SlideShare une entreprise Scribd logo

Fingerpay

Anand B
Anand B
1  sur  13
Télécharger pour lire hors ligne
FINGERPAY Team Invictus Anand B banand@live.com We build the trust in mobile banking solutions We provide secure banking solution using Biometrics for end-user authentication and help our customers gain end-user's trust on mobile banking applications. We believe security in Something you have: Unique App Something you are: Fingerprint Something you know: Password
Introduction Trust is a concept of expressing the positive belief that a person or a system we interact with will behave as expected. In the majority of situations, such trust-based interactions work out in the right way, because the parties we interact with are trustworthy. In fact, our entire complex society is based on such trust relations between people and systems, and it would not last very long when no one or nothing could be trusted. However, we don’t live in an ideal world, and in this world we could not guarantee that everyone is trustworthy. Many parties have external motives to behave in a trustworthy manner. Some like criminals and terrorist parties cannot be trusted at all, but this can also include disgruntled employees, envious colleagues or even normally honest people who are tempted to abuse. We need systems that induce, guarantee or even enforce trustworthiness of parties in our non-ideal world. This is what we call security, i.e. security is a means to enable trust. In the past, and even till today, security is either based on physical protection and prevention measures, on observation and detection of untrusted elements. For example, in order to keep its (your) money secure bank uses physical protection and store the money in a vault. The vault can be accessed only by bank’s employees and many technologies are used to detect access of vault by other people. Finally, criminal act law, trying to rob yields prosecution when caught. In our digitalizing modern world, these techniques are no longer sufficient to adequately enable trusted interactions, both due to i) the nature of the interactions, and ii) the scale of the possible threats. i. The remote and generic nature of many digital interactions lacks physical protection and assurance measures, many of which are even implicitly present in non-digital communications. For example, in the past, most interactions with your bank would take place inside the bank’s building, face-to-face with one of the bank’s employees. You (implicitly) trusted the authenticity of this interaction, e.g. because the building was always in the same place, and perhaps because you physically recognized the clerk from previous transactions, and vice versa. However, in the last couple of years, interactions with your bank have shifted largely to online banking systems. In such an online system, e.g. a website, this implied notion of authenticity does no longer exist, since everyone could set up a website resembling that of your bank, and even fake its web address. The same holds from the bank’s perspective: everyone could log-in to the website and claim to be you. Other security measures are needed to guarantee the authenticity of this interaction. ii. The main success of digitalization is that it enables automation of information processes to very large scales and speeds. However, this is also one of the main risk factors when it comes to digital crime. For example, in the real (non-digital) world, there is a risk of having your wallet stolen on the street. However, a thief will have to focus on one victim at a time, and for each attempt there exists a significant risk of failure which often ends in getting caught. In a vastly interconnected computer network like the Internet, with hundreds of millions of simultaneously active users, a digital thief can deploy a computer program which targets thousands or millions at a time at an incredibly fast pace. Moreover, failed attacks typically go by unnoticed or are hard to trace back, and even with a very small success rate the thief will get a significant return due to the vast number of targeted victims. Like the threat, the security measures will also need to be digitized and automated in order to offer adequate protection. The above introduction is derived from a report “Physically Unclonabloe Functions: Constructions, Properties and Applications” by Roel MAES. Katholieke Universiteit Leuven. This report is the base work of my current project on PUF. Fingerpay is designed such a way that will bring solution to security challenges that exists in real world.
Analysis – Business Idea - Value proposition The above terms can be closely correlated with three magic letters “CPS”. CPS stands for Customer, Problem and Solution. For a business to be successful, a clear identification of these three parameters are more important than the business model canvas of the company. For Fingerpay, I would like to present these parameters in the upcoming paragraphs. Since we are focusing on B2B sector, we have added additional parameter Users, who actually uses our product. Problem Market research says that Banks incur millions of euros in losses annually due to Internet banking fraud. A growing (52%) of the Internet banking users manage their finances through smart-phones. On the other hand another research says that there are 18% of existing customers quit the mobile banking service in the last year. The most probable reason is that they should have felt that there is a lack of security. The incidents of technology fraud and identity theft will increase rapidly. The reason for these attacks is that is lack of security aspects in the system of digital world. The team Invitus containing six people on board took this as a major challenge in the use case mobile devices under Security Privacy and Trust. Solution FingerPay provides the Finger Pay solution that will eliminate the problem to a good extent. After extensive research we found that the only way to introduce security in mobile application is by addressing the answer to the following two questions. i) How to make the nature of the interactions secure? ii) How to reduce the scale of the possible threats? We continuously reiterated the possible solutions for these two questions. For every solution we did the feasibility study and market potential. The brief best feasible solution are: i) Use strong authentication mechanism like biometrics to find the operating party is the true owner of the bank account. We found that this alone will not solve the problem of interaction. We also need a strong mechanism to verify the mobile application. ii) Publishing the banking app in the app store is the main advantage for the attackers to do scalable attacks. We introduce the customized banking solutions which could exponentially reduce the mobile banking attacks. In the customized banking application you receive there will be homomorphic encrypted biometric template will be hard coded. We also ensure that there is no need for the bank to store the biometric template anywhere in their database. In addition to these, with a survey we found that about 73% people get SMS to authenticate transaction, which is highly insecure. We also avoid this in our solution, thereby providing a risk free mobile banking. Customers Customers are the people who transform the Problem and Solution meaningful. For our business the direct customers are the Banks who are looking for secure solutions. To be precise, Information Technology Risk Management (ITRM) department of any given bank is the one who will be very interested in our product.
