features lead to a reduction in over-reporting and “ghost” payments (these are payments collected on behalf of non-existent people).

2.4 Discussion and analysis

            There are varieties of ATM malpractices, because in the day and time we live in they are a strategic and attractive target. These malpractices can be viewed in three of the following forms:

First, there can be an open physical malpractice where there will be an illegal forceful entry to the ATM system with the intention of removing the money that is stored in a secure environment

 (Shelly, Cashman & Vermaat 2007, p.79). Secondly, there can be a fraudulent practice where a customer’s data that is contained in the smart cards is stolen to make illegal transactions

Thirdly, the fraud can interfere with the reliable software and network facilities and stealing sensitive data that will eventually give access to the cash held within the banking system.

All of the above levels of fraudulent ATM transactions can be eliminated with biometrics providing a high level and reliable means of transactions (Shoniregun & Crosier 2008, p.115). Considering the retail industry, the usage of the biometric mechanism has its share of success. In addition, biometric features have made the client have a feel of a self-service kind of engagement that has included Pont of Service methods and the existing ATMs.

 3. Biometric fingerprint system for credit/debit card readers, which will enable customers to place their fingerprints instead of inserting PIN code

3.1 How does it work?

            There is a variety of available, reliable methods to make access to the needed services and information. Moreover, some methodologies when analyzed are more reliable and security conscious than others. An individual might think that since they are the only ones aware about their PINs, that they are very secure, but in the real sense as it has been proven in bank fraud, they are less secured as compared to having a token or a smartcard (Stair & Reynolds 2013, p.241). A secret combination of numbers and letters or even a PIN can always be away from the memory of an individual, or even worse, these mechanisms are vulnerable to unauthorized access. In addition, unauthorized individuals can use a token, and someone might access information that is not intended for them. To make the mechanism more secure, it is necessary to utilize the strengths that both the PIN and the tokens possess. In addition, the two could be used to pass the security check of any given system (Vacca 2007, p.97). Payment and non-payment institutions consider the vitality of a piece of information, which in turn requires a more secure authentication in terms of its access at all times. However, it is necessary to note that the security system that incorporates biometric features can also be prone to illegal entries. Then individuals can rely on the systems more strongly, but they should not rely on them 100 percent.       

            The advantage of a biometric feature is that it will not change, and it goes where one goes, so it is difficult to lose. A biometric feature possesses a quality that is resistant to forgery or faking. In the majority of cases forging and faking is next to impossible. Its provisions are very stable and secure in ascertaining who will be authorized to access specific services. In addition, biometric features incorporate solution-satisfying authentication, confidentiality, integrity, and non-repudiation requirements (Williams 2007, p.230). Biometrics experience growth on the internet and it is applicable for inter-business communications. Moreover, biometric features possess cost benefits that pertain to implementing E-Commerce applications over the World Wide Web, and this has raised the bar on security requirements (Wilson 2011, p.352). Logical security is just as important as physical security and it is necessary to enhance security at all times because some individuals are inventing new ways of committing crime every day. Worse, as evidenced by September 11, 2011 US bombing of the twin towers.

3.2 Implementation process

            The integration and simulation of the New ATM system were carried out. On launching the ATM application, an ATM simulated screen is displayed to mimic a real/physical ATM machine. The ATM simulator interfaces with the fingerprint sensor to capture the fingerprint of the customer to be enrolled and authenticated (Zhang 2002, p.66). A minimum of two fingers were registered four times each (preferably, the thumbs) during registration for individuals. The system accepts the fingerprint image from the scanner and extracts the unique features of the fingerprints. Thus, this is matched with the features from the template earlier saved in the user’s ATM card (Cook 2008, p.302). A one-to-one comparison pertains to the authentication. Once the fingerprint is correct, a message indicating fingerprint validation is successfully displayed, and the client can continue with further transactions. After a successful verification, the services of banks that are registered and linked with the Multi-Access Network Company are accessible. A keypad panel providing buttons for numbers and options (such as “OK,” Clear,” “Cancel” and “Return”) are all displayed (Gates 2011, p.170). Following the new business process, the customer is required to select the bank of choice he/she prefers to transact. On clicking on any bank of choice, as the list of available services are displayed on separate buttons. The bank customer is then called upon to choose or make a selection of the type of transaction, after which a new screen is provided for PIN number entry, along with any other entry depending on the operations to be performed (Gregory & Simon 2009, p.255). The transaction process flows through PIN entry, Specify Account, printer output, further transaction (if any), and finally, card ejection.

