Breaking e-banking CAPTCHAs | Zendy

Shujun Li | Zendy; Sameena Shah | Zendy; M. Asad Usman Khan | Zendy; Syed Ali Khayam | Zendy; AhmadReza Sadeghi | Zendy; Roland Schmitz | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Breaking e-banking CAPTCHAs

Author(s) -

Shujun Li,

Sameena Shah,

M. Asad Usman Khan,

Syed Ali Khayam,

AhmadReza Sadeghi,

Roland Schmitz

Publication year - 2010

Publication title -

kops (university of konstanz)

Language(s) - English

Resource type - Conference proceedings

DOI - 10.1145/1920261.1920288

Subject(s) - captcha , computer science , business , computer security

Many financial institutions have deployed CAPTCHAs to protect their e-banking systems from automated attacks. In addition to traditional CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition techniques is proposed to break all e-banking CAPTCHA schemes that we have found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by a large number of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible enhancements to these e-banking CAPTCHA schemes and show some essential difficulties of designing e-banking CAPTCHAs that are both secure and usable

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research