INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY

STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

DESIGN AND IMPLEMENTATION OF MULTIFACTOR AUTHENTICATION IN CURBING

AUTOMATED TELLER MACHINE CYBERCRIME

OMOTOSHO, O. A.
Department of Information Technology, National Open University of Nigeria, Osogbo Study Centre.

AROYEHUN, A. A.
Department of Computer Science. Adeleke University, Ede. Nigeria. [email protected]

OGUNWALE, Y. E.
Department of Computer Science, University of Ilesa, Ilesa, Osun State. Nigeria. [email protected]

LALA, O. G.
Department of Computer Science. Adeleke University, Ede. Nigeria.

ONAMADE, O. A
Department of Computer Science. Adeleke University, Ede. Nigeria.

Abstract
Consumers, banks, and other financial organisations have suffered enormous financial losses as a result
of Automated Teller Machine Cybercrime. Passwords, Personal Identification Number (PINs), and card-
based authentication have all been shown to be unachievable in safeguarding Automated Teller Machine
(ATM) users from cybercrime. As a result, Multifactor Authentication (MFA) has been marketed to ATM
users as a more secure authentication method. This article investigates how MFA could be used to
effectively combat ATM cybercrime. According to the article, the multifactor authentication system is
designed to create a robust defense against common ATM security threats, including card skimming, PIN
theft, and card cloning. It argues that MFA significantly enhances the security of ATM transactions,
reducing the likelihood of financial losses for both financial institutions and their customers. The end
objective of this research is to design and implement a multifactor authentication system for ATMs,
incorporating multiple layers of security to ensure that only authorized users can access their accounts
and perform transactions. The system would combine something the user knows (e.g., a PIN) and
something the user is e.g., biometric data (fingerprint and facial recognition) to create a robust
authentication process. The implementation of a multifactor authentication in ATMs is a proactive
measure to curb ATM-related fraud and bolster overall security in the banking sector. By mitigating
vulnerabilities and enhancing authentication processes, this research contributes to a safer and more
secure ATM environment, instilling confidence in users and financial institutions alike.

Keywords: ATM, Multifactor Authentication, PIN, Biometric

Introduction become a significant concern. Cybercrime is not

an old sort of crime in the world. It is defined as
In today's interconnected world, where digital any criminal activity which takes place on or
technologies play a central role in our personal over the medium of computers or internet or
and professional lives, the risk of cybercrime has other technologies recognized by the
95
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Information Technology Act (Chaubey, 2020). using an Automated Teller Machine system.
Automated Teller Machines (ATMs) have Therefore, it is necessary to develop robust
revolutionized the banking industry by providing systems that can curb cybercrime in the banking
convenient access to financial services. system.
However, with the advancement of technology,
ATM cybercrime has become a significant Automated Teller Machine
concern for both financial institutions and
customers. Criminals employ various The Automated Teller Machine (ATM) is a
techniques, such as skimming, card trapping, revolutionary technology that has transformed
and cash-out attacks, to compromise ATMs and the way individuals conduct banking
steal sensitive information or money. To combat transactions. ATM was introduced in the
these threats, implementing effective security 1960’s, it has become an indispensable part of
measures is crucial. Multifactor authentication modern banking, offering convenient and round-
(MFA) has emerged as a powerful tool in the-clock access to a wide range of financial
mitigating ATM cybercrime, offering an services (Wikipedia).
additional layer of security beyond traditional
methods. In 1959, the first Automated Teller Machine was
introduced in Kingsdale Shopping Center Ohio,
Multifactor authentication (MFA) has emerged Canada. ATMs function as self-service kiosks
as a robust solution to enhance ATM security that provide customers with access to various
and combat cybercrime effectively. MFA banking services without the need for direct
requires users to provide multiple factors to interaction with a bank teller (Freedman, 2019).
verify their identity, making it significantly more To initiate a transaction, customers insert their
challenging for criminals to gain unauthorized ATM card into the machine and enter their
access or manipulate ATM transactions. By unique PIN. The ATM then communicates with
combining factors from different categories, the bank's computer system to authenticate the
such as knowledge, possession, and inherence, user and process the requested transaction. Upon
MFA strengthens the security of the successful verification, customers can choose
authentication process and provides an from a menu of services, withdraw cash, or
additional layer of protection against cyber perform other banking operations.
threats.
According to Johnson M. (2020), Automated
The problem addressed in this research is the Teller Machines (ATM) was introduced into the
need for effective security measures to curb Nigerian market in 1989, as a matter of fact, the
ATM cybercrime. Single-factor (PIN) very first ATM in Nigeria was installed by
authentication methods have demonstrated National Cash Registers (NCR) for the defunct
vulnerabilities, leading to an increase in Societe Generale Bank Nigeria (SGBN) in 1989.
fraudulent activities targeting ATMs. Financial
institutions face the challenge of protecting Automated Teller Machines (ATM) give
customer information, preventing unauthorized valuable payback to the banks and the
access, and maintaining the integrity of ATM customers. The ATMs allow bank customers to
transactions in the face of evolving cyber threats. withdraw cash conveniently anytime and
The purpose of embarking on this research work anywhere other than actual bank location by
is the need to curb the rising threat of cybercrime automating few of banking transaction services.
The customers also get real time help on other
96
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

