International Journal of Advanced Technology & Engineering Research (IJATER)

SECURITY IN E-BANKING VIA CARD LESS BIOMETRIC

ATMS
S.T. Bhosale
Research Scholar
V.P. Institute of Management Studies and Research, Sangli
Dr. B.S.Sawant
Director
K. B. P. Institute of Management Studies and Research, Satara

Enormous risks to the computer systems that they

Abstract
Banks in India have started introducing biometric automatic
teller machines (ATMs) as it seems to be an effective way of
preventing card usage and is also a channel to expand a
banks reach to the rural and illiterate masses. Union Bank of
India installed a first such Kisan ATM at Siyagangai branch
Tamil Nadu. Dena Bank has launched the Bio-metric ATMs
in Gujarat. Andhra Bank has launched mobile biometric
access ATMs, one each for the Twin Cities of Hyderabad and
Sceunderabad. Corporation Bank has also introduced
talking biometric ATMs. These ATMs talks to the farmer
in their local languages. [2] [9]
Present study deals with new innovative model for
biometric ATMs which replaces card system by biometric
technology for operating ATMs. Proposed model provides
high security in authentication which also protects service
user from unauthorized access. In this proposed model user
required to authenticate himself with biometric identification
(Thumb/ Fingerprint/Iris etc.), Personal Identity Number
(PIN) and selection of bank branch from displayed list if
necessary. This proposed model is designed for the rural
farmers, semi-literate peoples. This model reduces
complexity with authentication as authentication is always
with you with high security. It also saves time, cost, and
efforts compared with card based ATMs and also saves
environmental pollution problem of excess number of plastic
cards.
Keywords: Biometric ATMs, authentication, PIN,
security, plastic cards.
I. Introduction
Need of Security
Computers have taken over virtually all of our major record
keeping functions. Recently, personal computers have made it
cost-effective to automate many office functions.
Organizations have begun to share data across wide area. This
has prompted efforts to convert principally LAN-based
protocols into WAN-friendly protocols. Frequently the
protocol of choice has been TCP/IP, interconnects with each
other via private networks as well as through public networks
companies using TCP/IP. Computerization has many
advantages with automated systems, however introduces new
risks.
support, such as telecommunications, power distribution,
national defense, law enforcement, financial services,
government services and emergency service follow the
benefits of this interconnectivity. Security is associated with
risk, threat and vulnerability. [1] [7]
II. Objective
1. To study scope of biometric authentication techniques in
ATMs.
2. To generate module which helps for simple operation of
ATMs with full proof secure authentication via
networking?
3. Providing suggestions with advantages and limitations of
proposed model.
III. Review of Literature
International references:
Customers must be convinced that the technologies provide
more benefit than the card-and-PIN system, which works well,
said John Hall, spokesman for the American Bankers
Association. The cards also serve functions beyond the ATMs,
as debit cards and as advertising for the banks. "Getting that
wallet space is important," said Bill Spence, a biometric expert
with Campbell, Calif.-based Recognition Systems Inc.
However, companies that make automated teller machines
have found budding markets for the fingerprint technology in
South America, where citizens already are accustomed to the
use of fingerprints for general identification, such as ID cards
they carry. Diebold Inc. of North Canton, Ohio, has supplied
fingerprint-capable ATMs to a bank in Chile that is using them
in a pilot project. Last year Dayton, Ohio-based NCR Corp.
installed 400 of them in Colombia. BanCafe, Colombia's fifth-
largest bank, bought the ATMs at the end of 2002 for added
security for coffee growers and to get them to open accounts.
The growers wouldn't need to carry ATM cards, which can be
a lure for thieves. "Biometrics is certainly the most secure
form of authentication," said Avivah Litan, an analyst with
Gartner Inc., a Stamford, Conn.-based technology analysis
firm. "It's the hardest to imitate and duplicate." [4]
What is Identification Authentication?
Identification is the process by which the identity of a user is
established, authentication is the process by which a service
confirms the claim of a user to use a specific identity by the
use of credentials. Biometrics are vey reliable for

ISSN No: 2250-3536 Volume 2, Issue 4, July 2012 9

 International Journal of Advanced Technology & Engineering Research (IJATER)

authentication. The difference is between a system that looks

at a hand geometry and says this is Doctor Hunk
(identification) versus a mans who says I, Doctor Hunk,
present my hand to prove who I am? . And the system
confirms this hand matches Doctor Hunks template
(authentication). Biometric authentication is feasible today. [8]
[11] [12]

What is biometric authentication?

