1

A BIOMETRIC PLATFORM FOR SECURING BANKING

TRANSACTIONS

BY

OMOGBHEMHE IZAH MIKE

MATRIC NO: AAU/SPS/FNS/CSC/PhD/13/04353

DEPARTMENT OF COMPUTER SCIENCE,

FACULTY OF PHYSICAL SCIENCES,

AMBROSE ALLI UNIVERSITY,

EKPOMA, EDO STATE.

SEPTEMBER, 2017.

2

A BIOMETRIC PLATFORM FOR SECURING BANKING

TRANSACTIONS

BY

OMOGBHEMHE IZAH MIKE

MATRIC NO: AAU/SPS/FNS/CSC/PhD/13/04353

B.Sc., M.Sc. (Ekpoma)

A THESIS IN THE DEPARTMENT OF COMPUTER SCIENCE,

SUBMITTED TO THE SCHOOL OF POSTGRADUATE STUDIES, IN

PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE

AWARD OF THE DOCTOR OF PHILOSOPHY IN COMPUTER

SCIENCE, AMBROSE ALLI UNIVERSITY EKPOMA, NIGERIA.

SEPTEMBER, 2017.

3

CERTIFICATION

This is to certify that this study was carried out by Omogbhemhe Izah Mike

in the Department of Computer Science, Ambrose Alli University, Ekpoma.

…………………………….. ……………………………….

PROF. I. B. A. MOMODU DATE

(Supervisor)

Department of Computer Science

Ambrose Alli University

………………………………. ………………………………..

PROF. I. B. A. MOMODU DATE

(Head of the Department)

Department of Computer Science

4

Ambrose Alli University

DEDICATION

This project is dedicated to God Almighty whose love, grace and mercies

kept me till today.

5

ACKNOWLEDGEMENT

I wish to express my sincere appreciation and profound gratitude to God

Almighty for his faithfulness, mercies, provision, grace and love that has helped

me to accomplish this phase of my education.

I am indeed most grateful to my supervisor, Professor I. B. A. Momodu, for

his patience, understanding, and contributions to this work.

My special thanks to Prof. F. O. Ikpotokin for his fatherly counsel and

incomparable training right from my undergraduate days.

My appreciation also goes to Prof. F. M. Okoro, Prof. C.U Onianwa and Dr.

S. E. Nnebe, for their encouragement and supports for the success of this work and

other lecturers in the Department of Computer Science that contributed to the

success of this work whose names are: Mr F.I Sadiq, Mr. E.O. Oshioribhor and

Mr. P. A. Aliga.

My appreciation goes to my parents Mr. and Mrs. Omogbhemhe for their

prayers and encouragement. I also appreciate all my brothers and sisters; John,

Emmanuel, Okoro, Friday, Ebokhasomhi, Mrs Akhaba, and Ayabimhe for their

support. My special thanks to my childhood friend in the person of Abu Peter, God

bless you.

6

I thank all my spiritual fathers who dedicated their time praying for me day

and night; Pastor John, Pastor Julius, Pastor Joseph, Pastor Omodia, and Pastor Obi

I say God bless you all.

TABLE OF CONTENTS

Title page i

Certification iii

Dedication iv

Acknowledgement v

Table of contents vi

Abstract xviii

CHAPTER ONE INTRODUCTION 1

1.1 Background to the Study 1

1.2 Statement of Problem 7

1.3 Aim and Objectives of the Study 8

1.4 Justification of the Study 8

1.5 Scope and limitation of the Study 10

1.6 Research Methodology 10

1.7 Limitation of the Study 11

7

CHAPTER TWO LITEARTURE REVIEW 12

2.1 Preamble 12

2.2 Why Biometric 15

2.3 The Biometric Banking System 18

2.4 Multimodal Biometric System 20

2.5 Fusion in Multimodal Biometric System 22

2.6 Types of Biometric 24

2.7 Review of Various Biometric Techniques 26

2.8 Banking Security Challenges 28

2.9 Bank Frauds 29

2.10 Computer Security in Banking 31

2.11 Existing Security Models/Architectures in Banking 32

CHAPTER THREE SYSTEM ANALYSIS AND METHODOLOGY 66

3.1 Preamble 66

3.2 Data Gathering Techniques 66

3.2.1 Interview 67

3.2.2 System Observation 69

3.2.3 Strength of Interview and System observation 69

3.2.4 Weakness of Interview and System observation 70

3.3 Site Visit 70

8

3.3.1 Strength of Site Visit 70

3.3.2 Weakness of Site Visit 71

3.4 Analysis of the Existing System 71

3.4.1 Problems of Existing System 75

3.5 The Proposed System 81

CHAPTER FOUR SYSTEM DESIGN 84

4.1 Preamble 84

4.2 System Design Methodology 85

4.3 The Open Group Architecture Framework 86

4.4 The Design Science Approach 89

4.5 Description of the Conceptual Design of the Proposed System 91

4.6 System Architectural Design 98

4.7 Software Development Methodology 115

4.7.1 Feature Driven Development 115

4.8 Software Development Tools 117

4.9 System Design Specification 119

4.10 Database Design 121

4.11 Application Algorithm 124

4.12 Programming Languages used 127

4.12.1 Why these Languages 128

9

4.13 Application Dataflow Diagram and Flowchart 129

4.14 Modeling the Application using the Unified Modeling Language (UML) 134

4.14.1 Class Diagram 134

4.14.2 Sequence and Component Diagram 135

4.14.3 Activity Diagram 137

4.14.4 Information Engineering 142

CHAPTER FIVE SYSTEM IMPLEMENTATION 145

5.1 Development of Application Database 145

5.1.1 Development of the Application Database Tables 148

5.2 Development of Application Interfaces 150

5.2.1 Development of the Application Forms 153

5.3 Connecting the Application to the Database 155

5.4 Application Interfaces Control Mechanism 159

5.5 System Implementation Technique 162

5.6 System Requirements 162

5.6.1 Input/output Format Specification 162

5.7 Minimum Hardware Requirements 163

5.7.1 Server Software Requirements 163

5.7.2 Client Software Requirements 164

5.8 System Documentation 164

10

5.9 System Maintenance 164

5.10 System Testing/Result 165

CHAPTER SIX SOFTWARE PERFORMANCE EVELUATION 174

6.1 Preamble 174

6.2 Software Performance 174

6.3 Material and Method of Evaluation 175

CHAPTER SEVEN CONCLUSION AND RECOMMENDATION 183

7.1 Conclusion 183

7.2 Recommendations 184

7.3 Contributions to Knowledge 184

References 185

Program Listing 198

11

LIST OF FIGURES

Figure 2.1 Digital Banking Software Security Model 38

Figure 2.2 Random Data Banking Software Model 39

Figure 2.3 Flowchart of Transaction 40

Figure 2.4 Password Based Model Source 40

Figure 2.5 Bank Adaptive Architecture 41

Figure 2.6 Class Model View of Banking Software 41

Figure 2.7 Tier Banking Solution Model 42

Figure 2.8 Search Bank Security Model 42

Figure 2.9 Online Banking Authentication Model 43

Figure 2.10 Password Based Authentication Model 43

Figure 2.11 Bank Pattern Security Model 44

Figure 2.12 Online Banking Architecture 44

Figure 2.13 Bank Transaction Model 45

Figure 2.14 Bank Software Use-Case diagram. 45

Figure 2.15 QR-Code Bank Model 46

Figure 2.16 Password Simulated Bank Model 46

Figure 2.17 Mobile Payment Security Architecture 47

Figure 2.18 Fund Transfer Model 48

Figure 2.19 IBM Banking Model 49

12

Figure 2.20 Frame of Reference for Integrated GRC 49

Figure 2.21 Internet Banking Software Security Model 50

Figure 2.22 Identity Banking Software Security Model 51

Figure 2.23 Layered Banking Software Security Model 51

Figure 2.24 Card Data Banking Software Security Model 52

Figure 2.25 Password Fraud Prevention Pillar 52

Figure 2.27 Block Bank Model 53

Figure 2.28 Secure Money Exchanging Model 54

Figure 2.29 Inference Flow Model 55

Figure 2.30 Entrust Grid Card 55

Figure 2.31 Banking Services Conceptual Framework 56

Figure 2.32 Model Driver Online Banking 56

Figure 2.33 Bank Entity Protocol Model 57

Figure 2.34 PIN Validation Model 57

Figure 2.35 System Security Model 58

Figure 2.36 Hybrid Authentication Model 58

Figure 2.37 E-Payment Gateway. 59

Figure 2.38 PayPal Security Model 59

Figure 2.39 Mobile Banking System Architecture 60

Figure 2.40 Bank Transaction Model 60

Figure 2.41 PIN Transaction Model 61

Figure 2.42 Bi-PIN Transaction Model 61

Figure 2.43 PIN/Fingerprint Transaction Model 62

Figure 2.44 Fingerprint Banking Software Security Model 62

Figure 2.45 Three Level Model Interaction 63

Finger 2.46 Database Transaction Details Model 63

Figure 2.47 Three Level Pin Security 64

13

Figure 2.48 Banking Solution Secured Bank-end 64

Figure 2.49 Banking Security Flowchart 65

Figure 2.50 PIN/Username Transaction Model 65

Figure 3.1 Conceptual Design of Existing System 79

Figure 3.2 Use-case Diagram of Existing System 80

Figure 3.3 Use-case Diagram of Proposed System 81

Figure 4.0 The Open Group Architectural Framework 89

Figure 4.1 System Conceptual Design 92

Figure 4.2 Fingerprint Matching Block Diagram 93

Figure 4.3 Face Matching Block Diagram 95

Figure 4.4 Combined Decision Flowchart 97

Figure 4.5 System Logical Design 99

Figure 4.6 Architectural Design of the System 101

Figure 4.7 Input Processing Output Architectural View of the System 102

Figure 4.8 System Framework 103

Figure 4.9 Biometric Verification Flowchart 105

Figure 4.10 Biometric Authentication Flowchart 105

Figure 4.11 File Management Flowchart 106

Figure 4.12 Data Login Flowchart 106

Figure 4.13 Database Biometric Flowchart 107

Figure 4.14 Transaction Management Flowchart 107

Figure 4.15 Database Recovery Flowchart 108

Figure 4.16 Biometric Access Flowchart 108

Figure 4.17 Record Update Flowchart 109

Figure 4.18 Record Integrity Flowchart 109

Figure 4.19 System Controls Framework 110

Figure 4.20 Dataset Flowchart 113

14

Figure 4.21 Data Adapter Flowchart 113

Figure 4.22 Object Command Flowchart 114

Figure 4.23 Object Connector Flowchart 114

Figure 4.24 Application Dataflow Diagram 130

Figure 4.25 Application Flowchart 131

Figure 4.26 User Flowchart 132

Figure 4.27 Admin Flowchart 133

Figure 4.28 Application Class Diagram 136

Figure 4.29 Withdraw Services Activity Diagram 138

Figure 4.30 System Activity Diagram 140

Figure 4.31 System Sequence Diagram 141

Figure 4.32 Component-level Design for Withdrawal Service 142

Figure 4.33 Withdrawal Services and Customer Association Diagram 143

Figure 4.34 Relation of Customer and Withdrawal Services Diagram 144

Figure 5.1 Database Server Connection 146

Figure 5.2 Database Creation Screen 147

Figure 5.3 Database Name Screen 147

Figure 5.4 Database Tables Creation Command 149

Figure 5.5 Database Tables 150

Figure 5.6 System Compiler Home Page 152

Figure 5.7 System Master Page 152

Figure 5.8 System Forms Codes 154

Figure 5.9 System Form File 155

Figure 5.10 Database Connection Tool 156

Figure 5.11 System Connection Type 156

Figure 5.12 SQL Server Connection 157

Figure 5.13 System Database 157

15

Figure 5.14 Database Connection String 158

Figure 5.15 Establishing the Application Connection String 158

Figure 5.16 Connection Testing 159

Figure 5.17 Application Button Creation 160

Figure 5.18 Sample Coding Environment 161

Figure 5.19 Sample of Application Codes 161

Figure 5.20 System Login Page 165

Figure 5.21 System Main Menu 166

Figure 5.22 New User Creation 166

Figure 5.23 Existing Staff Data Interface 167

Figure 5.24 Customer Registration Interface 167

Figure 5.25 Customer Fingerprint and Face Registration 168

Figure 5.26 Customer Database List 168

Figure 5.27 Customer Transaction Detail 169

Figure 5.28 General Ledger Form 169

Figure 5.29 Checking Customer 170

Figure 5.30 Customer Transactions 170

Figure 5.31 Biometric Authentication of Transaction 171

Figure 5.32 Face/Fingerprint Biometric Parameters 171

Figure 5.33 Successful Transaction Screen 172

Figure 5.34 Personal Ledger Interface 172

Figure 5.35 Face/Fingerprint Biometric Features Used 173

Figure 5.36 Exiting Application 173

Figure 6.1 Jmeter Screen Shot 178

Figure 6.2 Finacle/Biometric Application Minimum Response Time Graph 181

Figure 6.3 Finacle/Biometric Application Maximum Response Time Graph 182

16

LIST OF TABLES

Table 1 Customer Account Registration Table Design Layout 121

Table 2 Withdrawal Table Design Layout 122

Table 3 Payin Table Design Layout 123

Table 4 Application Staff Table Design Layout 123

Table 5 General Ledger database 124

Table 6 Result captured for Existing System 179

Table 7 Result Captured for the Biometric System 180

17

ABSTRACT

Guaranteed solutions to the current transaction security challenges facing banking

industries may not be possible on a large scale, if the solutions are not developed to

prevent third party transaction in the used software. Thus, this research lends its

voice in support of the move to develop a biometric platform for preventing third

party transaction in the banking system. It is meant to use both human face and

fingerprint in securing payment platform in the banking software. Hence, the study

is motivated by the need to develop a payment platform that is self-secured and be

able to prevent third party transaction. In carrying out this research, an in-dept

analysis of the existing banking software (Finacle 10.8) used in United Bank for

Africa (UBA) was carried out to ascertain its existing security features, also the

existing up-to-date banking security models were reviewed in order to establish the

gap filled by this research. The data for this research were collected through the

use of Key Informant Interview Method (KIIM), site visit and system observation

techniques. It was seen that the existing software does not prevent third party

transaction and made the software to be secured for customer but not secure for

people entrusted with the software (staff). Hence we proposed the used of human

face and fingerprint to secure the payment platform in this software as against the

use of account number. In designing the platform, the Unified Modeling language

such as Use-Case, Class diagrams etc were used as the modeling tool. Similarly,

the platform was developed using Object Oriented Analysis and Design

Methodology (OOADM) with Rapid Unified Process (RUP) model to manage the

software processes. In examining the designed architecture, the Open Group

Architectural Framework and the Design Science approach were used to evaluate

the architecture/design and the control mechanism framework. During the

implementation of the platform, Microsoft Visual Studio 2008 was used as the

Integrated Development Environment (IDE) and Microsoft SQL Server 2008 was

used as the backend. Similarly, Visual C#.NET programming language was used to

program the application control mechanism and ASP.NET was used to develop the

application interfaces. The implementation of the software and the testing shows

that the platform could secure the banking system using both human face and

fingerprint biometric. This thereby makes the software to be able to prevent third

18

party transaction. Similarly, this platform was subjected to load performance

testing using Jmeter performance testing package in order to ascertain the system

performance, that is, tail tolerance and scalability. The result captured from the use

of the Jmeter was graphically presented using excel. The result shows that the tail

tolerance of the platform build using our architecture is significantly better than its

equivalent. Specifically, we established that our biometric platform is better than

the current platform used in securing banking transaction and can prevent third

party transaction.

CHAPTER ONE

INTRODUCTION

1.1 BACKGROUND OF THE STUDY

Over the years, there has been a lot of advancement in information processing.

Since computers form the major tools used in processing data and manipulating

information in many sector (e.g. banking sector), there is need to have adequate

security for these computers. Meanwhile Michael and Herbat (2005), define

computer security as the need to secure physical location, hardware and computer

software from outside threats. There exist multiple layers of computer security

namely- physical security, personal security, operational security, communication

security, network security and information security. All these layers of computer

security have received series of researchers’ attentions since the information age

19

and a lot of improvements have been recorded on them. It is true that computer

software are used to process data and store customers account details in the

banking sectors. These computers need vigorous software security because any

little compromise by the system, can lead to loss of large amount of money which

can create problem for the banks and their customers. Banks need more intrusive

security procedure in their software than many other applications (Sommerville,

2011). It is important to note that the banking sectors have been using account

number, account name and customers signature for account verification and

authentication. These methods of verification and authentication of bank customers

has make banking operation to be very easy for the literate and highly difficult for

the illiterate and have so many challenges like; poor customer data security,

allowing third party transaction, and enabling transaction falsification. This is true

because, people can easily copy someone account number, forge his/her signature

to commit fraud on that persons account. Also many people who are not familiar

with the concept of Personal Identification Number (PIN) and account number are

unlikely to memorize and recognize it (Jiang and Yan, 2007), this is mainly

applicable to the illiterate customers. These have made many aged people mainly

the illiterate ones not to be making use of banks in carrying out their transaction.

Thus, there is need for an easy to use banking system, that will be well secured,

reliable, simple to access and use by everyone. In the same vein, alots have been

20

recorded about how many people (bankers) entrusted with the banking solutions,

used it to commit fraud, and the software will be unable to prevent it (Paul, 2016,

Adebayo, 2016 and Anaba, 2016).

With this in mind, the banking sector have be making more efforts in introducing

biometrics as a means of customers account verification and authentication. In

order to improve security measures in many data-driven applications,

authentication like biometric plays important roles (Rashmi, 2015). It was pointed

out that “Biometrics provide very powerful tools for the problems requiring

positive identification and provide enabling technology that have potential to make

our society safer, reduce fraud and lead to user convenience” (Jain et.al., 2000 and

Gunajit and Pranav, 2010). Compared to other security measures, application of

biometric technology may provide a better method to curb online fraud, since it

uses certain physical and behavioral traits that are distinctive to an individual to

identify and verify the person through authentication (Shouvik et.al., 2012 and

Okediran, 2014). According to Selina and Jane (2012), “Institutions offering

Internet-based products and services to their customers should use effective

methods to authenticate the identity of customers using those products and

services”. Conventry et.al.(2003) and Amtul (2011) affirmed that fingerprint

technology in particular, can provide a much more accurate and reliable user

21

authentication method. It can help to reduce fraudulent practices in payment

transaction in the banking sector.

Meanwhile, the Central Bank of Nigeria (CBN) has recently makes it mandatory

for all bank customers to register their biometric information, this is to ease the

identification of customer using their physiological characteristics. Biometric is the

utilization of physiological characteristics to differentiate an individual. It utilize

biological characteristics or behavioral features to recognize an individual. It is a

new way to verify authenticity (Rupinder and Narinder, 2014). The reason

biometric is gaining more attention in the banking sectors is because, its use has no

need for PIN and signature.

Biometric fingerprint are unique to every human, they are generations of numerous

ridges and valleys on the surface of human figure. A fingerprint is the flows of

ridges patterns in tip of the human finger. Among all biometric traits, fingerprint

has one of the highest levels of reliability (Conventry et.al., 2003, Keerthi et.al.,

2014). In the rapid growth of information security, fingerprints are highly used to

secure information system and are highly reliable. These make many researchers to

be agitating for the full use of this technology in securing information in different

sectors. Fingerprint has so many application like banking security, Automated

Teller Machine (ATM) security, card transaction, physical access control, voting,

identification of criminals as recorded by (Vidya and Aswathy, 2014). Similarly,

22

Adeoye (2014) shows how a fingerprint can be used to control examination

screening. The possibilities of using fingerprint to perform verification and

authentication is determined by the pattern of ridges and furrows as well as the

minute points. Catalin et.al., (2015) maintained that the idea of using biometric for

bank user authentication is a new idea that need more attention. With the success

of fingerprint biometric system in many fields such as conducting election, keeping

attendeance register in company, used in education and many others, many

researchers support the opinion of using this kind of technology in our banking

services in Nigeria. Since fingerprint biometric system can accept artificial

fingerprint it is therefore true that it cannot be 100 percent reliable in securing

banking withdrawal transaction as claimed by Selina and Jane (2012), Akinyemi

et.al. (2010), Rana and Mumtaz (2012) and Dhurgham and Mohammad (2012).

Hence there is need for a multimodal biometric system for banking services.

According to Ross and Jain (2006), a multibiometric system can have multiple

sources of information: multi-sensor, multialgorithm, multi-instance, multi-sample

and multimodal (many biometrics combined, like iris, fingerprint, facial

recognition, etc.). Multiple biometric systems can be combined in order to increase

the security of specific applications. In our case, using fingerprints and facial

recognition will lead to an extremely enhanced authentication method. This system

use more than one human physiological (face and fingerprint) feature to provide

23

strong security during direct payment in the banking system. Thus, this research is

to provide an improved methodology and framework in using biometric features

for securing payment module in the banking system.

The move to the direction of multimodal is as a result of the fact that some of the

limitations imposed by unimodal biometric systems can be addressed through

multimodal source of information for establishing identity (Ross and Jain, 2003).

Multimodal source are expectedly more reliable due to their multiple, (fairly)

independent pieces of evidence (Kuncheva et.al., 2000). They also provide

stringent performance requirements imposed by various applications and also

address the problem of non-universality. They also deter spoofing since it would be

difficult for an impostor to spoof multiple biometric traits of a genuine user

simultaneously. Furthermore, they facilitate a challenge response mechanism by

requesting the user to present a random subset of biometric traits thereby ensuring

that a ‘live’ user is indeed present at the point of data acquisition (Ross and Jain,

2004). A generic biometric system has four important modules; namely sensor,

feature extraction, matching and decision modules (Ross and Jain, 2004 and Ahuja

and Chabbra, 2013).

