ATM Security Using Fingerprint Biometric Identifer: An Investigative Study

The growth in electronic transactions has resulted in a greater demand for fast and accurate user identification and authentication. Access codes for buildings, banks accounts and computer systems often use personal identification numbers (PIN's) for identification and security clearances. Conventional method of identification based on possession of ID cards or exclusive knowledge like a social security number or a password are not all together reliable. An embedded fingerprint biometric authentication scheme for automated teller machine (ATM) banking systems is proposed in this paper. In this scheme, a fingerprint biometric technique is fused with the ATM for person authentication to ameliorate the security level.


INTRODUCTION
Rapid development of banking technology has changed the way banking activities are dealt with.One banking technology that has impacted positively and negatively to banking activities and transactions is the advent of automated teller machine (ATM).With an ATM, a customer is able to conduct several banking activities such as cash withdrawal, money transfer, paying phone and electricity bills beyond official hours and physical interaction with bank staff.In a nutshell, ATM provides customers a quick and convenient way to access their bank accounts and to conduct financial transactions.Personal identification number (PIN) or password is one important aspect in ATM security system.PIN or password is commonly used to secure and protect financial information of customers from unauthorized access [1].An ATM (known by other names such as automated banking machine, cashpoint, cash machine or a hole in the wall) is a mechanical system that has its roots embedded in the accounts and records of a banking institution [1]- [2].It is a computerized machine designed to dispense cash to bank customers without need of human interaction; it can transfer money between bank accounts and provide other basic financial services such as balance enquiries, mini statement, withdrawal and fast cash among others [3].
The paper is arranged as follows.Section II provided the background of ATM security and the need for biometrics.Section III introduced the related works on biometric identifiers.Section IV described the materials and methods employed to conduct the survey.Section V presented the results obtained and the discussions on the results.Section VI concluded the paper.

II. RESEARCH BACKGROUND
Crime at ATMs has become a nationwide issue that faces not only customers, but also bank operators and this financial crime case rises repeatedly in recent years [4].A lot of criminals tamper with the ATM terminal and steal customers' card details by illegal means.Once users' bank card is lost and the password is stolen, the users' account is vulnerable to attack.Traditional ATM systems authenticate generally by using a card (credit, debit, or smart) and a password or PIN which no doubt has some defects [5].The prevailing techniques of user authentication, which involves the use of either passwords and user IDs (identifiers), or identification cards and PINs (personal identification numbers), suffer from several limitations [6].Passwords and PINs can be illicitly acquired by direct covert observation.When credit and ATM cards are lost or stolen, an unauthorized user can often come up with the correct personal codes.Despite warning, many people continue to choose easily guessed PIN's and passwords -birthdays, phone numbers and social security numbers.Recent cases of identity theft have heightened the need for methods to prove that someone is truly who he/she claims to be.Biometric authentication technology may solve this problem since a person's biometric data is undeniably connected to its owner, is nontransferable and unique for every individual.The system can compare scans to records stored in a central or local database or even on a smart card.
Biometrics can be defined as a measurable physiological and behavioral characteristic that can be captured and subsequently compared with another instance at the time of verification.It is automated methods of recognizing a person based on a physiological or behavioral characteristic [7].It is a measure of an individual's unique physical or behavioral characteristics to recognize or authenticate its identity [8].Common physical biometrics characteristics include fingerprint, hand or palm geometry, retina, iris and face while popular behavioral characteristics are signature and voice.Biometrics technologies are a secure means of authentication because biometrics data are unique, cannot be shared, cannot be copied and cannot be lost.www.ijacsa.thesai.orgIII.RELATED WORKS Shaikh and Rabaiotti [9] analyzed the United Kingdom identity card scheme.Their analysis approached the scheme from the perspective of high volume public deployment and described a trade-off triangle model.They found that there is a trade-off between several characteristics, i.e., accuracy, privacy and scalability in biometric based identity management system, where emphasis on one undermines the other.
Amurthy and Redddy [6] developed an embedded fingerprint system, which is used for ATM security applications.In their system, bankers collect customers' finger prints and mobile numbers while opening accounts, then customer only access ATM machine.The working of the ATM machine is such that when a customer place a finger on the finger print module it automatically generates every time different 4-digit code as a message to the mobile of the authorized customer through GSM modem connected to the microcontroller.The code received by the customer is entered into the ATM machine by pressing the keys on the touch screen.After entering it checks whether it is a valid one or not and allows the customer further access.Das and Schouten and Jacobs [8] presented an evaluation of the Netherlands' proposed implementation of a biometric passport, largely focusing on technical aspects of specific biometric technologies (such as face and fingerprint recognition) but also making reference to international agreements and standards (such as ICAO and the EU's ''Extended Access Control'') and discussed the privacy issue in terms of traditional security concepts such as confidentiality.Debbarma [1] proposed an embedded Crypto-Biometric authentication scheme for ATM banking system.