services like balance enquiry, short statement, hidden cameras or keypad overlays to record
application for cheque book, e-cash transfer to PINs entered by unsuspecting ATM users.
other account, and more to customers. This c) Cash Trapping: Cash trapping involves
ATM interacts with a card called ATM card. installing a device inside or near the cash
Initially this card used to interact with ATMs dispenser slot to prevent cash from being
only but nowadays the card can use to purchase dispensed properly. Criminals retrieve the
online, make payments for services etc (Adesina, trapped cash later.
2019). d) Jackpotting: Jackpotting involves infecting
an ATM with malicious software or using
ATM Cybercrime physical tools to manipulate the ATM's
hardware, enabling unauthorized access to
Automated Teller Machines (ATMs) have the cash-dispensing mechanism. This allows
revolutionized banking services, providing criminals to make the machine dispense all
customers with convenient access to their of its cash.
accounts for various financial transactions. e) Network Attacks: Criminals may target the
However, the widespread adoption of ATMs has communication network infrastructure of
also attracted the attention of cybercriminals, ATMs to intercept sensitive data, manipulate
leading to an increase in ATM-related transactions, or gain unauthorized access to
cybercrime. This elaborate write-up explores the the ATM system.
various types of ATM cybercrime, the tactics f) Malware Attacks: Malware can be used to
used by criminals, the impact on individuals and infect an ATM's operating system or
financial institutions, and the strategies network, allowing criminals to gain control
employed to mitigate these threats (Wall, 2018). over the machine, extract sensitive data, or
perform unauthorized transactions.
Using a report on global ATM frauds conducted Sophisticated malware is designed to target
in 2019, ATM attacks and frauds can be ATMs, allowing criminals to manipulate
categorized into the following: cash dispensing, gather sensitive data, or
compromise network security.
a) Skimming: skimming involves stealing
g) Logical Attacks: Criminals exploit
information off a credit card during a
vulnerabilities in an ATM's software or
legitimate transaction. This type of scheme
operating system to bypass security controls
usually occurs in a business where the
and gain unauthorized access to the system
patron’s credit card is taken out of sight
(Global ATM frauds conducted in 2019).
while the transaction is being processed. The
fraudster will swipe the card through an ATM cybercriminals are highly sophisticated,
electronic device known as skimming employing various tactics to evade detection and
device, which records all information maximize their profits. They may use
contained on the magnetic strip. anonymous cryptocurrencies to launder money,
b) PIN Theft: PIN theft methods include employ social engineering techniques to gain
installing hidden cameras near ATMs to access to ATM locations, or remotely control
capture PIN entry or using overlay devices malware-infected ATMs from a distance. These
on the ATM keypad to record keystrokes. criminals also take advantage of vulnerabilities
The stolen PINs are then used in conjunction in outdated ATM software and security
with skimmed card data. Criminals employ protocols (Kanwal, 2018).
97
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Literature Review 2019) suggested a system and discussed the

significance of biometric technique. They
After examining the problems and security suggested that the only practical method for
concerns of traditional ATMs, it is essential to ATM security is biometrics, and that decision-
examine earlier architectural frameworks that makers should be aware of the differences
have been put forth by scholars to improve between the degree of security that users
authentication and boost security (Amurthy and perceive and the actual level of security before
Reddy, 2019) suggested an ATM framework utilizing biometric systems. The biometric
that used an embedded fingerprint technology system is the only procedure that will be
for ATM security applications. Within their essential to the verification and authentication
framework, bankers gather fingerprints and process; other procedures will also be equally
mobile phone numbers of clients while creating important in determining the process's
an account. The way things worked was sufficiency.
that when a client touches the fingerprint module
with their finger It produces a distinct 4-digit The significance of this research topic has led to
code automatically as a message to the the proposal of several frameworks, according to
authorized user's mobile device. The consumer a thorough analysis and evaluation of related
enters the code they got into the ATM literature. However, I plan to take a different
by utilizing the touch screen's keys. Once you've approach. Specifically, I plan to develop and test
got it determines if it is a genuine one or not and a streamlined framework that aligns with earlier
authorizes the consumer access if verified as research in this area by utilizing fingerprint and
authentic. The framework brought forth by biometric technology in conjunction with PINs.
Amurthy et.al had a flaw in that they possibly a
network. Methodology

