A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
Password sharing: implications for security design based on social practice
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Reducing shoulder-surfing by using gaze-based password entry
Proceedings of the 3rd symposium on Usable privacy and security
Look into my eyes!: can you guess my password?
Proceedings of the 5th Symposium on Usable Privacy and Security
Stragglers of the herd get eaten: security concerns for GSM mobile banking applications
Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications
Audio visual person authentication by multiple nearest neighbor classifiers
ICB'07 Proceedings of the 2007 international conference on Advances in Biometrics
Technology for emerging markets at MSR india
Proceedings of the ACM 2011 conference on Computer supported cooperative work
Computing security in the developing world: a case for multidisciplinary research
NSDR '11 Proceedings of the 5th ACM workshop on Networked systems for developing regions
Towards end-to-end security in branchless banking
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Don't queue up!: user attitudes towards mobile interactions with public terminals
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
NAPTune: fine tuning graphical authentication
Proceedings of the 3rd International Conference on Human Computer Interaction
WYSWYE: shoulder surfing defense for recognition based graphical passwords
Proceedings of the 24th Australian Computer-Human Interaction Conference
Practical receipt authentication for branchless banking
Proceedings of the 3rd ACM Symposium on Computing for Development
Hi-index | 0.00 |
This paper explores user authentication schemes for banking systems implemented over mobile phone networks in the developing world. We analyze an authentication scheme currently deployed by an Indian mobile banking service provider which uses a combination of PINs and printed codebooks for authenticating users. As a first step, we report security weaknesses in that scheme and show that it is susceptible to easy and efficient PIN recovery attacks. We then propose a new scheme which offers better secrecy of PINs, while still maintaining the simplicity and scalability advantages of the original scheme. Finally, we investigate the usability of the two schemes with a sample of 34 current and potential customers of the banking system. Our findings suggest that the new scheme is more efficient, less susceptible to human error and better preferred by the target consumers.