The Project File Details
Guaranteed solutions to the current transaction security challenges facing banking industries may not be possible on a large scale, if the solutions are not developed to prevent third party transaction in the used software. Thus, this research lends its voice in support of the move to develop a biometric platform for preventing third party transaction in the banking system. It is meant to use both human face and fingerprint in securing payment platform in the banking software. Hence, the study is motivated by the need to develop a payment platform that is self-secured and be able to prevent third party transaction. In carrying out this research, an in-dept analysis of the existing banking software (Finacle 10.8) used in United Bank for Africa (UBA) was carried out to ascertain its existing security features, also the existing up-to-date banking security models were reviewed in order to establish the gap filled by this research. The data for this research were collected through the use of Key Informant Interview Method (KIIM), site visit and system observation techniques. It was seen that the existing software does not prevent third party transaction and made the software to be secured for customer but not secure for people entrusted with the software (staff). Hence we proposed the used of human face and fingerprint to secure the payment platform in this software as against the use of account number. In designing the platform, the Unified Modeling language such as Use-Case, Class diagrams etc were used as the modeling tool. Similarly, the platform was developed using Object Oriented Analysis and Design Methodology (OOADM) with Rapid Unified Process (RUP) model to manage the software processes. In examining the designed architecture, the Open Group Architectural Framework and the Design Science approach were used to evaluate the architecture/design and the control mechanism framework. During the implementation of the platform, Microsoft Visual Studio 2008 was used as the Integrated Development Environment (IDE) and Microsoft SQL Server 2008 was used as the backend. Similarly, Visual C#.NET programming language was used to program the application control mechanism and ASP.NET was used to develop the application interfaces. The implementation of the software and the testing shows that the platform could secure the banking system using both human face and fingerprint biometric. This thereby makes the software to be able to prevent third party transaction. Similarly, this platform was subjected to load performance testing using Jmeter performance testing package in order to ascertain the system performance, that is, tail tolerance and scalability. The result captured from the use of the Jmeter was graphically presented using excel. The result shows that the tail tolerance of the platform build using our architecture is significantly better than its equivalent. Specifically, we established that our biometric platform is better than the current platform used in securing banking transaction and can prevent third party transaction.
Title page i
Table of contents vi
CHAPTER ONE INTRODUCTION 1
1.1 Background to the Study 1
1.2 Statement of Problem 7
1.3 Aim and Objectives of the Study 8
1.4 Justification of the Study 8
1.5 Scope and limitation of the Study 10
1.6 Research Methodology 10
1.7 Limitation of the Study 11
CHAPTER TWO LITEARTURE REVIEW 12
2.1 Preamble 12
2.2 Why Biometric 15
2.3 The Biometric Banking System 18
2.4 Multimodal Biometric System 20
2.5 Fusion in Multimodal Biometric System 22
2.6 Types of Biometric 24
2.7 Review of Various Biometric Techniques 26
2.8 Banking Security Challenges 28
2.9 Bank Frauds 29
2.10 Computer Security in Banking 31
2.11 Existing Security Models/Architectures in Banking 32
CHAPTER THREE SYSTEM ANALYSIS AND METHODOLOGY 66
3.1 Preamble 66
3.2 Data Gathering Techniques 66
3.2.1 Interview 67
3.2.2 System Observation 69
3.2.3 Strength of Interview and System observation 69
3.2.4 Weakness of Interview and System observation 70
3.3 Site Visit 70
3.3.1 Strength of Site Visit 70
3.3.2 Weakness of Site Visit 71
3.4 Analysis of the Existing System 71
3.4.1 Problems of Existing System 75
3.5 The Proposed System 81
CHAPTER FOUR SYSTEM DESIGN 84
4.1 Preamble 84
4.2 System Design Methodology 85
4.3 The Open Group Architecture Framework 86
4.4 The Design Science Approach 89
4.5 Description of the Conceptual Design of the Proposed System 91
4.6 System Architectural Design 98
4.7 Software Development Methodology 115
4.7.1 Feature Driven Development 115
4.8 Software Development Tools 117
4.9 System Design Specification 119
4.10 Database Design 121
4.11 Application Algorithm 124
4.12 Programming Languages used 127
4.12.1 Why these Languages 128
4.13 Application Dataflow Diagram and Flowchart 129
4.14 Modeling the Application using the Unified Modeling Language (UML) 134
4.14.1 Class Diagram 134
4.14.2 Sequence and Component Diagram 135
4.14.3 Activity Diagram 137
4.14.4 Information Engineering 142
CHAPTER FIVE SYSTEM IMPLEMENTATION 145
5.1 Development of Application Database 145
5.1.1 Development of the Application Database Tables 148
5.2 Development of Application Interfaces 150
5.2.1 Development of the Application Forms 153
