Fingereye: improvising security and optimizing ATM transaction time based on iris-scan authentication

The tumultuous increase in ATM attacks using eavesdropping, shoulder-surfing, has risen great concerns. Attackers often target the authentication stage where a customer may be entering his login information on the ATM and thus use direct observation techniques by looking over the customer's shoulder to steal his passwords. Existing authentication mechanism employs the traditional password-based authentication system which fails to curb these attacks. This paper addresses this problem using the FingerEye. The FingerEye is a robust system integrated with iris-scan authentication. A customer’s profile is created at registration where the pattern in his iris is analyzed and converted into binary codes. The binary codes are then stored in the bank database and are required for verification prior to any transaction. We leverage on the iris because every user has unique eyes which do not change until death and even a blind person with iris can be authenticated too. We implemented and tested the proposed system using CIMB bank, Malaysia as case study. The FingerEye is integrated with the current infrastructure employed by the bank and as such, no extra cost was incurred. Our result demonstrates that ATM attacks become impractical. Moreover, transactions were executed faster from 6.5 seconds to 1.4 seconds.