The sensor module captures the trait (raw biometric data), while the feature

extraction module processes the data to extract a feature set that is a compact

representation of the trait. The main function of the matching module is to generate

24

the matching scores based on comparison of the extracted feature set with the

templates in the database by a classifier. Based on a matching score, the decision

module rejects or confirms a claimed identity. Important considerations for the

design of multi-modal biometric system include architecture, choice of biometric

modality, total number of modalities, level of accumulation of evidences, level and

methods for fusion, safety and user friendliness and cost versus the matching

performances. Others are level of security and reliability, mode of operations,

assigning weights to biometrics and multimodal database (Khatoon and Ghose,

2013 and Chandran and Rajesh, 2009). Challenges confronting multimodal

biometric systems include failure of sensors to show consistency in various

operating environments, poor design due to lack of proper understanding of

biometric technologies and public confidence. Other challenges are complex and

unverifiable matching algorithms, misleading results due to poor scalability and

lack of standard guidelines for auditing biometric system and records (Mane and

Judhav, 2013).

1.2 STATEMENT OF THE PROBLEM

Recently, the Central Bank of Nigeria (CBN) introduced the used of customer

biometrics (Biometric Verification Number) in the banking sector that helped

Nigerian banks in implementing secure and reliable banking system mainly at the

payment or withdrawal module and the fund transfer or quick teller module.

25

Hence, many banks have started documenting customer’s fingerprints that can help

them provide secured and reliable banking services. Meanwhile, since recent

discovering shows that fingerprint can be hacked and when hacked cannot be

regain, it is important to use alongside with it other biometric features like facial

biometric before its implementation. Hence, the need for a multimodal biometric

platform in securing payment module in the banking system cannot be

underestimated. Thus, the major problem at hand is how can we develop a

multimodal biometric platform that will provide an improved security measures

using both fingerprint and facial biometric in authenticating direct payment

transaction( cash withdraw platform) in the banking software that will be easy to

use while taking cognizance of system security, customer data security and

reliability.

1.3 AIM AND OBJECTIVES OF THE STUDY

The main aim of this research is to design and implement a multimodal biometric

platform for an improved security measures using both fingerprint and facial

biometric while making payment (withdrawal) with the banking system.

Hence, the specific objectives of the study are stated as follows:

a. Develop a multimodal biometric architecture using both fingerprint and

facial biometric features for implementing a secure payment platform

(module) in the banking software.

26

b. Develop a framework that helps to understand and ease the development

process of a secure biometric payment platform (module) in the banking

software.

c. Design the functionalities of the multi modal biometric architecture.

1.4 JUSTIFICATION OF THE STUDY

With the recent move by the Central Bank of Nigeria (CBN) to register customer

biometric data in the banking sector, this sector has made it compulsory for all

customers to have their biometric data register in their database. This is to help

improve the security of these systems. Meanwhile, usernames, password, signature

and PIN have been used to secure payment module in banking system in Nigeria.

However, usernames, password, signature and PIN authentication is vulnerable to

hacking (Vandommele, 2010 and Jung, 2014). Hence, there is need for a secured

and reliable payment platform using the fingerprint biometric. Sri et.al.(2011) and

Emuoyibofarhe et.al.(2011) proposed the use of fingerprint biometric for a secured

and reliable payment services. This was strongly supported by Akinyemi et.al.

(2010), Akazue and Efozia (2010) and Favour (2013). However, with the recent

successful hacking of the Germany Defense Minister fingerprint (Zoe, 2014), it is

therefore true that fingerprint biometric cannot be 100 percent reliable in securing

payment module in the banking system. The possibility of the fingerprint scanner

to allowing artificial fingerprint to gain access to any fingerprint biometric system

27

has been a major setback in using this technique for securing monetary systems.

Hence, there is need for a multimodal biometric payment platform in order to

implement a secured and a reliable payment module in the banking software.

Joseph et.al. (2015) carried out a study on how best to secure fingerprint biometric

systems. They stated clearly that future researches should look at how more than

one human physiological feature can be used to secure biometric system. The

issues (poor system security, difficult to use system, not preventing fraud, higher

system operational resources) that are central to biometric system as documented

by Joseph et.al. (2015) led to the research that is being addressed in this thesis.

This platform provide multi-stage of security for securing payment module in the

banking system, the system prototype is highly secured and reliable when

compared with the existing method used by this module (i.e account number,

signature etc).

1.5 SCOPE OF THE STUDY

The banking software is very broad as such this research has only covered the

direct payment module (i.e. cash withdrawal platform) of the banking software by

implementing a multimodal biometric security technique suitable for this module

(using both fingerprint and facial biometric) in order to enhance its security

features. It also covers customer’s biometric information (mainly facial and

fingerprint images) and how they can be used for securing the payment or

28

withdrawal platform in the banking software. The study also shows that using these

features, we can still carry out other transaction like transfer fund, deposit, general

ledger etc.

1.6 RESEARCH METHODOLOGY

In this research, detail literature about biometric system and their application in the

banking sector were reviewed. The existing banking system security models

developed by different researchers were reviewed. Similarly, site visit and system

observation techniques were used to gather the data needed by the banking sector

in managing customer’s account details. The Key Informant Interview Method,

(KIIM) was used to gather key information from bankers mainly from the ICT and

control units of United Bank for Africa (UBA). Object Oriented Analysis and

Design Methodology (OOADM) were used to analyze and design the system while

Rapid Unified Process (RUP) model was used to manage the software processes.

Similarly, the entire system was implemented using C# programming language.

Visual studio was used as the system Interface Development Environment (IDE)

which was also used as the test bed for the developed application and SQL Server

2008 was used to implement the database. Jmeter was used to analyze the software

performance and the results recorded were presented graphically using excel

package.

1.7 LIMITATION OF THE STUDY

29

The software developed can only process data where the original owner of an account

is directly involved in the transaction. That is to say, the system cannot allow third

party transaction. This therefore conditioned the system for a specific aspect of the

banking transaction (mainly withdrawal transaction with direct account owner).

Hence, the study is limited to withdraw module of the banking solution when the

owner of the account is directly involved in the transaction. Similarly, the study is also

limited to how best to secure such transactions using customer’s physiological

features like fingerprint and facial features in logical access control.

CHAPTER TWO

LITERATURE REVIEW

2.1 Preamble

Money is the medium of exchange for making payment, settlement of debt and

other business obligations. Meanwhile before the introduction of money, trade by

barter which is the system of exchanging goods for goods and services for services

was the medium of payment before two parties. The introduction of money has

help to eliminate the problems associated with the barter history (Taiwo et.al.,

2011). Money has served as the only medium of payment for a very long time. In

the course of time, new and interesting system has been introduced. Such a

progression is the introduction of electronic payment system that can be found

everywhere today in Nigeria banks. Electronic transaction is a new industry which

30

allows people to interact with their banking account via the internet from virtually

anywhere in the world (Sri and Smt, 2011). According to Rashmi (2015), e-

transaction refers to the automated process of exchanging monetary values among

parties in business transaction and transmitting the value over the electronic

medium. In Mukherjee and Nath (2003), it was stated that e-transaction system can

be grouped under four major category namely online card payment, online

electronic cash, electronic check and smart card based electronic payment system.

Knowing fully well that every electronic means of transaction is faced with a lot of

security challenges, the electronic payment system is not an exemption, this call

for the need of strong security in this kind of system. Thus any electronic

transaction system must be able to guarantee strong security, privacy, integrity,

compatibility, efficiency, convenience, mobility and low financial risk among

others which are the characteristics of biometric system (Biometrika, 2011). In

Rashmi (2015), it was stated that identity theft has been one of the major and most

prominent problem in banking system. Hence, the need for strong security platform

for this system cannot be under estimated.

Introducing e-banking system, the Central Bank of Nigeria (CBN) rolled out the

methodologies of moving Nigeria from a cash based economy to a cashless

economy through the cash-lite policy by introducing several e-payment systems.

CBN noted that the aim is to reduce the use of physical cash in the Nigeria

31

economy and encouraging electronic based transaction. However, with Nigeria

gradually eliminating the long existing cash based economy through e-payment

system, cyber criminals are taking advantages of the poor security nature of this

system in sabotaging the country’s effort and aim to use the technology for

financial fraud. Some of the major problems of this system are recorded by

Marketplace (2011), Fajfar (2004), Drygojio (2011) and Ayo and Ukpera (2010).

Similarly, those that are authorized in using the system for transaction cannot be

left out for using such system for fraud. Meanwhile many financial analysts have

warned these institutions to work out modalities and methodologies in providing

strong security for e-banking systems. In Shah (2012), Ahmad and Mahmood

(2013), it was added that the inadequate security potentials in e-banking system

lead to financial lost in these systems. All this can be solved by introducing

biometric as a medium of accessing e-banking services. Biometric fingerprint are

unique to every human. They are generations of numerous ridges and valleys on

the surface of human figure. A finger print is the flows of ridges patterns in tip of

the finger. Among all biometric traits, fingerprint has one of the highest levels of

reliability (Keerthi et.al., 2014). Meanwhile biometric is the utilization of

physiological characteristics to differentiate an individual. It utilizes biological

characteristics or behavioral features to recognize an individual. It is the science of

authentication by measuring the person physiological or behavioural features

32

(Adeoye, 2014). Biometrics measures physiological or behavioural characteristics

that allow variable identification and some well-known of these biometric (a good

example is the iris) are used for forensic identification today (Guruprasad and

Sandeep, 2015).

Biometric is a new way to verify authenticity in many transaction systems

(Ruppinder and Naringer, 2014). Biometric has been used in area like examination

screening (Adeoye, 2014), electronic voting (Olowookere and Awode, 2014), to

mention a few. Due to the success recorded in these areas, there is need to

implement such in banking system. Password and card pin are no more enough to

authenticate holder identity but biometric measures seems appropriate and secured

(Vandommele, 2010 and Jung ho, 2014).

2.2 WHY BIOMETRICS?

While theoretically a powerful tool, commonly used PINs and passwords for e-

banking authentication are in practice, a cognitive burden for users who have to

remember multiple passwords and PINs which often leads to security risks where

users choose memorable words or dates of birth, use the same password and often

ignore advice for creating a secure password (Gunson et.al., 2011). A secure,

functional and effective alternative is the use of biometrics to verify and

authenticate a user remotely. Biometrics, described as “the science of recognising

an individual based on his or her physical or behavioural traits” (Jain et.al., 2006),

33

range from the use of physical features including voiceprints, fingerprints and iris

recognition, to behavioural features including gait and handwriting recognition.

Biometrics are inherently difficult to copy, share and distribute; difficult to forge;

cannot be lost or forgotten because the individual has to be physically present. As

such, biometric systems are considered more reliable than the established password

based authentication systems and are the logical and arguably inevitable future of

secure authentication.

Despite this, widespread implementation remains limited and research in Europe

and the USA has identified the importance of understanding usability and

accessibility criteria as critical to addressing this limited expansion of biometrics in

different commercial application environments (Gunson et.al., 2011). Although not

yet commonplace, biometrics themselves have reached a certain level of maturity,

where developments in biometric sensors (smaller, cheaper, more ergonomic)

means they are increasingly found in IT devices such as PCs, PDAs and flash

drives and are being applied in contexts driven by government initiatives such as

air travel and immigration/border control. Studies have already shown that

usability and acceptance of e-services secured by biometric technology are affected

by the context of use and application environments (Byun and Byun, 2015).

However, biometrics research within different contexts is still in its infancy and

while biometrics offer a wide range of opportunities they are currently mainly

34

driven by government initiatives centred on border control applications and

national ID programmes.

In one widely reported instance, the Iris Recognition Immigration System costing

over £9 million, introduced in the UK to speed up airport passport control

processing queues, failed to deliver on efficiency improvements and led to the

“quiet” scrapping of the whole system in February 2012 (Jung, 2014). Biometric

technology has already been identified as potentially playing a major role in

protecting banking assets and safeguarding the e-banking environment (Ross and

Jain, 2006). Biometric ATMs have already been successfully implemented and

widely used around the world. However the lacklustre uptake of biometrics in

banking ATMs, in Western Europe in particular, has been attributed to a dearth of

commercial incentive. But as more of our everyday devices are linked to

biometrics – for instance voice recognition on mobile devices (e.g. iPhone’s SIRI),

fingerprint recognition on laptops and flash drives, face recognition on

smartphones – customers will increasingly demand such devices to enhance

security of their bank accounts which are currently reliant on easily cracked

passwords and “clunky three-factor authentications with a one-time password

generator” (Skinner, 2012).

Since biometric technology can effectively address security concerns in e-banking,

both technically and behaviourally, the proposed solution was developed to

35

demonstrate operational features of biometric-banking to potential users to gauge

their response to it by using Brooke’s (1996) modified System Usability Scale

(SUS). SUS was developed as part of the usability engineering programme in

integrated office systems development at Digital Equipment Co. Ltd., Reading,

United Kingdom and this case study is to evaluate its application to the biometric

interface to online banking discussed in more detail.

2.3 The Biometric Banking System

According to Dilip and Yeonseung (2008), the main priority of every bank is to

provide a safe and secure environment for their clients to perform online banking

transactions. Based on the security policy of each bank the main considerations of

framing a security policy are accountable, confidentiality, availability, integrity

and non-repudiation are the primary concerns. Therefore the banks implement the

access controls based on the concerns mentioned above by making use of physical

devices such as the support access cards, and other automated monitoring system

which has the ability to accept and deny the usage of any particular object in the

system. To date, there has been no commercialised development of biometric

banking services. The biometric banking system proposed here, was developed and

based on the use of biometric fingerprint and facial recognition hardware and

software used to authenticate each individual user based on public/private key

36

encryption protocols. In a test of different biometric technologies; fingerprint,

facial, voice and signature verification, users found fingerprint biometrics to be

most easy to use and was considered the most secure of the modalities and was

most preferred among others. Interestingly, fingerprint biometrics were found by

users to have the most impact on privacy, and evoked a higher degree of

confidence than voice or signature recognition. (Toledano et.al., 2006). Thus

fingerprint recognition biometrics are used in this system. Banks traditionally play

a critical role in securing financial transactions through provision of technical

infrastructures such as encryption, authentication and firewalls, which impact

consumer trust in the institutions’ technology. Consequently, we include the bank

in the process of authentication in the biometric banking system and expect this to

impact user trust and improve the system performance in service delivery. In this

kind of system, users would first physically visit the bank to register their

fingerprints in a secure manner. A fingerprint reading device would be provided to

the user with their user’s unique fingerprint information and embedded secured

facial biometric. To access their bank account details, they would insert the device

in a PC USB port and place their finger on the scanning device to authenticate

themselves. Once authentication is established, the device will launch a web

browser on the PC that cannot accept any Uniform Resource Locator (URL) input.

Using a browser that cannot accept URLs will prevent any potential tampering

37

with web addresses that may redirect the Internet connection to a different address.

The key that is securely stored on the device will then establish a secured

connection with the correct bank (using a built-in URL belonging to the bank). The

key will logon the authenticated user. Users can freely access their accounts and

carry out transactions by authenticating with the facial biometric, until the users

log out. If the wrong fingerprint or facial biometric is used a number of times

determined by the bank, then the key will lock itself and users will need to go back

to the bank for re-validation.

The benefits of using this approach include (a) less data vulnerability: as there is

no communication with the PC before the user is authenticated, (b) improved data

security: upon user identification, there will be no access to usernames and

passwords, (c) ease of access: no input from the user is needed apart from their

fingerprint, (d) limited virus/malware damage: the browser is stored in the

hardware with no write access to it thus viruses, worms, etc. cannot be injected,

and (e) reduced phishing impact: because no user data input is needed, harvesting

information becomes ineffective.

2.4 MULTI MODAL BIOMETRIC SYSTEM

Multi modal biometric systems utilize more than one physiological or behavioural

characteristic for enrolment, verification or identification. The reason to combine

different modalities is to improve recognition rate and system security. The aim of

38

multi biometrics is to reduce one or more of the following while increasing high

security:

False accept rate (FAR)

False reject rate (FRR)

Failure to enroll rate (FTE)

Susceptibility to artefacts

Multi modal biometric systems take input from single or multiple sensors

measuring two or more different modalities of biometric characteristics. For

example a system with fingerprint and face recognition would be considered

“multimodal” even if the “OR” rule was being applied, allowing users to be

verified using either of the modalities (Feng, 2004).

2.4.1 Multi algorithmic biometric systems

Multi algorithmic biometric systems take a single sample from a single sensor and

process that sample with two or more different algorithms.

2.4.2 Multi-instance biometric systems

Multi-instance biometric systems use one sensor or possibly more sensors to

capture samples of two or more different instances of the same biometric

characteristics. Example is capturing images from multiple fingers.

2.4.3 Multi-sensorial biometric systems

39

Multi-sensorial biometric systems sample the same instance of a biometric trait

with two or more distinctly different sensors. Processing of the multiple samples

can be done with one algorithm or combination of algorithms. Example face

recognition application could use both a visible light camera and an infrared

camera coupled with specific frequency.

2.5 FUSION IN MULTIMODAL BIOMETRIC SYSTEMS

A Mechanism that can combine the classification results from each biometric

channel is called as biometric fusion. Multimodal biometric fusion combines

measurements from different biometric traits to enhance the strengths. Fusion at

matching score, rank and decision level has been extensively studied in the

literature. Various levels of fusion are: Sensor level, feature level, matching score

level and decision level.

i. Sensor level Fusion: We combine the biometric traits taken from different

sensors to form a composite biometric trait and process.

ii. Feature level Fusion: Signal coming from different biometric channels are

first pre-processed, and Feature vectors are extracted separately, using

specific algorithm and we combine these vectors to form a composite feature

vector. This is useful in classification.

40

iii. Matching score level fusion: Rather than combining the feature vector, we

process them separately and individual matching score is found, then

depending on the accuracy of each biometric matching score which will be

used for classification.

iv. Decision level fusion: Each modality is first pre-classified independently.

Multimodal biometric system can implement any of these fusion strategies

or combination of them to improve the performance of the system.

Biometric technologies should be considered and evaluated giving full

consideration to the following characteristics:

i. Universality: Every person should have the characteristic. People who are

mute or without a fingerprint will need to be accommodated in some way.

ii. Uniqueness: Generally, no two people have identical characteristics.

However, identical twins are hard to distinguish.

iii. Permanence: The characteristics should not vary with time. A person's face,

for example, may change with age.

iv. Collectability: The characteristics must be easily collectible and measurable.

v. Performance: The method must deliver accurate results under varied

environmental circumstances.

vi. Acceptability: The general public must accept the sample collection routines.

Nonintrusive methods are more acceptable.

41

vii. Circumvention: The technology should be difficult to deceive.

2.6 TYPES OF BIOMETRICS:

There are two types of biometrics: behavioural and physical.

Physical Biometrics:

a. Fingerprint - Analyzing fingertip patterns.

b. Facial Recognition - Measuring facial characteristics.

c. Hand Geometry - Measuring the shape of the hand.

d. Iris recognition - Analyzing features of colour ring of the eye.

e. Vascular Patterns - Analyzing vein patterns.

f. Retinal Scan - Analyzing blood vessels in the eye.

Behavioural Biometrics:

a. Speaker Recognition - Analyzing vocal behaviour.

b. Signature- Analyzing signature dynamics.

c. Keystroke - Measuring the time spacing of typed words

42

2.6.1 Applicability of Biometrics in Banking for Authentication

Utilizing biometrics for internet banking is becoming convenient and considerably

more accurate than current methods (such as the utilization of passwords or PINs).

This is because biometrics prevent a ituation hereby a password or token may be

used by someone other than the authorized user and is convenient (nothing to carry

or remember), accurate (it provides for positive authentication), can provide an

audit trail and is becoming socially acceptable and inexpensive.

2.6.2 Advantages of Using Biometric in Banking Systems

Using biometrics for identifying human beings in banking offers some unique

advantages given as follows:

a. Biometrics can be used to identify you as you.

b. Tokens, such as smart cards, magnetic stripe cards, photo ID cards, physical

keys and so forth, can be lost, stolen, duplicated, or left at home.

c. Passwords can be forgotten, shared, or observed. Moreover, today's fast-

paced electronic world means people are asked to remember a multitude of

passwords and personal identification numbers (PINs) for computer

accounts, bank ATMs, e-mail accounts, wireless phones, web sites and so

forth.

d. Biometrics holds the promise of fast, easy-to-use, accurate, reliable, and less

expensive authentication for a variety of applications.

43

e. Another key aspect is how "user-friendly" a system is. The process should

be quick and easy, such as having a picture taken by a video camera,

speaking into a microphone, or touching a fingerprint scanner.

f. As biometric technologies mature and come into wide-scale commercial use,

dealing with multiple levels of authentication or multiple instances of

authentication will become less of a burden for users.

2.7 Review of Various Biometric Techniques

There exist many biometric techniques, among them are fingerprint, iris, Lips,

facial and voice recognition. These few ones are discussed in this research because

of their popularity and easy adaptability features by the users.

Facial Recognition

This is the use of facial features to verify an individual from a digital image or

video system. It involves evaluating selected facial features from the image

captured and compares it with the one in the database to ascertain whether the

person is legitimate or not. The advantage of this technique is that they can

perform massive identification which other biometric can’t perform (Rabia et.al.,

2009). The technique doesn’t require any direct contact with the person in order to

verify his/her identity. However the disadvantages associated with this technique is

44

that it does not work effectively with bad/poor weather. It is a costly technique

when compare with the finger print technique.

Fingerprint

Every human being has some uniqueness in their fingerprint because of the

numerous ridges and valley on the surface of the finger. Fingerprint feature

extraction and matching approach relies on the fact that the uniqueness of

fingerprint can be determined by detecting prominent singular point known as

minutiae. It is therefore possible to use this as a means of authenticating

transaction in the banking system. The advantage is that they are largely universal.

