A Robust Authentication Method for Electronic Banking Transactions: Two-Way Challenge-Response Approach

Authors

  • Unang Achlison University of Science and Computer Technology
  • Miftahurrohman Miftahurrohman University of Science and Computer Technology
  • Edy Siswanto University of Science and Computer Technology

DOI:

https://doi.org/10.51903/jtie.v3i2.195

Keywords:

Two-Way Challenge-Response, Electronic Transaction Security, Dynamic Authentication, Electronic Banking, Cyber Attacks

Abstract

The security of electronic banking transactions is becoming increasingly critical due to the rising threat of cyberattacks, which can result in financial and reputational damage to financial institutions. Despite the implementation of various authentication methods, vulnerabilities remain that can be exploited by attackers, particularly in the context of static passwords and tokens. This study aims to address these shortcomings by implementing the Two-Way Challenge-Response method, which offers a more robust and dynamic authentication approach. The method employed in this research involves the exchange of information between the client and server, where the challenges generated are unique to each authentication session. This process not only validates user identities but also ensures that the transmitted information cannot be predicted by third parties. The results of the study indicate that the application of this method significantly reduces the risk of attacks such as identity theft and replay attacks, while also enhancing the speed and efficiency of the authentication process. The implications of these findings suggest that the Two-Way Challenge-Response method can be an effective solution for enhancing the security of electronic banking transactions. By adopting this method, financial institutions can strengthen their security systems, increase user trust, and reduce the potential for losses due to cyberattacks. This research contributes significantly to the development of more secure authentication systems in the digital age