We contacted bank managers of different banks and validated that the bank is facing serious problems with mobile banking solutions and the complaints are exponentially ricing. We were still trying to set up a meeting with a person from ITRM to validate our solution. Users Users are those who actually use our products. For FingerPay the users will be the account owners of our customer banks. In order to analyze the user behavior we posted an online public survey and shared across various groups. The result of this survey conducted over the span of two weeks shows that 65% of users are feeling insecure to use mobile banking solutions, it was also reported that 80% of people are glad to use the fingerprint for the banking solutions. Technical Description In this section I would like to describe what could be a real problem in the traditional system and later I would present you the proposed solution we offer to solve these problems. Although this have been briefly explained in the solution paragraph of above section, being a technology engineer I would like to present the working model of the system. Technical Problems 1. App-Store The app-store of all the commonly used mobile operating systems behave almost in the same way. When I want to install a particular banking application and do a search in the app store I find there are many applications that resembles the original. According to user behavior majority of the users go with the first search result. But there is no guarantee that the real one comes first as the listing was based on many factors like Location of Mobile, History of installed apps, etc… Once the user installs the wrong app, the application administrators gains the advantage of getting all your information including Username, Password and Account balance. 2. SMS Channel The next big hole in the traditional system is the delivering some of the secret credentials over SMS. If you see the permissions of the applications as shown in the figure, it will become obvious that SMS channel is highly insecure. As you see the figure demonstrates the permission over SMS of Messenger. The app has ability not only to read the SMS but also to edit the SMS. It is not only this app, there exists many application which is meant for malicious activities. A mistaken application in your mobile makes the banking very unreilable. Technical Solution We deliver a simple software environment the bank on which almost all the actions are automated. During installation phase bank needs to feed the private key obtained for this solution into our software. Later when the user want to create a new account, he/she will be in the bank. In addition to the existing procedure, the account owner will be prompted for security. This software directly captures biometric
template from the sensor, extract the features and do homomorphic encryption. In the meanwhile, a new password for his account will be generated as per the traditional way of the bank. Once both of these steps are done the software generates application files (.apk, .ipa, etc...) for installation. These installation files will be securely given to the user by uploading it into the existing net banking infrastructure or by sending password protected mail. The above step ensures that there is no biometric template left in the bank. The figure depicting the working is shown below: Technical Implementation of the system To initiate the transaction the user enters his customer ID, which is safely sent to the bank for authentication. On successful authentication the bank replies with a Nonce (N1), after which the app prompts for biometrics of the user. After obtaining the biometrics, the app encrypts it and find the Euclidean distance. It also hashes the password, add the received nonce (N1). In addition a new nonce (N2) will be created by the app which is also added to the packet. All these are encrypted with the private key and sent to the bank. The bank decrypts and verifies all the credentials and reply back to the mobile using a N2 encrypted message. How we are different? The solution also changes the distribution channel of mobile banking applications. A user goes to bank, gets his fingerprints scanned, and receive upon opening a bank account and receives a personalized application that contains its fingerprint from bank. The user receives application via personalized web link or e-mail. This application only transmits the encrypted difference between input and hard-coded fingerprints towards the bank. The private-key of the bank ensures that only bank shall understand and authenticate the end user, hence satisfying the customer’s need for privacy of biometrics.
Technical Validation Being a security designer, it is important to validate our technical proposal. We proposed this solution to various technical researchers including Jovan Golic and Yehuda Lindell. In addition we had few interviewed with people from Security Labs of Trento University. To be true, we made lot of loop holes and space for reply attack. Meeting with technical researchers for consequent validations makes our product complete. Usability or Security? For any security system it is very important to have a tradeoff between the usability and security. According to our team for any successful system with wide user base, it is very important to have very good usability. The most of the secure systems are costly and difficult to uses, on the other hand the ease to use systems lack some amount of security. We examined this in deep, after which reworked on and obtained the above mentioned solution to develop a system that is secure, user-friendly and customer- friendly. This proposed system not only develops the customized application for the user in very easy steps but also enables the user authentication in a very simple way. We have designed our first prototype, to showcase the usability of the mobile banking system. The following three pictures depicts the experience of the user using this application. Step 1: user will be prompted for password Step 2: After authorizing, users’ biometrics will be prompted Step 3: Access your banking In the proposed system we removed the complexity of OTP (One-Time-Pad). Here for every new transaction the back send the challenge to the mobile. The mobile prompt the user for credentials (both pass and bio). The app solves the challenge and sends back the result to the bank for authentication. If it was a fake app, the response cannot be replied properly because it is the function of the incoming nonce, password and cryptographic data. It cannot be a fake user because he enters his password and authorize using his finger print. Thus we have designed a secure and ease to use mobile banking authentication system for the user and easy integration software environment to the banks.
Value chain “A value chain is a set of activities that a firm operating in a specific industry performs in order to deliver a valuable product or service for the market.” – Wikipedia Our team worked on this aspect to develop a sustainable business for finger pay. We have five steps structure for value chain cycle consisting of R&D, Product Development, Marketing Integration and Support. The following is our proposed value chain for Fingerpay. Competitors There are plenty of companies trying to address the security in the mobile banking solution. But most of them are thinking in network level attacks and vulnerability but not on the physical security. We tried to examine the companies who are trying to address the physical security for banking and we found the following companies are working on physical security but in different aspects as discussed below. Hoyos Labs: This is one of the leading technology solutions company addressing the banking security. Although this company has competitive technical solution, the usability has been very much sacrificed for the improvement in security. Daon Identity: This company is the primary competitor for us who capture biometrics of the user for government purposes. We differ from them by proposing that “We will not store fingerprints anywhere except in the users mobile that too in a harmonically encrypted way” Bank ID: This is the most effective tool currently used by some of the popular banks in Europe. It is very user friendly except the fact that the security provided by this application uses passwords over internet. However there is no second factor authentication on banking with this application Although there are many other companies who are competing us in banking solutions, we are different from them because we provide the banking solutions for mobile and we use biometrics for authentication. We have these competitors with us and plotted the following graph. • Identify Protocols • Algorithm Design R&D • MVP • Develop Product • Customer Acqusition • Advertise Marketing Link with existing architecture Integration After sales support Support