According to Von Graevenitize, (2020), he The client/server approach method was used to
discussed biometric verification in connection create the security feature that will improve the
with payment systems and ATMs and put out a ATM. The customer's identification data,
verification framework that, in order to increase accounts, and records in the bank's (server)
convenience, will replace the combination of records will all be connected. The network is
ATM cards and PINs with just biometrics. He built to accommodate a huge number of users,
suggested a system where an infrared scanner and dedicated servers are used to make this
goes through a database of fingerprints to verify possible. Because it offers sufficient protection
and approve entries. When the fingerprint layout for the resources needed for a crucial application
matches those in the database, access is granted like banking, the client/server model was chosen
for the transaction; otherwise, access is denied. for this application. Similar to this, a descriptive
Because using biometrics as your sole method of conceptual approach is adapted, including tools
verification is unsafe, PINs were removed from from the Unified Modeling Language (UML),
this framework, which has the drawback of just such as use case models, activity diagram and
offering one factor authentication for security class diagrams to represent how the user (bank
reasons. customers) interacts with the proposed system.
In order to establish a database and store
In a paper titled "Enhanced ATM Security cardholder data, Microsoft Access is used as a
System Using Biometrics," (Oko and Oruh, database creation tool. The project is carried out

98
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

using the software Visual Basic 6.0, which is case is an interaction between users and a
used to design the user interfaces and/or system; it captures the goal of the users and the
cardholder interaction with the ATM Machine. responsibility of the system to its users. It
describes the uses of the system and shows the
courses of events that can be performed as well
Unified Modeling Language Representation as defining what happens in a system. In
of ATM essence, the use case model tries to
systematically identify uses of the system and
The Unified Modeling Language (UML) is used therefore the system’s responsibilities. The Use
to represent the structure and behaviour of an Case Diagram provides a high-level overview of
Automated Teller Machine (ATM). The UML is the interactions between the primary actors
a graphical language for visualizing, specifying, (Customer and Bank) and the various use cases
constructing, and documenting the artifacts of a in the ATM system. One of the primary actors
software-intensive system. Some of the Unified that will interacts with the ATM is the user
Modeling Language that will be used to (customer). The customer can perform several
represent an Automated Teller Machine are Use use cases, including inserting a card,
Case Diagram, Class Diagram and Activity withdrawing cash, depositing money, checking
Diagram. their balance, changing their PIN, and ejecting
the card. Another primary actor in the system is
Use Case Diagram the bank. The bank will interact with the ATM
to authorize transactions and update the ATM
A Use Case Diagram for an Automated Teller
software. The diagram below (fig 3.1) shows the
Machine (ATM) will identify the primary actors
Use Case description
and the various use cases in the system. A use

Insert card Enter PIN

Biometric
Approval Verification
Process
Withdraw
Insert card
Transfer

Client Pay Bills

Remove card

Fig 3.1 Use Case Diagram

99
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Activity Diagram displayed. The user will now proceed for

biometric verification. After the approval, the
An activity diagram for an Automated Teller user is requested to select the type of transaction
Machine (ATM) illustrates the workflow of (withdrawal, transfer or another transaction), and
specific use cases or scenarios within the system. the transaction is carried out accordingly. If the
Activity diagrams are graphical representations user specifies the amount they want to withdraw,
of workflows of stepwise activities and actions the ATM checks if it has sufficient cash and
with support for choice, iteration and dispenses the requested amount. If cash is
concurrency. The diagram below illustrates how dispensed successfully, the process is completed,
the process starts, how the users insert their card and the customer receives their cash. If there is
into the Automated Teller Machine (ATM), the an issue with dispensing cash or if the ATM runs
system checks if the card is valid and not out of cash, the card is ejected, and an error
blocked, If the card is accepted, the process message is displayed. The process ends, and the
continues. If the card is rejected, the transaction ATM is ready for the next transaction. At the
ends, and an error message is displayed. The completion of the transaction, the client exit the
user enters their personal identification number application and remove their card. A detail
(PIN). The system checks if the entered PIN is description of the system is shown in the
valid. If the PIN is valid, the process continues. diagram below (fig. 3.2).
If the PIN is invalid, an error message is