References

Acharya, K. (2024). Chat Application Through Client Server Management System Project. Chat Application Through Client Server Management System Project. https://doi.org/10.22541/au.172228527.74316529/v1
Addimando, F. (2023). Client-Centered Business Consulting. https://doi.org/10.1007/978-3-031-42844-9
Ahmad, A. Y. A. B., Abusaimeh, H., Rababah, A., Alqsass, M., Al-Olima, N. H., & Hamdan, M. N. (2024). Assessment of effects in advances of accounting technologies on quality financial reports in Jordanian public sector. Uncertain Supply Chain Management, 12(1), 133–142. https://doi.org/10.5267/J.USCM.2023.10.011
Ahmed, K. A. M. ; Saraya, S. F. ; Wanis, J. F. ; Ali-Eldin, A. M. T. A., Gritti, C., Chaudet, C., Ahmed, K. A. M., Saraya, S. F., Wanis, J. F., & Ali-Eldin, A. M. T. (2023). A Blockchain Self-Sovereign Identity for Open Banking Secured by the Customer’s Banking Cards. Future Internet 2023, Vol. 15, Page 208, 15(6), 208. https://doi.org/10.3390/FI15060208
Astuti, S. (2023). Customer Satisfaction Analysis Reviewed From The Perspective Of Services In Tailoring Fund Gede Tembilahan: Analisis Kepuasan Pelanggan Ditinjau Dari Perspektif Pelayanan Jasa Pada Penjahit Pondo Gede Tembilahan. Jumpe (Jurnal Manajemen Pemasaran), 1(3), 112–125. https://doi.org/10.11591/jumpe.v99i1.paperID
Barrett, D., Mazzuchi, T., & Sarkani, S. (2021). A quantitative comparison of the effects of modeling approaches on system verification using a controlled challenge problem. Requirements Engineering, 26(4), 557–580. https://doi.org/10.1007/S00766-021-00358-0/METRICS
Bodepudi, A., & Reddy, M. (2020). Cloud-Based Biometric Authentication Techniques for Secure Financial Transactions: A Review. International Journal of Information and Cybersecurity, 4(1), 1–18.
Buchory, H. A., & Ekuitas, S. (2023). GATR Journal of Finance and Banking Review Banking Profitability: How do the banking intermediary, secondary reserve, operational efficiency, and credit risk affect? Article in GATR Journal of Finance and Banking Review, 8(2), 85–96. https://doi.org/10.35609/jfbr.2023.8.2(1)
Butcher, D., Li, X., & Guo, J. (2007). Security challenge and defense in VoIP infrastructures. IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews, 37(6), 1152–1162. https://doi.org/10.1109/TSMCC.2007.905853
Deora, R. S. (2021). Brief Study of Cybercrime on the Internet. https://doi.org/10.37591/JoCES
Dr. S. BHUVANESWARI, Dr. S. C. (2023). “Banking Services of New Generation Banking in the Indian Banking Sector.” Journal of Survey in Fisheries Sciences, 10(2S), 1334–1342. https://doi.org/10.17762/SFS.V10I2S.868
Emini1, F. (2024). The primary focus is on its financial stability. Transnational Academic Journal of Economics, 1(2), 85–94. https://doi.org/10.5281/ZENODO.10884111
Farkhodjon, K., & Dsc, K. (2024). Current Analysis and Current Issues of Ensuring the Financial Stability of the Banking System in Uzbekistan. European Journal Of Business Startups And Open Society, 4(3), 169–176. https://inovatus.es/index.php/ejbsos/article/view/2681
Hasan, M. K., Ghazal, T. M., Saeed, R. A., Pandey, B., Gohel, H., Eshmawi, A. A., Abdel-Khalek, S., & Alkhassawneh, H. M. (2022). A review of security threats, vulnerabilities, and countermeasures of 5G enabled Internet-of-Medical-Things. IET Communications, 16(5), 421–432. https://doi.org/10.1049/CMU2.12301
Hasan, M. K., Weichen, Z., Safie, N., Ahmed, F. R. A., & Ghazal, T. M. (2024). A Survey on Key Agreement and Authentication Protocol for Internet of Things Application. IEEE Access, 12, 61642–61666. https://doi.org/10.1109/ACCESS.2024.3393567
Hayashi, V., & Ruggiero, W. (2020). Non-Invasive Challenge Response Authentication for Voice Transactions with Smart Home Behavior. Sensors 2020, Vol. 20, Page 6563, 20(22), 6563. https://doi.org/10.3390/S20226563
Jameaba, M.-S. (2024). Digitalization, Emerging Technologies, and Financial Stability: Challenges and Opportunities for the Indonesian Banking Sector and Beyond. SSRN Electronic Journal. https://doi.org/10.2139/SSRN.4808469
Jose Diaz Rivera, J., Muhammad, A., & Song, W. C. (2024). Securing Digital Identity in the Zero Trust Architecture: A Blockchain Approach to Privacy-Focused Multi-Factor Authentication. IEEE Open Journal of the Communications Society, 5, 2792–2814. https://doi.org/10.1109/OJCOMS.2024.3391728
Joshi, S., Stalin, S., Shukla, P. K., Shukla, P. K., Bhatt, R., Bhadoria, R. S., & Tiwari, B. (2021). Unified Authentication and Access Control for Future Mobile Communication-Based Lightweight IoT Systems Using Blockchain. Wireless Communications and Mobile Computing, 2021(1), 8621230. https://doi.org/10.1155/2021/8621230
Kizza, J. M. (2024). Authentication. 215–238. https://doi.org/10.1007/978-3-031-47549-8_10
Kokila, M., & Reddy K, S. (2025). Authentication, access control and scalability models in Internet of Things Security–A review. Cyber Security and Applications, 3, 100057. https://doi.org/10.1016/J.CSA.2024.100057
Kolyandov, S. (2021). The Rising Popularity Of Digital Transaction Platforms. Article in Trakia Journal of Sciences. https://doi.org/10.15547/tjs.2021.s.01.018
Kulkarni, A. V., & Nath, S. (2024). Human Susceptibility to Social Engineering Attacks: an innovative approach to social change. 2024 IEEE International Conference on Interdisciplinary Approaches in Technology and Management for Social Innovation, IATMSI 2024. https://doi.org/10.1109/IATMSI60426.2024.10502492