3.3 How the implementation of biometric fingerprint system on credit card readers will help increase security for credit cards

            Biometric payment mechanisms take away the traditional way of carrying stacks of cash, checks and also credit cards to mention a few  (Lei et al. 2008, p.104). So far when considering the methodologies of secure payments the fingerprint biometric mechanism is the most cost effective and reliable. It differs from the iris scanning and the voice technology biometrics which are expensive, there may be too much interference and barriers of noise or an individual can have their voice distorted through a cold  (Newman 2009, p.95). The requirement of the banks’ customers is to have a scan of their fingerprints at the POS (Point of Sale), and the transaction is finalized and authenticated. The procedure of enrolling will only take a couple of minutes of the customer’s time. The process will require the following from the customer, have their fingerprints scanned, have their PIN codes entered and a submission of the credit and debit information (Reid 2004, p.268). The receiving system will then convert the points of the fingerprint into a unique mathematical formula, so the fuller version of the fingerprint will not be stored in this receiving system to prevent and block hackers from stealing the fingerprint. This mode of secure transaction can be inside a supermarket. Moreover, it is applicable if a bank customer makes purchases or payments through a biometric mechanism. The respective clients will just be asked to scan their fingerprint, enter their unique code number, and make a selection that debits or credits the card they intend to utilize and the transaction will be in a matter of seconds. (Rodgers 2012, p.307). This biometric technology gives users a platform that possesses ease of use and convenience, and it will obviously curb the menace of identity theft by making the user avoid moving around with their credit cards or even worse losing these credit cards (Salmon 2012, p.85). As this mechanism, spreads there is a high likelihood that students of institutions of higher learning will be given a chance to it try out for curiosity purposes. Pay by Touch a biometric company and service provider of this mechanism, alleges the biggest benefit and advantage to the system. Moreover, their system incorporates swiftness and speed especially at checkout lanes (Samuels 2009, p.92).

            The advantages presented to the business professionals include reduction in the processing fee and lower charge-backs from customers and service users. The business enterprises can also be able to keep track of their loyal clients with the use of the biometric paying system and they can easily use mail to get coupons and discounts to their existing faithful customers (Stair & Reynolds 2013, p.34). Others use biometrics for identification purposes when customers are cashing in their paychecks. Thus, this decreases the amount of fraudulent checks for the merchant. Acquiring the biometric technology is relatively inexpensive, according to Pay by Touch’s Vice President Jon Siegel, and the machine can be purchased for less than $30 (Williams 2007, p.3).

3.4 Discussion and analysis

            With the development of biometric solutions for customers of the banking arena, there will be a reduction in fraud and the negligible use of PIN numbers at ATMs. In addition, there will be fingerprint solutions for the masses. Where fingerprint data of users would be scanned into a special PC with a fingerprint scanner and the scanned fingerprints are then stored in an encrypted form in a central server (Wilson 2011, p.268). The instance the client swipes or inserts their card in a biometric sensitized ATM, the user will be informed and directed to put their fingerprint at the fingerprint scanner to receive further authentication procedures prompted by the mechanism. The transaction accompanied with the client’s biometric data is assigned to the switch. The switch runs a verification process of the fingerprint with the server, if this is successful, it makes a request to the banking application, and if the request is accepted, an authorization of the transaction occurs (Cook 2008, p.52). Thus, this is a very safe transaction and will save the identity thefts that have been occurring and any other malpractices that concern the transfer of large sums of money. There is an enhancement of accountability because biometrically enabled machines are made to control any insecure transfer, and this will ensure a lot of effectiveness being achieved especially in terms of security (Gates 2011, p.107).