Competitor Analysis Go-to Market Strategy Our concept of mobile banking solutions is quite different yet scalable and sustainable. All Apple mobiles designed after iPhone 5C has fingerprint sensor embedded in the device. In addition apple said they will continue this feature in all the upcoming versions of the iPhone. The recent android devices manufactured by Samsung started to have an inbuilt fingerprint sensors. Since the era of fingerprint in mobile has started, it is right time for us to enter the market so that we can grow with the same curve as that of the mobile biometric sensor. We have designed the detailed roadmap and goals for the next one year which includes alpha and beta releases, Customer and user acquisition, testing, validation and certification. By the end of next year we will be in the market with at least 20000 users and with at least 2-3 customers. We further plan to participate in the various challenges and competitions in and around Europe so that we can build our company on our own. At later point of time we could approach VC’s for larger capital investment. •Idea Development •Bussiness development •Usebility implementation July 2015 •Alpha release •Nogatiate with the customer Dec 2015 •Beta release •Testing and validation •Get certified Mar 2016 •Integrate with first customers •Release for first 20000 users July 2016
Financial Perspective and cash flow analysis Fingerpay’s customers are banks that are dealing with savings and current accounts. These banks are prone to recession, which means that the profit of the bank can be somehow proportional to the GDP of the country. We, founders of Fingerpay believe that it is better to have a sustainable model with yearly payback will be more effective because we will be immune and have a predictable turnover all over the year. The detailed cost structure is as follows: We develop the software which creates with harmonically encrypted biometrics of the user free of cost to the bank. However we charge a small amount for integration of this software with the existing architecture. After successful deployment of the architecture the banks will be needing licenses to create customized applications. Creation of one application costs one license. The licenses are sold in bulk to the bank using a secret encrypted string that the software knows to decrypt. On successful decryption the licenses will be added balance license of the software. The cost of the licenses vary based on the number of licenses they buy. The following pic shows our plans of licensing. We have analyzed the projected cash flow of Fingerpay for next 3 years. We tried to include all the possible expenditure that could be incurred during the developing phase. We found that Fingerpay will reach the breakeven by the first few months of the second year. The following table depicts all expected expenditure (in Euro) of Fingerpay. Sr.No. Roadmap - Cash Flow 6 months 1st Year 2nd Year 3rd Year 1 R&D co-founders 0 0 0 0 2 Programmers 18,000 18,000 13,500 13,500 3 Customization of service 0 0 1 2 4 Rent 2,400 7,200 7,200 7,200 5 Utilities 1,800 4,800 4,800 4,800 6 Integration engineer 6,000 40,800 40,800 40,800 7 Travel 4,800 9,600 9,600 9,600 8 Cloud access 200 200 400 100 9 Total fixed 33,200 80,600 76,301 76,002 10 Gross margin -1,000 -710 132,300 264,600 11 Cloud usage variable 1,000 1,200 14,700 29,400 12 Revenues 0 490 147,000 294,000 13 Customers 300 1,000 300,000 600,000 14 Average per customer license 0.49 0.49 0.49 15 Cash flow -34,200 -81,310 55,999 188,598 16 Cash flow cumulate -34,200 -115,510 -59,511 129,087 Licensing costs
The cash flow graph shows that the cumulative capital required of Fingerpay will be around 115,510 euro by end of first year. By this time we will be getting technical approval/certification for our company. In the next year we will start the sales of licenses and sell around 300,000 licenses on an average cost of 0.49 euro. Development process Development process is one of the interesting and my favorite portion of this report. We were random people from different background on the day one. I wondered where I am going to find the partner for developing the new business. In couple of days, with various help from the coordinators we all got together and understood the strengths of different people trying to address similar problems. Within no time we made the first pitch on idea, which tuned everyone on their own interest. Finally, from the mobile devices we formed a team with couple of ideas such as mobile application security, mobile device management and mobile privacy. During the first pitch focusing on technical feasibility, we presented our idea of mobile application security. Our group have been criticized because we don’t have any business plan that can take over our business to the next level. All the competitors for us where pioneers in the market such as Apple, Samsung and Google. After late night discussions and market research we figure out that our idea is too wide with no real customers. Then we decided to target on the particular sector and choose banking after seeing the following results from google. Hacking ring has stolen up to $1 billion from US, European banks, report says. -Foxnews Bank Hackers Steal Millions via Malware. – New York Times Banking hack heist yields up to $1 billion. – USA Today The above news were so shocking for us, and it seems that technology frauds in bank are increasing at the speed of 30% per year.[3] Hence we decided to secure the banking of the users in a smart way. This is how Fingerpay evolved. Another advantage of Fingerpay is that its founders are from different countries and continents. This helped us to clearly understand the working of the banks in different countries and frame Fingerpay such that it work effectively in all the countries. -150 -100 -50 0 50 100 150 6 months 1st Year 2nd Year 3rd Year Cost(inthousandeuro) Time CashFlow Roadmap (€)
Validation For any business idea, just after the feasibility study, validation is becomes an important phase of evaluation. Hence the concept of Fingerpay was subjected to through validation. Understanding both the customers and the users are very important to us. We did surveys using online and offline tools to understand the user behavior. For customers, we tried to directly go for meeting with Information Technology Risk Management of the department. Since we were not able to reach them, we contacted various managers in the senior positions. The below figures explains the facts and figures obtained during the validation. Customer Validation We have personally interviewed four bank managers of different banks, on which 3 of them are very eager about our solution. They gave us valuable feedbacks and contacts to continue our progress. We are consistently trying to reach ITRM department of at least 3 banks before we make the sales proposal. In addition we tried to reach some of the managers via E-Mail and one the happy bank manager’s reply is as follows. I've read your plan. It was good. Finger print checking on mobiles! Innovative idea. Apple and HP have already come up with the concept of biometric passwords. An extra layer of security is always better when dealing with financial applications. All the very best in implementing this idea. P. V. Saroj Reddy, Branch Manager User Validation 25% 65% 10% MOBILE BANKING SECURE? Yes No No Answer 65% 25% 10% REASON FOR NOT USING MOBILE BANKING Insecure Complex I use mobile banking
Conclusion The world will be trending towards security and privacy in the near future. Once the people get to know about the privacy aspects, the first thing that will come to their mind is, “Is my money secure?” Since we provide a secure banking solution, Fingerpay will be an answer for this question. People involvement to give biometrics to save their own money will tremendously increase and every smartphone will be having biometric sensors inbuilt in it. This technology curve helps the Fingerpay to grow with the curve thereby reaching more people at the right time. Reference [1] Roel, Maes. Physically Unclonabloe Functions: Constructions, Properties and Applications. N.p.: Katholieke Universiteit Leuven, n.d. Print. [2] CROSMAN, PENNY. "Phone Scams Rise as Bank Fraud Goes Low-Tech." BANK TECHNOLOGY NEWS. American Bankar, 17 June 2015. Web. Usability Security Other WHICH IS MORE IMPORTANT FOR MOBILE BANKING? Yes No No Option FINGERPRINT FOR BANKING?
Fingerpay