Lambi, M., & Siswani, C. B. (2024). Legal Protection For Consumers In Electronic Transactions. Eduvest - Journal of Universal Studies, 4(1), 243–252. https://doi.org/10.59188/EDUVEST.V4I1.1018
Liladhar Rane, N., Achari, A., & Choudhary, S. P. (2020). Enhancing Customer Loyalty Through Quality Of Service: Effective Strategies To Improve Customer Satisfaction, Experience, Relationship, And Engagement. Www.Irjmets.Com @International Research Journal of Modernization in Engineering, 427. https://doi.org/10.56726/IRJMETS38104
Lone, T. A., Rashid, A., Gupta, S., Gupta, S. K., Rao, D. S., Najim, M., Srivastava, A., Kumar, A., Umrao, L. S., & Singhal, A. (2020). Securing communication by attribute-based authentication in HetNet is used for medical applications. Eurasip Journal on Wireless Communications and Networking, 2020(1), 1–21. https://doi.org/10.1186/S13638-020-01759-5
Long, M. G., & Pressman, S. (2024). Postal banking and US cash transfer programs: a solution to insufficient financial infrastructure? Review of Social Economy, 82(2), 213–240. https://doi.org/10.1080/00346764.2023.2259362
Mandava, K., & Dinner, H. (2010). Two Way Mobile Authentication System. https://urn.kb.se/resolve?urn=urn:nbn:se:bth-4306
Medaduwe Hewa, L. (2024). Development of an Effective Marketing Strategy for a Language Institute: understanding customer requirements and behavior.
MMhlmann, M. (2016). Digital Trust and Peer-to-Peer Collaborative Consumption Platforms: A Mediation Analysis. SSRN Electronic Journal. https://doi.org/10.2139/SSRN.2813367
Mohsen, S., & Shaltout, A. (2023). Legal Aspects on the Use of AI in Digital Identity and Authentication in banks, its Impact on the Digital Payment Process A research for investigating the Adaptation of Open Banking Concepts in Egypt By.
Omotayo, E. O., & Efuntade, A. O. (2021). Application Programming Interface (API) And Management of Web-Based Accounting Information System (AIS): Security of Transaction Processing System, General Ledger and Financial Rep. https://doi.org/10.56201/jafm.v9.no6.2023.pg1.18
Patharia, I., & Jain, T. (2024). Antecedents of Electronic Shopping Cart Abandonment during Online Purchase Process. Business Perspectives and Research, 12(3), 400–418. https://doi.org/10.1177/22785337221148810
Queille, J. P., & Sifakis, J. (1982). Specification and verification of concurrent systems in CESAR. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 137 LNCS, 337–351. https://doi.org/10.1007/3-540-11494-7_22
Rao, P. M., & Deebak, B. D. (2023). A comprehensive survey on authentication and secure key management in internet of things: Challenges, countermeasures, and future directions. Ad Hoc Networks, 146, 103159. https://doi.org/10.1016
Safder, W. (2024). Password Security, An Analysis Of Authentication Methods.
San Martino, A., & Perramon, X. (2008). A model for securing E-banking authentication process: Antiphishing approach. Proceedings - 2008 IEEE Congress on Services, SERVICES 2008, PART 1, 251–254. https://doi.org/10.1109/SERVICES-1.2008.32
Sarkar, A., & Singh, B. K. (2020). A review on performance,security and various biometric template protection schemes for biometric authentication systems. Multimedia Tools and Applications, 79(37–38), 27721–27776. https://doi.org/10.1007/S11042-020-09197-7/METRICS
Setiawan, A., Nailul Muna, A., Arumi, E. R., & Sukmasetya, P. (2022). The Growth Electronic Commerce Technology and User Interface in Indonesia. Retrieved August 16, 2024, from https://www.researchgate.net/publication/342328542
Sihombing, L., & Dinus, H. (2024). Analysis of Business Development Strategies in Increasing Customer Trust. Journal on Economics, Management and Business Technology, 2(2), 84–92.
Sirakova-Yordanova, G. (2024). Banks Go Beyond Banking: The Expansion Towards Non-Banking Services. https://doi.org/10.2478/picbe-2024-0034
Tsai, C. H., & Su, P. C. (2021). The application of multi-server authentication scheme in internet banking transaction environments. Information Systems and E-Business Management, 19(1), 77–105. https://doi.org/10.1007/S10257-020-00481-5
Usman, M., Amin, R., Aldabbas, H., & Alouffi, B. (2022). Lightweight Challenge-Response Authentication in SDN-Based UAVs Using Elliptic Curve Cryptography. Electronics 2022, Vol. 11, Page 1026, 11(7), 1026. https://doi.org/10.3390
Wanisha, I., James, J. B., Witeno, J. S., Bakery, L. H. M., Samuel, M., & Faisal, M. (2024). Multi-Factor Authentication Using Blockchain: Enhancing Privacy, Security and Usability. International Journal of Computer Technology and Science, 1(3), 41–55. https://doi.org/10.62951/IJCTS.V1I3.24
Zarkasi, M., Hariyanto, E., Asemanis Dua, J., Tokol, L., Pamekasan, K., & Timur, J. (2024). Cash on Delivery Payment System in Online Buying and Selling Perspective of Sharia Economic Law. Jurnal Ilmiah Mizani: Wacana Hukum, Ekonomi Dan Keagamaan, 8(1), 121–132. https://doi.org/10.29300/MZN.V8I1.2704
Zewdie, M. T., Girma, A., & Sitote, T. M. (2022). A Comprehensive Review of Insider Threats and Social Engineering Attacks Detection: Challenges, Gaps, and a Deep Learning-Based Solution. https://doi.org/10.2139/SSRN.4766984
Zibaeirad, A., Koleini, F., Bi, S., Hou, T., & Wang, T. (2024). A Comprehensive Survey on the Security of Smart Grid: Challenges, Mitigations, and Future Research Opportunities. https://arxiv.org/abs/2407.07966v1

Published

2024-08-21

How to Cite

A Robust Authentication Method for Electronic Banking Transactions: Two-Way Challenge-Response Approach. (2024). Journal of Technology Informatics and Engineering, 3(2), 249-262. https://doi.org/10.51903/jtie.v3i2.195