Only 2% of the world population cannot use fingerprint due to skin damage

(Davies, 2009), it is very easy to use and the operation requirements are less

expensive. Hence, it will be suitable for authenticating banking transaction.

However, fingerprint scanner can be cheated with artificial fingerprint thus there is

need for multimodal biometric features to authenticate users if high security is

needed.

Iris

This is one of the biometric authentication techniques with very low false

acceptance. Once taken, it is compare with the one in the database. It offers one of

the secured strategies of authentication and recognition. Everybody has different

and independent iris texture, this make it possible to use it as a means of

45

identification. One of the advantage of this technique is the easy recognition of

fake iris (e.g. when the person wear colour contact) and it has a very low

processing time. One of it disadvantages is that it perform poorly at a distance

because of it small nature (Penny, 2000). Also, iris scanners are expensive (Rabia

et.al., 2009).

Voice Recognition

Voice recognition is a technology through which sound, phrases and word voice by

human beings are transformed into electrical signals and these signals are

converted into code design. This kind of technology can be used by people with

damage skin for identification. It fit everybody and does not require much training

to operate it. However this technique may make mistake if there is noise and

disturbance and is very expensive to implement.

Lip identification

Human lip can be used to identify a particular person. It originated from felony and

forensic process (Rabia et.al.,2009). Lips form and colour can be used to recognize

human identity. One advantage is that lips attributes are usually distinct from every

person, thus can serve as a means of identification. Similarly, sizes of lip are small,

thus, can easily be process with a computer program. One demerit is that a smile

by the person can cause difficulties in identifying the person.

2.8 BANKING SECURITY CHALLENGES

46

System security has been a major concern of every ground breaking technology

like the banking system. The introduction of banking system has come with its

security challenges. According to Masocha (2010), these ranges from technology

adoption, financial limitation, limited internet access, cultural barriers etc. Security

has been rated as the most important issues in banking services (Auta, 2010).

Angelatopoulos (2011) noted that security has a great concern for the adoption of

banking services. Hence, understanding these challenges in more detail provides a

road map of adopting them. Shah et.al.(2012) noted that the inadequacy of security

potentials leads to financial loss in every system. Thus its relevance in the study of

payment module in banking system cannot be under estimated. In banking, fraud is

a major contributory factor to the term security and need to be managed closely.

Giles (2010) noted that banking system offer most if not all incentives for fraud.

Hence, there is need for robust fraud prevention and system security

methodologies such as using biometric measures. Meanwhile financial institutions

suffer losses through crimes in online banking, cheques, card frauds among others.

Developing strategies will help to address the risk of customers losing confidence

in banking services. However, despite the fact that the banking system has been

faced with a lot of challenges, there is no doubt that there has been a lot of success

in fraud detection and control around the world using these systems which includes

47

detecting staff irregularities, protecting customer’s information, providing check

and balances at the end of daily transactions (Chang, 2011).

2.9 BANKING FRAUDS

Wisegeek (2013) define fraud to wrongful or criminal deception that result in

financial or personal gains. In banking, fraud is the use of deliberate

misrepresentation in order to fraudulently obtain money or other assets from a

bank. Benjamin and Samson (2011) noted the type of fraud that is commonly

experience by financial institutions. Aransiola (2011) noted that collaborating with

security agents and bank official are also form of fraud encountered in our

financial institutions. Similarly phishing is one of the mechanisms that fraudsters

use to obtain customers personal details leading to the use for fraudulent activities.

Meanwhile, phishing challenges result in financial institutions loosing thousands of

assets to criminals. Thus, there is need for biometrics to help checkmate such

activities (Amtul, 2011). It was noted by Vandommele (2010) that conventional

method of authentication via usernames and passwords are no longer sufficient,

biometric technology has been identified as one of the potential technology of

improving banking security (Akinyemi, 2010). Many researchers have proved that

biometric security measures can help decrease banking frauds. Hence Murdock and

Anderson (2010) emphasized that authentication in payment module banking

solution need to be technologically and economically viable if full potentials of the

48

system must be achieved. Similarly, because of the kind system prevention or

authentication measures used by most banking systems, customers have

vulnerability to fraud (Choplin, 2011) and transparency and security knowledge

and awareness also contributed to this menace (Koskosas, 2011, Akindele, 2011).

In dealing with the security challenges of using banking, Ahmad and Mahmood

(2013) summarized the factors along with their sources affecting banking security

under strategic, managerial, operational and technical factors. Their work will help

to have a quick understanding about the factors affecting effective payment system

in banking solution.

2.10 COMPUTER SECURITY IN BANKING

Over the years, a variety of computer system technologies is provided to customers

by banking industry (Chan and Lu, 2004, Lai and Li, 2005, Sachan and Ali, 2006

and Wresch and Fraser, 2006). Previous research outcomes has shown that

computer security self-efficacy plays a leading role in defining and using computer

related applications and technologies ( Brown et.al., 2010, Dennis et.al., 2003, Lee

et.al., 2005). In Tendelkur (2013), a suspected cyber attack brought down system

and computers at some of Korea’s major banks and broadcasters and that affected

the local equity market which declined by 1.0%.

Electronic banking system users still face the security risks with unauthorized

access into their banking accounts via identity theft. Identity theft is one of the

49

fastest growing crimes in which a criminal obtains key pieces of personal

information or person’s identity in order to use for personal gain or in some way

that involves fraud or deception (Zakaria, 2013, Gercke, 2011 and Harry, 2002). A

similar fraud type involves the use of individual’s credit card or corresponding data

for payment of goods and services while the owner of the card and the issuer of the

card are unaware (Simic, 2005). According to Raghavan & Parthiban (2014), there

are a number of e-fraud types witnessed in the banking sector like ATM fraud,

cyber money laundering and credit card fraud and in general all the fraud types are

executed with the ultimate goal of gaining access to user’s bank account. Dzomira

(2014) noted that electronic fraud is classified into two categories namely direct

fraud (e.g. money laundering, employee embezzlement) and indirect fraud (e.g.

malware, phishing, identity theft). All these call for improved banking systems

security.

2.11 EXISTING TRANSACTION SECURITY MODELS IN BANKING

SYSTEM

Over the years, electronic banking development has improved the efficiency of

banking sector. This has drastically reduced the resources and time spent in

carrying out financial transaction in this sector. The evidence of this is that, today,

long queues in banking hall has drastically reduced and their operation efficiency

has been improved. However, the emergence of electronic banking brings security

50

issues and necessity in implementing high security measures for bank users

(Joseph et al., 2015). Friday et.al. (2012) claimed that wide range application of

poor information technology software has also led to emerging threat and attack

mainly in the form of computer crimes. It is important to note that as more people

are exposed to information super-highway, private information security is

indispensible in the area of improving banking transactions. Matthew et.al. (2012)

stated that most of the defense on e-banking attack has been reactive. Laorto et.al.

(2011) stated that existing banking security model focuses on fraud identification

instead of fraud prevention. This shows that many of these models allow fraud to

be committed before taking action of detecting the fraud, the knowledge of this has

made many researchers in providing different models for improved security in

electronic banking transaction.

Laerte et.al. (2011) developed a banking security model. This model as shown in

Figure 2.1 uses password to secure transaction within the system. Mahadevi and

Sukumar (2015) also developed a banking security model (see Figure 2.2) that uses

username and password to secure the system transaction. The model presented by

Nayer (2013) uses username and password to secure transaction. This model is as

shown in Figure 2.3. Nadeem (2014) developed a banking security model (see

Figure 2.4). The model uses username and password to secure banking transaction.

Melappwre et.al. (2012) developed a model for preventing fraud using password

51

and searching of existing relations of the password. This model is as shown in

Figure 2.5. Meanwhile, Figure 2.6 shows the model developed by Shafeeq and

Vipin (2012). This model uses username and password to secure transaction.

Figure 2.7 shows the model developed by Daniel (2003) that uses username and

password to secure banking transaction. Beatriz (2012) developed a similar model

(see Figure 2.8) that uses password to secure banking transaction. The model

developed by Bogdan (2014) is as shown in Figure 2.9. This model uses username

and password to secure banking transaction. Gregory (2006) developed a banking

security model (see Figure 2.10) that uses password to secure banking transaction.

Similarly, Maciappane and Prasanna (2013) developed a model (see Figure 2.11)

that uses username as system pattern security to secure transaction .The model was

presented by them in form of class diagram. Kamyer (2012) developed a banking

system model that uses username and password to secure transaction. The model is

as shown in Figure 2.12. The model in Figure 2.13 was developed by Mahmood

(2012) in securing banking transaction using username and password. Ane(2011)

developed a banking transaction application model (that uses username and

password) in the form of use-case diagram (see Figure 2.14). Jaideep et.al. (2013)

developed a banking security model (see Figure 2.15) that uses username to

authenticate any transaction in cryptographic hashing. Mohammed (2011)

developed a model (see Figure 2.16) for banking transaction that uses password to

52

authenticate any transaction. A similar model was presented by Temitope (2009).

The model (see Figure 2.17) uses password to secure its transaction. In addition,

Ebubeogu (2015) developed a banking transaction model (see Figure 2.18). The

model uses password to secure transaction within the system. The banking system

model presented by IBM (2011) is as shown in Figure 2.19. This model also uses

password and username to secure transaction. In the same vein, Nicolas et.al.

(2014) developed a banking system model (see Figure 2.20) that uses username

and password to secure transactions. Hence, in all the above researches and their

respective banking software models, username and password were used to secure

transaction. Consequently, the use of username and password that can be

compromised poses serious limitations in these models to achieving better

transactions security in the banking system.

In addition, Adegiga et.al. (2011) developed a banking transaction model that uses

Personal Identification Number (PIN) to secure transaction. This model is as

shown in Figure 2.21. A banking transaction model was also developed by Khaled

(2015), the model (see Figure 2.22) uses smart card PIN to secure banking

transaction. Kritiger and Von Solm (2012) developed a banking transaction model

(see Figure 2.23) that uses security code given to user to secure transaction. PIN

and card number and the parameters used to secure banking transaction in the

model (see Figure 2.24) presented by Shewangu (2015). In Larte et.al. (2013), PIN

53

and username were used as the parameter suitable for securing banking transaction

in their model, see Figure 2.25. Prabonk (2011) developed a banking security

model in the form of block diagram. The model (see Figure 2.26) uses password

and PIN to access the transaction menu. In the model presented by Rana (2012),

PIN and saved data are the paramenters needed to perform transaction. This model

is as shown in Figure 2.27. Majid (2010) developed a model (see Figure 2.28) that

uses PIN and password to secure banking transactions. Rodrigo et.al. (2015)

presented a model for securing banking transactions using keyword PIN. The

model is as shown in Figure 2.29. Entrust (2005) developed a model (see Figure

2.30) that uses Grid card number to authenticate any transaction in the banking

system. Similarly, Qureshi and Khan (2008) developed a banking security model

that uses PIN to secure transaction. The model presented by them is as shown in

Figure 2.31. Avomrmicului and Brestelean (2012) developed a model (see Figure

2.32) that uses PIN to secure the banking transaction. Figure 2.33 shows the model

developed by Houssam et.al. (2014). This model uses PIN in securing banking

transaction. Ayo and Ukpera(2010) developed a model that uses PIN in three-

stage-level to secure banking transaction. This model is as shown on Figure 2.34.

Jiang and Yang (2007) developed a model (see Figure 2.35) that secure banking

transaction using PIN. The model (see Figure 2.36) developed by Sandeep et.al.

(2011) uses phone number and PIN in securing banking transactions. Ailya et.al.

54

(2014) developed a model (see Figure 2.37) that uses PIN in securing transaction

in two-level-state. Figure 2.38 shows the model presented by Ranjit et.al. (2016)

that uses PIN in securing banking transaction. Narendiran et.al. (2008) presented a

model (see Figure 2.39) that uses PIN in securing transactions. Similarly, Anthony

(2014) developed a model (see Figure 2.40) that uses PIN in securing transactions.

The model presented by Mukherjee and Nath (2003), uses PIN and password to

secure transactions. This model is as shown in Figure 2.41. Mathew and Simon

(2007) developed a model (see Figure 2.42) for securing banking transactions

using PIN and password. In the above mentioned models, PIN was used in

securing transactions. The fact that PIN can also be compromised render these

models unsafe for providing better security to banking software.

Similarly, Emeka (2014) developed a transaction security model that uses

fingerprint and PIN in securing transaction. This model is as shown in Figure 2.43.

Adegboyega (2015) developed a model for banking transaction. The model (see

Figure 2.44) uses fingerprint and password to securing transactions. Maknahiv

(2015) developed a model (see Figure 2.45) for securing banking transaction using

PIN and staff image. The model (see Figure 2.46) that uses multiple database

server with PIN in securing transaction was developed by Falaye (2013). Vivek

et.al. (2014) developed a model that uses text based questions to authenticate

special transactions in the banking system. This model is as shown in Figure 2.47.

55

The model developed by Costantin and Catalin (2008) uses PIN and image in

securing banking transaction, this model is as shown in Figure 2.48. The model

shown in Figure 2.49 was presented by Hameed (2014) for securing banking

transactions using PIN and image. Taiwo et.al. (2011) also developed a banking

transaction security model (see Figure 2.50) that uses PIN and image in securing

transaction.

Meanwhile, the parameters used in the aforementioned models can be hacked and

compromised, further researches is therefore required. Hence, in this research, we

used fingerprint and facial recognition parameters in developing the banking

transaction security model.

CAPITCH

A

Positive

Identification

Device

identificatio

n one-time

password

Digital

certificate

One-time

Password

Card Browse

Profession Virtual

Keyboar

d

56

Figure 2.1: Digital Banking Software Security Model Source: (Laerte et.al 2011)

Login

Read user ID

Fetch user profile

Show image

Detect mouse

position

Register

Get user ID

Select sound

signature

Select tolerate

level

Select image

user profile

Want more

image

Mouse

position OK

Play sound signature

Play random sound

Prepare login vector

No

No

Yes

Yes

57

Start

Registration and

Authentication

Define Rule by

Verified

Perform Transaction

Finish

Figure 2.3: Flowchart of Transaction. Source:

Nayer et.al. (2013).

Start

User

authentication

IP

address

charged

Contro

l Block

Generate

Access

Yes No

Figure 2.2: Random Data Banking Software Model. Source: Mahadevi and Sukamar (2015)

58

User

User

Password

Sub

system

Modulo

Authenticate

Engine Perform

Transaction

Client

operation

Figure 2.5: Bank Adaptive Architecture. Source: Melappare et.al.(2012).

Transaction

software

Bank Transaction

User Authenticate

59

User Interface Login

Domain Layer

Technical Layer

Figure 2.7: Tier Banking Solution Model. Source: Daniel (2003).

Identification

Search

Exist

No

Yes

Use

Subscription

60

Figure 2.8: Search Bank Security Model. Source: Beatriz (2012).

Service Service Service Admin

Service

Virtual

Machine

Virtual

Machine

Virtualization

Network Computer Storage

devices

Enable

Figure 2.9: Online Banking Authentication Model. Source: Bogdan (2014).

Solution Solution

Password Password

61

Figure 2.10: Password Based Authentication Model. Source: Gregory (2006).

Figure 2.11: Bank Pattern Security Model. Source: Maciappane and Prasanna (2013).

Customer

+ name

+ id

+ type

+ pay ()

Request

+ request type

+ id

Get request ()

Transaction

+ name

+ id

+ amount

Get request ()

Pass request ()

Branch Manager

Name

Amount

Zonal Manger

Name

Amount

Head Office

Name

Amount

Customer

APP

Application

Server

62

Client

Connection

Application

Login

Forget

password

Server

TSP

Account

Information

Other Menu

Figure 2.13: Bank Transaction Model. Source: Mahmood (2012).

Create Account

Create Signature

Create Transaction

Log

63

User Side

User I

User

Data

User

Secreat

Cryptographic

Hash

Server Side

User Table

User

Data

User

Secreat

Cryptographic

Hash

Equal

OK/NOT

Code

Figure 2.15: QR-Code Bank Model. Source: Jaideep et.al. (2013).

Client

Chanel

Front End

Chanel

Bank End

Chanel

Internet

Password

64

Mobile Device

Issuer

Certificate Authorization

Point of sale

Acquire

Password Authorization

Figure 2.17: Mobile Payment Security Architecture. Source: Temitope et. al. (2009).

65

Login

Enter Password

Perform

Transaction

Transfer Fund

Enter Amount

Transfer

Successful

Layout

66

Figure 2.20 Frame of Reference for Integrated GRC. Source: Nicolas et al (2010).

Figure 2.18: Fund Transfer Model. Source: Ebubeogu (2015).

Figure 2.19: IBM Banking Model. Source: IBM (2011).

67

Figure 2.21. Internet Banking Software Security Model. Source: Adegiga et.al (2011)

Neural network

Detector

User

Interface/Pin

Transaction

Bank

68

Figure 2.22 Identity Banking Software Security Model. Source: Khaled (2015)

Private key generator

Master

public key Master

Private key

BANK A

Use bank ID to

generate key

Sign and send

message

Cloud computing

storage

Obtaining master

Receive Bank A

Encrypt and send

Role-played

Government

-

-

-

-

-

-

-

Banks

Establish Africa

security

Create security

registration

Facilitate

security

Implementation

Monitoring &

reporting

Na

tura

l B

ot

for

cy

ber

sec

uri

ty

Inte

ract

ion

al

Bo

t fo

r cy

ber

sec

uri

ty

Cyb

er s

ervic

es

BOT CYBER

Figure 2.23. Layered Banking Software Security Model. Source: Kritiger and Von Solm et.al (2012)

69

Figure 2.24: Card Data Banking Software Security Model. Source: Shewangu

(2015)

Reg

istr

ati

on

Tea

chin

g

Gover

nm

ent

Ed

uca

tion

Ris

k m

an

agem

ent

Credit card

Phishing

Credit card

Hacker

Fraudster

Counterfeiting

Retrieving

Credentials

Victim

BA

NK

Online

Login with

PIN

Withdra

w

Withdra

w

Security Policy

Connecting All Bank

Enabling Payment

Figure 2.25: Password Fraud Prevention Pillar. Source: Prabonk (2011).

Developing Security Tracking

70

Figure 2.27 Block Bank Model. Source: Rana (2012).

End call

into Bank

Block

Access

Successful

Read Data

Compared to

saved data

Perform all

transaction

YES

YES

NO

End

71

Figure 2.28: Secure Money Exchanging Model. Source: Majid et al (2010).

Receive

message

Start

Buyer lock up

message

Send accept

message

Receive cost

Accept

message

Send buyer lock

up message

Receive Accepting

Message

Send Cost

Do Distributed

Transaction

Terminator

72

Username

Figure 2.30: Entrust Grid Card. Source: Entrust (2005).

Password

Identify card

SM

Storage

devices

Figure 2.29 Inference Flow Model. Source: Rodrigo et al (2015).

Identify

Keywords

Embedded

file hashes

Same

developer

Malware Hash

Message

Recipient

Downloader

URL £B

Link relevant

data

Shared

resources

YES

NO

73

Figure 2.31: Banking Services Conceptual Framework. Source: Qureshi and Khan (2008).

Banking Services

Access to account

Control account

Usage account

Awareness

Interest

Adoption

Satisfaction

Commitment

Services

Recommend

Login

Interrogation

Transactions

Modification

Layout

Information

Transaction

Figure 2.32: Model Driver Online Banking. Source: Avomrnicului and Bresfelean (2012).

74

Figure 2.33: Bank Entity Protocol Model. Source: Houssam et al (2014).

Certificate Authority

PIN

Merchant

Payment

Gateway

Inter Bank

Network

Issuer

Bank

SEPT Protocol

Figure 2.34: PIN Validation Model. Source: Ayo and Ukpera (2010)

FAISE

Login

Validate

Password

Generate

Random

Number

Store

Validation

Enable

Transaction

Deny

Transaction

75

CARD

Issuer

Business

Bank

Authentication by PIN

Certification

User

Business

Authentication A

uth

enti

cati

on

Authentication by PIN

Figure 2.35: System Security Model. Source: Jiang and Yang (2007).

Authentication

Figure 2.36: Hybrid Authentication Model. Source: Sandeep. et al (2011).

Sever

Data Gatherer

Authentication Decider

Mobile Phone

User

HMM Model

Detection

76

Figure 2.37. E-Payment Gateway. Source. Ailya et.al (2014)

Figure 2.38. PayPal Security Model. Source: Ranjit et.al. (2016)

77

Figure 2.39: Mobile Banking System Architecture. Source: Narendiran et.al (2008)

Figure 2.40: Bank Transaction Model. Source: Anthony (2014).

Start

PIN

Correct?

Successful

Services

Authenticate

Enable

transaction

NO

YES

NO

End

YES

78

Figure 2.41: PIN Transaction Model. Source: Mukherjee and Nath (2003).

Identification

Password

Exist

END

No

Yes

Use

PIN

Enable Transaction

Transaction

End

Transaction

software

Bank Transaction

PIN PIN

USER Perform Transaction

Figure 2.42: Bi-PIN Transaction Model. Source: Mathhew and Simon (2007)

79

User Interface

Client

Encryption

Fingerprint PIN

Banking server

Banking server

Network

Module

Server Slide

Figure 2.43: PIN/Fingerprint Transaction Model. Source: Emeka (2014)

ONLIN

E

STORE

Existing

Fingerprint

Recent cap

time finger

print

Verification

domain

Store

program

PIN/Finger

print

Computer

User

BANK

Figure 2.44: Fingerprint Banking Software Security Model. Source: Adegboyega (2015)

80

User interface

Image PIN

Client

Encryption

Kerberos server

Internet banking

server

Figure 2.45: Three Level Model Interaction. Source: Maknahiv (2015)

Finger 2.46. Database Transaction Details Model. Source: Falaye (2013).