Recommandé

Blueprint-for-SecuringMobileBankingApplications-Whitepaper
Blueprint-for-SecuringMobileBankingApplications-WhitepaperBlueprint-for-SecuringMobileBankingApplications-Whitepaper
Blueprint-for-SecuringMobileBankingApplications-WhitepaperBenjamin Wyrick
 
INTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISINTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISRAHUL KUMAR
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsIOSR Journals
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
Research Article
Research ArticleResearch Article
Research ArticleTabo Sokhowa
 
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...Syeful Islam
 
Analysis the attack and E-commerce security
Analysis the attack and E-commerce securityAnalysis the attack and E-commerce security
Analysis the attack and E-commerce securityArmy Institute Of Business Administration,Savar
 
Online Fraud Detection- A Review
Online Fraud Detection- A ReviewOnline Fraud Detection- A Review
Online Fraud Detection- A ReviewIRJET Journal
 

Recommandé

Blueprint-for-SecuringMobileBankingApplications-Whitepaper
Blueprint-for-SecuringMobileBankingApplications-WhitepaperBlueprint-for-SecuringMobileBankingApplications-Whitepaper
Blueprint-for-SecuringMobileBankingApplications-WhitepaperBenjamin Wyrick
 
INTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISINTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISRAHUL KUMAR
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsIOSR Journals
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
Research Article
Research ArticleResearch Article
Research ArticleTabo Sokhowa
 
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...An Algorithm for Electronic Money Transaction Security (Three Layer Security)...
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...Syeful Islam
 
Analysis the attack and E-commerce security
Analysis the attack and E-commerce securityAnalysis the attack and E-commerce security
Analysis the attack and E-commerce securityArmy Institute Of Business Administration,Savar
 
Online Fraud Detection- A Review
Online Fraud Detection- A ReviewOnline Fraud Detection- A Review
Online Fraud Detection- A ReviewIRJET Journal
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
H029044050
H029044050H029044050
H029044050researchinventy
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004Mike Spaulding
 
Safety Mechanism of Cyber Crime in Indian Banking System
Safety Mechanism of Cyber Crime in Indian Banking SystemSafety Mechanism of Cyber Crime in Indian Banking System
Safety Mechanism of Cyber Crime in Indian Banking Systempaperpublications3
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015TransUnion
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
Bio metrics in secure e transaction
Bio metrics in secure e transactionBio metrics in secure e transaction
Bio metrics in secure e transactionIJARIIT
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceJordan Schroeder
 
Mobile wallet security
Mobile wallet securityMobile wallet security
Mobile wallet securityMahindra Comviva
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsDR.P.S.JAGADEESH KUMAR
 
E-banking FOR CLASS 10 students
E-banking FOR CLASS 10 studentsE-banking FOR CLASS 10 students
E-banking FOR CLASS 10 studentsSartha Gupta
 
Internet Banking in Malaysia
Internet Banking in MalaysiaInternet Banking in Malaysia
Internet Banking in Malaysiayun6098
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Bi
BiBi
BiHabibah Mat
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05BookStoreLib
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking sathyananda prabhu
 
Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemAM Publications,India
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
 
13_2
13_213_2
13_2Prince Gupta
 
Plaquette Advertiz Ok PDF
Plaquette Advertiz Ok PDFPlaquette Advertiz Ok PDF
Plaquette Advertiz Ok PDFAdvertiz Suisse SARL
 
Update profile
Update profileUpdate profile
Update profileRibily
 
3.3. FE UNCION
3.3. FE UNCION3.3. FE UNCION
3.3. FE UNCIONErnesto Navarrete
 

Contenu connexe

Tendances

Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004Mike Spaulding
 
Safety Mechanism of Cyber Crime in Indian Banking System
Safety Mechanism of Cyber Crime in Indian Banking SystemSafety Mechanism of Cyber Crime in Indian Banking System
Safety Mechanism of Cyber Crime in Indian Banking Systempaperpublications3
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015TransUnion
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
Bio metrics in secure e transaction
Bio metrics in secure e transactionBio metrics in secure e transaction
Bio metrics in secure e transactionIJARIIT
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceJordan Schroeder
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsDR.P.S.JAGADEESH KUMAR
 
E-banking FOR CLASS 10 students
E-banking FOR CLASS 10 studentsE-banking FOR CLASS 10 students
E-banking FOR CLASS 10 studentsSartha Gupta
 
Internet Banking in Malaysia
Internet Banking in MalaysiaInternet Banking in Malaysia
Internet Banking in Malaysiayun6098
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05BookStoreLib
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking sathyananda prabhu
 
Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemAM Publications,India
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
 

Tendances (19)

Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobile
 
H029044050
H029044050H029044050
H029044050
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
 
Safety Mechanism of Cyber Crime in Indian Banking System
Safety Mechanism of Cyber Crime in Indian Banking SystemSafety Mechanism of Cyber Crime in Indian Banking System
Safety Mechanism of Cyber Crime in Indian Banking System
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
Bio metrics in secure e transaction
Bio metrics in secure e transactionBio metrics in secure e transaction
Bio metrics in secure e transaction
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing Defence
 
Mobile wallet security
Mobile wallet securityMobile wallet security
Mobile wallet security
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking Applications
 
E-banking FOR CLASS 10 students
E-banking FOR CLASS 10 studentsE-banking FOR CLASS 10 students
E-banking FOR CLASS 10 students
 
Internet Banking in Malaysia
Internet Banking in MalaysiaInternet Banking in Malaysia
Internet Banking in Malaysia
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
Bi
BiBi
Bi
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking
 
Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA Cryptosystem
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...
 
