A Hybrid Authentication Mechanism for Preventing

Download PDF
2 downloads 0 Views 579KB Size Report
Comment
Attacks on E-banking Systems: The Nigeria Case Study. G. B Ogunniye1, O. M Afolabi2. 1Department ... Traditional authentication techniques involving the use of ... Machine, personal internet banking, debit or credit card ... telecommunication network and without leaving the comfort of their homes or organisation [4]; [3]. Its.
International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 12, December 2014)

A Hybrid Authentication Mechanism for Preventing Phishing Attacks on E-banking Systems: The Nigeria Case Study G. B Ogunniye1, O. M Afolabi2 1

Department of Computer Science, Adekunle Ajasin University, PMB 001, Akungba Akoko, Ondo State, Nigeria 2 IT Department, Resourcery Plc, 18, Adeola Hopewell Street, Victoria Island, Lagos, Nigeria Today in Nigeria, banks are investing greatly in information technology to provide various e-banking solutions with a view of satisfying the growing needs and demands of their customers as well as competing effectively in the competitive and dynamic international ecommerce market [7]. However, one of the key hurdles of e-banking systems in Nigeria is identity theft through spam/phishing attacks and hacking among others. This has adversely affected the growth of e-banking services in the country. The Nigerian Advance Fee Scam (popularly known as 419), e-banking phishing attacks, and other financial crimes among others are the major limiting factors to the adoption and wider patronage of the newly-introduced e-banking solutions by Nigerian banks. These e-banking solutions are introduced in compliance to new Central Bank of Nigeria banking reforms and regulations towards cashless economy. Survey reveals that reasonable number of ebanking subscribers in Nigeria are susceptible to phishing attacks and identity theft among others and hence the need for reliable and secured authentication mechanism. Traditional authentication techniques involving the use of PIN and Username/Password that are used for authenticating users into these systems have its shortcomings. Several studies have revealed that it is not sufficient for securing e-banking systems [28]. The idea of using fingerprint authentication is based on the notion of fingerprint individuality and the fact that fingerprint authentication has the lowest False Acceptance Rate (FAR) and False Rejection Rate (FRR) among other biometric authentication techniques [19]. SiteKey authenticating on the other hand, has been used by in the USA by the Bank of America [30]. Verifying e-banking systems users‘ identity claims by combining these two authentication methods will be a promising solution to the problems of phishing attacks and identity theft facing ebanking systems implementation in Nigeria.

Abstract— This paper presents multifactor authentication method for securing access to e-banking systems in Nigeria using fingerprint recognition and SiteKey authentication. Fingerprint authentication is based on the notion of fingerprint individuality; the idea that fingerprint image of an individual is unique and can be used to uniquely identify him/her. SiteKey authentication on the other hand, uses a unique image chosen by customers to help banks recognise their genuine customers and to help customers recognise the genuine website of their bank through its authentication process. Verifying e-banking systems users’ identity claims by combining these two authentication methods will be a promising solution to the problems of phishing attacks and identity theft facing e-banking systems implementation in Nigeria. Phishing attack and identity theft are the major threats to the success of the newly introduced cashless economy policy in Nigeria. Traditional password-based authentication used in the past seems insufficient hence the need for improved authentication methods. This paper contributes to the state-of-art knowledge of fingerprint recognition and SiteKey authentication by improving the understanding of the technologies and by demonstrating how the technologies can be used in e-banking environment. Keywords— e-banking systems, phishing attacks, authentication systems, sitekey authentication, biometrics.

I. INTRODUCTION The continuous advances in the information technology have significantly impacted banking operations and services across the globe. Today, financial institutions rely greatly on information technology infrastructure for financial services such as e-money, e-brokering, einsurance, e-finance, e-exchange and e-banking among others. In particular, E- banking is known as the automated delivery of new and traditional banking product and services directly to customer through electronic interactive communication channels also referred to as online or internet banking [6].