Insert ATM Card

Enter PIN

Biometric Verification (Fingerprint/ Face ID)

Select transaction

Perform transaction

Other transactions

Exit and Remove Card

Fig 3.2: Activity Diagram

100
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Class Diagram deposits. The Account class represents a

customer's bank account. It has attributes for the
Class diagram in Automated Teller Machine account number, account name, balance,
(ATM) shows how the structure of the ATM thumbprint and passport photograph. The
system and components are related. The class Customer class represents a customer, with
diagram model the structure and the contents attributes like their name and a reference to their
using design elements such as classes, packages Card. It includes a method to verify the PIN and
and objects. In this class diagram, the the biometric verification. The ATM Card class
Automated Teller Machine (ATM) class represents the ATM card with attributes for the
represents the ATM itself, with attributes such as card number, expiry date, and a flag indicating
location, status, and cash balance. It also has whether the card is blocked. The Cash Dispenser
methods to interact with the ATM, like inserting class represents the ATM's cash dispenser and
a card, ejecting a card, entering a PIN, and has an attribute to track available cash. It has a
performing transactions. The Bank class method to dispense cash. The Card Reader class
represents the bank that authorizes transactions. represents the card reader device at the ATM
It has attributes like the bank's name and a list of and has a method to read the inserted card. The
accounts. It includes methods for verifying a fig 3.3 below shows the detail description of the
PIN, authorizing withdrawals, and authorizing diagram

Bank System
ATM CARD +bank name -string
+Card No -long int +bank details -string
+bank name -string +user details -string
+expiry date -date +validation ()
+get account () +amount validation ()
+send details ()
Customer
+customer name -string ATM Machine
+address -string +card no -long int Transaction
+phone number -string +pin - int +customer details -string
+card number – long int +location -string +Date -date
+insert card () +bank name -string +amount -int
+enter pin () +read card () +status -boolean
+fingerprint () +validation () +connecting Bank ()
+facial I.D +userinput () +get Balance ()
+Select account type () +process Transaction () +get Status ()
+Enter amount () +give cash ()
+transfer amount () +generate Receipt ()
+withdraw cash ()
Fig. 3:3 Class Diagram
101
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Microsoft Access relationship between the Customers table and the

Accounts table to associate each customer with
Microsoft Access is a database management their accounts. Create data entry forms to input
system, and it can be used to design a database customer information, account details, ATM
for an Automated Teller Machine (ATM) system. transactions, and card information. Design
Access is suitable for managing data related to queries to extract specific information from the
accounts, transactions, customers, and other database, such as account balances, transaction
aspects of ATM operations. Microsoft Access can history, or customer details. Generate reports to
be used for an ATM System in defining tables for present data in a readable format, such as
the following entities: Customers (with attributes transaction summaries, account statements, or
like customer ID, name, contact information); customer lists. Implement security measures to
Accounts (with attributes like account number, protect sensitive data, especially customer and
balance, account type); ATM Transactions (with transaction information. Access provides user-
attributes like transaction ID, date, type, amount); level security features. Apply data validation
ATM Cards (with attributes like card number, rules to ensure data integrity, such as enforcing
customer ID, PIN) and ATM Locations (if there PIN length or ensuring that transactions don't
are multiple ATMs, with attributes like location exceed account balances. The application is show
ID, address). Also, to define relationships in the diagram below (fig. 3.4)
between tables. For example, there should be a

Fig 3.4: Microsoft Access

System Implementation, Testing and admin module was tested for enrolling and
Simulation registering new customers. The administrator
module for adding new clients and changing
The prototype was tested in relation to the two current ones is depicted. To improve security, a
modules that were built for the application user name and password are needed to log in as an
frontend, under the activities that the two actors in administrator. If these are entered incorrectly,
the use case design may perform. The customer access is blocked.
module was tested for authentication, while the

102
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Implementation of the System Registration Page I

The Multifactor Authentication System was At the registration page, a form will be given to
implemented using MySQL, a relational database the customer which will contain their account
management system to generate the database and name, account number and phone number. Also,
Visual Studio was used as the compiler. the customer will also thumbprint and facial
verification will be captured.
The application is divided into two:
This is the application that is used to enter the
(i) The registration application user’s credentials into the database. In this
module, the customer’s first and last names are
(ii) The main application inputted into the database, along with the user’s
phone number and their email.
The Registration Application
The diagram below (fig. 4.1) illustrates the form to fill for the registration page.
Enter customer details

First Name: Last Name:

Address: Date of Birth:

Sex: Account Type:

Account No: Phone No:

Nationality: State of Origin:

Add Customer

Figure 4.1: Customer’s Registration

Registration Page II fingerprint. The fingerprint will be captured and

added to the database. The diagram below (4.2)
This is the second part of the registration; shows how the biometric verification will be
Automated Teller Machine built-in fingerprint captured.
reader will be used to scan the customer’s

Figure 4.2: Fingerprint Capturing (Source: Wikipedia)

103
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Registration Page III facial images will be captured to ensure accuracy

and adaptability to various lighting conditions.
This is the third part of the user’s registration, in Fig 4.3 below shows how the facial images will
this module, the facial biometric data will be be captured.
added to the database for authentication. Multiple

Fig 4.3: Sample of how the face will be captured (Wikipedia)

The Main Application input/output devices with supporting software.

This particular ATM application is made up of 8
User Interface Design interfaces, which include; Welcome Interface,
Enter Pin Interface, Enroll Fingerprint/Facial
A user interface is a friendly means by which Verification Interface, Transaction Type,
users of a system can interact with the system to Withdrawal Interface, Enter Amount Interface,
process inputs and obtain outputs. It is also a Transfer Page Interface and Balance Enquiry
means of communication between the human Interface.
user and the system through the use of
Welcome Page Interface inputting the PIN number (see figure 4.4). If the
user enters an invalid PIN number, a dialogue
This interface is the very first interface the bank box appears prompting an invalid PIN or invalid
customer interacts with on the Automated Teller card number and the system returns to enter a
Machine (ATM). Creating a user-friendly and valid PIN number. A typical description of this
secure welcome page interface for an ATM is is shown in figure 4.4 below, using Adekol as
essential for a positive customer experience and the name of the bank. Include a button for users
to ensure the safety of financial transactions. to cancel the transaction if needed. After
The primary input method should be a validating the customer’s card and PIN number,
touchscreen display, making it easy for users to the customer is directed to the next phase of the
navigate the interface. This interface prompts authentication process via the authentication
the customer to insert ATM card and proceeds dialogue box for inputting the fingerprint.
with the entire authentication process, that is,

104
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Fig. 4.4: Interface design for Welcome Page

Enter your PIN Interface on a specific bank account. At this interface, there
is a display of a numeric keypad on the
This is the second interface on the ATM machine. touchscreen, allowing users to enter their PIN
This interface prompts the customer to enter their securely. It will show an input field to obscure the
PIN. The Personal Identification Number (PIN) entered PIN for privacy (e.g., "●●●●"). There is
entry interface on an ATM is a critical element also a “Proceed” button, to move to the next
for security. It is designed with a focus on user stage. There is also a provision of “Cancel”
privacy and ease of use. To access and manage button, in case the users want to cancel the PIN
your bank account, you must enter a Personal entry process and return to the main menu. Figure
Identification Number (PIN). The PIN acts as a 4.5 below shows the design of “Enter your PIN
security precaution to ensure that only those with Interface” of an Automated Teller Machine.
the proper authorization can conduct transactions

Fig. 4.5: Interface design to Enter Pin

105
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Verification Page: Fingerprint / Facial The fingerprint of an individual is very peculiar

Recognition Interface to that individual since no two individuals can
have the same fingerprint. The fingerprint reader
This is the final interface the customer interacts captures the fingerprint features of an individual
with the Automated Teller Machine in the and search for a match of fingerprint brought up
authentication process. The verification page for for identification among the stored fingerprints in
fingerprint or facial recognition at an ATM plays the database. The fingerprints stored are kept
a pivotal role in enhancing security and user alongside the other ID’s (Pin and Card Numbers)
experience. There is a display of a designated and the corresponding biometric templates are
area on the screen where users should place their kept in the database. When verification is
finger (for fingerprint) or align their face (for successful, a “Welcome” message is shown as
facial recognition). It requests from the customer feedback. In case of unsuccessful verification, the
to enroll their finger to be placed on a Fingerprint customer will be denied access and the system
reader. The fingerprint reader accepts the finger brings up a dialogue box for which the customer
and seeks to match the live sample with the can choose Ok, and as soon as this done the
already enrolled templates in the banks database. system automatically log off the customer. There
If match is confirmed it will finally authenticate is also a provision of "Cancel" button for users
the customer and otherwise it will deny customer who wish to abort the verification process. Figure
access to his/her bank account. 4.6 below depicts this behaviour.