13_2
13_213_2
13_2
 

En vedette

Update profile
Update profileUpdate profile
Update profileRibily
 
Whatsapp - Secret Sauce, Useful Info and User Innovations
Whatsapp - Secret Sauce, Useful Info and User InnovationsWhatsapp - Secret Sauce, Useful Info and User Innovations
Whatsapp - Secret Sauce, Useful Info and User InnovationsJordan Goms
 

En vedette (10)

Plaquette Advertiz Ok PDF
Plaquette Advertiz Ok PDFPlaquette Advertiz Ok PDF
Plaquette Advertiz Ok PDF
 
Update profile
Update profileUpdate profile
Update profile
 
3.3. FE UNCION
3.3. FE UNCION3.3. FE UNCION
3.3. FE UNCION
 
SIKIM
SIKIMSIKIM
SIKIM
 
Whatsapp - Secret Sauce, Useful Info and User Innovations
Whatsapp - Secret Sauce, Useful Info and User InnovationsWhatsapp - Secret Sauce, Useful Info and User Innovations
Whatsapp - Secret Sauce, Useful Info and User Innovations
 
Carol mishell
Carol mishellCarol mishell
Carol mishell
 
Lumen
LumenLumen
Lumen
 
Cromatologia y pelaje
Cromatologia y pelajeCromatologia y pelaje
Cromatologia y pelaje
 
Noticia BYON.
Noticia BYON. Noticia BYON.
Noticia BYON.
 
Archimedes Trajano
Archimedes TrajanoArchimedes Trajano
Archimedes Trajano
 

Similaire à Fingerpay

Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportContent Rules, Inc.
 
E-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-CommerceE-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-Commerceabe8512000
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech applicationnimbleappgenie
 
A Novel Approach for E-Payment Using Virtual Password System
A Novel Approach for E-Payment Using Virtual Password SystemA Novel Approach for E-Payment Using Virtual Password System
A Novel Approach for E-Payment Using Virtual Password Systemijcisjournal
 
Consumer awareness and usage of e
Consumer awareness and usage of eConsumer awareness and usage of e
Consumer awareness and usage of eajeccleton
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
Lab 4Identity theftIdentity theft is one of the major issues .docx
Lab 4Identity theftIdentity theft is one of the major issues .docxLab 4Identity theftIdentity theft is one of the major issues .docx
Lab 4Identity theftIdentity theft is one of the major issues .docxDIPESH30
 
Top Cybersecurity Challenges Faced By Fintech Applications! .pdf
Top Cybersecurity Challenges Faced By Fintech Applications! .pdfTop Cybersecurity Challenges Faced By Fintech Applications! .pdf
Top Cybersecurity Challenges Faced By Fintech Applications! .pdfTechugo Inc
 
Collaborate and Build Solutions for the Bank and Fintech Industry.pdf
Collaborate and Build Solutions for the Bank and Fintech Industry.pdfCollaborate and Build Solutions for the Bank and Fintech Industry.pdf
Collaborate and Build Solutions for the Bank and Fintech Industry.pdfTechugo
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsLapman Lee ✔
 
Vol 17 No 2 - July-December 2017
Vol 17 No 2 - July-December 2017Vol 17 No 2 - July-December 2017
Vol 17 No 2 - July-December 2017ijcsbi
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by RegulaRegula
 
Cyber Impact of Fake Instagram Business Account Identify Based on Sentiment A...
Cyber Impact of Fake Instagram Business Account Identify Based on Sentiment A...Cyber Impact of Fake Instagram Business Account Identify Based on Sentiment A...
Cyber Impact of Fake Instagram Business Account Identify Based on Sentiment A...IRJET Journal
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docx8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docxArindamGhosal6
 
Best Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docxBest Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docxArindamGhosal6
 

Similaire à Fingerpay (20)

Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware Report
 
E-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-CommerceE-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-Commerce
 
WeDo Technologies Blog 2014
WeDo Technologies Blog 2014WeDo Technologies Blog 2014
WeDo Technologies Blog 2014
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
 
A Novel Approach for E-Payment Using Virtual Password System
A Novel Approach for E-Payment Using Virtual Password SystemA Novel Approach for E-Payment Using Virtual Password System
A Novel Approach for E-Payment Using Virtual Password System
 
Consumer awareness and usage of e
Consumer awareness and usage of eConsumer awareness and usage of e
Consumer awareness and usage of e
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
Lab 4Identity theftIdentity theft is one of the major issues .docx
Lab 4Identity theftIdentity theft is one of the major issues .docxLab 4Identity theftIdentity theft is one of the major issues .docx
Lab 4Identity theftIdentity theft is one of the major issues .docx
 
Top Cybersecurity Challenges Faced By Fintech Applications! .pdf
Top Cybersecurity Challenges Faced By Fintech Applications! .pdfTop Cybersecurity Challenges Faced By Fintech Applications! .pdf
Top Cybersecurity Challenges Faced By Fintech Applications! .pdf
 
Collaborate and Build Solutions for the Bank and Fintech Industry.pdf
Collaborate and Build Solutions for the Bank and Fintech Industry.pdfCollaborate and Build Solutions for the Bank and Fintech Industry.pdf
Collaborate and Build Solutions for the Bank and Fintech Industry.pdf
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threats
 
Vol 17 No 2 - July-December 2017
Vol 17 No 2 - July-December 2017Vol 17 No 2 - July-December 2017
Vol 17 No 2 - July-December 2017
 
ARTIFICIAL INTELLIGENCE IN DIGITAL BANKING
ARTIFICIAL INTELLIGENCE IN DIGITAL BANKINGARTIFICIAL INTELLIGENCE IN DIGITAL BANKING
ARTIFICIAL INTELLIGENCE IN DIGITAL BANKING
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula
 
Cyber Impact of Fake Instagram Business Account Identify Based on Sentiment A...
Cyber Impact of Fake Instagram Business Account Identify Based on Sentiment A...Cyber Impact of Fake Instagram Business Account Identify Based on Sentiment A...
Cyber Impact of Fake Instagram Business Account Identify Based on Sentiment A...
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
 
8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docx8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docx
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
 
Best Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docxBest Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docx
 