628

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 12, December 2014) Attacks on e-banking services threaten bank customers, their personal data and finances and as well as customers, these attacks also threaten banks reputation and trustworthiness [18]. In Nigeria, in spite of the numerous advantages ebanking systems offer, this study reveals that its patronage by Nigerian bank customers is still limited. This is due to the poor level of access to internet infrastructure and more importantly security challenges of these systems. As an exploratory qualitative research, this paper aims at increasing the users‘ awareness of the risks of phishing attacks on e-banking systems in Nigeria and to propose the combination of SiteKey authentication and fingerprint recognition as multifactor authentication mechanism for preventing phishing attacks. Fingerprint authentication has been used in Nigeria for commercial applications such as Automated Teller Machine (ATM), E-voter registration among others. Its general acceptability in Nigeria makes it a favourable biometric technology that will attract widest patronage among other biometric technologies [25].

II. LITERATURE REVIEW A. Brief Overview of E-banking Systems According to Oxford dictionaries (2012), ―e-banking is a method of banking in which the customers conducts transactions electronically via the internet‖. E-banking system architectures vary in various banking institutions where it is used depending on a number of factors including the e-banking objectives of the bank; scope, activities, equipments and the security requirements of the e-banking systems. E-banking systems are implemented and managed either internally by the concerned banking institution or outsourced to a verified third party. The use of information and communication technology (ICT) in the financial institution has made available various types of e-banking technology including Automated Teller Machine, personal internet banking, debit or credit card system, direct payment (also known as electronic bill payment), electronic check conversion, electronic fund transfer, mobile banking, preauthorised debit (or automatic bill payment), prepaid card, smart card, stored value-card, payroll cards and direct deposit among others [24]. E-banking systems allow bank customers to access various banking services such as balance reporting, interaccount transfers, bill-payment etc., via a telecommunication network and without leaving the comfort of their homes or organisation [4]; [3]. Its importance is growing because of its wider reach and lower cost per transaction [4]. Kurnia et al (2010) argued that there is a vast disparity in the adoption and diffusion of e-banking among different countries of the world, especially between the developed countries and developing countries of the world. Their study revealed that while developing countries are just starting to adopt the concept of e-banking, developed countries have benefitted immensely from the use of ebanking solutions and applications. A number of factors affecting the implementation and management of e-banking systems from the customers and banking service providers includes: employee resistance, security issues, regulatory issues, project management issues, IT and telecommunication issues, availability and system integration issues, trust issues, organisational structure and resistance, acceptance issues, service delivery channels issues, ethical issues, change management issues among others [11].

B. Concept of Trust in E-Banking Systems Trust and security are the key hurdles to the growth of ebanking systems. Trust in particular, is enablers that will make any e-banking consumers undertake any risky operation such as the use of personal internet banking details on a particular e-banking website. . In view of this, e-banking service providers focus on the provision of security and building of trust towards making their respective e-banking solutions reliable and acceptable. Trust and commercial activities dates back to the ancient times where commercial activities and exchanges between two parties is based on trust French et al (2007) referred to the concept of trust in ebanking as the technologies employed such as trusted protocols, public key cryptography and information architectures to engender trust on the e-banking website. Their study revealed that tangible trust factors include such factors as security policy and trust seals while intangible trust factors entails psychological studies, formal mathematical and cognitive models of trust as well as emotional response to computer based stimuli. These trust factors are grouped into different categories of criteria as shown in the table below:

629

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 12, December 2014) TABLE I CATEGORIES OF CRITERIA FOR E-BANKING TRUST FACTORS

Categories of criteria External trust seals/third Party accreditation Internal regulatory seals

Task-related content

Design Aspects

Other

Phishing attacks may also take the form of user receiving a fraudulent link (url) that directs him/her to a fraudulent websites where he/she will be provided with a customer service number to call. Upon calling the number, the user is requested to enter his/her username or password. The information are then used to impersonate victims in any e-banking or e-banking system in order to withdraw money from their account illegally, obtain loans with their identity or commit any form of financial crime [1]. Gartner Group (as cited in [8] ) revealed that 57 million US consumers have received a phishing email in 2006. 2 million users accessing their accounts online have been attacked with an estimated $2.4 billion in fraud. Similarly, between April 2006 to 2007, Anti Phishing Working Group (APWG) in 2007 (as cited in [8] ) revealed that over 316,736 various phishing attacks are reported. Phishing attacks and identity theft are sometimes used interchangeably but in reality there are some distinctions between the two. Identity theft is a form of fraud where criminals use another person‘s personal details to open bank accounts and get credit cards, loans, state benefits and documents such as passports and driving license etc. Dhamija et al (2006) carried out a research on why phishing attacks works and reported that:

Referenced phenomena Verisign, Padlocks, ‗best Internet bank‘ award Security information, privacy policy, legal policy, branding, banking codes, guarantees, policy on liability Interest rates, offers, products and promotions, adverts, support features for tasks Graphic style, use of colour, navigation support, page layout, text style, overall impression of appearance Online only or high street presence, contact information, trustworthiness, customer service facilities, planned maintenance information

Source: Proceedings of the 21st British HCI Group Annual Conference on People and Computers: HCI... but not as we know it-, British Computer Society, ―. A card-sorting probe of ebanking trust perceptions‖, French et al, Volume 1, 2007, pp. 4553

 Good phishing websites fooled 90% of participants in their study  23% of participants in their study did not look at the security indicators of websites  Popup warnings and fraudulent certificates are ineffective  Participants are vulnerable across board to Phishing attacks Basically, predicting or detecting phishing websites has to do with the authentication mechanism and anti-phishing techniques put place between the users and servers. Therefore, anti-phishing measures employed by any service provider must be strong enough to sufficiently guarantee their customers of the security and safety of their personal details.

Several studies (as cited in [17]) have shown that online trusts are also influenced by factors such as the site‘s navigational model, style, aesthetics and branding. Furthermore, to enhance trust in the use of e-banking, ecommerce and e-banking systems among others, Trusted Third Party is of relevance. Trusted Third Party is an independent body that engenders trust through attestation and certification. C. Variants of Phishing Attacks Phishing attack involves the process of sending fraudulent emails or fraudulently enticing people to visit a phishing website by fraudsters or hackers with the sole aim of acquiring their identity information illegally.

630

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 11, November 2014)  Key loggers Key loggers are spyware programs that install themselves into a web browser or as a device driver. They are developed to extract user input events and activities and transfer them to phishing server [8].  Content Embedded Phishing This phishing attack involves inserting malicious links or contents into a genuine website. The malicious link are used to redirect users to malicious websites, install malware on the user computer or insert another frame of content that will redirect the user to a phishing server. [8].  Session Hijackers Session hijacking is used to monitor internet user activities usually by a malicious browser component. Malicious software is used to hijack user transaction session to perform malicious actions after the user has entered his personal information [8].

Figure I: Phishing emails example,

Source: Techshout.com. Available http://www.techshout.com/internet/2006/11/gmail-phishingattack-draws-unknowing-victims-with-a-500-cash-prize/

at:

D. E-banking Phishing Attacks in Nigeria As part of the Central Bank of Nigeria regulations on ebanking products and services in Nigeria, only the banks which are fully licensed, supervised and physically present in Nigeria are permitted to offer electronic banking products and services to Nigerians [10]. However, hackers are still using fake websites representing those banks to carry out fraudulent activities. Crime and corruption with 75% and 71% respectively are the major key hurdles to the economic and business activities in Nigeria. Identity theft and fraud are the most popular crimes in the country after burglary [29]; [15]; [16]. Basically, identity theft is carried out through phishing attacks. Wada and Odulaja (2012) carried out a study on the types of cyber crimes that have economic impact either directly or indirectly on the financial system of a nation. Some of the cyber crimes identified include: phishing attacks, cyber terrorism, electronic spam mails, cyber-stalking and fake copy-cat websites [29]; [22]. Their study revealed that the most recent phishing attacks in Nigeria were on the customers of Inter-switch. Inter-switch is an electronic switching and payment company in the Nigeria Studies revealed that the company has 9 million ATM cards of about 23 banks in Nigeria connected to its network [2]. Nigeria Deposit and Insurance Corporation (NDIC, 2007) reported that attempted fraud cases from the underhand deals of bank staff among others totalled N10.1 billion (Over 65 million USD) and actual losses of N 2.76 billion (13 million USD). In the same vein, banks like the United Bank of Africa Nigeria Plc and Guaranty Trust bank Plc customers witnessed phishing attacks in 2009 [14].