Biometrics is biological authentications, based on some
physical characteristics of the human body. The list of
biometric authentication technologies is still growing. There
are two categories of biometric identifiers include
physiological and behavioral characteristics. Physiological
characteristics are related to the shape of the body, and include
but are not limited to: fingerprint, face recognition, DNA, palm
print, hand geometry, iris recognition (which has largely
replaced retina), and odor /scent. Behavioral characteristics
are related to the behavior of a person, including but not
limited to: typing rhythm, gait, digital signature and voice.
More traditional means of access control include token-based
identification systems, such as drivers license or passport, and
knowledge-based identification systems, such as password or
Personal Identification Number (PIN).
Now there are devices to recognize the following
biometrics: fingerprints, hand geometry (shape and size of
fingers), retina and iris (part of the eyes), voice, handwriting,
blood vessels in the finger, and face. Authentication with
biometric has advantages that is it cannot be lost, stolen,
forgotten lent or forged and is always available, always at
hand, so to speak. If we success in combining this
authentication along with password/ PIN then it becomes as
easy way to use ATMs with full proof authentication.
Biometric authentication mechanism is receiving a lot of
public attention. A biometric device is perhaps the ultimate
attempt in trying to prove who you are.
CBS
Fig. 1 Working of biometric authentication
Source: http://en.wikipedia.org/wiki/File:Biometric_system_diagram.png
V. Technical Specification:
During every authentication process there is slight variation in
matching biometric characteristic. This is because the physical
characteristics of the user may change for a number of reasons.
For instance, suppose the fingerprint of the user is captured
and used for authentication every time. The sample taken
every authentication may not be the same, because of finger
can be dirty, can have cuts, other marks or the fingers position
on the reader can be different and so on. Therefore, an exact
match of the sample need not be required. An approximate
match can be acceptable. Therefore using registration process,
multiple samples of the user biometric data are created. They
are combined and their average stored in the user database, so
that the different possibilities of the users samples during the
actual authentication can roughly map to this average sample.
[3]
Conceptual Model for ATM Banking with knowledge
based and biometric security:

IV. Working of biometric

authentication:
A biometric device works on the basis of some human
characteristics, such as fingerprint, voice or patter of line in the
iris of your eye. These devices include handprint detectors,
voice recognizers and identification patter in the retina.
Authentication with such devices uses unforgivable physical
characteristics to authenticate users. The user database
contains a sample of users biometric characteristics. During
authentication, the user is required to provide another sample
of the users biometric characteristics. This is matched with the
one in the database, and if the two samples are the same, then
the user is considered to be a valid user. Following figure
shows the working of biometric authentication process. [5] [6] [10]