Fingerpay

  • 1. FINGERPAY Team Invictus Anand B banand@live.com We build the trust in mobile banking solutions We provide secure banking solution using Biometrics for end-user authentication and help our customers gain end-user's trust on mobile banking applications. We believe security in Something you have: Unique App Something you are: Fingerprint Something you know: Password
  • 2. Introduction Trust is a concept of expressing the positive belief that a person or a system we interact with will behave as expected. In the majority of situations, such trust-based interactions work out in the right way, because the parties we interact with are trustworthy. In fact, our entire complex society is based on such trust relations between people and systems, and it would not last very long when no one or nothing could be trusted. However, we don’t live in an ideal world, and in this world we could not guarantee that everyone is trustworthy. Many parties have external motives to behave in a trustworthy manner. Some like criminals and terrorist parties cannot be trusted at all, but this can also include disgruntled employees, envious colleagues or even normally honest people who are tempted to abuse. We need systems that induce, guarantee or even enforce trustworthiness of parties in our non-ideal world. This is what we call security, i.e. security is a means to enable trust. In the past, and even till today, security is either based on physical protection and prevention measures, on observation and detection of untrusted elements. For example, in order to keep its (your) money secure bank uses physical protection and store the money in a vault. The vault can be accessed only by bank’s employees and many technologies are used to detect access of vault by other people. Finally, criminal act law, trying to rob yields prosecution when caught. In our digitalizing modern world, these techniques are no longer sufficient to adequately enable trusted interactions, both due to i) the nature of the interactions, and ii) the scale of the possible threats. i. The remote and generic nature of many digital interactions lacks physical protection and assurance measures, many of which are even implicitly present in non-digital communications. For example, in the past, most interactions with your bank would take place inside the bank’s building, face-to-face with one of the bank’s employees. You (implicitly) trusted the authenticity of this interaction, e.g. because the building was always in the same place, and perhaps because you physically recognized the clerk from previous transactions, and vice versa. However, in the last couple of years, interactions with your bank have shifted largely to online banking systems. In such an online system, e.g. a website, this implied notion of authenticity does no longer exist, since everyone could set up a website resembling that of your bank, and even fake its web address. The same holds from the bank’s perspective: everyone could log-in to the website and claim to be you. Other security measures are needed to guarantee the authenticity of this interaction. ii. The main success of digitalization is that it enables automation of information processes to very large scales and speeds. However, this is also one of the main risk factors when it comes to digital crime. For example, in the real (non-digital) world, there is a risk of having your wallet stolen on the street. However, a thief will have to focus on one victim at a time, and for each attempt there exists a significant risk of failure which often ends in getting caught. In a vastly interconnected computer network like the Internet, with hundreds of millions of simultaneously active users, a digital thief can deploy a computer program which targets thousands or millions at a time at an incredibly fast pace. Moreover, failed attacks typically go by unnoticed or are hard to trace back, and even with a very small success rate the thief will get a significant return due to the vast number of targeted victims. Like the threat, the security measures will also need to be digitized and automated in order to offer adequate protection. The above introduction is derived from a report “Physically Unclonabloe Functions: Constructions, Properties and Applications” by Roel MAES. Katholieke Universiteit Leuven. This report is the base work of my current project on PUF. Fingerpay is designed such a way that will bring solution to security challenges that exists in real world.
  • 3. Analysis – Business Idea - Value proposition The above terms can be closely correlated with three magic letters “CPS”. CPS stands for Customer, Problem and Solution. For a business to be successful, a clear identification of these three parameters are more important than the business model canvas of the company. For Fingerpay, I would like to present these parameters in the upcoming paragraphs. Since we are focusing on B2B sector, we have added additional parameter Users, who actually uses our product. Problem Market research says that Banks incur millions of euros in losses annually due to Internet banking fraud. A growing (52%) of the Internet banking users manage their finances through smart-phones. On the other hand another research says that there are 18% of existing customers quit the mobile banking service in the last year. The most probable reason is that they should have felt that there is a lack of security. The incidents of technology fraud and identity theft will increase rapidly. The reason for these attacks is that is lack of security aspects in the system of digital world. The team Invitus containing six people on board took this as a major challenge in the use case mobile devices under Security Privacy and Trust. Solution FingerPay provides the Finger Pay solution that will eliminate the problem to a good extent. After extensive research we found that the only way to introduce security in mobile application is by addressing the answer to the following two questions. i) How to make the nature of the interactions secure? ii) How to reduce the scale of the possible threats? We continuously reiterated the possible solutions for these two questions. For every solution we did the feasibility study and market potential. The brief best feasible solution are: i) Use strong authentication mechanism like biometrics to find the operating party is the true owner of the bank account. We found that this alone will not solve the problem of interaction. We also need a strong mechanism to verify the mobile application. ii) Publishing the banking app in the app store is the main advantage for the attackers to do scalable attacks. We introduce the customized banking solutions which could exponentially reduce the mobile banking attacks. In the customized banking application you receive there will be homomorphic encrypted biometric template will be hard coded. We also ensure that there is no need for the bank to store the biometric template anywhere in their database. In addition to these, with a survey we found that about 73% people get SMS to authenticate transaction, which is highly insecure. We also avoid this in our solution, thereby providing a risk free mobile banking. Customers Customers are the people who transform the Problem and Solution meaningful. For our business the direct customers are the Banks who are looking for secure solutions. To be precise, Information Technology Risk Management (ITRM) department of any given bank is the one who will be very interested in our product.