Fig. 4.6: Interface design for verification

Transaction Page Interface secure. In this interface, you will be able to

withdraw your money, make enquiries about your
The transaction page interface in an Automated account balance. You can transfer fund from your
Teller Machine (ATM) is where users can account to another account using the option to
perform various banking operations, such as cash "Transfer”. You can also change your ATM pin
withdrawals, balance inquiries, transfer, and in this interface. Furthermore, there is a
more. This interface is clear, user-friendly and “Withdrawal” button, for users to withdraw

106
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

money from their account. “Transfer” button for Identification Number (PIN). “Cancel” button
the users to transfer money from their account to also allow users to cancel the transaction and
another person’s account. Also, “Balance return to the main menu. The display of the
Inquiry” button to check the account balance. The transaction page depends on the type of Bank
“Bill payment” button to pay bills or utilities. ATM, the choices may change. Figure 4.6 below
“Change Pin” button to update the Personal depicts this behavior.

Fig. 4.7: Interface design to select transaction

Withdrawal Page amount the user want to withdraw. It shows the

customer’s current balance by subtracting the
This interface enables the customer to withdraw amount withdrawn from the previous account
money from their accounts. In this interface, the balance. After the customer has completed all
users are allow to choose among the pre-defined his/her withdrawals, a dialogue box pops up
alternatives for withdrawal amounts, such as notifying the user successful withdrawal
5,000; 10,000; 15,000; 20,000 and 30,000 by transaction. “Cancel” button also allow users to
pressing a button. There is also an “Others” cancel the transaction and return to the main
button which is designed for customer to enter the menu. The interface is shown in fig. 4.8 below:

Fig. 4.8: Interface design for withdrawal page

107
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Enter Amount numeric keypad on the touchscreen, allowing

users to enter the desired amount. After entering
The "Enter Amount" interface in an Automated the amount, display a summary of the transaction
Teller Machine is a critical step for users when details for users to review before confirming. The
conducting transactions such as cash withdrawals, user will click on proceed on the Automated
fund transfers, or bill payments. It is designed for Teller Machine (ATM). Press “Cancel” button to
user convenience, with clear instructions and terminate the transaction and return to the main
user-friendly features. This interface allow users menu. The interface is shown in fig. 4.9 below:
to enter the amount for the transaction. Display a

Fig. 4.9: Interface design to enter amount

Transfer Page Interface other banks. The users will just enter the account
number of the receiver, select the bank and enter
The "Transfer Page" interface in an Automated the amount and click on proceed, after this the
Teller Machine is where users can initiate fund account name and the amount to transfer will
transfers between accounts. This interface is prompt out to confirm. Then, the user will click
intuitive, secure, and user-friendly to ensure a on Yes to proceed. Press “Cancel” button to
smooth transaction. In this interface, the users are terminate the transaction and return to the main
allowed to transfer money from their accounts to menu. The interface is shown in fig. 4.10 below:
another account either with the same bank or

Fig. 4.10: Interface design to select transaction

108
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Balance Enquiry Page Interface This is the interface that allows the users to check
their account balance. The page is used to
The "Balance Inquiry" interface in an Automated determine the amount of money the customer has
Teller Machine is where users can check the in their accounts. The interface also includes the
balance of their accounts. It designed for ease of “Cancel” button to terminate the transaction and
use, adhering to security and accessibility return to the main menu. The Balance Enquiry
standards to ensure a positive user experience. page interface is shown in fig. 4.11 below:

Fig. 4.11: Interface design to check account balance

Conclusion References

Automated Teller Machine (ATM) financial Abdulfatai, B. (2021). Legislative Commitment

transactions have increased exponentially, with a and Cybercrime in Nigeria. Paper
particular emphasis on developing nations where presented at the Law Week of Faculty of
consumers are progressively adopting various Law of Lead City University Ibadan.
means of conducting financial transactions Retrieved from
including online and mobile banking. The ATM http://nationalinsightnews.com/2017/03/08
is a prime target for security flaws in developing /legislative-commitment-cyber-crime-
nations since research indicates that it sees the nigeria-sen-fatai-buhari-ph-d/
most transaction traffic when compared to other
channels of transaction. Thus, in order to improve Abdullahi, R., Mansor, N. (2020). Concomitant
ATM security overall, new security architectures Debacle of Fraud Incidences in the Nigeria
are required. The utilization of biometric Public Sector: Understanding the power of
authentication (facial I.D. and fingerprint) as Fraud Triangle Theory. International
demonstrated by this study's methodology and Journal of Academic Research in Business
research provides proof of concept, and Social Sciences, 5(5), 312-326
demonstrating that integrating biometric
authentication with ATMs is not only possible Abubakar, A.S (2020). Investigating Fraud
but also improves security and lowers security Schemes in Nigeria. Paper presented at
risks. International Conference on Cooperation
against Cybercrime. Retrieved from
109
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

https://rm.coe.int/CoERMPublicCommonS Project, 17 April,

earchServices/DisplayDCTMContent?docu 2018, http://www.thocp.net/hardware/atm.
mentId=09000016802f2643 htm

