TEMPLATE FREE BIOMETRIC E-BANKING AUTHENTICATION - More Trustworthy or False Trail?

Tim French, Raymond Brown, Marc Conrad

Abstract

Identity management is an area that has proved challenging for many e-service providers such as e-banks. The problem is how to authenticate on-line consumers at the initial point of registration and also how to re-authenticate on-line customers each time they wish to access e-banking services. Hitherto, e-banks have adopted several different technological approaches to user authentication. These include traditional user passwords, as well as one-time passwords that necessitate the user operating a specialist device. In order to more fully conceptualise the area it is proposed that e-banks should classify the available and emerging using that we call a "Sign Based Identity Management" approach. One emergent solution is considered in more detail: namely template free biometric authentication. Our contribution suggests that the hitherto neglected area of biometric user authentication for e-banking may not only be more robust than existing whilst also meeting many of the requirements (security, usability, strong trust model, less vulnerable to replay attacks) of existing methods.

References

  1. Venkatraman, S. and Delpachitra, I. (2008) Biometrics in banking security: a case study. Journal of Information Management and Computer Security,6 (4), 415-430.
  2. Costanzo, C. (2006). Suddenly, biometric ID doesn't seem like science fiction, American Banker,
  3. Vol. 171 No. 107, pp. 6-11.
  4. Financial Crime Newsletter (2007). Special edition from the Financial Crime Sector Team
  5. Issue No.8, August 2007 Authentication and Safeguarding of Customer Identity, FSA Publications.
  6. IBM Internet Security Systems X-ForceĀ® 2008 Trend & Risk Report, Available as a PDF from: http://www935.ibm.com/services/us/iss/xforce/trendreports/xforce -2008-annual-report.pdf
  7. Wisse, P. (2006). Semiotics of Identity Management. Prima Vera Working Paper Series,
  8. University of Amsterdam, Working Paper 200602.
  9. Atah, J., Howells, G. (2009). Mapping of Information in Voice Features for use in an Efficient Template - Free Biometric Security System, International Conference on Information Security and Privacy (ISP-09), Orlando, Florida, USA.
  10. French, T. (2009). Towards an E-service Trust Framework: Trust as a Semiotic Phenomenon, PhD Thesis, School of Systems Engineering, Reading University, UK.
  11. Bacharach, M. & Gambetta, D. (1997). Trust in Signs. In: Cook, K.S. (Ed.). Trust in Society. Russell Sage Foundation. New York, 148-184, 1997.
  12. Clayton. (2005) Who'd phish from the summit of Kilimanjaro? Procs. 9th International Conference FC 2005, Roseau, The Commonwealth of Dominica, February 28-March 3rd 2005, Vol. 3570 of LCNS,91- 92, Springer-Verlag.
  13. Clayton. (2005). Insecure real-World Authentication Protocols (or why Phishing is so Profitable).Procs. 13th International Workshop on Security Protocols, Cambridge, UK.
  14. Wu, M. (2006). Fighting Phishing at the User Interface. PhD Thesis. MIT, August 2006.
  15. Stamper, R. K. Information in Business and Administrative systems. New York: Wiley, 1973.
  16. Naumann, I. (2009) (Ed.) 'Privacy and Security Risks when Authenticating on the Internet with European eID Cards', ENISA Risk Assessment Report.
  17. Chiasson, S., et al., (2008).Centered Discretization with Application to Graphical Passwords, in USENIX Usability, Psychology, and Security (UPSEC). 2008.
Download


Paper Citation


in Harvard Style

French T., Brown R. and Conrad M. (2010). TEMPLATE FREE BIOMETRIC E-BANKING AUTHENTICATION - More Trustworthy or False Trail? . In Proceedings of the Twelfth International Conference on Informatics and Semiotics in Organisations - Volume 1: ICISO, ISBN 978-989-8425-26-3, pages 111-116. DOI: 10.5220/0003267801110116


in Bibtex Style

@conference{iciso10,
author={Tim French and Raymond Brown and Marc Conrad},
title={TEMPLATE FREE BIOMETRIC E-BANKING AUTHENTICATION - More Trustworthy or False Trail?},
booktitle={Proceedings of the Twelfth International Conference on Informatics and Semiotics in Organisations - Volume 1: ICISO,},
year={2010},
pages={111-116},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003267801110116},
isbn={978-989-8425-26-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Twelfth International Conference on Informatics and Semiotics in Organisations - Volume 1: ICISO,
TI - TEMPLATE FREE BIOMETRIC E-BANKING AUTHENTICATION - More Trustworthy or False Trail?
SN - 978-989-8425-26-3
AU - French T.
AU - Brown R.
AU - Conrad M.
PY - 2010
SP - 111
EP - 116
DO - 10.5220/0003267801110116