  • 4. We contacted bank managers of different banks and validated that the bank is facing serious problems with mobile banking solutions and the complaints are exponentially ricing. We were still trying to set up a meeting with a person from ITRM to validate our solution. Users Users are those who actually use our products. For FingerPay the users will be the account owners of our customer banks. In order to analyze the user behavior we posted an online public survey and shared across various groups. The result of this survey conducted over the span of two weeks shows that 65% of users are feeling insecure to use mobile banking solutions, it was also reported that 80% of people are glad to use the fingerprint for the banking solutions. Technical Description In this section I would like to describe what could be a real problem in the traditional system and later I would present you the proposed solution we offer to solve these problems. Although this have been briefly explained in the solution paragraph of above section, being a technology engineer I would like to present the working model of the system. Technical Problems 1. App-Store The app-store of all the commonly used mobile operating systems behave almost in the same way. When I want to install a particular banking application and do a search in the app store I find there are many applications that resembles the original. According to user behavior majority of the users go with the first search result. But there is no guarantee that the real one comes first as the listing was based on many factors like Location of Mobile, History of installed apps, etc… Once the user installs the wrong app, the application administrators gains the advantage of getting all your information including Username, Password and Account balance. 2. SMS Channel The next big hole in the traditional system is the delivering some of the secret credentials over SMS. If you see the permissions of the applications as shown in the figure, it will become obvious that SMS channel is highly insecure. As you see the figure demonstrates the permission over SMS of Messenger. The app has ability not only to read the SMS but also to edit the SMS. It is not only this app, there exists many application which is meant for malicious activities. A mistaken application in your mobile makes the banking very unreilable. Technical Solution We deliver a simple software environment the bank on which almost all the actions are automated. During installation phase bank needs to feed the private key obtained for this solution into our software. Later when the user want to create a new account, he/she will be in the bank. In addition to the existing procedure, the account owner will be prompted for security. This software directly captures biometric
  • 5. template from the sensor, extract the features and do homomorphic encryption. In the meanwhile, a new password for his account will be generated as per the traditional way of the bank. Once both of these steps are done the software generates application files (.apk, .ipa, etc...) for installation. These installation files will be securely given to the user by uploading it into the existing net banking infrastructure or by sending password protected mail. The above step ensures that there is no biometric template left in the bank. The figure depicting the working is shown below: Technical Implementation of the system To initiate the transaction the user enters his customer ID, which is safely sent to the bank for authentication. On successful authentication the bank replies with a Nonce (N1), after which the app prompts for biometrics of the user. After obtaining the biometrics, the app encrypts it and find the Euclidean distance. It also hashes the password, add the received nonce (N1). In addition a new nonce (N2) will be created by the app which is also added to the packet. All these are encrypted with the private key and sent to the bank. The bank decrypts and verifies all the credentials and reply back to the mobile using a N2 encrypted message. How we are different? The solution also changes the distribution channel of mobile banking applications. A user goes to bank, gets his fingerprints scanned, and receive upon opening a bank account and receives a personalized application that contains its fingerprint from bank. The user receives application via personalized web link or e-mail. This application only transmits the encrypted difference between input and hard-coded fingerprints towards the bank. The private-key of the bank ensures that only bank shall understand and authenticate the end user, hence satisfying the customer’s need for privacy of biometrics.
  • 6. Technical Validation Being a security designer, it is important to validate our technical proposal. We proposed this solution to various technical researchers including Jovan Golic and Yehuda Lindell. In addition we had few interviewed with people from Security Labs of Trento University. To be true, we made lot of loop holes and space for reply attack. Meeting with technical researchers for consequent validations makes our product complete. Usability or Security? For any security system it is very important to have a tradeoff between the usability and security. According to our team for any successful system with wide user base, it is very important to have very good usability. The most of the secure systems are costly and difficult to uses, on the other hand the ease to use systems lack some amount of security. We examined this in deep, after which reworked on and obtained the above mentioned solution to develop a system that is secure, user-friendly and customer- friendly. This proposed system not only develops the customized application for the user in very easy steps but also enables the user authentication in a very simple way. We have designed our first prototype, to showcase the usability of the mobile banking system. The following three pictures depicts the experience of the user using this application. Step 1: user will be prompted for password Step 2: After authorizing, users’ biometrics will be prompted Step 3: Access your banking In the proposed system we removed the complexity of OTP (One-Time-Pad). Here for every new transaction the back send the challenge to the mobile. The mobile prompt the user for credentials (both pass and bio). The app solves the challenge and sends back the result to the bank for authentication. If it was a fake app, the response cannot be replied properly because it is the function of the incoming nonce, password and cryptographic data. It cannot be a fake user because he enters his password and authorize using his finger print. Thus we have designed a secure and ease to use mobile banking authentication system for the user and easy integration software environment to the banks.
  • 7. Value chain “A value chain is a set of activities that a firm operating in a specific industry performs in order to deliver a valuable product or service for the market.” – Wikipedia Our team worked on this aspect to develop a sustainable business for finger pay. We have five steps structure for value chain cycle consisting of R&D, Product Development, Marketing Integration and Support. The following is our proposed value chain for Fingerpay. Competitors There are plenty of companies trying to address the security in the mobile banking solution. But most of them are thinking in network level attacks and vulnerability but not on the physical security. We tried to examine the companies who are trying to address the physical security for banking and we found the following companies are working on physical security but in different aspects as discussed below. Hoyos Labs: This is one of the leading technology solutions company addressing the banking security. Although this company has competitive technical solution, the usability has been very much sacrificed for the improvement in security. Daon Identity: This company is the primary competitor for us who capture biometrics of the user for government purposes. We differ from them by proposing that “We will not store fingerprints anywhere except in the users mobile that too in a harmonically encrypted way” Bank ID: This is the most effective tool currently used by some of the popular banks in Europe. It is very user friendly except the fact that the security provided by this application uses passwords over internet. However there is no second factor authentication on banking with this application Although there are many other companies who are competing us in banking solutions, we are different from them because we provide the banking solutions for mobile and we use biometrics for authentication. We have these competitors with us and plotted the following graph. • Identify Protocols • Algorithm Design R&D • MVP • Develop Product • Customer Acqusition • Advertise Marketing Link with existing architecture Integration After sales support Support