IV. MATERIALS AND METHODS
The target population of this study was customers and staff of some commercial banks in Awka, Anambra State, South-Eastern Nigeria.The customers and students were randomly selected.The instrument used for this study was a 16-item questionnaire developed by the researchers.The items in the questionnaire were derived from extensive survey of relevant literature and oral interview.The instrument has three sections.The first section deals with participants' profile.The second section deals with participants' use and reliability of ATM.The third section deals with the reliability of fingerprint biometric characteristic.Of the 200 copies of the questionnaire administered, 163 usable copies were returned.This represented 82 percent return rate.This study was carried out over a period of four months.The items in the instrument were analyzed using descriptive statistical methods [10]- [13].The secondary sources of data were obtained from journals, the Internet and textbooks.Expert judgments were used to ascertain the validity of the items in the questionnaire.Two experts face-validated all the items in the questionnaire.The wordings of items were also checked for clarity.Two items in the questionnaire were deleted for irrelevance while three ambiguously worded items were restructured to reflect clarity.
After the corrections, the two experts found the items to be suitable for administration on the subjects.The reliability coefficient of the instrument was tested by using the Cronbach alpha which is adequate for reliability measure.The instrument yielded a reliability coefficient of 0.81.

V. RESULTS AND DISCUSSION
The summary of the results obtained is presented (Tables I -III).Table I shows the profile of participants.The range of age of participants was 20-53 years.85 males and 78 females took part in the study.Each of the participants own at least one type of bank account.This depended on the bank, the products offered and services provided by the bank.Banks in Nigeria continually churn out new products and services to have competitive advantage.This resulted to the introduction of ATM and the services it provides.
Table II shows the use and reliability of ATM.139 respondents representing some customers and staff of some banks, representing 85 percent of the population use the ATM while 15 percent of the population is yet to use the machine.This 15 percent of the population is still skeptical about using ATM because of the issues associated with it.Such issues as inability of the machine to return a customer's card after transaction which may take days to rectify, debiting a customer's account in a transaction even when the customer is not paid and cash not dispensed, and "out of service" usually displayed by the machine which most of the time is disappointing and frustrating among others.100 percent of the population is aware of one form of ATM fraud or another.Most banks in Nigeria constantly update their customers on ATM frauds and measures to be taken to avert them.89 percent of the population thinks that ATM transactions are becoming too risky this necessitated 93 percent of the population affirming that they will continue the use of ATM because of security issues associated with the machine.Hence, 100 percent of the population preferred a third authentication aside the use of ATM card and PIN and this population believed that with the infusion of biometrics characteristics to the existing ATM card and PIN, ATM security will be improved drastically.
Table III shows the reliability and popularity of fingerprint biometric character.74 percent of the population is familiar with fingerprint biometric.63 percent of the population strongly believed that with the incorporation of fingerprint to the existing ATM card and PIN, will provide a better security to the ATM.www.ijacsa.thesai.org

A. Fingerprint Biometrics
The use of fingerprints as a biometric is both the oldest mode of computer-aided, personal identification and the most prevalent in use today [14].
In the world today, fingerprint is one of the essential variables used for enforcing security and maintaining a reliable identification of any individual.Fingerprints are used as variables of security during voting, examination, operation of bank accounts among others.They are also used for controlling access to highly secured places like offices, equipment rooms, control centers and so on [15].The result of the survey conducted by the International Biometric Group (IBG) in 2004 on comparative analysis of fingerprint with other biometrics is presented in Fig. 1.
The result shows that a substantial margin exists between the uses of fingerprint for identification over other biometrics such as face, hand, iris, voice, signature and middleware [16].f.Availability of high recognition rate and speed devices that meet the needs of many applications g.The explosive growth of network and Internet transactions h.The heightened awareness of the need for ease-of-use as an essential component of reliable security.

VI. CONCLUSION
The growth in electronic transactions has resulted in a greater demand for fast and accurate user identification and authentication.Access codes for buildings, banks accounts and computer systems often use PIN's for identification and security clearances.Conventional method of identification based on possession of ID cards or exclusive knowledge like a social security number or a password are not all together reliable.ID cards can be lost, forged or misplaced; passwords can be forgotten or compromised, but ones' biometric is undeniably connected to its owner.It cannot be borrowed, stolen or easily forged.Using the proper PIN gains access, but the user of the PIN is not verified.When credit and ATM cards are lost or stolen, an unauthorized user can often come up with the correct personal codes.Despite warning, many people continue to choose easily guessed PIN's and passwords -birthdays, phone numbers and social security numbers.Recent cases of identity theft have heightened the need for methods to prove that someone is truly who he/she claims to be.Biometric authentication technology using fingerprint identifier may solve this problem since a person's biometric data is undeniably connected to its owner, is nontransferable and unique for every individual.Biometrics is not only a fascinating pattern recognition research problem but, if carefully used, could also be an enabling technology with the potential to make our society safer, reduce fraud and lead to user convenience by broadly providing the following three functionalities (a) positive identification (b) large scale identification and (c) screening.

Figure 1 .
Figure 1.Comparative survey of fingerprint with other biometricsReferences[16]-[19] adduced the following reasons to the wide use and acceptability of fingerprints for enforcing or controlling security: a. Fingerprints have a wide variation since no two people have identical prints.b.There is high degree of consistency in fingerprints.A person's fingerprints may change in scale but not in relative appearance, which is not the case in other biometrics.c.Fingerprints are left each time the finger contacts a surface.d.Availability of small and inexpensive fingerprint capture devices.e. Availability of fast computing hardware.f.Availability of high recognition rate and speed devices that meet the needs of many applications g.The explosive growth of network and Internet transactions h.The heightened awareness of the need for ease-of-use as an essential component of reliable security.