ABSTRACT
This thesis focused on the Design and Development of a Bank Verification and Authentication System using Quick Response Code (QR-Code). The traditional method of verification and authentication system for bank transactions has been using the username and password method. These password methods are most of the times encrypted with hash and Message Digest (MD5). This system is prone to several threats including lost and stolen passwords which are readable by humans. The system cookies have the ability to save the username and password which sometime possess several hacking threat and theft. String encryption actually uses a specific mathematical formula which can be decoded by black hackers. The designed system concentrates on machine capabilities rather than human ability and this new system used an encrypted image readable by camera. The spiral method was used as the implementation model. The account holder can make payments by generating dynamic QR-Codes which often presented as payment token for business transactions. The system accepts the account number and amount to generate a specific image QR-Code for payment to the beneficiary. In this system, accounts are debited and credited through different system users. The framework is python flask and the database model is the SQLite, whereas the Hyper Text Markup Language (HTML 5) was used for front end coding. The results obtained indicated that the designed system generated a dynamic QR-Code for bank transactions either by debiting or crediting the beneficiary accounts. Also, the users have access to the dashboard through the use of QR-Code generated by the administrator.
TABLE
OF CONTENTS
Title Page i
Declaration ii
Certification iii
Dedication iv
Acknowledgements v
Table of Content vi
List of Tables x
List of Figures xi
Abstract xii
CHAPTER
1: INTRODUCTION 1
1.1 Background of
Study 1
1.2 Statement of
the Problem 5
1.3 Aims and Objectives 5
1.4 Significance of the Study 6
1.5 Scope and Limitations 7
CHAPTER
2: LITERATURE REVIEW 8
2.1 Historical Background 8
2.1.1 Web base application 9
2.2 Bank Verification and Authentication 10
2.3 QR Code Encryption 11
2.4 QRCODE Encoding and Decoding 13
2.4.1 Enhancing QR code security 15
2.4.2 QR code standard 16
2.5 QRCODE Processing 17
2.5.1 Scanning QRCODE 19
2.6 Empirical
Framework 21
2.6.1 QR code
software 22
2.6.2 Real
world QR code implementation 24
2.7 Applications of QRCODE 25
2.7.1 Financial institutions 25
2.7.2 Bank verification number 27
2.7.3 Bank authentications 27
2.7.4 Advertising 28
2.7.5 Mobile payments 28
2.7.6 QR codes as attack vectors 29
2.8 Analysis of the System 30
2.9 Analysis of the Design System 31
2.9.1 Comparing
the existing system with the designed system 32
2.10 Implementation
Model 33
2.11 Review
of Related Work 36
2.12. Research
Gap 40
CHAPTER
3: MATERIALS AND METHODS 41
3.1 Materials 41
3.1.1 Data
collection 41
3.1.2 Primary
data 42
3.1.3 Secondary
data 42
3.2 Questionnaire
42
3.2.1 Web
base questionnaire 43
3.3 System
Requirements 44
3.3.1 Hardware
requirements 44
3.3.2 Human resource
requirements 44
3.4 Data
Flow Diagram 45
3.5 Design
Model 47
3.6 Sequence
Diagram of the Designed System 48
3.7 Class
Diagram of the Designed System 50
3.8 Entity
Relational Diagram 51
3.9 Quick
Response Code Model Algorithms Approach (2D) 52
CHAPTER 4: RESULTS AND DISCUSSIONS 59
4.1 Results 59
4.1.1 Main
menu 59
4.1.2 Submenus 59
4.2 Specification 61
4.3 Database
Specification 62
4.3.1 Physical
design 62
4.3.2 Physical
structure 62
4.3.3 Database
design and functionalities 63
4.4 Input/Output
Format 64
4.4.1 Input
format 64
4.4.2 Output
format 64
4.5 User
Case Diagram of the Designed System 67
4.6 Flowchart
of the Designed System 71
4.6.1 Designed
system block diagram 72
4.6.2 System
testing 73
4.6.3 Testing
plan 73
4.6.4 Testing
data 74
4.6.5 Actual
test versus expected test result 75
4.7 Training
and Requirement of Users’ 76
4.7.1 How to
install the software 76
4.8 Program
Documentation 77
CHAPTER 5: CONCLUSION AND RECOMMENDATION 79
5.1 Conclusion 79
5.2 Recommendation 80
5.3 Contribution
to Knowledge 80
References
Appendices
LIST OF TABLES
PAGE
2.1: Maximum
character storage capacity (40-L) 12
2.2: Comparison
of the existing system and the designed system 33
3.1: Software
requirement 44
4.1: Physical
structure of the new system database 63
4.2: Information
stored in new system database 64
4.3: Data
dictionary of the new system 70
4.4: Result
using test data 75
LIST OF FIGURES
PAGE
2.1: Samples of some function QR code symboles 13
2.2: QR code layout structure 17
2.3: QR-code scanning and processing 19
2.4: The
modification attack 30
2.5: Spiral
Model 35
3.1: Level 0 data flow diagram (DFD) 46
3.2: Level 1 data flow diagram (DFD) 46
3.3: System design model for QRCode banking system 47
3.4: Sequence diagram of the designed system 49
3.5: Class
diagram of the designed system 51
3.6: Entity diagram of the new system 52
3.7: QRCODE
encryption process 54
3.8: QRCODE
decryption process 57
4.1: Main
menu of the new system 59
4.2: Diagram
of admin login user 60
4.3: User
dashboard diagram 61
4.4: Physical
design of the new system database 62
4.5: Input
format of the new system 65
4.6a: Output
format of the new system 66
4.6b: Output
format of the new system 67
4.7: User
case diagram of the designed system 68
4.8: Flowchart
of a bank verification and authentication system 71
4.9: Block
diagram of bank verification and authentication system 72
CHAPTER
1
INTRODUCTION
1.1 BACKGROUND OF STUDY
Banking system for decade requires highly
secured system and uses of the recent technology not known by the common man.
