Securing Online Banking Services against Man in the Middle Attacks by use of two Factor Authentication

Abstract

In this paper, enhanced security of online banking transactions against man in the middle is presented basing on two factor authentications by use of one time password and single password. Online banking is a system allowing individuals to perform banking activities at home via the internet. Online banking through traditional banks enable customers to perform all routine transactions, such as account transfers, balance inquiries, bill payments, Account information can be accessed anytime, day or night, and can be done from anywhere. Online transactions are considered most sensitive. Doing such online transactions via a public network consequently introduces new challenges for security and trustworthiness, They are two types of common attacks in online banking which are offline credential stealing attacks and online channel breaking attacks. This paper provide a solution to the problem encountered in online channel-breaking attacks. The intruder unnoticeably interrupts messages between the client PC and the banking server by masquerading as the server to the client and vice versa. This kind of attack is used to anonymously perform some operations on the user's account. For this purpose the current paper proposed a new approach of two factor authentication with one time password generated on two sided which are client side and server side. Qualitative methods are used for data collection. The qualitative methods can be classified in three broad categories: in-depth interview, observation methods, document review. Finally, the paper discuss and analyze how two factor authentication will enhance security of online banking services against man in the middle and provide recommendations for further security.