Control Sever

View Account

Detail User

Perform

Transaction Sign

out

81

Figure 2.47: Three Level Pin Security. Source: Vivek et.al. (2014).

User

Text Based

Authentication

Image base

Authentication

Email

Authentication

Login to

System

Figure 2.48: Banking Solution Secured Bank-end. Source: Constantin and Catalin (2008).

Banking

Application

Back-end

connector

Application Server

Business Services

Back-end

message

Business Service

Government

Bank core

application

82

Figure 2.49: Banking Security Flowchart. Source: Hameed (2014)

Open System

Main Screen

YES

Lock Close

Key

Picture

Valid?

Lock and Key

Code by SMS

Figure 2.50: PIN/Username Transaction Model. Source: Taiwo et al (2011)

Start

Authentication

PIN

Correct?

Error Username

Correct?

END

Exit

No

Yes No

Transaction

YES

83

CHAPTER THREE

SYSTEM ANALYSIS AND METHODOLOGY

3.1 Preamble

This chapter discusses the data gathering techniques used in this study and the

methodology used in analyzing the existing system of authenticating banking

transaction. Meanwhile, in analyzing the existing system, Object Oriented Analysis

methodology (OOAM) was used. The object-oriented approach to software analysis

focuses on real-world objects. It is based on the premise that there exists a

fundamental human limitation to manage more objects or concepts at one time. This

methodology is used to analyse the existing system being the best method that can

visit all the modules of the existing system from scratch.

3.2 Data Gathering Techniques

For any existing system to be understood, facts about the system must be compiled.

The exact input operations and output of the system must be determined. There are

many techniques used for data gathering in any research which are: Interview,

Questionnaires, Observation, System Study, etc. However, during the process of

gathering data for this system interview, site visit and system observation techniques

were used.

84

3.2.1 Interview

Interview is a formal meetings or conversation with someone designed to elicit

information about the operation of an existing system as a requirements for the

proposed system. It is a formal meeting where the analyst can obtain information

about the operation of the present system and requirement of any planned replacement

(Chiemeke and Egbokhare, 2006). This technique was used to gather data for this

research. In an interview with the control unit officer of the United Bank for Africa

(UBA), first-hand information about transaction authentication in the existing system

were collected. The Key Informant Interview Method (KIIM) was used to conduct the

interview with two control unit officers and two ICT officers of UBA.

KIIM can be defined as a discussion with someone knowledgeable about a

problem, or its possible solution (Cooper and Schindler, 2003). KIIM are semi-

structured interview, as such, they are flexible in nature, and do not require a

standard set of questions, in order to be included in the interview guide. In this

form of interview, the interview guide consists of a list of themes, and these

themes largely guide the questions asked. However, questions vary from

respondent to respondent.

According to Cooper and Schindler (2003), this method of interviewing is used to

discuss a subject with a knowledgeable person: the `key informant'.

Hochschild(2009), Marshall and Rosman (2011), and Tansey (2007) shed light on

85

some of the advantages of KIIM. These advantages are outlined below. The

interviewer has the opportunity to triangulate information among interviewees

without revealing the names of any other respondents. Key informant is more

capable of providing a general view of a particular subject. The interviewees are

able to provide valuable information, as a result of their respective positions. With

KIIM, the interviewer has the opportunity to probe a topic in depth, in order to gain

more insight and understanding on a particular subject. The subject in this case is

securing banking transaction using human biometric. Thus, the chosen key

informant should be knowledgeable on the subjects of banking transaction with

biometric. Marshall and Rossman (2011) define key informant as someone who is

influential, prominent and well- informed about a particular area in the research

study. Hochschild (2009) further maintains that the person's position is also a

contributing factor when considering key informant. Smith (2006) argues that

researchers define the term key informant in a manner that is subjective to the

relevant respondents. By contrast, this research will not seek a new definition for

the term key informant; it will merely adopt the definition provided by Marshall

and Rossman (2011).

Owing to the nature of key informant, gaining access can be a challenge (Mikecz,

2012). However, in the case of this research, access was gained comparatively

easily. Contrary to Conti and O'Neil (2007), who recommend the use of formal

86

letters, followed by phone calls to make contact with key informant, emails were

used. This decision was influenced by the electronic nature of the modern day. As

such, using emails to contact the key informant proved to work well, as they

provided prompt responses. In this study, the key informant where chosen, based

on their line of work, experience and knowledge in the field of banking transaction,

security, and particularly in the aspect of applying biometric for securing

transaction in the banking sector.

3.2.2 System Observation

System observation is one of the most effective data collection techniques for

obtaining important details about a system. It is a fact finding techniques were the

researcher participates in or watches a person performing activities on a system to

learn about the system (Chiemeke and Egbokhare, 2006). It was used in this research

to support the interview technique to gather system information.

3.2.3 Strength of Interview and System Observation

i. Interview gives the analyst an opportunity to motivate the interviewee to

respond freely and openly to questions

ii. Interview allows analyst to probe for more feedback from the interviewee.

iii. Data gathering by observation can be highly reliable

iv. Through observation the system analyst will be able to see exactly what is being

done.

87

3.2.4 Weakness of Interview and System Observation

i. Interview is time consuming and therefore it is a costly fact finding approach.

ii. The analyst human relational skills play a great role in the success of interview

technique.

iii. Some tasks may not always be performing in the manner in which they are

observed by the system analyst.

iv. Some system activities may take place at odd times, causing a scheduling

inconvenience for the system analyst.

3.3 Site Visits

The main objective of site visit is to examine the existing system closely and

record the activities of the system (Vivian, 2009). This was carried out by visiting

the UBA head office at UBA House, 57, Marina, Lagos, Nigeria. In the process,

we watched the activities of different cashiers and control officers that authenticate

transaction and we recorded the data used to authenticate transaction like account

number, names, date, signature, teller number, username and password. We

compared these data with the ones collected during KIIM. The comparison, shows

that the data provided by the key informant about the existing system agreed with

what we saw when we visited the site at UBA head office.

3.3.1 Strength of Site Visits

i. The process of recording facts from site visits is highly reliable.

88

ii. Site visits take place to clear doubts and check the validity of the data collected

using other technique.

iii. Site visit is inexpensive when compared to other fact finding techniques.

iv. In this technique, we will be able to see the processes at first hand.

v. The systems analyst can easily understand the complex processes with site visit.

3.3.2 Weakness of Site Visits

i. People usually feel uncomfortable when being watched; they may unwillingly

perform their work differently when being observed.

ii. Due to interruptions in the task being observed, the information that is collected

may be inaccurate.

iii. Site visits are done during a specific period and during that period; complexities

existing in the system may not be experienced.

iv. There may be scheduling problems for the systems analysts when the activities

take place during odd hours.

v. Sometimes, people may be more careful to adopt the exact procedure which

they do not typically follow.

3.4 Analysis of the Existing System

The existing system used by UBA banks is the Finacle Banking Core Solution

version 10.8 software. It is used for all transactions and daily running of their

businesses. Before now they used Flexqube software, upgraded to Finacle 7.0

89

version and later this year upgraded to Finacle 10.8 version. All these upgrade are

as a result of the current version having a higher security measures than the earlier.

The major transaction menu in Financial Banking core solution 10.8 version are:

1. Help Account Current Information (HACLI) use for account Enquiring

2. Help Transaction Maintenance (HTM) use for transaction maintenance

3. Help Account Financial System Maintenance (HAFSM) use for account

financial maintenance

4. Help Maintenance System Order Information Report (HMSOIRP) use for

maintenance report

5. Help Account Current Ledger (HACL) use for accounting information

6. Automatic Teller Machine (ATM) used for ATM transaction etc.

The software enables only one operation at a time. It has an account inquiry menu

that enables account information to be viewed and the system is programmed to

centrally record all transactions and all fraudulent activities. Similarly, the system

has a module called the Transaction Menu (TM) and is used for transmitting debit

and credit transactions to customer’s account. The system also has Account

Financial System Maintenance (AFSM) menu which is a software device menu

installed to disallowed unauthorized members of the organization to view account,

expect they are under the following restriction which may be due to;

a. Dormancy: Account under one year six months not operated

90

b. Freezed/frozen: Due to fraudulent activities

c. Account inactive: Six months of operations

d. Memo pad: Exercising due check

e. Fraud Alert: Fraudulent dealing

f. Red alert respectively (investigation)

g. PND: Post No Debit

In the same vain, Help Maintenance System Order Report (HMSOR) is a module

in the software that can be use to view transaction histories by way of download

the statement of accounts. This module does not allow transactions on account

numbers that has discrepancies with the name of account and transaction back

dates, post dates and pre dates cannot be adjusted by the staff. In a nutshell, every

adjustment is centrally controlled and managed at the head office. Similarly, the

system has an ATM menu that take care of all ATM transactions. As a part of

security devices the software displaces alert/ information on the screen when a card

is wrongly used.

Consequently, the objective of the software is to enable UBA staff to manage

customer’s information with their daily banking transactions, and to protect their

information thereby providing security to the financial details, and manipulations

using the software. With this, the software prompt staffs to enter his/her

authenticating information (username and password) before the full menu to

91

process the customer’s data are being displayed. After a successful authentication

by staff of the organization or any other authorized user, he/she will have full

privilege to manipulate any account information provided. To further portrait this,

when a customer of the bank submit his/her teller for withdraw, the staff collect the

slip and attend to the transaction at the software level before full update of his/her

information. Looking at the entire system of operation in this bank, it is clear that

the software does not provide authentication privilege to the customer for their

transaction.

Basically, the existing process of banking allow customers to fill a teller with

name, signatures and account number, this is used by the staff to authenticate that

the holder of a particular teller is the valid owner of the very account information

that appear on the teller and it will further be used for checking or auditing of the

customer’s account transaction details. After the customer has presented a valid

teller, it needs no authentication from the software (Financle 10.8) level. This

shows that it is the staffs that verify the customer and authenticate his/her

transaction but not the software. Hence, the Financle software only authenticates

the staff for using the system but not the customers. This give staff full privilege to

using this software to commit frauds.

Truly, the objectives were partially met in the sense that, the system can

display the transaction details of a particular account number with ease before

92

manipulation is enabled in the account, which in the actual sense make the process

faster and accurate. On the contrary, there are some problems confronting the

software potentials to meeting the security needs in the banking sector. In addition

to our findings from the ICT unit and control unit of the bank, there exist a lot of

problems in the existing system up till now.

3.4.1 Problems of the Existing System

1. Poor Software Security Method: Till date, the Finacle 10.8 banking software

which is the highest version released in 2015 uses username and password to

authenticate users. To use the system, the software prompts users to enter his/her

username and password for verification of the authenticity of the user. Meanwhile

in this research, we have been intimated with the problems associated with the use

of username and password as a method of securing system. This is security

challenges and dangers in using username and password in securing a system. To

further portrait our point let look at a scenario like this.

Assuming a particular staff of the same bank copy the username and the password

of his/her colleague and use it to open and carry out transactions on the software,

the software will record that transaction on account of the rightful owner of that

username and password but not knowing that its was used by another staff to

commit fraud. This shows that using username and password is dangerous which

93

require an urgent attention. In addition, the username and password can be stolen,

it is therefore not efficient in protecting banking software.

2. Software Inability to Prevent Staff from Financial Fraud. The Finacle 10.8

software cannot prevent staff of the organization from committing financial fraud

with it. After the staff successfully login to the system, the staff can manipulate

customer information as he/she wishes without the software preventing such

transaction/manipulation. To further portrait our point, lets look at a scenario like

this.

Assuming a staff successfully login to the software with his/her valid username

and password and he/she wished to withdraw money from customer account. The

system, will enable the transaction without knowing that it is a fraud from the staff.

Since the software lack the ability to prevent staff from committing fraud with it, it

is therefore not efficient in protecting fraudulent transaction on customer’s

account.

3.Lack of Customer Information Privacy:- The current software is such that, any

time, a particular customer wishes to make withdraw from the bank, he/she must

fill the withdrawer slip with his/her detail account information like account name,

number, signature and submit it to the bank staff for processes. These teller are

been deposited in a box which anybody can have access to. It is true, that without

this activity the customer cannot withdraw from his/her account, in fact, no

94

banking staff will attend to you. To further portrait our point, let us look at a

scenario like this.

Assuming a customer fill a teller for withdrawal or application for a

transaction with the bank, with all his/her account details, after the processes, a

copy of the withdraw slip is deposited in a box. This gives room for other persons

to have access to the account details of such customer. This shows that there is no

customer account information privacy.

4. Lack of Customer-to-Software Transaction Authentication: The current

banking software (Finacle 10.8) lacks the software capabilities to providing

customer-to-software authentication. This is to say, any transaction submitted by

the customer to the staff for processes, cannot be authenticated by the customer

before final transaction is enable by the software. With this not in place, poses a

serious challenge, in allowing the staff to commit fraud with the software. This

further shows that the software does not have the facilities to allow or not allow an

authentication of a particular transaction by imposture.

5. Fraud Detection not Prevention

The analysis we carried out on the current software (Finacle 10.8) shows that it can

only detect fraud when at the end of the day, week, or month, there is no balance in

the transaction made over such period. When such occur, the bank audit unit will

carry out their operation in order to trace the fraud and from whose desk it was

95

committed. However, the current software, lack the ability to prevent such fraud

from occurring. Hence we can boldly say we have a fraud detecting software but

not fraud preventing software. As such, if our system must attain full customers

information security in the banking sector, we must implement a software that

prevent and detect fraud and not a software that only detect fraud.

Meanwhile, the current software used (Finacle 10.8) is a web-enabled application

usually developed with a server-side technology such as Active Server Pages

(ASP), ASP.Net and so on. The graphical description of the current system using

Asp.Net technology is as shown in Figure 3.1. The sub modules in the system are:

a. Per User Client: This is used to access the operations of the entire system. It

is used to provide the transaction request at a particular point in time. The

ASP.NET is the technology behind the sub module.

b. Business Logic: This is the sub module that holds the entire logic of the

system. It carries out the processes required by the client on the system

database.

c. Database: This is where the entire data for all transaction is stored and can

be requested from for further processes.

96

Figure 3.1 Conceptual Diagram of Existing Software

Similarly, the use case diagram of the existing software is as shown in Figure 3.2.

The Sub modules in this use case diagram are:

a. Authentication: This is the sub module that enables the bank staff to get

access to the banking services provided by the platform. Using this sub

module requires entering of the username and password in order to validate

if such information have the priviledge to use this platform.

b. Create Account: This sub module enable customer account information to be

register in the system database. It’s help to create account for a new

customer.

c. Withdraw: This module is used to process withdrawal transaction data. It is

used to access customer account/financial information and perform update

on the information based on the customer’s request

d. Payment: This module is used to update customer’s account if the customer

makes new payment or deposit to the account.

Username & password =>

For authentication

Database

Request/Response

Perusers on client

Business

Login

Client

Requet

97

e. Check: This is the module that is used to access the up to date account

information of a particular customer.

f. Database: This is the module that holds all the data needed for all

transaction.

It is important to note that all these modules were implemented in the business

logic of the system discussed in the conceptual diagram.

Figure 3.2: User-case Diagram of Existing Software

In the same vain, the use case diagram of the proposed system is as shown in

Figure 3.3

Admin Staff

Create Account

Withdrawal

Pay into Account

Check Account

Authentication

Database

98

Figure. 3.3. Use-Case Diagram of the Proposed System

3.5 The Proposed System

As a result of the problems highlighted above, we need a new and better system

that can address the highlighted problems. The proposed system provide better

security method to banking transaction by using human biometric before granting

access to the customers information. The proposed system also have a method that

enable customers to authenticate transaction before full update on customers

account is granted by the software. Hence the proposed system help to address the

problems of the existing system in this order:

1. Improve Software Security Method: The proposed system used facial and

finger print biometric to provide security to the software. These biometric

Staff Admin

Create

Withdrawal

Pay into Account

Check Account

Authentication

Biometric Database

99

will completely replace the username and password or account numbers,

signatures and account names currently in used till today.

2. Security Measures to Prevent Fraud from Staff: The major problem with

most of the existing software today is that people entrusted with the system,

that is, people that have the privilege to use the system, use it to commit

fraud and the system cannot prevent such from happening. Therefore we

need a better system that will help to prevent fraud from people entrusted

with the system. The proposed system can do this, through, the use of human

biometrics. The system have security features that enable a customer to

authenticate any transaction on his/her account details before the software

can effect such transaction on direct payment.

3. Provision of High Privacy to Customer Information: The proposed

system used only human biometric to access the customers data from the

software. Thus, the customer can walk to the banking hall, go straight to a

cashier, perform his/her transaction (withdrawal). Since transaction can be

made with human biometric, the customer’s information may not be expose

to others for future security breaches. Thus, the proposed system provide

high data security.

4. Enable Customer-to-Software Transaction Authentication: The

proposed system have a mechanism that enable customer to authenticate any

100

transaction on his/her account details at the software level, before the

software can validate the transaction. The existing system do not allow

customer to authenticate any transaction, people entrusted with the system

can manipulate customers information without the customers knowledge and

the system will allow such fraud. However, with the proposed system,

transaction can only be completed when there is an agreement between the

customer’s biometric data at the time of the transaction and the biometric

data captured during the opening of the account. As such, a staff cannot

authenticate any transaction without valid biometric parameter.

5. Fraud Prevention and not Detection Software: The existing software only

detect fraud that has been committed by people entrusted with the system.

However, the proposed software do not detect fraud only but prevent fraud,

since the valid owners of the account must be present at the time of such

transaction and authenticate the transaction with his/his biometric.

6. Use Multimodal Biometric as Security Method: The proposed system

enable authentication on customer account using both facial and fingerprint

biometric features. Thus, when one does not have agreement with another

the entire transaction will not be enabled by the system. Hence, to enable

valid and complete transaction both the customer’s facial and fingerprint

biometric must correspond to the ones in the database.

101

CHAPTER FOUR

SYSTEM DESIGN

4.1 Preamble

In this chapter a short overview is given of the system design, system modelling,

architectural framework used its characteristics, methods and architectural views.

This is meant to provide a basic understanding and familiarity with the general

concepts included within the models used later to develop the architecture. In

developing the system architecture the Open Group Architecture Framework is

used (as a good architectural framework for developing enterprise application as

suggested by Ana, 2011) and therefore a short description is included to clarify the

general scope and approach within this framework. Similarly, the approach used in

producing and evaluating the system design is the design science approach that is

also described in this chapter.

Meanwhile, software design is a description of the structure of the software to be

implemented, the data models and structures used by the system, the interfaces

between system components and, sometimes, the algorithms used. Designers do

not arrive at a finished design immediately but develop the design iteratively. They

add formality and detail as they develop their design with constant backtracking to

correct earlier designs (Sommerville, 2011).

102

Software design process is a series of steps that allow the designer to describe all

aspects of the software to be built. However, it is not merely a recipe book; for a

competent and successful design, the designer must use creative skill, past

experience, a sense of what makes “good” software, and have a commitment to

quality (Sommerville, 2011). Software design displays both external and internal

quality factors. External quality factors are those factors that can readily be

observed by the user, (e.g. speed, reliability, correctness, usability). Internal quality

factors have to do with technical quality more so the quality of the design itself.

4.2 System Design Methodology

In designing the system, Object Oriented Design methodology (OODM) was used.

The object-oriented approach to software design focuses on system modules as

real-world objects. This methodology is used to design the system being the best

method that is modular-based in designing a system. It was adopted been the most

suitable methodology in software development that is 100% adequate for such

banking solution (Hakeem and Oke, 2016).

Similarly, the Rational Unified Process (RUP) model was used as the software

process model. According to Krutchen (2003) and Arlow and Neustadt (2005),

RUP is an example of a modern process model that has been derived from work on

the UML and the associated Unified Software Development Process. It is a good

103

example of a hybrid process model. It brings together elements from all of the

generic process models to suit software development exercise.

4.3 The Open Group Architecture Framework (TOGAF)

In order to construct an architecture, different concepts and components are used.

They are part of an architectural framework. The Open Group Architecture

Framework (TOGAF) is a detailed method and a set of supporting tools for

developing an enterprise architecture (Ana 2011).

The original development of TOGAF was based on the Technical Architecture

Framework for Information Management (TAFIM), developed by the US

Department of Defense (DoD) (Ana 2011). Within this framework it was

established that the purpose of enterprise architecture is to optimize processes and

functionality across enterprise, eliminating fragmented legacy processes (both

manual and automated). According to Ana (2011), an integrated environment that

is responsive to change and supportive of the delivery of the business strategy

generates advantages like:

a. A More Efficient IT Operation: It lower software development, support,

and maintenance costs, increased portability of applications, improved

interoperability and easier system and network management, improved

ability to address critical enterprise-wide issues like security, easier upgrade

and exchange of system components.

104

b. Better Return on Existing Investment: It reduced risk for future

investment, reduced complexity in IT infrastructure, maximum return on

investment in existing IT infrastructure, flexibility to make, buy, or out-

source IT solutions, reduced risk overall in new investment, and the costs of

IT ownership.

c. It has a faster, simpler, and cheaper procurement.

In order to standardize the new approach in 2007, ISO defined architecture as, the

fundamental organization of a system, embodied in its components, their

relationships to each other, the environment, and the principles governing its

design and evolution (Thompson, 2011). This made TOGAF to be popular in

implementing enterprise application, since the framework agree with the ISO

definition.

TOGAF also provides four domains as subsets of enterprise architecture for

detailed understanding of the system to be design which are:

a. Business Architecture: This defines the business strategy, governance,

organization, and key business processes.

b. Data Architecture: This describes the structure of an organization’s logical

and physical data assets and data management resources.

105

c. Application Architecture: This provides a blueprint for the individual

application systems to be deployed, their interactions, and their relationships

to the core business processes of the organization.

d. Technology Architecture: This describes the logical software and hardware

capabilities that are required to support the deployment of business, data,

and application services. This includes IT infrastructure, middleware,

networks, communications, processing, and standards.