  • 8. Competitor Analysis Go-to Market Strategy Our concept of mobile banking solutions is quite different yet scalable and sustainable. All Apple mobiles designed after iPhone 5C has fingerprint sensor embedded in the device. In addition apple said they will continue this feature in all the upcoming versions of the iPhone. The recent android devices manufactured by Samsung started to have an inbuilt fingerprint sensors. Since the era of fingerprint in mobile has started, it is right time for us to enter the market so that we can grow with the same curve as that of the mobile biometric sensor. We have designed the detailed roadmap and goals for the next one year which includes alpha and beta releases, Customer and user acquisition, testing, validation and certification. By the end of next year we will be in the market with at least 20000 users and with at least 2-3 customers. We further plan to participate in the various challenges and competitions in and around Europe so that we can build our company on our own. At later point of time we could approach VC’s for larger capital investment. •Idea Development •Bussiness development •Usebility implementation July 2015 •Alpha release •Nogatiate with the customer Dec 2015 •Beta release •Testing and validation •Get certified Mar 2016 •Integrate with first customers •Release for first 20000 users July 2016
  • 9. Financial Perspective and cash flow analysis Fingerpay’s customers are banks that are dealing with savings and current accounts. These banks are prone to recession, which means that the profit of the bank can be somehow proportional to the GDP of the country. We, founders of Fingerpay believe that it is better to have a sustainable model with yearly payback will be more effective because we will be immune and have a predictable turnover all over the year. The detailed cost structure is as follows: We develop the software which creates with harmonically encrypted biometrics of the user free of cost to the bank. However we charge a small amount for integration of this software with the existing architecture. After successful deployment of the architecture the banks will be needing licenses to create customized applications. Creation of one application costs one license. The licenses are sold in bulk to the bank using a secret encrypted string that the software knows to decrypt. On successful decryption the licenses will be added balance license of the software. The cost of the licenses vary based on the number of licenses they buy. The following pic shows our plans of licensing. We have analyzed the projected cash flow of Fingerpay for next 3 years. We tried to include all the possible expenditure that could be incurred during the developing phase. We found that Fingerpay will reach the breakeven by the first few months of the second year. The following table depicts all expected expenditure (in Euro) of Fingerpay. Sr.No. Roadmap - Cash Flow 6 months 1st Year 2nd Year 3rd Year 1 R&D co-founders 0 0 0 0 2 Programmers 18,000 18,000 13,500 13,500 3 Customization of service 0 0 1 2 4 Rent 2,400 7,200 7,200 7,200 5 Utilities 1,800 4,800 4,800 4,800 6 Integration engineer 6,000 40,800 40,800 40,800 7 Travel 4,800 9,600 9,600 9,600 8 Cloud access 200 200 400 100 9 Total fixed 33,200 80,600 76,301 76,002 10 Gross margin -1,000 -710 132,300 264,600 11 Cloud usage variable 1,000 1,200 14,700 29,400 12 Revenues 0 490 147,000 294,000 13 Customers 300 1,000 300,000 600,000 14 Average per customer license 0.49 0.49 0.49 15 Cash flow -34,200 -81,310 55,999 188,598 16 Cash flow cumulate -34,200 -115,510 -59,511 129,087 Licensing costs
  • 10. The cash flow graph shows that the cumulative capital required of Fingerpay will be around 115,510 euro by end of first year. By this time we will be getting technical approval/certification for our company. In the next year we will start the sales of licenses and sell around 300,000 licenses on an average cost of 0.49 euro. Development process Development process is one of the interesting and my favorite portion of this report. We were random people from different background on the day one. I wondered where I am going to find the partner for developing the new business. In couple of days, with various help from the coordinators we all got together and understood the strengths of different people trying to address similar problems. Within no time we made the first pitch on idea, which tuned everyone on their own interest. Finally, from the mobile devices we formed a team with couple of ideas such as mobile application security, mobile device management and mobile privacy. During the first pitch focusing on technical feasibility, we presented our idea of mobile application security. Our group have been criticized because we don’t have any business plan that can take over our business to the next level. All the competitors for us where pioneers in the market such as Apple, Samsung and Google. After late night discussions and market research we figure out that our idea is too wide with no real customers. Then we decided to target on the particular sector and choose banking after seeing the following results from google. Hacking ring has stolen up to $1 billion from US, European banks, report says. -Foxnews Bank Hackers Steal Millions via Malware. – New York Times Banking hack heist yields up to $1 billion. – USA Today The above news were so shocking for us, and it seems that technology frauds in bank are increasing at the speed of 30% per year.[3] Hence we decided to secure the banking of the users in a smart way. This is how Fingerpay evolved. Another advantage of Fingerpay is that its founders are from different countries and continents. This helped us to clearly understand the working of the banks in different countries and frame Fingerpay such that it work effectively in all the countries. -150 -100 -50 0 50 100 150 6 months 1st Year 2nd Year 3rd Year Cost(inthousandeuro) Time CashFlow Roadmap (€)
  • 11. Validation For any business idea, just after the feasibility study, validation is becomes an important phase of evaluation. Hence the concept of Fingerpay was subjected to through validation. Understanding both the customers and the users are very important to us. We did surveys using online and offline tools to understand the user behavior. For customers, we tried to directly go for meeting with Information Technology Risk Management of the department. Since we were not able to reach them, we contacted various managers in the senior positions. The below figures explains the facts and figures obtained during the validation. Customer Validation We have personally interviewed four bank managers of different banks, on which 3 of them are very eager about our solution. They gave us valuable feedbacks and contacts to continue our progress. We are consistently trying to reach ITRM department of at least 3 banks before we make the sales proposal. In addition we tried to reach some of the managers via E-Mail and one the happy bank manager’s reply is as follows. I've read your plan. It was good. Finger print checking on mobiles! Innovative idea. Apple and HP have already come up with the concept of biometric passwords. An extra layer of security is always better when dealing with financial applications. All the very best in implementing this idea. P. V. Saroj Reddy, Branch Manager User Validation 25% 65% 10% MOBILE BANKING SECURE? Yes No No Answer 65% 25% 10% REASON FOR NOT USING MOBILE BANKING Insecure Complex I use mobile banking
  • 12. Conclusion The world will be trending towards security and privacy in the near future. Once the people get to know about the privacy aspects, the first thing that will come to their mind is, “Is my money secure?” Since we provide a secure banking solution, Fingerpay will be an answer for this question. People involvement to give biometrics to save their own money will tremendously increase and every smartphone will be having biometric sensors inbuilt in it. This technology curve helps the Fingerpay to grow with the curve thereby reaching more people at the right time. Reference [1] Roel, Maes. Physically Unclonabloe Functions: Constructions, Properties and Applications. N.p.: Katholieke Universiteit Leuven, n.d. Print. [2] CROSMAN, PENNY. "Phone Scams Rise as Bank Fraud Goes Low-Tech." BANK TECHNOLOGY NEWS. American Bankar, 17 June 2015. Web. Usability Security Other WHICH IS MORE IMPORTANT FOR MOBILE BANKING? Yes No No Option FINGERPRINT FOR BANKING?