5.3 Connecting the Application to the Database 155
5.4 Application Interfaces Control Mechanism 159
5.5 System Implementation Technique 162
5.6 System Requirements 162
5.6.1 Input/output Format Specification 162
5.7 Minimum Hardware Requirements 163
5.7.1 Server Software Requirements 163
5.7.2 Client Software Requirements 164
5.8 System Documentation 164
5.9 System Maintenance 164
5.10 System Testing/Result 165
CHAPTER SIX SOFTWARE PERFORMANCE EVELUATION 174
6.1 Preamble 174
6.2 Software Performance 174
6.3 Material and Method of Evaluation 175
CHAPTER SEVEN CONCLUSION AND RECOMMENDATION 183
7.1 Conclusion 183
7.2 Recommendations 184
7.3 Contributions to Knowledge 184
Program Listing 198
1.1 BACKGROUND OF THE STUDY
Over the years, there has been a lot of advancement in information processing. Since computers form the major tools used in processing data and manipulating information in many sector (e.g. banking sector), there is need to have adequate security for these computers. Meanwhile Michael and Herbat (2005), define computer security as the need to secure physical location, hardware and computer software from outside threats. There exist multiple layers of computer security namely- physical security, personal security, operational security, communication security, network security and information security. All these layers of computer security have received series of researchers’ attentions since the information age and a lot of improvements have been recorded on them. It is true that computer software are used to process data and store customers account details in the banking sectors. These computers need vigorous software security because any little compromise by the system, can lead to loss of large amount of money which can create problem for the banks and their customers. Banks need more intrusive security procedure in their software than many other applications (Sommerville, 2011). It is important to note that the banking sectors have been using account number, account name and customers signature for account verification and authentication. These methods of verification and authentication of bank customers has make banking operation to be very easy for the literate and highly difficult for the illiterate and have so many challenges like; poor customer data security, allowing third party transaction, and enabling transaction falsification. This is true because, people can easily copy someone account number, forge his/her signature to commit fraud on that persons account. Also many people who are not familiar with the concept of Personal Identification Number (PIN) and account number are unlikely to memorize and recognize it (Jiang and Yan, 2007), this is mainly applicable to the illiterate customers. These have made many aged people mainly the illiterate ones not to be making use of banks in carrying out their transaction. Thus, there is need for an easy to use banking system, that will be well secured, reliable, simple to access and use by everyone. In the same vein, alots have been recorded about how many people (bankers) entrusted with the banking solutions, used it to commit fraud, and the software will be unable to prevent it (Paul, 2016, Adebayo, 2016 and Anaba, 2016).
With this in mind, the banking sector have be making more efforts in introducing biometrics as a means of customers account verification and authentication. In order to improve security measures in many data-driven applications, authentication like biometric plays important roles (Rashmi, 2015). It was pointed out that “Biometrics provide very powerful tools for the problems requiring positive identification and provide enabling technology that have potential to make our society safer, reduce fraud and lead to user convenience” (Jain et.al., 2000 and Gunajit and Pranav, 2010). Compared to other security measures, application of biometric technology may provide a better method to curb online fraud, since it uses certain physical and behavioral traits that are distinctive to an individual to identify and verify the person through authentication (Shouvik et.al., 2012 and Okediran, 2014). According to Selina and Jane (2012), “Institutions offering Internet-based products and services to their customers should use effective methods to authenticate the identity of customers using those products and services”. Conventry et.al.(2003) and Amtul (2011) affirmed that fingerprint technology in particular, can provide a much more accurate and reliable user authentication method. It can help to reduce fraudulent practices in payment transaction in the banking sector.
Meanwhile, the Central Bank of Nigeria (CBN) has recently makes it mandatory for all bank customers to register their biometric information, this is to ease the identification of customer using their physiological characteristics. Biometric is the utilization of physiological characteristics to differentiate an individual. It utilize biological characteristics or behavioral features to recognize an individual. It is a new way to verify authenticity (Rupinder and Narinder, 2014). The reason biometric is gaining more attention in the banking sectors is because, its use has no need for PIN and signature.