Phishing attacks come from numerous vectors some of which are:  Deceptive attacks (spear phishing), in which internet users are tricked into giving out their personal information through deceptive messages [8].  Domain-based attacks (pharming style), in which the lookup of host names is altered to direct users to a malicious server [8].  Malicious code-based or Trojan-based attacks, in which malicious codes or softwares are used for data compromises [8]. Some of the popular phishing attacks used nowadays are as discussed below:  Spear Phishing This type of phishing is usually directed towards a single user or department within an organisation. It usually appears to come from a trusted party, requesting the user or the department to update their username and passwords. This information is then later used by hackers to gain access into a secured network [8].  Search Engine Phishing In this type of phishing attack, phishers get their phishing websites indexed by search engines and trick users into entering their personal information as part of sign up, order and fund transfer process. The phishing websites are usually designed for fake products and services. 631

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 11, November 2014) Like every other countries of the world, phishing attacks remain one of the popular cyber crimes that pose serious security threats to e-banking/e-banking systems in Nigeria. In this regard, Onwubiko (2010) suggested that adequate protection should be made available to the ICT systems and network in Nigerian banks and government system. The implication of the cash-less economy policy recently introduced by the Central bank of Nigeria is that most financial transactions in the country will be carried out online. Consequently, this is likely going to attract more phishing attacks on the e-banking solutions in the country. First Bank of Nigeria plc, one of the commercial banks in Nigeria, has introduced biometric based ATM machines with a view of engendering trust and confidence in the use of their e-banking services. However, it can be pointed out that the use of biometric measures in e-banking systems in Nigeria has been restricted to ATM machines. Much work has not been done in the area of using biometric authentication for the other forms of e-banking systems in the country like direct debit, personal internet banking and point of sale (POS) services among others. With the rapid increase in the introduction and use of various forms of e-banking solutions in the country as a result of the recent banking reforms and regulations, more work is expected to be done on securing e-banking systems in Nigeria. Biometric authentication as pointed out in this work will be of maximum relevance in that regard. This study is an effort towards suggesting multifactor authentication system for fighting phishing attacks and other related cyber crimes in Nigeria.

In the early years of fingerprint technology, fingerprint images are imprinted on a paper and then converted to machine-readable image for authentication. With the improvement in sensing technology, various live scanners are used to extract fingerprint image and used for authentication. F. Overview of Sitekey Authentication Techniques SiteKey authentication technique was introduced in 2006 by Bank of America as part of their anti-spoofing and antiphishing program [9]. It was introduced to tackle phishing attacks by establishing the authenticity of protected web sites and the web sites users. It was designed to prevent unauthorised access to a web site even in the case of identity theft by asking the web site user questions with difficult-to-guess answers [30]. Site Key provides secured authentication in two ways:  It helps the bank to identify genuine owner of an account; the bank display the customer‘s SiteKey after recognising the device the customer is logging in from [9].  It helps customers to identify the genuine web site of their bank; when the customer sees his/her SiteKey, he/she can be sure he/she is on the valid online banking website of their bank [9]. The SiteKey consists of three main components:  A unique image chosen by the customer  The image title accompanying the SiteKey image  Three challenging questions only the customer can answer in case the customer is signing in from another computer different from the one pre-registered with the bank [9].

E. Overview of Fingerprint Recognition Systems Fingerprint authentication technique uses the ridge and furrow patterns of the finger tip to carry out authentication of people into any application that involve personal authentication [20]. Fingerprint is a physiological characteristic of humans that can be used to uniquely identify them. The use of fingerprint authentication technology is based on the notion of fingerprint individuality. Fingerprint individuality refers to the extent of the uniqueness of fingerprint image in a target population [12]. Fingerprint authentication has the widest acceptability and popularity among the various forms of biometric authentication technologies because of its ease of use, ease of acquisition and its longest history among other forms of biometric authentication. Moreover, Itakura and Tsujii (2005) in their work, presented fingerprint authentication to have the lowest False Acceptance Rate and False Rejection Rate among different types of biometric authentication technologies.