Fig.2 Conceptual ATM model

ISSN No: 2250-3536 Volume 2, Issue 4, July 2012 10

 International Journal of Advanced Technology & Engineering Research (IJATER)
Fig.3 Biometric ATMs
VI. Working:
A typical biometrics authentication process involves: Firstly
the creation of the users biometric sample i.e. fingerprint
recognition (Middle finger) etc. and its storage in the user
database in respective account holders bank. (Bank does this
authorization). During the actual authentication, the user is
required to provide a sample of the same nature i.e. finger print
etc. with its Personal Identification Number (PIN) and selected
bank branch in caf centre (ATMs) then system will generate
code called virtual account identification (V-ID). This is
usually sent across in encrypted form (e.g. using SSL) through
network to the server. On the server side, the users current
sample is decrypted and compared with the one stored in the
database.
If the two samples match to the expected degree on
the particular values, the users is considered as authenticate
user and proceed further for transactions, otherwise user is
considered as invalid user and then terminates session.
VII. Drawbacks of existing Card based
ATMs
1. Persons having Debit/Credit or different cards with PIN
code is becomes owner of that account, without any other
identification of actual account holder.
2. Existing system is on card basis so it requires more time to
process cards.
3. If card is lost /stolen there is high possibility of misuse of
card.
4. If card is stolen /lost then bank requires more time to
regenerate new card also it is costly.
5. After 2/3 years or after repeated transactions card will
unable to operate, hence bank should have to provide new
card to account holder then it is expensive costly and time
consuming.
6. Excess use of plastic cards is harmful for environment.
7. If an account holder has multiple cards then it is difficult
to handle and use those cards.
VIII. Requirement and Working
Conditions:
1. ATM centre should have biometric device for biometric
authentication and PIN pad to accept PIN.
2. Authentication is required per transaction.
ISSN No: 2250-3536 Volume 2, Issue 4, July 2012
3. If users fail more than 4 times to identify himself then
make provision to block that users account for that day
for security purpose.
4. If such blocks more than 4 times (within 3 months) then
block the user account and tell him to regenerate new
authentication in their home bank.
IX. Advantages of Card Less ATMS
1. Provides strong authentication.
2. Biometric system replaces card system with physiological
characteristics.
3. Hidden costs of ATM card management like- card
personalization, delivery, management, re-issuance, help-
desk, and re-issuance can be avoided.
4. Ideal for Indian rural masses.
5. Account holder may nominate for another person which
will have valid identification for same account.
6. It is more helpful to senior citizens because it is difficult
to carry and maintain card with him.
7. Complaints regarding card such as - stolen cards,
regenerating new cards, maintaining and recording of
cards etc. will be eliminated. Thus it is helpful to bank to
reduce cost, time and efforts for card process.
8. Flexible account access allows service users to access
their accounts as per their convenience.
9. Due to biometric authentication no one is able to access
others account.
10. Users having authenticity to change their PIN code for
security purpose.
X. Limitations
1. This method is costlier requires more instrument to be
installed in ATM centers.
2. Due to biometric only account holder (except nominee)
can access account.
3. Due to multiple authentications it is time consuming at
initial stage and requires fast and efficient technology to
manage such system.
4. If service user is unable to input correct identification
within 4 chances then his/her account will be blocked
and if such block more than 4 in 3 months then his/her
account is blocked and he/she has to re-identify himself
in their home bank.
XI. Suggestions
1. Separate efficient, talent and technical staff should be
available in bank for supporting that system and for
achieving better service user satisfaction.
2. Banks should have DEMO room for demonstrating new
technologies to service users, bank staff and have video
conferencing system for live communication.
3. Bank should promote their service users for operating e-
banking services.
4. Bank may earn revenue by collecting nominal fees for
providing training regarding usage of e-banking service
to their account holders which will help banks to
generate profit and with better customer relationship.
11
 International Journal of Advanced Technology & Engineering Research (IJATER)
5. Banks should always support to their service users
regarding any problems while using e-banking services.