In the same vain, TOGAF has integrated an Architecture Development Method

(ADM) to provide a tested and repeatable process for developing architectures

divided in multiple phases (Ana, 2011). The Architecture Development Method

process can be adapted to deal with number of different usage scenarios, including

different process styles (like the use of iteration) and also specific specialist

architectures (such as security). Because TOGAF is a generic framework, it

provides a flexible and extensible content framework that underpins a set of

generic architecture deliverables, it may be used either on its own (with generic

deliverables), or may be replaced or extended by a more specific set, defined in

any other framework. Figure 4.0 shows the TOGAF.

106

Figure 4.0: TOGAF. Source: Ana (2011)

4.4 The Design Science Approach

This approach was defined in the work of (Pe-er et.al., 2006) as a good approach

that provides a method for conducting design research and provides a model for

the research output. Hence, this design research was carried out using this

approach. Using the design science approach, the steps enumerated below were

followed:

a. Identification and definition of the Problem: This is the process of

establishing the problem to be solved.

107

b. Possible Solution: This is the identification of the possible solutions to the

identified problem

c. Model Design: This is developing the solution to the problem in form of a

model.

d. Demonstration: Demonstrating how efficient will the model solve the

problem

e. Evaluation: Observing how good the model supports the solution to the

problem.

These steps were followed as a guide in each of the method identified in this

chapter for the system design. Evaluation is a very important component in the

design science approach steps. Through it, the extent to which the model supports

the solution to the problem can be determined (Pe-er et.al., 2007)

To prove the extent to which the design bring the desired solution, the evaluation

and demonstration steps for the model were carried out by using the Key

Informant Interview Method (KIIM). KIIM can be defined as the discussion with

someone that has detail knowledge about a problem and its possible solution. This

kind of interview is semi-structured interview which do not require a standard

steps of questions and is flexible to conduct. The method is used to discuss a topic

with knowledgeable person in a particular area. As cited from the work of William

et.al.(2006), Key informant interviews are designed to provide in-depth

108

information from people, usually those identified as knowledgeable about a

particular subject. Because these interviews are conducted in a face-to-face setting,

they tend not to terminate early and tend to allow participant contemplation, which

provides for more complete thought and answers to open-ended questions

(McCracken, 1988, Bailey, 1994, Rubins and Rubins, 1995 and Luloff, 1999).

Informants are traditionally identified on the basis of their organization and

community positions, knowledge of the issues under study, and reputation (Bailey,

1994). Similarly, Robyn (2012) used this method to gather a lot of issues on

MHealth implementation in his locality.

In using this method, gaining access to key informant is always a definite problem.

However in this research access was gained by using email and phone number to

contact the key informant. The approach used in choosing this informant was

based on their line of work, knowledge and experience in the banking sector. The

design science approach was used because of its success in the work of Noluxolo

and Rossouw (2014) for developing a conceptual design in their research.

4.5 Description of the Conceptual Design of the Proposed System

The proposed system is divided into three sub-systems, as listed below:

a. The Fingerprint Matcher: This sub system is used for the customer’s

fingerprint

109

b. The Face Matcher: This sub system is used for the customer’s facial

properties

c. The Combined Decision Matcher: This sub system is for comparing

decision made by all other two sub system with the matcher template. The

conceptual design of the system is as shown in Figure 4.1

Figure 4.1 System Conceptual Design

The Fingerprint Matcher: This sub model is used for generating fingerprint

template through the use of fingerprint scanner and comparing it with the existing

fingerprint in the database to ascertain if the fingerprint exist or not. The modules

in this sub model are

Accept/Reject

Matching System1

Finger

Sensor

Matching

Function 1

Template

Combined

Decision

Module

Template

Matching System2

Face

Camera

Matching

Function 2

Template

110

a. Fingerprint scanner that is used for capturing the fingerprint image and pass

it to the matching function.

b. Matching function: This is the function that compares the fingerprint

captured with the one in the database. It will then ascertain whether the

captured fingerprint is valid or not and return the result to the combined

decision sub model

c. Template: This consists of the existing fingerprint that is captured during

customer’s registration. It is the fingerprint database that can be checked by

the matching function to ascertain if a particular fingerprint exists or not.

The detail design of this sub system using a block diagram is as shown in Figure

4.2

Figure 4.2 Fingerprint Matching Block Diagram

Finger Features

Extraction

Features Matching

Template

Decision

111

Similarly, the fingerprint matching algorithm is as shown below:

/*MATCHES takes two minutiae and returns true if they match (as determined by

diverse

parameters to the algorithms) and false if they don’t.*/

function MATCHES(minutia-1, mintuia-2 ) returns true or false

input:

minutia-a, a minutia

minutia-b, a minutia

if ABS(minutia-a.x − minutia-b.x ) ≤ X-TOLERANCE and ↔ InstanceFinger1

if ABS(minutia-a.y − minutia-b.y ) ≤ Y-TOLERANCE and ↔ InstanceFinger2

if ABS(NORMALIZE(minutia-a.angle ) − NORMALIZE(minutia-b.angle )) ≤

ANGLE-TOLERANCE and ↔ InstanceFinger3

if COMPATIBLE-TYPES(minutia-a, minutia-b)

return true

else

return false

The Face Matcher:

This sub model is used to process the facial features of the individual. The

modules in this sub model are

a. Face camera that is used for capturing the facial image and pass it to the

matching function.

b. Matching function: This is the function that compares the faces in the

database. It will then ascertain whether the face is valid or not and return

the result to the combined decision sub model

c. Template: This consists of the existing face that is captured during

customer’s registration. It is the facial database that can be checked by the

matching function to ascertain if a particular face exists or not.

112

The detail design of this of this sub system using a block diagram is as shown in

Figure 4.3

Similarly, the facial matching algorithm is as shown below

/*This MATCHES takes two Facial Dataset and returns true if they match (as

determined by diverse

parameters to the algorithms) and false if they don’t.*/

function MATCHES_FACE(FacialCaptured-1, FacialDataset-2 ) returns true or

false

input:

Face-a, a face

Face-b, a face

if ABS(Face-a.x − Face-b.x ) ≤ X-TOLERANCE and ↔ InstanceFace1

if ABS(Face-a.y − Face-b.y ) ≤ Y-TOLERANCE and ↔ InstanceFace2

if ABS(NORMALIZE(Face-a.angle ) − NORMALIZE(Face-b.angle )) ≤

ANGLE-TOLERANCE and ↔ InstanceFace3

Fig. 4.3 Face Matching Block Diagram

Face Feature

Extraction

Feature

Matching

Template

Decision

113

if COMPATIBLE-TYPES(Face-a, Face-b)

return true

else False

Combined Decision Sub Model:

This is the sub-model that determines whether the valid fingerprint and face belong

to one person. This model has a database that record all the information

(fingerprint, face, and account data) belonging to a particular person. If the

information provided in other sub model (fingerprint, face) is valid, it is the job of

the combined decision model to check if the information belongs to one person. If

the information belongs to one person access will be granted else access will be

denial. Similarly, the flowchart in Figure 4.4 is used to represent the detail

operations carried out in the conceptual design of the system.

114

Figure. 4.4: Combined Decision Flowchart

Start

Minutia

Face Features

Complete?

Check abstraction of

X-Tolerance

Check abstraction of

Y-Tolerance

Check abstraction of

Angle Tolerance

Check for

compatibility

Compatible?

Valid

Stop

Error

Error

No

No

Yes

Yes

115

4.6 SYSTEM ARCHITECTURAL DESIGN

After the analysis phase of the system is complete, the design of the proposed

system begins. This research presents its design in the form of an artifact to best

understand the system. The design of the proposed system is divided into:

1. Logical design

2. Physical design

Logical design: This is the part of the system that focuses or concentrates on the

business aspect of the system. The business aspect of our proposed system

(Biometric-enable banking software) is the input stage of the biometric image, the

verification stage and the decision stage of the system. Thus, the logical design of

the system is present in Figure 4.5. Similarly, the Input-Processing-Output (IPO)

architecture that shows how operations is carried out at different stages of the

system is as shown in Figure 4.7

116

Figure 4.5 System Logical Design

Physical design: In physical design, the logical design is turned into a physical

ready structure of the entire system that shows how the system carry out its

security objectives of any transaction using the biometric features. According to

Capture

Process

Capture

Process

Capture

Process

Co

mb

ined

ver

ific

atio

n m

odu

le

Store

Enabled

operation

Denied

operation System process

phase

System inputs

phase

Biometric 2

Biometric 1

Verification

Create

117

Sommervilla (2011), software architectures can be designed at two levels of

abstraction, which are architecture in the small and architecture in the large:

1. Architecture in the small level is concerned with the architecture of individual

programs. At this level, we are concerned with the way that an individual program

is decomposed into components.

2. Architecture in the large level is concerned with the architecture of complex

enterprise systems that include other systems, programs, and program components.

These enterprise systems are distributed over different computers, which may be

owned and managed by different companies. This physical design (which is the

architecture in large abstraction) forms the architecture of the entire system which

is showed in Figure 4.5. Similarly, Figure 4.6 forms the architecture of the system

in the small abstraction.

118

Feature

extractio

n module

Matchin

g module

Decision

module

Repor

t

B

F

Repo

rt

D

M

Matchin

g module

Feature

extractio

n

Module

B

F

D

M

Decisio

n

module

Withdra

w

Apply

Check

Deniel

with

message

Decisio

n

Validate

with

message

CO

MB

INE

D B

IOM

ET

RIC

DE

CIS

ION

MO

DU

LE

DA

TA

BA

SE

DA

TA

BA

SE

Repor

t

Repor

t

Decisio

n

Decisio

n

Databas

e

Figure 4.6: System Architecture

119

In the same vain, the system framework using the TOGAF standard is as shown in

Figure 4.8 and Figure 4.19 below:

Get

customers

account biometric

Validate

biometric

account

biometric

Select

service

account

biometric

Query

account

account

biometric

Validate

Account

with

biometry

account

biometric

Update

Account

account

biometric

ERROR

Succession

Print

Enable

INPUT PROCESS OUTPUT

SOFTWARE DATABASE SOFTWARE

Figure. 4.7. IPO System Architecture

120

The system framework is divided into

PLATFORM – LEVEL

PROTECTION

APPLICATION – LEVEL

PROTECTION

RECORDING – LEVEL

PROTECTION

Record access

Biometric

Authorization

Record update

Biometric

Authorization

Record

integrity

management

Data

Login

Database

Biometric

Authorizati

on

Database

Recovering

Figure 4.8. System Framework

Transaction

management

System

Biometric

VERIFICATI

ON

System

Biometric

Authentication

File integrity

Management

121

To further explain the framework, the description of its sub modules is as given

below:

a. Platform Protection Level

This is the level at which the system carries out biometric data verification,

biometric data authentication and file integrity management operations. All these

operations formed the sub module of this level. To explore this platform, we

presented the detail operations of the level using flowchart. The flowcharts in

Figure 4.9 through Figure 4.11 show how the sub modules in this level are being

implemented.

b. Application Protection Level

This is the level at which login of data, database biometric authorization,

transaction management and database recovering is achieved. These major tasks

are also the sub modules within this platform and they can be fully implemented by

following their respective flowchart as shown from Figure 4.12 to Figure 4.15.

These flowcharts overhauled all the details of these sub modules.

c. Recording Protection Level

At this level, every record within the system is given maximum protection. Both

the data management information and the biometric data are given maximum

protection at this level. The sub modules in this level are record access biometric

authorization, record update biometric authorization and record integrity

122

management. The flowchart from Figure 4.16 to Figure 4.18 explain the details

activities within these sub modules and how they are been implemented.

Figure 4.9 Biometric Verification Flowchart Figure 4.10 Biometric Authentication Flowchart

START

TOLERANCE

ABSTRACTION

NORMALIZED

ABSTRACTION

COMPARE ALL

ABSTRACTION

BIOMETRIC

AUTHENTICATION

DOES

IT

EXIST

STOP

No

YES

START

TOLERANCE

ABSTRACTION

BIOMETRIC

ACCOUNT

TIE ACCOUNT TO

BIOMETRIC

SUCCE

SSFUL

?

VALIDATE

TRANSACTION

STOP

123

Figure 4.11 File Management Flowchart Figure 4.12 Data Login Flowchart

START

INPUT ALL

BIOMETRIC

VERIFY THE

BIOMETRIC

CREATE THE

ACCOUNT

INFORMATION

PROCESS TO

DATABASE

STOP

START

INPUT USERNAME

AND PASSWORD

PROCESS INPUTS

SUCCE

SSFUL

?

ENABLE LOGIN

STOP

CALL DATABASE

AUTHORIZATION

INVALID

LOGIN

124

Figure 4.13 Database Biometric Flowchart Figure 4.14 Transaction Management Flowchart

START

GENERATE

BIOMETRIC TRAIT

TO AUTHORIZE

AUTHORIZED

BIOMETRIC

DISPLAY

SUCCESSFUL

STOP

START

INPUT

TRANSACTION TO

MANAGE

PROVIDE

TRANSACTION

UPDATE

DISPLAY

SUCCESSFUL

STOP

125

Figure 4.15 Database Recovery Flowchart Figure 4.16 Biometric Access Flowchart

START

ESTABLISH DB

CONNECTION

GET CONNECTOR

SUCCE

SSFUL

?

SEND APPRIOPIATE

RECOVERY UPDATE

STOP

PROCESS

ERROR

MESSAGE

SUCCE

SSFUL

?

No

YES

START

INPUT BIOMETRIC

RECORD

VALID

?

ENABLE ACCESS TO

RECORD

STOP

PROCESS

ERROR

MESSAGE

126

Figure 4.17.Record Update Flowchart Figure 4.18 Record Integrity Flowchart

No

YES

START

INPUT BIOMETRIC

RECORD

VALID

?

ENABLE ACCESS TO

RECORD

STOP

PROCESS

ERROR

MESSAGE

START

INPUT RECORD

PROCESS UPDATE

WITH FINGER

BIOMETRIC

FINGERPRINT

BIOMETRIC AS

PRIMARY KEY

PERFORM ALL

OPERATION WITH

KEY

STOP

127

Connected Data Disconnected Data

Figure 4.19 System Controls Framework

The system control framework is as given in Figure 4.19. This framework is sub

divided into the following sub modules:

a. The Application module: This is the general description of all the interfaces

that are needed in this platform. This is where the user can interact with the

system database through the controls in the design. This module comprises

of sub modules that are used for different operation like updating

information, checking information and creating new information etc. The

T

HE

AP

PL

ICA

TIO

N

D

AT

AS

ET

OB

JE

CT

OO

OB

JE

CT

DATA ADAPTER

OBJECT

SELECT

COMMAND

UPDATE

COMMAND

CHECK

COMMAND

SUBMIT

COMMAND

OBJECT

COMMAND

OBJECT

COMMAND

OBJECT

COMMAND

OBJECT

COMMAND

CONNECTIO

N

CONNECTIO

N

CONNECTIO

N

CONNECTIO

N

O

BJ

EC

T C

ON

NE

CT

ION

ST

RIN

G

R

DB

MS

(S

QL

SE

RV

ER

)

128

implementation of this module is through the use of a scripting language

called the ASP.NET.

b. The DataSet: The DataSet is a cache of information that has been queried

from your database. The innovative features of the DataSet are that it’s

disconnected (see the next section) and can store more than one table. For

example, a DataSet could store a list of customers, a list of products, and a

list of customer orders. You can even define all these relationships in the

DataSet to prevent invalid data and make it easier to answer questions such

as “What biometric trait did mike requested for”? Using dataset enable

disconnected data to be manipulated. The C# has a feature to implement the

DataSet through abstraction and creation of class instances. The flowchart in

Figure 4.20 further explains how the dataset module carries out its

operations.

c. Data Adapter: The data adapter is used as a connected data to the

disconnected data. It adapts data to the right command form the dataset. It

can also be implemented through the creation of the adapter class instance.

The sub commands under the data adapter are select, update, submit and

check command. The can all form the methods in this adapter. The flowchart

in Figure 4.21 further explains how the data adapter module carries out its

operations.

129

d. Object Command: The object command are used to talk to the right object

that will execute the right command receive from the interface of the

application. The object command has its own connections that perform a

particular command. Different object can exist within a class of codes but

with the object command the right object needed can be executed. The

flowchart in Figure 4.22 further explains how the object command module

carries out its operations.

e. Connection String: This is where the real connection to the database is

executed. This sub module has the key to access the database. This is

implemented using ADO.NET connectivity. The flowchart in Figure 4.23

further explains how the connection string module carry out its operations.

f. Database Server: This is where the exact data is stored. This was

implemented in this application using the SQL Server with SQL used to

manipulate its operations.

130

Figure 4.20 Dataset Flowchart Figure 4.21 Data Adapter Flowchart

START

RECORD DATA

FROM INTERFACE

CHECK DATA FOR

ACCURACY

DATA

ACCU

RATE?

CALL ON THE

OPERATION

STOP

CALL APPRIOPIATE

DATA ADAPTER

ERROR

MESSAGE

APPRI

OPIAT

E?

No

YES

No

YES

START

CHECK DATA

ADAPTER OBJECT

SELECT EXACT

OBJECT

CALL OBJECT

CONNECTOR

CONNECTOR TO

OBJECT

STOP

131

Figure 4.22 Object Command Flowchart Figure 4.23 Object Connector Flowchart

START

CHECK IF

CONNECTOR EXIST

IF NOT CANCEL

OPERATION

CONNECT COMMAND

TO GENERAL

CONNECTION

PRESENT ALL COMMAND

TO CONNECTOR

STOP

START

CALL DATA

SOURCE

VERIFY COMMAND

CONNECTOR

CONNECT ONLY

COMMAND

CONNECTOR

CLOSE OTHER

CONNECTOR

STOP

CLOSE ALL

CONNECTOR IF

COMMAND ENDS

132

4.7 Software Development Methodology

There exist a lot of software development methodologies like Structured Systems

Analysis and Design Methodology, Object Oriented Analysis and Design

Methodology (OOADM). Meanwhile, the Object Oriented Analysis and Design

Methodology (OOADM) was used as the methodology in analyzing and designing

the application in this research. It was adopted being the most suitable

methodology in software development that is 100% adequate for a module based

application like this.

4.7.1 Feature Driven Development

This was chosen because it permits modification in case of future changes in the

application. This paves way for iterative and incremental software development.

Object Oriented Programming (OOP) is a programming approach that provides a

way of modularizing programs by creating partitioned memory area for both data

and functions that can be used as templates for creating copies of such modules on

demand. Thus, an object is considered to be a partitioned area of the computer

memory that stores data and set of operations that can access that data. Since the

memory partitions are independent, the objects can be used in a variety of different

programs without modifications. The features include:

i. Emphasis is on data rather than procedure.

ii. Programs are divided into what is known as objects.

133

iii. Data structures are designed such that they characterize the objects.

iv. Functions that operate on the data of an object are tied together in the data

structure.

v. Data is hidden and cannot be accessed by external functions.

vi. Objects may communicate with each other through functions.

vii. New data and functions can be easily added whenever necessary.

viii. Follows bottom-up approach in program design.

3.7.2 Why Using OOP For Program Development?

The principal advantages of using OOP are:

i. We can eliminate redundant code and extend the use of existing classes

through inheritance.

ii. We can build programs from the standard working modules that

communicate with one another, rather than having to start writing the code

from scratch. This leads to saving of development time and higher

productivity.

iii. The principle of data hiding helps the programmer to build secure programs

that cannot be invaded by code in other parts of the program.

iv. It is possible to have multiple instances of an object to coexist without any

interference.

134

v. It is possible to map objects in the problem domain to those in the program.

vi. It is easy to partition the work in a project based on objects.

vii. The data-centered design approach enables us to capture more details of a

model in implementable form.

viii. Object-oriented systems can be easily upgraded from small to large systems.

ix. Message passing techniques for communication between objects makes the

interface descriptions with external systems much simpler.

x. Software complexity can be easily managed.

4.8 Software Development Tools

The following tools were used for the development of the application.

i Microsoft Visual Studio: Visual Studio Compiler is one of the most important tools

needed for the development of this application. It is the client interface development

tool that enables us to develop applications (web, windows, console etc.) by using C#

programming language and other related tools. It serves as the interface development

environment (IDE) for the application frontend. It is used in developing the

application interfaces and the codes that work within them. It has some built-in

graphical user interface needed to develop a full application.

Reason for Using Microsoft Visual Studio

i. The Common Language Runtime (CLR): Visual studio has a common

language runtime features that provide low level work (plumbing) services to

135

any application that is developed using it (mainly online applications). This

feature saves the programmer a lot of stress encountered in other development

environment. It makes programs in this application to be executed as if the

programmer used machine language to code the application.

ii. The .NET Framework Class Library (FCL): Microsoft Visual Studio also

support the .Net framework class library, offering literally thousands of

reusable types. Organized into namespaces, the FCL contains code supporting

all the .NET technologies, such as Windows Forms, Windows Presentation

Foundation, ASP.NET, ADO.NET technologies etc.

iii. The Common Language Specification (CLS): With this feature the visual

studio compiler can support more than one language in implementing a

particular application.

iv. Microsoft visual studio also offer enhanced security than other IDE (like

Dreamweaver)

v. Microsoft visual studio web development technology

vi. To a large extent Microsoft visual studio support all dot net languages.

ii. SQL Server: In developing the application in this research, SQL SERVER is

needed to be installed in the designing machine. This system allows the creation of the

application database and tables. The system serves as the backend (database) of the

136

application. It uses structure query language (SQL) syntax for scripting database

queries. It is commonly used for any data driven application.

Reasons for Using SQL Server

i. Provide strong protection for data

ii. Allow developer to encapsulate some of their codes

iii. Allow the use of stored procedure in its application

iv. Free technical support is given to its users

v. It is an open source application

vi. Can easily be use with visual studio through ADO.NET

vii. It can accommodate more information than Microsoft Access.