Adeoti, J.O., (2021). Automated Teller Machine Corsetti, E., Montanari, A., and Ratto, E. (2021).
(ATM) Frauds in Nigeria: The Way Out. Dealing with different time granularities in
Journal of Social Sciences, 27(1), 53–58. formal specifications of real-time systems.
Journal of Real-Time Systems, 3(2), 191–
Adeoye O. S. (2020) Evaluating the Performance 215. doi:10.1007/BF00365335
of Two-Factor Authentication Solution in
The Banking Sector. International Journal Erhabor, I. M., 2018 “Cybercrime and the
of Computer Science, Issues (IJCSI), 9(2), youths,” Department of Education,
1694-0814. Ambrose Alli University, Ekpoma,
Nigeria, 2018, PGDE Project.
Adesuyi, F.A. et al., (2019). A survey of ATM
security implementation within the Gao J., J. Cai, K. Patel, and S. Shim: (2019).
Nigerian banking environment. Journal of Wireless Payment, Proceedings of the
Internet Banking and Commerce, 18(1). Second International Conference on
Embedded Software and Systems
Adewumi, S., (2018). An Ideal ATM (ICESS05), China, 367-374.
Implementation in an Unsecured
Environment. In Proceedings of the Gaurav A., Sharma A., Gelara V., and Moona R
International Conference on Software (2018). “Using Personal Electronic Device
Engineering and Intelligent Systems. 1–8. for Authentication-Based Service Access”.
5930–5934. ICC‟08, IEEE International
Amurthy, P.K. & Redddy M, (2019). Conference.
Implementation of ATM Security by Using
Fingerprint recognition and GSM. Hassan, A. B. Lass F. D. and Makinde J. (2018)
International Journal of Electronics Cybercrime in Nigeria: Causes, Effects
Communication and Computer and the Way Out, ARPN Journal of
Engineering, 3(1), 83–86. Science and Technology, 2(7), 626 – 631.

ATM crime: Overview of the European situation Henricks, A., & Kettani, H. (2019). On data
and golden rules on how to avoid it, protection using multi-factor
European Network and Information authentication. Proceedings of the
Security Agency, Aug. 2019, Technical International Conference on Information
Report. System and System Management (ISSM),
Rabat, Morocco. New York, NY: ACM.
ATM of Banks: Fair Pricing and Enhanced https://doi.org/10.1145/3394788.3394789
Access - Draft Approach Paper, Reserve
bank of India, Technical report, 2018. Hoare, C. A. R. (2018). Communicating
sequential processes. Upper Saddle River,
Cornelis Robat, “ATM (Automatic Teller NJ: Prentice-Hall.
Machine)”, The History of Computing
110
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Hoare, C. A. R. (2020). Communicating Kolhe, H. et al., (2019). ATM Transaction

sequential processes. Communications of Security System Using Biometric Palm
the ACM, 21(8), 666– Print Recognition and Transaction
677.doi:10.1145/359576.359585 Confirmation. International Journal of
Engineering And Computer Science, 3(4),
https://www.firstbanknigeria.com/home/about/ou 5332–5335.
r-history/
Krishnamurthy and M. Redddy (2019).
Ibidapo O., O. Zaccheous, Akinyemi, O. "Implementation of ATM Security by
Omogbadegun and O. Oyelami, (2020). Using Fingerprint Recognition and GSM."
"Towards Designing a Biometric Measure International Journal of Electronics
for Enhancing ATM Security in Nigeria E- Communication and Computer
Banking System." International Journal of Engineering, 3(1), 83-86.
Electrical & Computer Sciences, 10(6), 68-
73. Kurita, S.; Komoriya, K.; Uda, R., (2018).
"Privacy Protection on Transfer System of
Jain A., L. Hong and S. Pankanti, (2020). Automated Teller Machine from Brute
"Biometrics Identification." Force Attack," Advanced Information
Communications of the Association for Networking and Applications Workshops
Computer Machinery, 43(2), 91-98. (WAINA), 2018 26th International
Conference. 72(77), 26-29.
James J. MC Andrews (2020). “Automated Teller
Machine Network Pricing – A Review of Lakshmi P. and Ishwarya M. (2018), Cyber
the Literature” Review of Network Crime: Prevention & Detection,"
Economics 2(2), International Journal of Advanced
Research in Computer and Communication
Jegede C. A., “Effects of Automated Teller Engineering, 4(3),Page.
Machine on the Performance of Nigeria
Banks”. American Journal of Applied Laplante, P. A. (2019). Real-time systems design
Mathematics and Statistics, 2.1 (2020): 40- and analysis (2nd ed.). Washington, DC:
46. IEEE Press. Vol. No. Page