III. METHOD AND MATERIALS This research work proposed multifactor authentication including fingerprint authentication and SiteKey authentication system for tackling the problem of phishing attacks on E-banking systems in Nigeria. In view of this, the following methodology was adopted: A. Research Methodology This research work involves the literature review of related works on phishing attacks, fingerprint recognition and Sitekey authentication. A prototype authentication system was also developed to secure access into e-banking system (see sample in figure IIa and IIb) and the activity diagram of the proposed hybrid authentication system for e-banking systems was also presented (see sample in figure III)

632

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 11, November 2014) Therefore, a mixed-method approach was used to carry out the research work as outlined below:  Literature review – qualitative  Data collection and analysis through market research and consultation – quantitative  Development of a prototype authentication system – Waterfall Software Life Cycle Model B. System Components Fingerprint authentication system is developed in this work to secure the authentication of users into their personal internet banking environment. The system is required to have the fingerprint enrollment and fingerprint verification phase. At the enrollment phase, the fingerprint image of the user is captured using fingerprint scanner and it is stored in the application database as the fingerprint template. At the verification phase, fingerprint image in enrolled for verification and it is compared with the preregistered fingerprint template using fingerprint verification algorithm. In case of fingerprint matching, access is granted into the user personal internet banking page otherwise access is denied. The artefact is developed to accept both the user fingerprint image and personal internet banking PIN for authentication. The proposed system if implemented will help tackle the problem of identity theft from phishing attack by allowing only the legitimate users of an e-banking system to gain access to his/her e-banking account using a trait unique to him/her. Fingerprint authentication was chosen because of its effectiveness in all other applications that involve personal authentication and because of its strength and advantage over other traditional method of authentication. On the other hand, SiteKey authentication works by allowing users to choose their own custom image during the registration process for internet banking. This personalised image comes up each time a user log in with his/her username and password on e-banking website.

Figure IIa: Fingerprint enrollment/verification user interface for collecting user fingerprint image during enrolment

Figure IIb: Fingerprint enrollment user interface with dialog box showing enrollment completion

Figure IIc: Fingerprint verification user interface showing access denied after the enrollment of wrong fingerprint image

633

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 11, November 2014) REFERENCES [1]

[2]

[3]

[4]

[5] [6]

[7]

[8]

[9]

[10] Figure III: Archetype of the proposed hybrid authentication system

IV. CONCLUSION

[11]

This paper has discussed the problems of phishing attacks and identity theft affecting e-banking systems in Nigeria. In addition, the paper has proposed the combination fingerprint recognition and SiteKey authentication for securing e-banking system in Nigeria. This paper is novel in that it proposes the combination of fingerprint recognition and SiteKey authentication for preventing e-banking systems in Nigeria against phishing attacks. Nigeria is chosen as the case study because of the new policy of her government to move the country from cash-based economy to cash-less economy and the consequent need of securing e-payment solutions to support the policy.

[12]

[13]

[14]

[15] [16]