Weaknesses

i. Number of concurrent user is limited compared to Oracle.

ii. Being an open source software hacker can take advantage of it.

iii. Automatic update of the database identities is highly difficult.

4.9 SYSTEM DESIGN SPECIFICATION

System specification can be formal or informal. The informal system specification

is used in this research. It is a kind of system specification that describes various

aspect of the system verbally. Informal system specification can also use diagram

137

to carry out system design specification. However, it is not compulsory to use

diagrams provided the description of the system is well given.

Meanwhile the major functional requirement specification of this system is that it

must authenticate transaction in customer’s account using biometric features. The

system design consists of interface specification, program specification and

database specification.

Interface Specification

The interface is where data can be supplied to the system. It has a menu that is

used to register new customer’s data, a menu that is used to update customer data,

a menu that is used to read customer’s information. However, all these menus can

only make progress in their processes by using the human biometric features as

against the use of password, username or account numbers in the existing system.

All these menu interfaces are implemented with different tools (like label tool,

checkbox tool, button tool, textbox tool) from the tool box of the compiler. The

interface of the system has a common design for uniformity purpose as one of the

good quality of interface design.

Database Specification

The database consists of registered staff, customers and their daily transactions.

The fields of the database tables should be according to the information needed in

138

that field. The names and other personal details should have variable characters,

date has datetime and other can be implemented with characters.

Program Module Specification

The program used to control the entire system is divided into four parts; input

program, update program, read program and control measure program. All these

programs have different data binding techniques that is been used to bind the data

from the application with the corresponding database using the biometric features

of the individual.

4.10 Database Design

Table 1 to Table 5 below show the design layout of the database tables that exist in

this application.

Table 1. Customer Account Registration Table Design Layout

Field Name Data Type Size Description

ID INT Database table unique ID

AccountNo char 10 Account Number

Customer Name varchar 20 Customer surname

Sex varchar 6 Customer sex

Phone char 26 Customer phone number

Home Address varchar 100 Customers Address

139

Email char 25 Customer’s Email

Date of birth Datetime None

Amount char 15 Account opening amount

AccountType varchar 20 Type of Account

OfficeAddress char 60 Customer Parent Address

FingerPrint Image null Customer Fingerprint Image

FaceImage Image Null Customer Facial Image

Table 2. Withdrawal Table Design Layout

Field Name DataType Size Description

PIN INT Database table unique ID

AccountNo char 10 Customer Account

CurrentBalance char 15 Current account balance

Account Name char 50 Account Name

Date datetime none Date

AmountWithdrawn char 15 Amount

TransactionRefCode char 25 Transactionreference code

140

Table 3. Payin Table Design Layout

Field Name DataType Size Description

PIN INT Database table unique ID

AccountNo char 10 Customer Account

CurrentBalance char 15 Current account balance

Account Name char 50 Account Name

Date datetime none Date

AmountPay char 15 Amount

TransactionRefCode char 25 Transactionreference code

Table 4. Application Staff Table Design Layout

Field Name DataType Size Description

PIN INT Database table unique ID

Username char 20 Staff username

Password varchar 20 Staff password

ConfirmPassword varchar 20 confirmation

Sex varchar 7 Staff sex

Department varchar 20 Staff department

141

Table 5. General Ledger database

Field Name DataType Size Description

PIN INT Database table unique ID

Credit char 10 The credit

Balance char 10 The balance

Debit char 10 The debit

Date datetime none Date

Account No char 10 accountNo

Transaction Date Datetime None Date

ValueDate Datetime None Date

PostDate Datetime None Date

4.11 APPLICATION ALGORITHM (PSEUDOCODES)

Algorithm is the sequence of steps that must be taken in order to solve a

particular problem that is already defined. Algorithms create flexibility in solving a

problem already well defined by the existing manual system; the algorithm for the

system is implemented using pseudocodes as shown below:

/* Pseudocode to register customer*/

INPUT: F: Fingerprint

N: Name

CF: Face

ACC: Account

142

ACCT: Account Type

AD: Address

AM: Amount

DB: Date

EM: Email

SX: Sex

NF: Number of Fields

For (int Ninput=1; Ninput<NF; Ninput=Ninput+1)

{

Get Entry()

}

IF Exist (Report)

ELSE

{

Create ACC

}

OUTPUT: ACC

: F

: CF

: N

END

/* Withdrawal Update Pseudocodes*/

INPUT: N: Name

F: Fingerprint

CF: Face

ACC: Account

ACCT: Account Type

AM: Amount

DB: Date

NF: Number of Fields

For (int Ninput=1; Ninput<NF; Ninput=Ninput+1)

{

Get Update()

}

IF (Corresponded)

{

Successful Update

143

}

ELSE

{

Report Error

}

OUTPUT: Successful

: Not Successful

END

/* Multimodal pseudocodes*/

INPUTS: TS: Transaction

FA: Capture Fingerprint

FT: Fingerprint Template

F: Facial Template

IF (Provided)

{

ImplementationStyle()

}

ELSE

{

Exit()

}

OUTPUT: Successful

: Error

FUNCTION ImplementationStyle (All Instances)

INPUT: InstanceFace1();

: InstanceFinger1();

: InstanceFinger2();

: InstanceFace2();

: InstanceFinger3();

: InstanceFace3();

IF ALL_INSTANCE_COMPACTIBLE (Finger_Instance, Face_Instance)

{

Return True

}

ELSE

{

Return False

144

}

OUTPUT: Successful

: Error

END

4.12 Programming Languages Used

The programming languages used for the implementation of this application

are as follows:

i. C-Sharp (C#) Programming Language: - This is a programming language

suitable for all forms of computer applications numerical, graphical,

scientific, database, and commercial programming. It was released by

Microsoft in about twelve years ago. It is an object oriented programming

language. It is quite flexible and effective in database manipulation,

accessing and retrieval of information. It is an event driven language,

program developed with it are highly interactive in nature as they respond to

event like button clicks.

ii. SQL: - SQL is an acronym for structure query language. It is a database

language which helps to manipulate database data. It can also be used to

write database script that will generate database tables and their relations.

iii. ADO.NET:- This is the language used to connect the application interface

to the corresponding database.

145

iv. CSS:- This is used to generate the application colours and a place holders

for all the controls. It is also used to style the application.

4.12.1 WHY THESE LANGUAGES (C#, ADO.NET and SQL)?

i. C# has a constructor and destructor properties that permit system data

security and easy manipulation of biometric data.

ii. Data access security, code access security and exception handling is an

exceptional security features of C# for better system implementation.

iii. We can eliminate redundant code and extend the use of existing classes

through inheritance.

iv. We can build programs from the standard working modules that

communicate with one another, rather than having to start writing the code

from scratch. This leads to saving of development time and higher

productivity.

v. The principle of data hiding helps C# language user to build secure

programs that cannot be invaded by code in other parts of the program.

vi. It is possible to have multiple instances of an object to coexist without any

interference.

vii. It is possible to map objects in the problem domain to those in the program.

viii. The data-centered design approach enables C# language user to capture

more details of a model in implementable form.

146

ix. Object-oriented systems can be easily upgraded from small to large systems.

x. Message passing techniques for communication between objects makes the

interface descriptions with external systems much simpler.

xi. Software complexity can be easily managed with these languages.

xii. SQL is used because of its simplicity and it is most widely used for

implementing database queries for almost all RDBMS. Similarly the server

used for the back end only understands this SQL.

4.13 Application Dataflow Diagram and Flowchart Diagram

The dataflow diagram of this application is shown in Figure 4.24. This diagram is

used to clarify the behaviour of the application with respect to data movement.

Similarly, the system flowchart described the data flow in the system. It is a logical

diagram that shows the steps involved in the system operation. With the flowchart the

developer can easily describe the system for easy understanding of the operations. The

system flowchart reflects relationship between the major inputs, processing and

outputs. The flowchart of the system is shown from Figure 4.25 to Figure 4.27.

147

Figure 4.24 Application Dataflow Diagram

Multimodal Biometric System Database

Upload

Database

APPLICATION

New

Registration Withdraw Payment Check

Account

Upload

Database

Upload

Database

Upload

Database

View

Account

Fill the form Biometric

identity

Verify

Account Login

Verify the

form

Check

Database

Fill update

form Eligible?

148

Figure 4.25 Application Flowchart

START

LOGIN

Error message

VALID?

Choose operation

Stop

Process other information

No

Yes

Yes

USER

No

Admin

A

B

149

Figure 4.26 User Flowchart

Apply Transfer Check User module withdraw

Process data Process data Process data Process data Process data

Output error message Validate with user biometric

Output

Error

Output

Message

Successful?

VALIDATE

VALID? No

No No No

No No

Yes YES

YES YES YES YES

NO

STOP

A

150

Figure 4.27 Admin Flowchart

No

Check Transfer

Admin

create

account Apply withdraw

Process

data Process

data Process

data Process

data Process

data

Carry out

operation Validate with biometric Error

message

Carry out Operation

Valid?

Output success

message

Yes Yes

Yes Yes Yes Yes

Create User

Process

B

STOP

Valid?

Yes

NO NO NO NO NO

NO

151

4.14 MODELLING THE SYSTEM USING UNIFIED MODELLING

LANGUAGE (UML)

There are many object-oriented methods currently in use. The most popular in

recent times is the Unified Modelling Language (UML) which was formulated by

BOOCH, Rumbergh and Jacobson in 1997 and UML has become widely accepted

as a standard for communicating system requirement (Chiemeka and Egbokhare

2006). UML is a general-purpose visual modeling language whose vocabulary and

rules focus on the conceptual and physical representation of the system. It was

designed to incorporate current best practices in modeling techniques and software

engineering (Jim and Ila, 2004). UML is used because it provides a visual syntax

that can be used to construct models (artifacts). Jim and Ila (2004) stated that, prior

to 1994, the OO method was a bit of mess, but UML is itself a designed, and

architected system. It is worthy of note that the unified modeling language is only

suitable when the software methodology used in a model or design is object

oriented analysis and design methodology (OOADM). In this research, the

following UML diagrams were used to model the application.

4.14.1 Class diagram: Class is a set of objects that share the same attributes and

behaviour. It is sometimes referred to as object class. Figure 4.28 shows the class

diagram of the application with the various object classes of the services in the

system.

152

4.14.2 Sequence and Component-Level Diagrams: Interaction diagrams describe

interaction between the objects. They show their relationships, including messages

between the objects. Interaction diagram explains dynamic view of the system.

Sequence diagram emphasizes the order of the application messages. Figure 4.29

shows the application sequence diagrams. Similarly, Figure 4.30 shows the

component-level diagram of the system.

153

get parameter ( )

validate parameter ( )

save parameter ( )

Outcome message ( )

PAYMENT

Account No=3456278234

AccountName=Izah Mike

Amount=20.000

Date=13/8/2016

TransactionRef=4578900

ACCOUNT CHECKER

Phone number= 07034456768

AccountNo = 0089332456

get parameter ( )

validate parameter ( )

send parameter ( )

CallAcount Detail Server()

get parameter ( )

validate parameter ( )

UpdateAccount ( )

Withdraw From Account Registration Account

Figure 4.28 Application Class Diagram

Staff Login

Fingerprint = Image

Facial Feature = Image

Get parameter ( )

Validate parameter ( )

Confirm parameter ( )

Name = Mike

Sex = M

Phone number= 07034456768

AccountNo = 0089332456

Fingerprint = Image

Facial print =Image

AccountType= Savings

Fingerprint=Image

Date=12/7/2016

Amount=20,000

AccountNo ()=0089332456

Facialprint=Image

TrasactionRef=75684944

get parameter ( )

validate parameter ( )

save parameter ( )

UpdateAccount ( )UsingFacial( )

VOTES = 32

APPLICATION

Form

get parameter ( )

validate parameter ( )

send parameter ( )

Take Biometric( )

154

4.14.3 Activity Diagram: An activity diagram illustrates the dynamics nature of

the system by modeling the flow of control from activity to activity. Activity

diagrams are used to model the workflow and internal operations in the system.

Figure 4.29 shows the activity diagram to register/verify information into/within

the system. The sub modules in this diagram are:

a. User Name Module: This module prompts the user to enter his/her username to

verify if he/she has the privilege to use the services of the system. It’s follows it up

with password of the user and enable user if such is valid but reject user if not

valid.

b. Services Module: These are the services provided by the system to the user.

These services include update of customer account, checking account details,

transferring money from account.

To perform any of the operation within these services, the customer biometric must

be used as the authentication measures for such transaction to be enabled. This

diagram works in a way that when a user enters the user name and password, it

validates the information and provides the services of the platform. When any of

the services is to be activated like customer’s account withdrawal update, the

system perform such update authentication using the customer biometric

parameters, else such update will not be committed to the database.

155

Figure 4.29 Withdraw Services Activity Diagram

Valid

Invalid

Enter

UserName/passwo

rd

Select services

Username/

Password

Generate Face

Enter

Fingerprint

Prompt for re-

entry

Multimodal

Match

PROCESS

Enter Image

Invalid Image

Valid Image

End of this

interface

156

Similarly, Figure 4.30 shows the activity diagram of the entire function of the

system. This diagram comprises of three major modules, which are:

a. Authentication Module: This is use to validate the user of the system. This is

the first system module that prompt user to enter authentication information

before selecting their needed services.

b. User Module: This module is for any user authorized by the administration

to use the system. It provide the services that any user needs within the

system in performing transactions. The services provided in this module are

withdrawal services that enables withdraw from customer account, transfer

services that enable user to transfer cash from one account to another, apply

services that enable user to make request, update services that enable

payment to be made into customer’s account, check services that enable user

to check current account status. All these services are authenticated user the

customer biometric.

c. Admin Module: In this module, the admin perform his/her transaction. The

only different sub module in the admin services is the ability to create more

user of the system.

157

Figure 4.30 System Activity Diagram

Authentication

USER

Use Modules

ADMIN

Use Modules

Withdraw Apply

Transfer

Check

Update Validate

Biometric

Wrong

Biometric

Correct Biometric

Create

account Transfer Appl

y Withdraw

Check

Update Validate

Biometric

Wrong

Biometric

Correct Biometric

Exit

Wrong

Correct

158

Make Bank request registration

Send out data Display Necessary data

Fill & conform customer

<<exception>>

Invalid identity

Perform operation

Output success message

Authenticate customer

Customer Biometric OK

Output Account Data

Check Account

Confirm Holder

<<exception>>

Invalid identity

Display Account Data

Display Account Data

Display Result

Figure 4.31 System Sequence Diagram

Staff

Withdraw from Account Request account data

Send out account data Display account data

Fill & send withdraw data

<<exception>>

Invalid identity

Perform operation

Output success message

Update with Biometric

Information OK

APPLICATION DATABASE

Click Login identity

identity OK Request identity

Send identity

<<exception>>

Invalid identity

Validate Biometric Identity

Customer OK

159

Foreign key: A relationship between one or two database tables

Withdraw

Elaborate Module

4.14.4 INFORMATION ENGINEERING

This is a model – driven and data-centered, but process – sensitive technique to

plan, analyzed and design information system. This method may include some

combination of modern structured design, prototyping and object oriented analysis

and design. (Jeffry et.al., 2001). Figure 4.33 and Figure 4.34 shows the information

Withdraw operation

Deisgn component

Is login

Withdraw Service

In: Biometric.

In: Date

IN: Amount

Out: Success Message

Out: Failure message

Islogin (Fingerprint)

Isvalid (Biometric No)

Isupdate (Facial)

Figure 4.32 Withdrawal Service Component-level Design

160

engineering techniques of the system under review. The major modules in these

diagrams are:

a. Customer Database Module: This module has a memory of the entire

customer’s information. It is needed to know the exact task to be done on

customer database.

b. Money Withdrawal Module: This module is used to process information

about the money to be withdrawn from the customer database. Thus, there

exist a relationship between customer database module and this module, this

help to ensure authentication of data.

In the parent-to-child entity relationship diagram presented in Figure 4.33,

fingerprint biometric and facial biometric are used as the key parameters to enable

any withdrawal transaction that is to be committed on customer account

CUSTOMER DATABASE

Authenticate user ( ) booloan

Validate User ( )

Update with Multimodal ( )

MONEY WITHDRAW

Fingerprint = Image

Amount = 30,000

Date=12/3/2016

Figure 4.33 Association Diagram of Customer Database and Withdraw Service

161

Figure 4.34 Foreign Key Relationship of Customer and Withdrawal services.

CUSTOMER

Fingerprint (Primary key)

Facial (Primary key)

WITHDRAW INTERFACE

Biometric: (primary key)

Amount: Data

Date:Data

FingerPrint (foreign key)

Facial Image (foreign Key)

Child entity

Cash is Paid

BY

Parent entity

162

CHAPTER FIVE

SYSTEM IMPLEMENTATION

5.0 Preamble

This chapter discusses the steps taken to implement the application and the different

screen shots captured during the implementation. Similarly, the chapter also discusses

the system requirement needed to fully implement the software in customer’s site. The

result of the system when tested is also discussed in this chapter.

5.1 Development of Application Database

The application is divided into the backend and the frontend. The backend is the

database while the frontend is the interface. To design the database, after a successful

installation of the Relational Database Management System (RDBMS) in the

machine used for the application design (as one of the basic development tool), the

following steps are taken to develop the database

Click on Start button

Click on Program

Click on SQL Server

Click on “connect to server”

From the displayed menu, “Right click on databases”

Click on “new database”

Enter database name

163

Click on Ok

After the above operation has been carried out, a database with the name supplied by

the developer (as for our application AccountSecure) was created on the RDBMS. The

steps given above are as shown pictorially in Figures below. The first output in Figure

5.1, is the screen shot for connecting to the database server while Figure 5.2 shows the

process of providing the database name during database creation and Figure 5.3 shows

a sample of the database in the RDBMS after the database creation was successful

Figure 5.1 Database Server Connection

164

Figure 5.2 Database Creation Screen

Figure 5.3 Database Name Screen

165

5.1.1 Development of the Application Database Tables

Database tables consist of different columns that store each unit of information. There

exist several database tables in this application. To develop these tables, we wrote an

SQL SCRIPT using notepad which was later copied to the execution environment of

the RDBMS and executed in the application database. The script was developed, using

the SQL (structure query language) to implement the database table design structure

as presented in chapter four. Similarly, during the tables’ creation, some relationships

were created within some of the tables; these relationships were used to implement

some set of security measures in the system. These relationships were implemented

with the help of foreign keys (for example the account table has a relationship with the

payment table through a foreign key called ACC_ID etc). Similarly, all these tables

are implemented with database primary keys and the unique property in SQL is been

used in order to uniquely identify different records in each table. After a successful

development of the application database tables creation codes using SQL, the

following steps were followed to execute the script in the RDBMS (SQL Server).

i. Select the database name

ii. Click on “new query”

iii. Copy and paste the script codes from the notepad

iv. Click on “execute” at the top menu

166

After the above steps, there were no errors in the script, all the database tables were

created with all the command implemented in the script. Meanwhile, Figure 4.4 and

Figure 4.5 show the screen shot of the database tables creation during the application

development.

Figure 5.4 Database Tables Creation Command

167

Figure 5.5 Database Tables

5.2 Development of Application Interfaces

These are the input screens where user can enter information they want to process to

the application database. After a successful installation of the visual studio 2008 as

the Integrated Development Environment (IDE) in the machine, to create user

interfaces, we have to first create the application homepage otherwise called the

master page of the application. This page help to store all the application forms.

Hence, the following steps were taken in creating this master page.

i. Click on start button

ii. Click on program

168

iii. Click on visual studio

iv. From the displayed visual studio menu, click on file

v. Click on desktop application

vi. Select the language to be use

vii. Enter the name of the app

viii. Select the storage location

ix. Click on Ok

x. From the solution explorer right click on the name

xi. Choose “ADD”

xii. Choose “NEW ITEM”

xiii. From the display menu select “MasterPage”

xiv. Click on OK

The screen shots of the application interface creation are given in the Figure 5.6 and

Figure 5.7 respectively

169

Figure 5.6 System Compiler Home Page

Figure 5.7 System Master Page

170

5.2.1 Development of the Application forms

There are many desktop forms in this application which are used to process user’s

information to the database. To create the first form, the steps below are taken

i. From solution explorer right click on the application name

ii. Click on “New Item”

iii. Select a form from the display items

iv. Enter the name of the form ( e.g. Payment)

v. Select the master page

vi. Click on OK

The above operations created an empty form in the system. The form was developed

to perform our set aim, using the tools from the compiler toolbox (by dragging and

dropping the tools into the development environment). Some of the tools used in this

application are; textboxes for user text inputs, label for address specification,

DropDownList for option selection, FailureText for reporting error in the form and

button to perform effects (the codes that control each page is embedded in the button

in each of the forms), among others.

The screen shots of the above steps during the process of developing the interface of

the form are as shown in Figure 5.8 and 5.9 below. Similarly, other interfaces in this

application were developed using the same format of the first interface but with little

171

modification in their outlook and control codes. The design codes are as shown in the

program listing in the Appendix.

Figure 5.8 System Forms Codes

172

Figure 5.9 System Form File

5.3 Connecting the Application to the Database

A data driven application needs direct communication to the database, thus, in this

application, its connection to its database was created with the help of ADO.NET

connectivity technology. The steps taken to create the connection are as shown in

Figure 5.10 through Figure 5.16 respectively.