Kanwal S., N.A. Zafar, (2018). Formal model of Lasisi, H and Ajisafe, A.A., (2018).
automatic teller machine system using "Development of stripe biometric based
Znotation, International conference on fingerprint authentications systems in
Emerging technologies (ICET), Automated Teller Machines," Advances in
Islamabad,131–136. Computational Tools for Engineering
Applications (ACTEA), 2018 2nd
Khatmode Ranjit, P. et al., (2020). ARM7 Based International Conference, 172(175), 12-15.
Smart ATM Access & Security System
Using Fingerprint Recognition & GSM Longe O. B. and S. C. Chiemeke (2018).
Technology. International Journal of “Cybercrime and Criminality in Nigeria:
Emerging Technology and Advanced what roles is Internet Access Points
Engineering, 4(2), 856–860.
111
 INTERNATIONAL ACADEMIC JOURNAL OF MULTI-DISCIPLINARY
STUDIES (IAJMS)
A PUBLICATION OF THE
INSTITUTE OF BUSINESS RE-ENGINEERING, INNOVATION AND STRATEGY (IBRIS)
Volume 2. Issue 2. December, 2023 Edition

Playing?” European Journal of Social Tetlay, A., Treharne, H., Ascroft, T., &
Sciences, 6(4), 132–139. Moschoyiannis, S. (2020). Lessons learnt
from a 2FA roll out within a higher
Mali P., Salunke S., R. Mane and P. Khatavkar P, education organisation.
(2018)."Multilevel ATM Security Based https://arxiv.org/pdf/2011.02901.pdf
on Two Factor Biometrics." International
Journal of Engineering Research & Von Graevenitz, A., (2019). Biometric
Technology. 1( 8), 1-6. authentication in relation to payment
systems and ATMs. DuD -Datenschutz
Mandal, S.,( 2018). A Review on Secured Money und Datensicherheit, 31(9), .681–683.
Transaction with Fingerprint Technique in
ATM System. IJCSN - International Wall, D. (2018). What are Cybercrimes?
Journal of Computer Science and Network, Criminal Justice Matters, 58(1), 20-21.
02(04), 08–11.
Wall, D.S. (2019). The Internet as a Conduit for
Oko, S. & Oruh, J., (2019). Enhanced atm Criminal Activity. In A. Pattavina (Ed.),
security system using biometrics. IJCSI Information technology and the criminal
International Journal of Computer justice system (pp. 77-98). Thousand Oaks,
Science, 9(5), 352–357. CA: Sage. Vol. No,

Onyesolu, M.O. & Ezeani, I.M., (2018). ATM Wang, Y. (2018). On contemporary denotational
Security Using Fingerprint Biometric mathematics for computational
Identifier: An Investigative Study. intelligence. Transactions of
International Journal of Advanced Computational Science, 2, 6–29.
Computer Science and Applications doi:10.1007/978-3-540-87563-5_2
(IJACSA), 3(4),.68–72.
Wang, Y. (2019). Software engineering
Padmapriya, V. & Prakasam, S., (2018). foundations: A software science
Enhancing ATM Security using perspective. In CRC series in software
Fingerprint and GSM Technology. engineering (Vol. II). Boca Raton, FL:
International Journal of Computer Auerbach Publications.
Applications, 80(16), .43–46.
Wang, Y. (2020). Using process algebra to
Pandey K., M. Masoom, S. Kumari and P. describe human and software system
Dhiman, (2021). "ATM Transaction behaviors. Brain and Mind,4(2), 199–213.
Security Using Fingerprint/OTP." Journal doi:10.1023/A:1025457612549
of Emerging Technologies and Innovative
Research, 2(3), 448-453. Yeboah-Boateng, E. O., & Kwabena-Adade, G.
D. (2020). Remote access communications
Schneier, B. (2005). Two-factor authentication: security: Analysis of user authentication
Too little, too late. Communications of the roles in organizations. Journal of
ACM, 48(4), 136. Information Security, 11(3), 161-175.

112