Several authentication systems have been used for transactions like encryption
models and algorithm. The bank verification and authentication are very vital
part of the entire banking system. The users are registered and before the
payment transactions are documented, the users provide the system with authentication
parameter which is verified. The authentication systems are encrypted string in
the form user password and string username generated by system or user choice, Young
sil lee et al., (2010).
The internet is currently
facilitating online purchases and making payment very flexible. This has opened
new market for companies on which the numbers of customers are frequently
increasing. The techniques used in E-payment system fields have some problems
in security, speed, usability, and flexibility. We therefore aim at providing a
new system that will solve and interact with this problems, our system will
enable crediting and debiting of an account by generating a Quick Response (QR)
Code amount for the designated account holder.
When a customer's payment information
is sent to merchant, the merchant has the ability to obtain the customer's
payment information like credit card number, credit card issuers and expiration
date. Even if a merchant receives a customer's payment information in an
encrypted form, he can save the encrypted information and decrypt it later. The
current payment systems allow a merchant to obtain some form of a customer's
payment information so that merchant can claim the validity of a transaction.
However, a merchant does not necessarily need a customer's payment information
to prove the validity of a transaction. Other information related to a purchase
can be used to prove the validity of a transaction, Dey et al., (2013)
Frauds that occur on the internet
today are mostly from hackers, fraud merchant's, spammer's and data thieves who
place attacks on networks and personal computers to corrupt and steal
information. To avoid these risks, it is desirable not to send a customer's
payment information to a merchant at all, because it creates the possibilities
of security breach and information-leak from a merchant side.
User authentication and the verification
of banking transactions in Internet based services is an important issue that
has received much attention by researchers and practitioners alike. Addressing
the security concern surrounding user authentication and online transactions is
essential, considering the extensive use of computers and electronic devices in
our everyday life. Moreover, with the increasing number and variety of
malicious threats such as phishing, Trojans and key-loggers, many banking transactions
are carried out on unreliable computers or devices.
The recent technology requires a
system that will encrypt transaction information on a given generated image known
as QRCODE. The transaction details are embedded into the QRCODE. The account
number to be credited, the amount and the transaction ID. Expeditious growth in
E-Commerce trade has led to various user centric applications throughout the
world. The ever growing popularity of online shopping and ticket booking has
shown new dimensions of technology. The Debit or Credit card fraud and personal
information security are major issues for customers and banks particularly in
the case of funds transfer or during online shopping, Rif_a-Pous and Helena et
al, (2009).
Banks are becoming increasingly
reluctant to reimburse user who fall prey to online scams such as phishing or a
pharming. The first hacking incident in Korea in 2005 spurred the Korean
Financial Supervisory Service (FSS) to announce a comprehensive countermeasure.
One of the countermeasures that draw high attention of the financial agencies
is One Time Password (OTP), one of the user confirmation methods is introduced,
and Joint Confirmation Center (JCC) of OTP is established, Sun and Chen et al., (2012).
Two new approaches are used for the
purpose of E-payment transaction. The first method requires customer’s limited
personal information that is necessary for fund transfer during online
shopping. This safeguards the customer data which indeed increases customer
confidence and prevents identity theft. The second method is the generation of
secure e-tickets for train and movie applications based on QRCODES with
encrypted content, Chow and Susilo et al,
(2014).
In modern world, we do almost
everything on-online (banking, communicating, storing and sharing personal
information, shopping), it is now critical to be able to access these services
in the most secured manner. As viruses and cracking methods are becoming more
complex and powerful day by day, so the available security techniques must
improve as well, to allow users to protect their data and communications with
the maximum security, Young and Nack et
al., (2010).
There is a method called one factor
authentication which was used traditionally, but it was less secure because using
username and password are not secure enough for critical transactions and
anyone can access this information. This research, therefore represent one
method namely Two Factor Authentication method which provide more security than
the previous one and a two-factor-authentication method includes two of three
authentication verification method, Chow et
al., (2014).