173

Figure 5.10 Database Connection Tool

Figure 5.11 System Connection Type

174

Figure 5.12 SQL Server Connection

Figure 5.13 System Database

175

Figure 5.14 Database Connection String

Figure 5.15 Establishing the Application Connection String

176

Figure 5.1 Connection Testing

5.4 Application Interfaces Control Mechanism

Application interface control codes are the program or instructions that help to control

all the objects used in designing the interfaces in the application. Designing the

interface of an application alone cannot make all the objects used to be active. Thus,

these codes otherwise called control mechanism can be used to make the objects

active. After a successful development of the different forms (interfaces) of the

application as shown above, the interface codes were also developed (using c#) to

control them in order to be able to process inputs from the interface to the system

database. The codes are divided into different sections, these are; the codes that

perform the various submission action, the codes that perform the data checking

action, the codes that perform the update action, the codes that perform the read

177

operation and the one that perform the biometric verification etc. Each code has

different buttons that create effects for them. The reason for check codes is to allow

for input authentication before processing the input to the database. After a successful

development of these codes, the outputs of the codes are also given in the Appendix.

Similarly, the screen shot during the process of developing the application codes are

as shown in Figure 5.17, Figure 5.18 and Figure 5.19 respectively.

Figure 5.17 Application Button Creation

178

Figure 5.18 Sample Coding Environment

Figure 5.19 Sample of Application Codes

179

5.5 System Implementation Techniques

This is the technique used in implementing the system. There are different

technique used in implementing a system, some of them are refactoring, Line of

Codes (LOC), modular programming etc (Pressman 2010). In this research, the

modular programming technique was used. It’s involved taking the system module

by module to carry out the entire implementation of the system. To implement the

biometric security using this technique, we use the constructor and the destructor to

generate and arrange the biometric trait, module by module and used a parent

module to checking if all the necessary trait has be generated for decision making

during the transaction.

5.6 System Requirements

For effective implementation of computer application, certain requirements are to

be fulfilled. The system requirements are considered on both the hardware and

software basis, therefore, the consideration will be given to both the hardware and

the software requirements of the developed application.

5.6.1 Input/output Format Specification

The input will be entered from the keyboard of the input devices used. The field of

personal details will need only variable character datatype and others will need

character datatype. The system output will be in alphabet and numbers. The system

will give message to the user at every point in time.

180

5.7 Minimum Hardware Requirements

Before the developed system can be implemented, the following hardware

requirement must be satisfied.

i. Pentium IV Processors or other 1BM compatible system such as AMD

Pentium IV compactable processor (1.8 Ghtz)

ii. 1GB of Random Access Memory with 5MHz Font bus speed (RAM) and

above

iii. Hard disk of size 60GB and above.

iv. System web camera for capturing face

v. Fingerprint scanner with a defined SDK

5.7.1 Server Software Requirement

The minimum software requirements for the developed system are outlined

below.

i. Network based software operating system such as Windows Vista, Window

7, Window XP, Window 8, etc.

ii. Server application software for the purpose of this work, SQL Server will be

used.

iii. Server security software such as firewall and software based intrusion

detection system (IDS), etc.

181

5.7.2 Client Software Requirements

Computer system that will use the developed application must satisfy the

following minimum requirements:

i. Web browsers such as Internet explorer, Safari, Google Chrome, Firefox,

Opera, etc.

ii. Network based operating system such as Window XP, Vista, Linux, Solaris,

MAC OS, etc.

iii. Internet Information Services (IIS).

iv. .NET framework 4.5

v. Fingerprint SDK

5.8 System Documentation

Documentation is essential towards the effective utilization of the newly

developed software. This will serve as a guide to every user on how to effectively

use the system.

5.9 System Maintenance

System maintenance is necessary when there are errors in the system or

when there is a change in the user requirements. In case of errors in the developed

system OR changes in the requirements, the error can only be debugged by the

system developer.

182

5.10 System Testing/Result

After the successful development of this application, the application was

tested by registering account information of customers with amount in the account

and we manipulated this amount in the accounts using our software to ascertain the

extent of the software meeting its biometric data manipulation security objective.

The screen shots are as shown below:

Figure 5.20 System Login Page

183

Figure 5.21 System Main Menu

Figure 5.22 New User Creation

184

Figure 5.23 Existing Staff Data Interface

Figure 5.24 Customer Registration Interface

185

Figure 5.25 Customer Fingerprint and Face Registration

Figure 5.26 Existing Customer List

186

Figure 5.27 Customer Transaction Detail

Figure 5.28 General Ledger Form

187

Figure 5.29 Checking Customer

Figure 5.30 Customer Transactions

188

Figure 5.31 Biometric Authentication of Transaction

Figure 5.32 Face/Fingerprint Biometric Paramenters

189

Figure 5.33 Successful Transaction Screen

Figure 5.34 Personal Ledger Interface

190

Figure 5.35 Face/Fingerprint Biometric Features Used

Figure 5.36 Exiting Application

191

CHAPTER SIX

SOFTWARE PERFORMANCE EVALUATION

6.1 Preamble

Software performance evaluation is used to uncover performance problems that

can result from lack of server side resources, inadequate database capabilities,

inadequate coding style, poor design functionalities and other hardware issues that

can lead to degraded performance. The intent of software performance evaluation

is to understand how the system responds to loading (i.e , number of user, number

of transaction and overall data volume), to collect data that will lead to design

modification to improving software performance. Performance evaluations are

designed to simulate real World loading situations. As the number of simultaneous

user grows or the number of transaction increases, or the amount of data increases,

the evaluation will reveal the performance of the system when deployed.

6.2 Software Performance

According to World Wide Web consortium (W3C), performance is defined in

terms of its throughput, response time, execution time and transaction time.

However, the execution time and latency are sub-concepts of the W3Cs definition

of response time (Repp et.al., 2007). Meanwhile the response time for a request is

the total execution time and the waiting time of that request. A service response

time for a request, R, can be represented mathematically as shown below:

192

Response time (R) = Execution time + Waiting time

The execution time is the duration of performing service functionality. The waiting

time is the amount of time for all possible mediate events including message

transaction between service consumer and producer (Yang et.al., 2006). From the

service consumer perspective we can see response time as the duration starting

from the issue of a request to the end of the receipt of the service response. On the

other hand service producer see response time as not been different from the

execution time of a service, so it does not include all possible mediate events,

which are seen as incontrollable variables during service execution (Yang et.al.,

2006).

6.3 Materials and Method of Evaluation

Marcel (2013) pointed out three main types of biometric performance evaluation as

measured in terms of the number of uncontrolled variables which are technology,

scenario, and operational. Meanwhile, the technology of the fingerprint and the

camera has a lot of influence to determining the performance of any biometric

system like this. Therefore, in order to arrest the performance issues in the aspect

of the sensors technology, there is need to use scanner (mainly the fingerprint

biometric scanner) of high resolute with high number of sensors embedded on

them. The improvements recorded in scanner technology have helped to solve the

performance issues in this area of any software that uses scanners for it operations.

193

On the other side, application architecture, coding and pattern presentation

performance were tested using the jmeter. It was used to test how the application

will behave (perform) when many users are accessing it at a time.

Jmeter is a performance testing package, used for load testing and capturing the

maximum and the minimum response time of any application when faced with

testing loads. We used jmeter for testing the system performance because it is open

source and has easy to use user interface and has been used by many software

developers in testing the performance of application by capturing the average,

median, maximum and minimum response time of the application ( Coventry et.al.,

2003, Ekuobase and Onibere, 2013 and Ekuobase and Anyaorah, 2014). According

to Halili (2008), jmeter is not only a load generator but a load and performance

testing tool.

To ascertain the performance of the biometric system, we requested for the

performance results of the payment platform in Finacle banking solution from

National Cash Register (NCR) at number 6 Broad Street, Lagos Island, Lagos. This

was denied but with the intervention of the control unit officer at UBA and some

software engineers at Information Engineering Technology Company ( IETECH),

performance results of this platform was given to us. NCR plays a vital role in the

management of the Finacle solution. NCR are in charge of developing and

implementing all the ATM software solution in Nigeria and as such the solution

194

must have a hand-shake with the Finacle solution. We requested for performance

testing results of 2000 request per 5 seconds using the jmeter on the payment

platform of the Financle solution but we were given 1000 request per 5 seconds

using the jmeter which is still good result to ascertain the system performance.

The resultant parameters recorded during the testing were minimum and maximum

response time of the different applications. Table 6 shows the resultant maximum

and minimum response time results recorded by the jmeter for the Financle

solution as provided by NCR and table 7 shows the ones recorded for our

biometric application.

In using the jmeter for our biometric application, we built different test plan

ranging from 5 to 1000 request per 5 seconds; added a thread group and a listener

that generated the maximum and minimum response time. The follow steps were

followed to perform the testing on the jmeter.

a. Open the jmeter

b. Add Test Plan

c. Add Thread

d. Click on Thread Group

e. Set Thread Group properties to: Number of Thread 1000; Ramp-up Period 5;

Loop count 1.

f. Add the platform address through the Config Element

195

g. Add the cookie Manager

h. Add the Listener that will record the result either in graph form or in tableau.

However, we used the tableau for our application recording the maximum

and the minimum response time results.

i. Save the Test Plan and Run it from the button at its menu.

The screen shot in Figure 6.1 shows the jmeter used to generate our results.

Figure 6.1 Jmeter Screen Shot

The result from the table affirm the scalability, tail tolerance and good response

time of our architecture and coding pattern over the existing architecture/software.

196

Table 6: Results Captured for Existing System

Results Captured From Using The Existing System

No of Sample Minimum Maximum

5 2 6

10 2 8

20 4 8

30 5 9

40 5 23

50 4 41

100 4 88

200 6 138

300 6 197

400 3 212

500 3 262

1000 3 1007

197

Table 7: Results Captured for the Biometric System

Results Captured From Using The Biometric System

No of Sample Minimum Maximum

5 2 5

10 2 8

20 3 9

30 4 10

40 3 14

50 3 5

100 3 21

200 3 5

300 3 10

400 2 16

500 2 22

1000 2 23

For ease of appreciation, Figure 6.2 and Figure 6.3 graphically depict the relative

behavior between the two applications with increasing number of request per unit

time.

198

Figure 6.2 Finacle/Biometric Application Minimum Response Time Graph

Figure 6.2 shows the minimum response time of the two applications. The

implication here shows that the biometric system has a better minimum response

time with increase in request per unit time. This also affirm a more scalable

application when such occur in jmeter results between two applications. (Coventry

et. al., 2003 and Ekuobase and Onibere, 2013).

199

Figure 6.3 Finacle/Biometric Application Maximum Response Time Graph

Similarly, to affirm the scalability of our solution to a greater extent, Figure 6.3

captures the maximum response time of the two solutions. We observed that the

biometric solution maintained a near constant response time with increase in

request per unit time as against the existing solution that skyrocketed its response

time with increase in request per unit time. Coventry et.al. (2003), Dean and

Barroso (2013) and Ekuobase and Anyaorah (2014) affirm that when such occurs,

the solution with near constant response time experience a better maximum

response time over the other and has better scalability, tail tolerance and provide

better performance. Hence, these results affirm the better performance of our

system, with good tail tolerance and scalability.

200

CHAPTER SEVEN

CONCLUSION AND RECOMMENDATION

7.1 Conclusion

Guaranteed solutions to the current transaction security challenges facing banking

industries today may not be possible on a large scale, if the solution are not

software based solution for preventing bank fraud rather than human security

solution currently in place in this sector and existing banking software security

model provided by so many researchers that is geared towards fraud detection and

not fraud prevention. Hence, in this research we have provided a multimodal

biometric platform that is suitable for achieving software based security solutions

in the banking sector that is geared towards fraud prevention mainly from the

aspect of people entrusted with the system in this sector. This platform used both

the face and fingerprint in securing banking transaction. They are used to

authenticate any withdrawal or transfer processes that is to be performed in the

customer’s account. The used of the platform provided in this research will

guarantee high banking transaction security in a large scale that is software based

to any user of the software in the banking sector.

201

7.2 Recommendations

We hereby recommend the following:

a. Biometric should be embrace for securing banking transaction

b. Effort should be made to inform the government and the general banking

sector of the benefits incorporated in this kind of platform.

c. Banking security researches should be shifted from fraud detention to fraud

prevention security models.

d. This kind of platform should be adopted for securing both withdraw and

transfer transaction in the banking sector.

7.3 Contributions to Knowledge

Listed below are the contribution to knowledge from this research

a. Developed a multimodal biometric architecture that is suitable for archieving

software based security capabilities in banking solutions.

b. Developed a biometric system for banking transaction capable of avoiding

third party transaction.

202

REFERENCES

Abaenewe Z, Ogbulu O and Ndugbu M(2013). Electronic banking and bank performance in

Nigeria. West African Journal of Industrial & Academic Research 6(1).

Adams, R. (2010). Prevent, protect, pursue preventing fraud. Computer Fraud & Security,

Journal. 7, (2):5-11

Adebayo W (2016). FG to Prosecute 16 Bankers for #327m Frauds. Available in

http://www.newsbreak.ng/2016/01/fg-to-arraign-16-bankers-for-n327m-fraud/ Retrieved

06/03/2016

Adegboyega A (2015). Secure on-Line Transaction through Augmented Biometrics System.

Global Journal of Computer Science and Technology: G Interdisciplinary 15(2)

Adeoye T.O. (2014). Development of a computerized biometric control examination screening

and attendance monitoring system with fee management. World of Computer Science and

Information Technology Journal 4(6): 76-81.

Adeyiga J.A, Ezike J.O, Omotosho O and Amakulor W (2011). A Neural Network Based Model

for Detecting Irregularities in e-Banking Transactions. Afr J Comp & ICT. 4(3):2-8.

Ahmad, K.U and Mahmood, H.S (2013). Critical Success Factors for Preventing e-Banking

Fraud. Journal of Internet Banking and Commerce. 18(2): 1-14.

Ahuja M.S and Chabbra C (2013). A Survey of Multimodal Biometrics. International Journal of

Computer Science and its Applications, pp. 157-160.

Ailya I, Aihab K, Malik S, Wajeeh J and Shiraz B (2014). Designing and Implementation of

Electronic Payment Gateway For Developing Countries. Journal of Theoretical and

Applied Information Technology. 26(2). 84-90

Akazue, M and Efozia N.F (2010). A Review of Biometric Technique for Securing Corporate

Stored Data. Proceeding of the International Conference on Software Engineering and

Intelligent Systems 1:329-342.

Akindele, R. I. (2011). Fraud as a Negative Catalyst in the Nigerian banking Industry. Journal of

Emerging Trends in Economics and Management Sciences, 2(5): 357-363.

Akinyemi O.I, Zaccheous O.O and Olufemi M.O (2010). Towards Designing a Biometric

Measure for Enhancing ATM Security in Nigeria E-banking System. Internationa Journal

of Electrical and Computer Sciences IJECS. 10(6):68-73.

Amtul F (2011). E-Banking Security Issues: Is There A Solution in Biometrics ? Journal of

Internet Banking and Commerce, 16(2): 1-9.

203

Ana B (2011). Banking 2.0: Developing a Reference Architecture for Financial Services in The

Cloud. Master Thesis submitted to Department of Software Technology Faculty of

Electrical Engineering, Mathematics and Computer Science Delft University of

Technology Delft, The Netherlands. www.wis.ewi.tudelft.nl. Retrieved 2/6/2015

Anaba I (2016). Three Bankers Charged for Forgery and Stealing of #2.8 Million from

Customers Account. Vanguard Newspaper. Available in www.vanguardng.comRetrieved

06/03/2016

Anderson M (2010). Verified by VISA and MasterCard SecureCode: or, How Not to Design

Authentication, Ross Anderson, Steve n Murdoch, at Financial Cryptography 2010 ,

Springer LNCS 6052 pp 336 – 342

Ane D.J (2011). Pro-active Architecture and Implementation of a Secure Online Banking System

that Uses Fingerprint Data as Part of Client Side Digital Signatures. Final Thesis for the

award of an PhD. In Computer Science in University of Copenhagen

Angelakopoulos, G. and Mihiotis, A. (2011). E-banking: challenges and opportunities in the

Greek banking sector. Electronic Commerce Research, 11 (3): 297-319

Anil K. Jain, Arun R and Salil P (2004), “An Introduction to Biometric Recognition.”

www.eris.lak.anilfile.nl Retrieved 2/6/2015

Anthony L (2014). Proposed Framework for Securing Mobile Banking Applications from Man

in the Middle Attacks. Journal of Information Engineering and Applications. Vol.4, No.12

Aransiola, J.O. and Asindemade, S.O. (2011). Understanding Cybercrime Perpetrators and the

Strategies They Employ in Nigeria. Cyberpsychology, Behavior, and Social Networking,

14(12) :759-763

Arlow, J. and Neustadt, I. (2005). UML 2 and the Unified Process: Practical Object-Oriented

Analysis and Design (2nd Edition). Boston: Addison-Wesley.

Auta M. (2010). E-Banking In Developing Economy: Empirical Evidence From Nigeria. Journal

of applied quantitative methods, 5(2)

Avornicului M.C and Bresfelean V.P (2012). Model Driven Development of Online Banking

Systems. International Journal of Engineering Research 8(6). 795-800

Ayo, C.K and Ukpera W.I (2010). Design of a secure unified e-payment system in Nigeria: A

case study. African Journal of Business Management 4(9):1753-1760.

Bailey, K. (1994), Methods of Social Research. Free Press, New York, NY

Beatriz S.M (2012). Evolving Core Banking Enterprise Architecture. Leveraging Business

Events Exploitation.

204

Benjamin, O.A. and Samson, B.S. (2011). Effect of perceived inequality and perceived job

insecurity on fraudulent intent of bank employees in Nigeria. Europe's Journal of

Psychology 3(3):99-111

Biometrika M ( 2011). Introduction to Biometric Systems, s.l.: Biometrika (Italy) Available

at:http://www.biometrika.it/ eng/wp_biointro.html. Retrieved 27/3/2016

Brooke, J. (1996). SUS: A “quick and dirty” usability scale. In P. W. Jordan, B. Thomas, B. A.

Weerdmeester, & A. L. McClelland (Eds.), Usability evaluation in industry. London:

Taylor and Francis. Available from http://www.usabilitynet.

org/trump/documents/Suschapt.doc. Retrieved 20/1/2016

Brown S.A, Dennis A.R and Venkatesh V. (2010). Predicting Collaboration Technology Use:

Integrating Technology Adoption and Collaboration Research. Journal of Management

Information Systems. (27): 9- 53.

Byun, S. and Byun, S.E (2011). Exploring perceptions toward biometric technology in service

encounters: A comparison of current users and potential adopters. Behaviour &

Information Technology, in press. Available online: 30 March 2011.

Catalin L, Vasile-Gheorghiţa G, and Valeriu L (2015). Improving the Security of Internet

Banking Applications by Using Multimodal Biometrics. Journal of Applied Computer

Science & Mathematics, 19 (9) /2015, Suceava

Chandran G. Rajesh C. R (2009). Performanance Analysis of Multimodal Biometric System

Authentication. IJCSNS-International Journal of Computer Science and Network Security,

Vol. 9, No.3

Chan S and Lu M. (2004). Understanding internet banking adoption and use behavior: A Hong

Kong perspective. Journal of Global Information Management. 12: 21.

Chang, W.H. & Chang, J.S. (2012). An effective early fraud detection method for online

auctions. Electronic Commerce Research and Applications, 11(4):346-360 Available from:

http://www.sciencedirect.com/science/article/pii/S1567422312000191.Retrieved 13/3/2016

Chiemeke,S.C. and Egbokhare, F.A.(2006). Principles of System Analysis and Design. Root

Print Publisher, Benin City, .25.

Choplin, J.M., Stark, D.P., and Ahmad, J.N. (2011). A Psychological Investigation of Consumer

Vulnerability To Fraud: Legal And Policy Implications. Law & Psychology Review, (35)

:61-108

Constantin M and Catalin I (2008). Internet Banking Integration within the Banking System.

Revista Informatica Economica. 2(46). 55-59

205

Cooper D. R, Schindler P.S (2003). Business research methods. McGraw-Hill/Irwin New York,

NY, 2003.

Coulouris G, Dollimore J, Kindberg T and Blair G (2012). Distributed Systems: Concepts and

Design. Addison-Wesley, USA. Pp 1047.

Coventry, L., De Angeli, A., and Johnson, G. (2003). Usability and biometric verification at the

ATM interface. In Proceedings of the SIGCHI conference on Human factors in computing

systems (pp. 153-160). ACM.

Daniel D. C (2003). Collaborating Software: Blackboard and Multi-Agent Systems & the Future.

In Proceedings of the International Lisp Conference, New York, New York, October 2003.

Davies W (2009). Fingerprint Biome. Symposium at the International Conference: Social Capital

and Volunteering, City University of Hong Kong, China. Association of Social

Psychology, Wuerzburg, German

Dean j and Bsrroso L.A (2013). The Tail of Scaled Communications of the ACM. 56(2): 74-80.

Dennis A.R , Venkatesh V and Ramesh V (2003). Adoption of Collaboration Technologies:

Integrating Technology Acceptance and Collaboration Technology Research. Working

Papers on Information Systems. 3(2).

Dilip K, and Yeonseung R, (2008) “A Brief Introduction of Biometrics and fingerprint Payment

Technology”, Published by the IEEE Computer Society

Dhurgham T.A and Mohammad H (2012). User Acceptance of Biometrics in E-banking to

improve Security. Business Management Dynamics.2(1): 01-04.

Drygojio, A (2011) Information and Communication Security. LIDIAP Speech processing and

Biometric Group. Institute of electrical Engineering. Ecole polytechnique Federalede.

http//scgwww.epfl.ch/courses

Dzomira, S. (2014). Electronic Fraud (Cyber Fraud) Risk in the Banking Industry, Zimbabwe,

Risk governance & control: financial markets & institutions, 4( 4): 17-27.

Ebubeogu A.F (2015). Bank Customers Management System. International Journal of Scientific

& Technology Research. 4(8) . 326-342.

Ekuobase O.G and Anyaorah I.E (2014). Tail tolerance of Web Services Solutions Built on

Replication Oriented Achitecture. Canadian Journal of Pure and Applied Sciences.

