IMPROVED SECURITY MECHANISM FOR MOBILE BANKING TRANSACTIONS: THE CASE OF ETHIOPIAN MOBILE BANKING SYSTEM

Abstract

Mobile banking is attractive and convenient approach to perform remote banking services from anywhere and anytime by bank customers. However, there are security deficits in the present mobile banking implementations. Most mobile banking services are established on GSM/SMS. GSM is utilized for data transmission where is sends data in plaintext without any security features. However, financial service providers tend to rely on the security services extensions provided by the GSM infrastructure which has been proved to be susceptible to security attacks related to mobile technologies. The objective of this study is to improve user authentication and end to end security mechanism to enhance the reliability, confidentiality and integrity of SMS based mobile banking services across mobile networks. This work proposes user managed randomly generated question information using pre-saved question and answer on server for authentication mechanism with end-to-end encryption facility to enhance data protection across mobile networks. To do so, assessment on the existing mobile banking service in Ethiopia has been conducted. Based on the assessment on banking reports, related literature and own experience. Finally a prototype is developed for mobile banking services. This work address issues of data confidentiality, user authentication and message integrity in order to provide authentication and end-to-end security for data carried on GSM networks.