An approach to authenticate magnetic stripe bank card transactions at POS terminals

Abstract

Magnetic stripe card technology has been deployed for more than six decades worldwide and is extensively used in banking. Data embedded in them are often relied upon as a benchmark for user authentication. As such reliance is placed upon them, it is surprising that they do not incorporate stringent security features and therefore attract the attention of criminals who compromise magnetic stripe cards for their illegal gain. Bank cards using magnetic stripe technology are being increasingly cloned or skimmed. Global statistics show that a fraudulent card transaction occurs every eight seconds and that cloning is the principal card fraud, which makes up approximately 37% of overall financial losses. Cloned magnetic stripe bank cards are extensively used at POS terminals and ATMs by criminals. POS terminals are one of the most commonly used payment transaction systems around the world. At the present moment, it is only the signature and PIN that prove the ownership of a magnetic stripe bank card. Even though chip cards are introduced as an extra security mechanism to avoid fraud, the fact that criminals can deliberately damage the chip and force the transaction to fallback to magnetic stripe defeats its intended security purpose. The result of all this fraud is that the original cardholders lose money unknowingly from their bank accounts. One way of enforcing a better security in POS terminals is by incorporating a biometric authentication system, preferably a Fingerprint Authentication System (FAS). This is due to the advantages and convenience that it offers above the other biometric counterparts. Although an FAS can prove the true ownership of a magnetic stripe bank card and can authenticate the transaction using it, this study recognizes existing vulnerabilities pertinent to FAS and biometric authentication systems in general. Hence, the usage of the conventional FAS may lead to severe security vulnerabilities. An FAS with robust security and acceptable recognition performance, at the present moment in time remains unclear and the development of such a system is vital. Thus, the proposal for a secured FAS is put forward to authenticate the transactions performed using magnetic stripe bank cards at POS terminals. The key underlying concept of the proposed system is a unique One Time Template which will be valid only for a single transaction session. The proposed FAS will be further evaluated, and criticized in order to illustrate the value added to this study.