8(2):2943-2954.

Ekuobase O.G and Onibere E.A (2013). Scalability of Web Service Solution Built on ROA.

Canadian Journal of Pure and Applied Sciences. 7(1):2251-2270.

206

Emeka R. N (2014). Improving the Security of the Internet Banking System Using Three-Level

Security Implementation International Journal of Computer Science and Information

Technology & Security (IJCSITS). 4(6). 2249-9555

Emuoyibofarhe O.J , Fajuyigbe O. Emuoyibofarhe O.N and Alamu F.O. (2011). A Framework

for the Integration of Biometric Into Nigerian Banking ATM System . International Journal

of Computer Applications. 34(4):1-10.

Entrust 1. (2005). Consumer Perspectives on Online Banking Security.

www.entrust.com/resources/download.cfm/22314. Retrieved 6/8/2017

Fajfar, M (2004). Role and Security of Payment Systems in an Electronic Age. IMF Institute

Seminar on Current Development in Monetary and Financial Law in June 2004 . Available

at www.imf.org/external/np/leg/sem/2004/edmfl/eng/faj.pd

Falaye A. A, Osho O, Alabi I.O, Adama N.V and Amanambu V.R (2013). Secure

Authentication for Mobile Banking Using Facial Recognition. IOSR Journal of Computer

Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 10, Issue 3

Favour N (2013). CBN to Lunch Biometric Details of banks customers. Nigeria Vanguard

Newspaper December 11 2013.

Feng G, Dong K, Hu D and David Z (2004). When Faces Are Combined with Palmprints: A

Novel Biometric Fusion Strategy. Proceedings of First International Conference, ICBA

2004, (2004), Springer, 701-707

Friday W, Olumide L and Paul D (2012), “Action speaks louder than words – understanding

cyber criminal behavior using criminological theories,” Journal of internet banking and

commerce.17(1)

Gercke, M. (2011). Understanding Cybercrime: A Guide for Developing Countries. ICT

Applications and Cybersecurity Division. Policies and Strategies Department. ITU

Telecommunications Development Sector 2nd Edition, available at: www.itu.int/ITU-

D/cyb/cybersecurity/legislation.html.

Giles, J. (2010). The problem with online banking. New Scientist, 205, (2745) 18-19 available

from: http://www.sciencedirect.com/science/article/pii/S0262407910602242. Retrieved

1/11/2016.

Gregory D. W (2006). Enhanced Authentication In Online Banking. Journal of Economic Crime

Management Fall 2006, Volume 4, Issue 2

Gunajit S and Pranav K.S(2010). Internet Banking: Risk Analysis and Applicability of Biometric

Technology for Authentication. International Journal of Pure and Applied Sciences and

Technology Int. J. Pure Appl. Sci. Technol., 1(2):67-78

207

Gunson, N., Marshall, D., McInnes, F., & Jack, M. (2011). Usability evaluation of voiceprint

authentication in automated telephone banking: Sentences versus digits. Interacting with

Computers, 23(1):57–69.

Guruprasad, K.V and Sandeep P.H (2015). A modified Thinning Algorithm for Minitiae Feature

Extraction of Fingerprint Image on FPGA. Proceedings of 19th IRF International

Conference. 25th January 2015 Chennai. India.

Hakeem O and Oke A (2016). On securing ATM Transaction Using Bank Verification Number.

International Journal of Scientific and Engineering Research. 7(11). 483-488.

Halili E (2008). Apache Jmeter: A practical beginner’s guide automated testing and performance

measurement for your website. Packet Publishing, United Kingdom. Pp 129.

Hameed U.K (2014). E-banking: Online Transactions and Security Measures. Research Journal

of Applied Sciences, Engineering and Technology 7(19). 4056-4063

Harry S.K. (2002). E-fraud; current trends and International developments, Journal of Financial

Crime, 9(4):347-354.

Hochschild J.L (2009). Conducting Intensive Interviews and Elite Interviews". In Workshop on

Interdisciplinary Standards for Systematic Qualitative Research. National Science

Foundation, 2009.

Hosseini, S., Mohammadi, S. (2012). Review Banking on Biometric in the World’s Banks and

Introducing a Biometric Model for Iran’s Banking System. Journal of Basic and Applied

Scientific Research, 2(9)

Houssam E, Hanane H and Hicham M (2014). A Secure Electronic Transaction Payment

Protocol: Design and Implementation. International Journal of Advanced Computer

Science and Applications. 5(5)172-180

IBM (2011). May [Online]. ftp://170.225.15.40/software//data/sw-

library/industrymodels/sBDWBasel23_WhitePaper_v84.pdf. Retrieve 5/8/2017

Jaideep M, Hemant N, Harshal K, Neha M, Chaitali D (2013) International Journal of

Engineering Research and Applications (IJERA). Vol. 3, Issue 2,

Jain, A.K., Prabhakar, S., Hong, L. and Pankanti, S. (2000), “Filterbank-based fingerprint

matching” IEEE Trans. on Image Processing, pp.846-859.

Jain, A. K., Ross, A., and Pankanti, S. (2006). Biometrics: A tool for information security. IEEE

Trans. Information Forensics and Security, 1(2), 125–143.

Jeffrey, L.W., Lonnie,D.B. and Kevin,C.D.(2001). System Analysis and Design Methods.

Mcgraw Hill/Irwin, North America, 397.

208

Jiang H and Yang J (2007). On-line Payment and Security of E-commerce. Proceedings of the

2007 WSEAS International Conference on Computer Engineering and Applications. 545-

550.

Jim,A and Ila, N.(2004). UML 2.0 and the Unified Process. Second Edition. Practical Object

Oriented Analysis and Design, Addison Wesley Pearson Education, Canada 1-4.

Joseph M,Steven K and Micheal K (2015). A Study of Approaches and Measures aimed at

Securing Biometric Fingerprint Templates in Verification and Identification Systems.

International Journal of Computer Applications Technology and Research. 4(2):108 – 119.

Jung ho, E (2014). The Design of Robust Authentication Mechanism using User’s Biometrics

Signals. International Journal of Security and Its Applications 8(6):71-80

Keerthi P.P. Deepak R.G. Swathi K. and Rupali N. (2014). Secure Fingerprint Using Mosaicing.

IOSR Journal of Computer Science 3(2):73-79.

Khaled A.N (2015). A Framework for Secure Online Bank System Based on Hybrid Cloud

Architecture. Journal of Electronic Banking Systems. Vol. 2015 (2015), Article ID 614386,

13 pages. http://www.ibimapublishing.com/journals/JEBS/jebs.html. Retrieved 24/2/2017

Khatoon K, and Ghose M.K (2013). Multimodal Biometrics: A Review. International Journal of

Computer Science and Information Technology & Security, Vol. 3, No.3,

Koskosas, I. (2011). E-banking security: A communication perspective. Risk Management, 13

(12):81-99 available from:

http://search.ebscohost.com/login.aspx?direct=true&db=eoah&AN=24754949&sit

e=ehost-live. Retrieved 20/4/2015

Krutchen, P. (2003). The Rational Unified Process—An Introduction (3rd Edition). Reading,

MA: Addison-Wesley.

Kuncheva L I, Whitaker C.J, Shipp C.A, and. Duin R.P.W(2000). Is independence good for

combining classifiers?. Proceedings of Int’Conf. on Pattern Recognition (ICPR), Vol. 2,

(Barcelona, Spain), pp. 168–171

Laerte P Marcelo D. Holtz, Bernardo M. David, Flavio G. Deus and RafaelTimóteo de Sousa

(2011). A formal classification of internet banking attacks and vulnerabilities. International

Journal of Computer Science & Information Technology (IJCSIT).3(1). DOI :

10.5121/ijcsit.2011.3113

Lai V.S and Li H. (2005). Technology Acceptance Model for Internet Banking: An invariance

Analysis. Information and Management. 42(13).

Lee S, Raghav V and Sharman M. (2005). Secure Knowledhe Management and The Semantic

Web. Communications of the ACM. 48: 6.

209

Lupu, C. Lupu V,(2014). The beginnings of using fingerprints as biometric characteristics for

personal identfication purposes. Annals of the Constantin Brancusi University of Targu Jiu,

Engineering Series, No. 3/2014, pp. 53-56

Lupu C (2015). Development of optimal filters obtained through convolution methods, used for

fingerprint image enhancement and restoration. The USV annals of Economics and Public

Administration. 14(20):156-167, ISSN 2285–3332 (printed), 2344–3847 (online)

Mahadevi P and Sukumar, R (2015). Modeling Anti Phishing System for E-Banking Based on

Graphical Password Authentication Scheme. International Journal of Innovative Research

in Science, Engineering and Technology 4(5)

Maknahiv (2015). Internet Banking System Model Using Image and PIN. Journal of Computer

Science and Technology Security (JCSTS). 8(18). 112-119.

Mahmood A(2012). Distributed Online Banking. University of Illinois at Springfield 2356

William Maxwell Lane Apt # 403, Springfield, Illinois-62703

Mane V.M and Judhav D.V (2013). Review of Multimodal Biometrics: Applications, Challenges

and Research Areas. International Journal of Biometric and Bioinformatics, Vol. 3, Issue 3

Marcel, S. (2013). BEAT–biometrics evaluation and testing. Biometric technology today, (1), 5-

7.

Marshall C and Rossman G.B (2011). Designing Qualitative Research. Sage, 5th ed. edn., 2011.

Marketplace, A (2011) Nigerian Bank Deploys country first biometric ATM. ATM marketplace.

Industrial Report on 2015 ATM and Self-Service Software Treads.

Majid T, Mohammad A, and Mohammad R (2010). Mobile Based Secure Digital Wallet For

Peer To Peer Payment System. International Journal of UbiComp (IJU), Vol.1, No.4. DOI :

10.5121/iju.2010.1401 1

Masocha, R., Chiliya, N. and Zindiye S, (2010). ‘E-banking adoption by customers in the rural

milieus of South Africa: A case of Alice, Eastern Cape, South Africa’. [online] Available

at:<http://www.academicjournals.org/AJBM/PDF/pdf2011/4Mar/Masocha%20et%20

al.pdf> Retrieved 7/8/2016

Matthew J and Simon M (2007). A new approach to e-banking In U´ lfar Erlingsson and Andrei

Sabelfeld, editors, Proc. 12th Nordic Workshop on Secure IT Systems (NORDSEC 2007),

pages 127–138. Retrieved from http://www.matthew.ath.cx/publications/2007-Johnson

ebanking.pdf. Retrieved 7/8/2016

McCracken, G. (1988). The Long Interview. Sage Publications, Thousand Oaks, CA.

210

Meiappane A, Prasanna V.V, Jegatheeswari V, Kalpana B And Sarumathy U (2012). Pattern

Based Adaptive Architecture for Internet Banking. Annals of the Constantin Brancusi

University of Targu Jiu, Engineering Series, No. 1/2012, pp. 22-34

Meiappane A, and Prasanna V.V (2013). Request and Notification Pattern For An Internet

Banking System. International Journal of Computer Science and Information Technology

Research. Vol. 1, Issue 1, pp: 1-8

Michael E.W. and Herbat J.N. (2005), Principles of Information Security. Thomson course

Technology Printed in Canada.

Mikecz R (2012) Interviewing Elites Addressing Methodological Issues". Qualitative inquiry,

vol. 18, no. 6, pp. 482:493, 2012.

Mohammed A(2011). Strengthening One-time password authentication through usability.

International Journal of Computer Science and Information. 2(6) 48-53

Mukherjee, A and Nath P. (2003). A model of trust in online relationship banking. International

journal of Bank Marketing. 21(1):5-15

Murdoch, S. & Anderson, R. (2010), "Verified by Visa and MasterCard SecureCode: Or, How

Not to Design Authentication," In Financial Cryptography and Data Security, 6052 ed. R.

Sion, ed., Springer Berlin Heidelberg, pp. 336-342.

Nadeem A (2015). A Model for Protecting Online Banking Using Transaction Monitoring.

International Journal of Computer Networks and Communications Security VOL. 3, NO. 3.

78–82

Narendiran C, Albert R.S and Rajendran N (2008). Performance Evaluation on End-to-End

Security Architecture for Mobile Banking System. IEEE Commun 2008; August.

Nayer A. H, Mahdi R.G. K, Alireza N, Ali H, Bill R (2013). Personalized Security Approaches

in E-Banking Employing Flask Architecture over Cloud Environment. The 4th

International Conference on Emerging Ubiquitous Systems and Pervasive Networks

Nicolas R, Edgar W, and Andreas S (2010). A Process Model for Integrated IT Governance,

Risk, and Compliance Management," in Ninth Baltic Conference on Databases and

Information Systems , Riga, Latvia., 2010, pp. 155-170.

Noluxolo K and Rossouw von S (2014). A conceptual framework for cyber-security awareness

and education in SA. SACJ. 38. 80-106

Okediran O. O (2014) A Biometric Identification Based Scheme for Secured EPayment. Journal

of Computation in Biosciences and Engineering. 1(2):1-5

211

Olowookere A and Awode T (2014). Design of a Secured Electronic Voting System Using

Biometrics. International Journal of Innovative Research in Computer and Communication

Engineering. 2(12):101-106.

O'Neil M and Conti J.A (2007). Studying Power: Qualitative Methods and the Global Elite".

Qualitative Research, vol. 7, no. 1, pp. 63-82.

Paul I (2016). Female Banker, Accomplice Face Trial Over N67.9m Fraud. Available in

http://www.pmnewsnigeria.com/2016/01/18/female-banker-accomplice-face-trial-over-

n67-9m-fraud/ Retrieved 21/04/2016

Penny K (2013). SANS Security Essentials (GSEC) Practical Assignment Version 1.3,” Iris

Recognition Technology for Improved Authentication”.

Pe_ers K, Tuunanen T, Gengler C.E, Rossi M, Hui W, Virtanen V and Bragge J (2006). The

design science research process: A model for producing and presenting information

systems research". In Proceedings of the first international conference on design science

research in information systems and technology (DESRIST 2006), pp. 83-106.

Pe_ers K, Tuunanen T, Rothenberger M.A and Chatterjee S (2007) .A design science research

methodology for information systems research". Journal of management information

systems, 24(3):45-77

Prabowo, H.Y. (2011). Building our defense against credit card fraud: a strategic view, Journal

of Money Laundering Control, Vol. 14, No. 4, pp. 371-386. Emerald Group Publishing Ltd.

Pressman R.S (2010). Software Engineering: A practitioner’s Approach. Addison Wesley, 7th ed.

Qureshi T.M and Khan M.B (2008). Customer Acceptance of Online Banking in Developing

Economies. http://www.arraydev.com/commerce/jibc/2008- 04/Tahir%20Masood.pdf.

Retrieve 6/8/1017

Rabia J and Hamid R. A (2009). A Survey of Face Recognition Techniques. Journal of

Information Processing Systems. 5(2).

Raghavana, A.R., Parthiban, L. (2014). The effect of cybercrime on a Bank’s finances,

International Journal of Current Research & Academic Review. 2(2):173-178.

Rana T and Mumtaz A.K (2012). Evaluating Biometrics for Online Banking: The case for

usability, International Journal of Information Management. 32:489-494.

Ranjit D. Patil1 S.P. Patil, V.H. (2016). To Study the Security Aspects in the Online

Transactions Using PayPal. International Journal of Innovative Research in Computer and

Communication Engineering 4(1). 936-942

212

Rashmi H. (2015). Biometrics Authentication Technique with Kerberos for Email Login.

International Journal of Advances in Engineering and Technology. 7 (6):1735-1744.

Robyn W. (2012), “Issues in mHealth: Findings From Key Informant Interviews”. Online

Information journal. 30: 63-88

Rodrigo C, Michael G and Sadie C (2003. Applying Semantic Technologies to Fight

OnlineBanking Fraud.European Intelligence and Security Informatics Conference

Ross, K. Nandakumar, A.K. Jain M (2006), “Handbook of multibiometrics”, Springer, 2006,

ISBN 978-0-387-22296-7

Ross A and. Jain A. K (2003), “Information fusion in biometrics,” Pattern Recognition Letters,

Vol. 24, pp. 2115– 2125

Ross A and Jain A.K (2004), “Multimodal Biometrics: An Overview”, Proceedings of 12th

European Signal Processing Conference (EUSIPCO), (Vienna, Austria), pp. 1221-1224

Rubins, H., and I. Rubins. (1995), Qualitative Interviewing.

Sage Publications, Thousand Oaks, CA.

Ruppinder S and Naringer R. (2014). Comparison of Various Biometric Methods. International

Journal of Advances in Science and Technology 2(1).

Sachan A and Ali A. (2006). Competing in the age of information technology in a developing

economy: Experiences of an Indian Bank. Journal of Cases on Information Technology. 8:

19.

Sandeep P.S , Shiv S.P, Shukla ,Nitin R and Vipin T (2011). Problem Reduction in Online

Payment System Using Hybrid Model. International Journal of Managing Information

Technology. 3(3). 62-71.

Selina O and Jane O (2012). Enhanced ATM Security System Using Biometrics. International

Journal of Computer Sceince Issues. 9(5):352-357.

Simic, D. (2005). Reducing Fraud In Electronic Payment Systems. The 7th Balkan Conference

on Operational Research BACOR 05 Constanta, Romania.

Smith K (2006) Problematizing Power Relations in Elite Interviews". Geoforum, vol. 37, pp.

643:653, 2006.

Sommerville, I. (2011). Software Engineering. Addison Wesley, 9th ed.

Sri S.D and Smt J.D (2011). Designing a Biometric Strategy (Fingerprint) Measure for

Enhancing ATM Security in Indian E-Banking System. International Journal of

Information and Communication Technology Research. 1(5):197-203.

213

Shafeeq A and Vipin M (2012). Domain-Driven Architecture for Object-Oriented Software

System. Ubiquitous Computing and Communication Journal .3(5).

Shah, M.H., (2012). Critical Success Factors in e-Banking: A Study of Two UK Retail Bank.

Shewangu D (2015). Cyber-banking fraud risk mitigation conceptual model. Banks and Bank

Systems, 10(2)

Shouvik B, Anamitra B, Roy,K Ghosh M and NilanjanD (2012). A Biometric

Authentication Based Secured ATM Banking System. International journal of Advanced

Research in Computer Science and software Engineering. 2(4):178-182.

Skinner, C. (2012). Who the hell needs biometrics in banking? Financial services club Blog.

(26.1.2012). http://thefinanser.co.uk/fsclub/2012/01/who-the-hell-needsbiometrics- in-

banking.html. Retrieved 9/8/2015

Taiwo O.A, Tajudeen J.A and Ebeneza Y.A (2011). Electronic Payment System in Nigeria:

Implementation, Constraints and Solutions. Journal of Management and Society.1(2):16-

21.

Tansey O (2007). Process Tracing and Elite Interviewing: a case for non-probability sampling".

PS: Political Science & Politics, vol. 40, no. 04, pp. 765:772, 2007.

Temitope O, Pavol Z, Ron R and Dale L (2009. Security Modeling of Mobile Payment System

Architecture . Proc. of International Conference on Availability, Reliability and Security

(ARES ’09), pp. 695-700

Tendelkur, R. (2013). Cyber-crime, securities markets and systematic risk, Joint Staff Working

Paper of the IOSCO Research Department and World Federation of Exchanges.

Tiang X and Yau W. (2000). Fingerprint Minutiae Matching Based on the Local and Global

Structures. 5th Int. Conf. Pattern Recognition 2:1038-1041.

Thompson G. (2011). Why firms should think twice before storing sensitive data down south.

Ottawa Business Journal. [Online]. Available: http://www.obj.ca/Opinion/2011-01-

20/article-2139749/Cloud-computing,-the-Patriot-Act-and-you/1 Retrieved 2/8/2015

Toledano, D. T., Pozo, R. F., Trapote, A. H., & Gomez, L. H. (2006). Usability evaluation of

multi-modal biometric verification systems. Interacting with Computers, 18:1101–1122.

Vandommele T (2010). Biometric Authentication Today. Available at

http://www.csc.hut.fi/en/publications/B/11/papers/vandommele.pdf. Retrieved 2/6/2015

Venkatesh V and Bala H. (2008). Technology Acceptance Model 3 and a Research Agenda on

Interventions. Decision Sciences.39(1).

214

Vidya P and Aswathy R.S. (2014). Privacy Improvement for Fingerprint Recognition Based on

RSA International Conference on Innovations and Advance in Science Engineering and

Technology. 3(5):340-345.

Vivian N (2009), “Advanced Systems Analysis And Design. National Open University of

Nigeria.102”.

Vivek A, Vinay K, Vishal G and Komal T(2014). Multi Banking Transaction Interface Using

MVC2 Architecture. International Journal of Computer Science & Engineering

Technology. 5(4), 384-388.

William F. Elmendorf and Luloff A.E .(2006), “Using Key Informant Interviews to Better

Understand Open Space Conservation in a Developing Watershed, Arboriculture & Urban

Forestry 32(2).

WiseGeek. (2013). What is Bank Fraud?. [Online] Available at:<url:

http://www.wisegeek.com/what-is-bank-fraud.htm> Retrieved 12/06/2016

Wresch W and Fraser S. (2006). Managerial strategies used to overcome technological hurdles:

A review of e-commerce efforts used by innovative Caribbean managers. Journal of Global

Information Management. 14: 16.

Yang S.J, Zhang J and Lan B.C (2006). Service Level agreement based Qos Analysis for web

services Discovering and composition. International Journal of Internet and Enterprise

Management. Inderscience. 1251-1271.

Zakaria, S. (2013). The Impact of Identity Theft on Perceived Security and Trusting E-

Commerce, Journal of Internet Banking and Commerce, 18(2):1-12.

Zoe K (2014). Politician Fingerprint Cloned from Photos by Hacker. 31st Annual Chaos

Computer Conference in Hambury Germany. Available at BBC New Technology.

215