Fingereye: improvising security and optimizing ATM transaction time based on iris-scan authentication

The  tumultuous  increase  in  ATM  attacks  using  eavesdropping,  shoulder-surfing,  has  risen  great  concerns.  Attackers  often  target  the  authentication stage where a customer may be entering his login information on the ATM and  thus  use  direct  observation  techniques  by looking  over the  customer's shoulder to steal his passwords. Existing authentication mechanism employs the  traditional  password-based  authentication  system  which  fails  to  curb these attacks.  This  paper  addresses this  problem using the  FingerEye.  The FingerEye  is  a  robust  system  integrated  with  iris-scan  authentication.  A customer’s  profile  is  created  at  registration  where  the  pattern  in  his  iris  is analyzed and converted into binary codes. The binary codes are then stored in the bank database and are required for verification prior to any transaction. We leverage  on  the iris  because every  user has  unique  eyes which  do not change until death and even a blind person with iris can be authenticated too. We  implemented  and  tested  the  proposed  system  using  CIMB  bank, Malaysia  as  case  study.  The  FingerEye  is  integrated  with  the  current infrastructure employed by the bank and as such, no extra cost was incurred. Our  result  demonstrates  that  ATM  attacks  become  impractical.  Moreover, transactions were executed faster from 6.5 seconds to 1.4 seconds.