4. Recommendations

            The biometric fingerprint features offer a reliable solution, and a mechanism that is valuable to the present security conscious industry. Moreover, technologists are able to make a firm statement to fraudsters who will not relent to impersonate others to make illegal entries. More intently, this mechanism will prevent them (Gates 2011, p.119). In the application of the biometric devices, the users must be aware of the aspect that they are not free from errors, thus this means that they are not 100 % perfect. Thus, in a few instances biometrics may present a varied portion of operational factors thereby leading to failure. In mitigating for these particular moments, the service organizations and various individuals could put in place processes that assist to resolve these operational failures. Moreover, organizations should address the customers’ needs to avoid biased reaction and adverse public relations. In due time, this technology will be accepted, and the management running it will ensure that their technicians are on the ground to deal with any failures (Gregory & Simon 2009, p.146). The failures may not represent a significant proportion of transactions. It is necessary to ensure that the biometric finger print reader systems possess minimal damage and the systems have to be an endowment to the public at all times.

                          References

BAMFIELD, J., 2012. Shopping and crime. Palgrave: Macmillan.

CAMPISI, P., 2013. Security and privacy in biometrics. Springer.

CHIRILLO, J., & BLAUL, S., 2003. Implementing biometric security. New York: Wiley.

COOK, M., 2008 Financial developments in Southeast Asia: The locale’s decisive period. Routledge.

DAS, S. AND DEBBARMA, S., 2011. Constructing Biometric Plan (Fingerprint) Procedures for Improving ATM Security in the e-banking Frameworks. International Journal of Information, 1(5).

DE LUCA, A., LANGHEINRICH, M. AND HUSSMANN, H., 2010.The Concepts of ATM security: a practical discussion of real world ATM applications. p.16.

DUNSTONE, T., & YAGER, N., 2008. Biometric designs and examination of data: Design, evaluation, and data retrieval. New York: Springer.

GALBALLY, J., 2008. Security threats and circumvention of attacks in biometric security systems and the features of recognition. Javier: Galbally.

GATES, K., 2011. Biometric sustainability: Facial recognition advancements and the fundamentals of surveillance. NYU Press.

GREGORY, P. H., & SIMON, M. A., 2009. Biometrics for dummies. John Wiley & Sons.

JAIN, A. K., BOLLE, R., & PANKANTI, S., 2009. Biometrics: Personal identification in a networked society. Boston: Springer.

JAIN, A., BOLLE, R. AND PANKANTI, S. (2006). Introduction to biometrics. Springer, pp.1–41.

LEI, M., XIAO, Y., VRBSKY, S. & LI, C. (2008). Authentication using random linear models for web applications, ATM machines, and enhanced computing. Computer Communications, 31(18), pp.4367—4375.

LIU, C., & MARGO, V. K., 2012. Cross-disciplinary biometric systems. Springer.

LOCKIE, M., 2002. The biometric review -Predictions and tests to 2006. Elsevier.

NEWMAN, R., 2009. Security and access control using biometric technologies. Cengage Learning.

O’DELL, C., & HUBERT, C., 2011. Advancements in education: How knowledge management is transforming the enterprise industry. John Wiley & Sons.

PEJAS, J., & PIEGAT, A., 2006. Sophisticated models in network security, biometric and artificial intelligence structures. New York: Springer.

RATHA, N. K., & GOVINDARAJU, V., 2007. Advances in biometrics: Sensors, algorithms and systems. Springer.

REID, P., 2004. Biometrics for network security. Upper Saddle River, NJ: Prentice Hall Professional.

RODGERS, W., 2012. The elements of biometric security and auditing tackled in a throughput platform. IAP.

SALMON, D., 2012. European conventions on data management and scrutiny. Academic Conferences Limited.

SAMUELS, P., 2009.ATM delinquencies: Are financial institutions accountable for personal injuries? Buffalo, NY: William S. Hein & Co., Inc.

SHELLY, G., CASHMAN, T. J., & VERMAAT, M., 2007. Discovering computers: Fundamentals. Cengage Learning.

SHONIREGUN, C. A., & CROSIER, S., 2008. Securing biometrics applications. New York: Springer.

STAIR, R., & REYNOLDS, G., 2013. Principles of information systems. Cengage Learning.

VACCA, J. R., 2007. Biometric technologies and verification systems. Burlington: Butterworth-Heinemann.

WILLIAMS, G. B., 2007. Online business security systems. New York: Springer.

WILSON, C., 2011. Vein pattern recognition: A Privacy-Enhancing biometric. CRC Press.

ZHANG, D., 2002. Biometric solutions. Springer.