Cyber – security is very important
because of gradual increase in information technology. The Online financial
transaction in the past was required to apply a security card and public key
certificate which were the methods of confirming a user, and in recent decade, One-Time
Password (OTP) was introduced. One-Time Pass-word is a password system where
passwords can only be used once and the user has to be authenticated with a new
password each time. This guarantee the safety even if an attacker is tapping
password in network or a user loses it. Besides, OTP features anonymity,
portability, and extensity, and enables the user keep the information from
being leaked, Chow et al., (2014).
Previous banking services used
security card which does not suite modern Mobile environment because we do not
know when and where online banking will be used. In very emergency situation
online banking cannot be done without security cards. The current online
banking system send OTP on user’s mobile which can be hack during transmission.
In order to overcome such weaknesses and inconvenience of security card, our
proposed authentication system uses two dimensional barcodes (2D Barcode)
called QR code instead of security cards. QR code stands for “Quick Response”
code. From QR code data can be retrieved very fast with greater accuracy even
if some part of data is corrupted, Bonneau and Herley et al., (2012).
The QRCODE is a type of bar code. A
bar code is one dimensional code and QRCODES are two dimensional. QR codes can
store more data than bar code. To eliminate attack like phishing attack and to
confirm user identity, QRCODE which is scanned by user system device can be
used and weakness of traditional password based system can be improved by
finding the user transaction information and it is unique at the user side, Denso
Wave, (2014).
This thesis work examines the
challenging problem of user verification and authentication of a transaction on
unreliable devices. We present an approach that uses personal trusted device,
with the requirement that the device has a camera. This is a reasonable
requirement that does not overburden the user, as nowadays many devices such as
smartphones, ATMs and laptops are common and are equipped with cameras / webcam.
Moreover, in our approach the user does not have to remember any password(s).
1.2 STATEMENT OF THE PROBLEM
In
most of the cases, users have complained about the loss of their bank card and
the password hacked or stolen. Stealing stored electromagnetic information of
an ATM card, using a skimming device or by any other latest technology is quite
easier and has access to the human signature through forceful request or
forgery, Mukhopadhyay, et al, (2011).
The
use of Username and password has failed in most cases of banking system
authentication. Also, keeping an ATM card handy is not at all safe, because
there is a chance that someone can steal it, or the latest technology updates
facilitates the stealing of the ATM cards information by just passing it very
close to the user. By this, user may not be aware of losing privacy of their
Bank card’s information, Clarke, et al, (2002).
Furthermore,
the loss of personal mobile phones GSM, has also aided criminal activities and
hacking ones bank information. People are therefore looking for a highly
secured banking system and other security systems to get rid of anti-social
elements. The main aim is to provide an intelligent dual security level to the
current security systems in banking sector.
1.3 AIM AND OBJECTIVES
The
main aim of this thesis is to Design and Develop a Bank Verification
Authentication System using QRCODE that will handle the use of an intelligent
machine generated encrypted code (QRcode) to achieve a highly intensive
security measure. The specific objectives are:
1. To
identify the necessary data required for the development of a bank verification
and authentication system.
2. To
develop an algorithm for bank verification and authentication system.
3. Based
on the algorithm developed in (2) above, to develop and realize this algorithm
in code using Hyper Text Markup Language (HTML5).
4. To
develop the back end of bank verification platform using python flask and HTML
5.
5. To
develop a database a database for web management using SQLite.
6. To
integrate the verification, authentication module with the back end platform
for QRcode using python flask.
7. To
setup prove of concept on sublime text Widows environment and Android
environment.
1.4 JUSTIFICATION
The
system used for generating this encrypted files or password could be decrypted
by the same operating system or system kernel using several hacking practices.
In other that individual bank accounts are secured from unauthorized user to
have access, there is the need for an image alphanumeric security.
The
QR coded image is generated using Unique Personal Identifier Code (UPIDC) generated
by the system, with an intelligent agent that monitors successful and
unsuccessful authentication. This thesis will also help in the elimination of
paper cheque thereby permitting all transactions to be generated with QRcode account
debiting and crediting.
1.5 SCOPE
Several authentication systems have
been used for transactions like encryption models and algorithm. The bank
verification and authentication are very vital part of the entire banking
system. User authentication and the verification of banking transactions in
Internet based services is an important issue that has received much attention
by researchers and practitioners alike. Addressing the security concern
surrounding user authentication and verifications in online transactions is
essential, considering the extensive use of computers and electronic devices in
our everyday life.
This
research work basically focuses on the design and development of a highly
intelligent secured banking system that cannot be hacked using human
properties. The security system of the two-dimensional QRCODE incorporates the
technology architecture of the use of encrypted text into image files with
intelligent agent. The (2-D QRCODE) will serve as a gateway to accessing bank
account.
Click “DOWNLOAD NOW” below to get the complete Projects
FOR QUICK HELP CHAT WITH US NOW!
+(234) 0814 780 1594
Login To Comment