Biometric fingerprint are unique to every human, they are generations of numerous ridges and valleys on the surface of human figure. A fingerprint is the flows of ridges patterns in tip of the human finger. Among all biometric traits, fingerprint has one of the highest levels of reliability (Conventry et.al., 2003, Keerthi et.al., 2014). In the rapid growth of information security, fingerprints are highly used to secure information system and are highly reliable. These make many researchers to be agitating for the full use of this technology in securing information in different sectors. Fingerprint has so many application like banking security, Automated Teller Machine (ATM) security, card transaction, physical access control, voting, identification of criminals as recorded by (Vidya and Aswathy, 2014). Similarly, Adeoye (2014) shows how a fingerprint can be used to control examination screening. The possibilities of using fingerprint to perform verification and authentication is determined by the pattern of ridges and furrows as well as the minute points. Catalin et.al., (2015) maintained that the idea of using biometric for bank user authentication is a new idea that need more attention. With the success of fingerprint biometric system in many fields such as conducting election, keeping attendeance register in company, used in education and many others, many researchers support the opinion of using this kind of technology in our banking services in Nigeria. Since fingerprint biometric system can accept artificial fingerprint it is therefore true that it cannot be 100 percent reliable in securing banking withdrawal transaction as claimed by Selina and Jane (2012), Akinyemi et.al. (2010), Rana and Mumtaz (2012) and Dhurgham and Mohammad (2012). Hence there is need for a multimodal biometric system for banking services. According to Ross and Jain (2006), a multibiometric system can have multiple sources of information: multi-sensor, multialgorithm, multi-instance, multi-sample and multimodal (many biometrics combined, like iris, fingerprint, facial recognition, etc.). Multiple biometric systems can be combined in order to increase the security of specific applications. In our case, using fingerprints and facial recognition will lead to an extremely enhanced authentication method. This system use more than one human physiological (face and fingerprint) feature to provide strong security during direct payment in the banking system. Thus, this research is to provide an improved methodology and framework in using biometric features for securing payment module in the banking system.
The move to the direction of multimodal is as a result of the fact that some of the limitations imposed by unimodal biometric systems can be addressed through multimodal source of information for establishing identity (Ross and Jain, 2003). Multimodal source are expectedly more reliable due to their multiple, (fairly) independent pieces of evidence (Kuncheva et.al., 2000). They also provide stringent performance requirements imposed by various applications and also address the problem of non-universality. They also deter spoofing since it would be difficult for an impostor to spoof multiple biometric traits of a genuine user simultaneously. Furthermore, they facilitate a challenge response mechanism by requesting the user to present a random subset of biometric traits thereby ensuring that a ‘live’ user is indeed present at the point of data acquisition (Ross and Jain, 2004). A generic biometric system has four important modules; namely sensor, feature extraction, matching and decision modules (Ross and Jain, 2004 and Ahuja and Chabbra, 2013).
The sensor module captures the trait (raw biometric data), while the feature extraction module processes the data to extract a feature set that is a compact representation of the trait. The main function of the matching module is to generate the matching scores based on comparison of the extracted feature set with the templates in the database by a classifier. Based on a matching score, the decision module rejects or confirms a claimed identity. Important considerations for the design of multi-modal biometric system include architecture, choice of biometric modality, total number of modalities, level of accumulation of evidences, level and methods for fusion, safety and user friendliness and cost versus the matching performances. Others are level of security and reliability, mode of operations, assigning weights to biometrics and multimodal database (Khatoon and Ghose, 2013 and Chandran and Rajesh, 2009). Challenges confronting multimodal biometric systems include failure of sensors to show consistency in various operating environments, poor design due to lack of proper understanding of biometric technologies and public confidence. Other challenges are complex and unverifiable matching algorithms, misleading results due to poor scalability and lack of standard guidelines for auditing biometric system and records (Mane and Judhav, 2013).
