A Proposed Anti-Fraud Authentication Approach for Mobile Banking Apps

Abstract

This paper proposes a novel user-transparent unavoidable authentication approach for mobile banking apps. It is called Mobile Device Fingerprinting-Based Identifier and Authenticator (MDFIA). The objective is to detect and prevent mobile banking fraud despite the spoofer knowing the legitimate bank customer user's credentials. MDFIA exploits mobile device fingerprinting to generate a unique 256-bit mobile device credentials hash for each user. MDFIA merges the user's credentials with the user's unique 256-bit mobile device credentials hash to distinguish a legitimate bank account owner from a spoofer. In this context, verification of a user's unique 256-bit mobile device credentials hash acts as a second authentication factor that is transparent to the user, and cannot be circumvented. Thus, through MDFIA and by exploiting a mobile device's unique 15-digit code International Mobile Equipment Identity of the Subscriber Identity Module card slot of the registered bank's customer mobile number, it is completely insufficient for a fraudulent to illegally know a victim user's credentials, and use a similar mobile device as that of the victim. However, it is essential for the fraudulent to illegally know a victim user's credentials, and additionally use the mobile device owned by the victim itself, which is practically very difficult to achieve. © 2022 IEEE.