XII. Problems with biometric
1. Biometrics techniques are relatively new, and some
people find their use intrusive. Hand geometry,
fingerprint and face recognition (which can be done from
a camera across the room) are not quite enveloping, but
people have real concerns about peering (hard to watch)
into a laser beam or strictly a finger into a slot.
2. Biometrics recognition devices are costly, although as
the devices become more popular, their cost goes down.
3. All biometrics readers use sampling and establish a
threshold for when a match is close enough to accept.
The device has to sample the biometric, measure often
hundreds of key point, and compare that set of
measurements with a template. There is normal
variability.
4. Although equipments are improving, there are still false
reading / recognition.
5. The speed at which recognition must be done limits
accuracy.
XIII. Future ATMs
Todays ATMs operating on the basis of card system and PIN,
where as for better security biometric authentication is
growing demand. According to security experts, fingerprints
can easily be lifted and replicated. The most secure biometric
technology uses a device designed to perform an iris scan
based on more than 2,000 unique measurement points.
According to developers, people and pets all over the world
will be connected to a system that uses iris scan identification
within the next decades. In future solar power and biometric
with PIN based ATMs will be launched by banks especially in
rural areas. [13]
XIV. Conclusion
Proposed conceptual model is designed for ATM users for
various transactions like withdrawing cash, balance enquiry
etc. Point of Sales (POS) machines will also use biometric
authentication. This system requires biometric authentication
(finger print, iris recognition) which is always with user, PIN
code and selection of bank branch, which then creates virtual
account (V-ID) it helps for identification and authentication of
service user. This is card less e-banking technique for ATMs,
which reduces efforts of handling, operating and various risks
associated with cards. The same and simplified procedure will
be helpful for Internet, Mobile and POS transactions. Due to
unique method of authentication it reduces cost, time, efforts
of both banks as well as service users.
XV. References:
[1] Kahate Atul (2004), Cryptography and Network Security,
User Authentication Mechanism, pp. 303-
304, III rd Edition, McGraw-Hill Publications.
ISSN No: 2250-3536 Volume 2, Issue 4, July 2012
[2] Biometric ATMs for rural India, Chirasrota Jena,Weekly
Insight for Technology Professionals, 12,
March 2007, www. Expresscomputeronline.com, Access
date 16-Dec-2011
[3] Handbook of Biometrics. Springer. pp. 122. ISBN 978-0-
387-71040-2.
http://www.springer.com/computer/image+processing/book/97
8-1-4419-4375-0, access on 10-Dec-2011, 5.00pm
[4] International References:
http://www.rediff.com/money/2005/oct/11atm.htm, Access on
16- Dec- 2011, 11.00 am
[5] Jain, A., Hong, L., & Pankanti, S. (2000). "Biometric
Identification", Communications of the ACM, 43(2), p. 91-98.
[6] Jain, Anil K.; Ross, Arun (2008). "Introduction to
Biometrics", pp. 45-60
[7] Krause Micki, Tipton Harold F., Handbook of Information
Security Management (Imprint: Auerbach Publications)
(Publisher: CRC Press LLC), ISBN: 0849399475,
http://www.ccert.edu.cn/education/cissp/hism/ewtoc.html, data
access on 13-Dec-2011, 3.50 pm
[8] Laudon Kenneth, Traver Carol Guercio, E-Commerce
(2005), Second Edition , pp. 237-239, Pearson Education
(Singapore), Pvt. Ltd.
[9] ONeil Erin, Back to the future at your local ATM,
http://banking.about.com/od/securityandsafety/a/biometricatms
.htm, access on 16-Dec-2011 at 11.45 am
[10] Pfleeger Charles P., Pfleeger Shari Lacorence, Shah
Deven N. (2009), Security in Computing, User
Authentication, pp. 257-258, IVth Edition, Pearson
Publication.
[11] S.C. Bihari, e-Banking, When Convenience Banking can
Become Inconvenience, pp. 52-55, First Edition, Skylark
Publication, New Delhi
[12] S.C. Bihari, e-Banking, When Convenience Banking can
Become Inconvenience, pp. 85-91, First Edition, Skylark
Publication, New Delhi
[13] http://www.indianexpress.com/news/district-gets-its-first-
solar-biometric-atm/767886/, access on date 15-Dec-2011,
1.00 pm
Biographies
1. SATISH BHOSALE. Assistant Professor, MCA
Dept. VPIMSR, Sangli. Pursuing Ph.D. from Shivaji
University, Kolhapur. Specialization in E-commerce,
ERP, Software Engineering. Published and presented
research articles in more than 16 National and
International Journals and various conferences. Satish
Bhosale may be reached at stbhosale@yahoo.co.in.
2. Dr. B.S. Sawant. Director, KBPIMSR Satara.
Research guide. He had guided and awarded more
than 4 Ph.D. and 2 M.Phil. Students. He is Editor-in-
Chief of ETHOS research journal. Dr. B. S. Sawant
may be reached at drbssawant@rediffmail.com
12