1.2 STATEMENT OF THE PROBLEM
Recently, the Central Bank of Nigeria (CBN) introduced the used of customer biometrics (Biometric Verification Number) in the banking sector that helped Nigerian banks in implementing secure and reliable banking system mainly at the payment or withdrawal module and the fund transfer or quick teller module. Hence, many banks have started documenting customer’s fingerprints that can help them provide secured and reliable banking services. Meanwhile, since recent discovering shows that fingerprint can be hacked and when hacked cannot be regain, it is important to use alongside with it other biometric features like facial biometric before its implementation. Hence, the need for a multimodal biometric platform in securing payment module in the banking system cannot be underestimated. Thus, the major problem at hand is how can we develop a multimodal biometric platform that will provide an improved security measures using both fingerprint and facial biometric in authenticating direct payment transaction( cash withdraw platform) in the banking software that will be easy to use while taking cognizance of system security, customer data security and reliability.
1.3 AIM AND OBJECTIVES OF THE STUDY
The main aim of this research is to design and implement a multimodal biometric platform for an improved security measures using both fingerprint and facial biometric while making payment (withdrawal) with the banking system.
Hence, the specific objectives of the study are stated as follows:
1.4 JUSTIFICATION OF THE STUDY
With the recent move by the Central Bank of Nigeria (CBN) to register customer biometric data in the banking sector, this sector has made it compulsory for all customers to have their biometric data register in their database. This is to help improve the security of these systems. Meanwhile, usernames, password, signature and PIN have been used to secure payment module in banking system in Nigeria. However, usernames, password, signature and PIN authentication is vulnerable to hacking (Vandommele, 2010 and Jung, 2014). Hence, there is need for a secured and reliable payment platform using the fingerprint biometric. Sri et.al.(2011) and Emuoyibofarhe et.al.(2011) proposed the use of fingerprint biometric for a secured and reliable payment services. This was strongly supported by Akinyemi et.al. (2010), Akazue and Efozia (2010) and Favour (2013). However, with the recent successful hacking of the Germany Defense Minister fingerprint (Zoe, 2014), it is therefore true that fingerprint biometric cannot be 100 percent reliable in securing payment module in the banking system. The possibility of the fingerprint scanner to allowing artificial fingerprint to gain access to any fingerprint biometric system has been a major setback in using this technique for securing monetary systems. Hence, there is need for a multimodal biometric payment platform in order to implement a secured and a reliable payment module in the banking software. Joseph et.al. (2015) carried out a study on how best to secure fingerprint biometric systems. They stated clearly that future researches should look at how more than one human physiological feature can be used to secure biometric system. The issues (poor system security, difficult to use system, not preventing fraud, higher system operational resources) that are central to biometric system as documented by Joseph et.al. (2015) led to the research that is being addressed in this thesis. This platform provide multi-stage of security for securing payment module in the banking system, the system prototype is highly secured and reliable when compared with the existing method used by this module (i.e account number, signature etc).
1.5 SCOPE OF THE STUDY
The banking software is very broad as such this research has only covered the direct payment module (i.e. cash withdrawal platform) of the banking software by implementing a multimodal biometric security technique suitable for this module (using both fingerprint and facial biometric) in order to enhance its security features. It also covers customer’s biometric information (mainly facial and fingerprint images) and how they can be used for securing the payment or withdrawal platform in the banking software. The study also shows that using these features, we can still carry out other transaction like transfer fund, deposit, general ledger etc.
1.6 RESEARCH METHODOLOGY
In this research, detail literature about biometric system and their application in the banking sector were reviewed. The existing banking system security models developed by different researchers were reviewed. Similarly, site visit and system observation techniques were used to gather the data needed by the banking sector in managing customer’s account details. The Key Informant Interview Method, (KIIM) was used to gather key information from bankers mainly from the ICT and control units of United Bank for Africa (UBA). Object Oriented Analysis and Design Methodology (OOADM) were used to analyze and design the system while Rapid Unified Process (RUP) model was used to manage the software processes. Similarly, the entire system was implemented using C# programming language. Visual studio was used as the system Interface Development Environment (IDE) which was also used as the test bed for the developed application and SQL Server 2008 was used to implement the database. Jmeter was used to analyze the software performance and the results recorded were presented graphically using excel package.
1.7 LIMITATION OF THE STUDY
The software developed can only process data where the original owner of an account is directly involved in the transaction. That is to say, the system cannot allow third party transaction. This therefore conditioned the system for a specific aspect of the banking transaction (mainly withdrawal transaction with direct account owner). Hence, the study is limited to withdraw module of the banking solution when the owner of the account is directly involved in the transaction. Similarly, the study is also limited to how best to secure such transactions using customer’s physiological features like fingerprint and facial features in logical access control.