634

Aburrous, M., Hossain, M., Dahal, K., & Thabtah, F. (2010). Associative classification techniques for predicting e-banking phishing websites. Multimedia Computing and Information Technology (MCIT), 2010 International Conference on, 9-12. Ajao, O. D., (2008). Interswitch Nigeria; Lower Your webpay Entry Fees. Available at: http://www.davidajao.com/blog/2008/02/17/interswitch-ltd-loweryour-webpay-entry-fees/. Aladwani, A. M. (2001). Online banking: A field study of drivers, development challenges, and expectations. International Journal of Information Management, 21(3), 213-225. Albadvi, A., & Shahbazi, M. (2009). A hybrid recommendation technique based on product category attributes. Expert Systems with Applications, 36(9), 11480-11488. Anti Phishing Working Group (2007). Phishing Activity Trends. Report for the Month of April, 2007. Auta, E. M. (2010). E-banking in developing economy: Empirical evidence from nigeria. Journal of Applied Quantitative Methods, 5(2), 212-222. Ayo, C., Adewoye, J., & Oni, A. A. (2010). The state of e-banking implementation in nigeria: A post-consolidation review. Journal of Emerging Trends in Economics and Management Sciences, 1(1), 3745. Badra, M., El-Sawda, S., & Hajjeh, I. (2007). Phishing attacks and solutions. In Proceedings of the 3rd international conference on Mobile multimedia communications (p. 42). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering). Bank of America (2012). Sitekey authentication; an additional layer of online and mobile banking security. Available online at: https://www.bankofamerica.com/privacy/online-mobile-bankingprivacy/sitekey.go Central Bank of Nigeria (2003). Guidelines of Electronic banking in Nigeria. Available online at: http://www.cenbank.org/OUT/PUBLICATIONS/BSD/2003/EBANKING.PDF Daniela, B., Simona, M., & Dragos, P. (2013). Electronic Banking– Advantages for financial services delivery. Available on http://www.academia.edu/2635617/ELECTRONIC_BANKING__ADVANTAGES_FOR_FINANCIAL_SERVICES_DELIVERY Dass, S. C. (2010). Assessing fingerprint individuality in presence of noisy minutiae. Information Forensics and Security, IEEE Transactions on, 5(1), 62-70. Dhamija, R., Tygar, J. D., & Hearst, M. (2006). Why phishing works. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 581-590. Digital Jewels (2014). The 2014 Nigerian cyber threat barometer report. Available online at: www.wolfpackrisk.com/2014_Nigerian_Cyber_Threat_Barometer_( Med_Res).pdf EFCC/ NBS/ (2009). Business Survey on Crime & Corruption and Awareness of EFCC in Nigeria, Summary Report. EFCC/ NBS/ (2010) Business Survey on Crime & Corruption and Awareness of EFCC in Nigeria, Summary Report

International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 11, November 2014) [17] French, T., Liu, K., & Springett, M. (2007). A card-sorting probe of e-banking trust perceptions. Proceedings of the 21st British HCI Group Annual Conference on People and Computers: HCI... but Not as we Know it-Volume 1, 45-53. [18] Hanacek, P., Malinka, K., & Schafer, J. (2010). e-banking security-A comparative study. Aerospace and Electronic Systems Magazine, IEEE, 25(1), 29-34. [19] Itakura, Y., & Tsujii, S. (2005). Proposal on a multifactor biometric authentication method based on cryptosystem keys containing biometric signatures. International Journal of Information Security, 4(4), 288-296. [20] Jain, A., Hong, L., & Bolle, R. (1997). On-line fingerprint verification. Pattern Analysis and Machine Intelligence, IEEE Transactions on, 19(4), 302-314. [21] Kurnia, S., Peng, F., & Liu, Y. R. (2010). Understanding the adoption of electronic banking in china. System Sciences (HICSS), 2010 43rd Hawaii International Conference on, 1-10. [22] Longe, O., & Chiemeke, S. C. (2008). Cyber crime and criminality in Nigeria–What roles are internet access points in playing. European Journal of Social Sciences, 6(4), 132-139. [23] NDIC Quaterly Report. Available online at: http://www.ndic.gov.ng/files/NDIC%20QUARTELY%20SEPT%20 DEC%202007.pdf

[24] Nnabuife, I., (2014). Strategic management of electronic banking and organizational performance. Available online at: http://www.academia.edu/4050835/Strategic_Management_of_Elect ronic_Banking_and_Organizational_Performance [25] Ogunniye, G. B., (2012). Securing e-payment systems in Nigeria through biometric authentication systems (M.Sc Thesis). University of Bedfordshire, United Kingdom. [26] Onwubiko, C. (2010). Fighting cyber crime in Nigeria. Available online at: http://www.thisdaylive.com/articles/fighting-cyber-crimein-nigeria/76919/ [27] Oxford Dictionary (2012). E-banking. Available online at: http://www.oxforddictionaries.com/definition/english/e-banking [28] Ratha, N. K.; Connell, J. H. and Bolle, R. M.;, 2010. Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, IEEE Conferences , 40(3), pp. 614 - 634. [29] Wada, F., & Odulaja, G. O. (2012). Assessing cyber crime and its impact on e-banking in Nigeria using social theories‖. African Journal of Computing and ICT, vol. 5, no. 1, pp. 69-82. [30] Youll, J. (2006). Fraud vulnerabilities in sitekey security at bank of america. Available at :www.Cr-Labs.com/publications/SiteKey20060718.Pdf

635