Security Solutions for Common QR Code Hacking Attempts in a Mobile App
Keywords:
ATM, authenticity, card-less cash, confidentiality, integrity, mobile banking applications, QR codeAbstract
In this digital era, more and more customers are opting for financial transactions employing technology-enabled hand-held devices as opposed to the traditional banking. Mobile banking apps are growing to be more and more powerful incorporating various advanced features and customizations such as investments, bill payment, effective budgeting, account history, online shopping, convenient payment, etc. to name a few. This aims at providing convenient banking for a customer from anywhere at any time irrespective of time zone and geographical location of the customer. This in turn facilitates the improved quality of customer service in banking sector attracting more and more customers. However, the convenience comes at the cost of security. Mobile app needs to be safeguarded against various known security vulnerabilities for the customer to gain any confidence in operating the app with high degree of reliability. In the current research, the authors have designed a model comprehending the different security breaches pertaining to authenticity of QR code, integrity of QR code data, validity of QR code and double spending problem in a typical mobile app employing QR code for financial transactions. The possible security threats are addressed employing the proven techniques such as hashing, generation of unique transaction id for each QR code transaction and primary key concept. Different RBI norms to be incorporated in a mobile banking app are considered. The model is implemented employing the currently available technologies to prove its value to the customer. The research presents a hypothetical model with an emphasis on possibilities of QR code hacks are presented and the solutions are proposed.
References
Agarwal V, Poddar S, Karnavat SJ. A study on growth of mobile banking in India during covid-19. PalArch's J Archaeol Egypt/Egyptology. 2020 Nov 2; 17(6): 9461–85.
Singh N, Srivastava S, Sinha N. Consumer preference and satisfaction of M-wallets: a study on North Indian consumers. Int J Bank Mark 2017 Sep 4; 35(6): 944–65.
Deshwal P. A study of mobile banking in India. Int J Adv Res IT Eng. 2015; 4(12): 1–2.
Bhosale VP, Naik Poornima. (2022). Security Model for Banking Domain Based on Cardless QR code transactions. South Asian Journal of Management Research. 2023; 13(1): 70–85.
Bach MP, Starešinić B, Omazić MA, Aleksić A, Seljan S. M-banking quality and bank reputation. Sustainability. 2020; 12(10): 1–8., www.mdpi.com/journal/sustainability.
Koch TW, MacDonald SS. Bank management. Cengage Learning; 2014 Aug 25.
Khaled Aldiabat, et al. The Effect of Mobile Banking Application on Customer Interaction in the Jordanian Banking Industry, Int J Interact Mob Technol. 2019; 13(2): 39–49.
Saprikis V, et al. A Comparative Study of Users versus Non-Users’ Behavioral Intention towards M-Banking Apps Adoption, Information 2022; 13: 30. https:// doi.org/10.3390/info13010030.
Calin-Mihai Istrate, Cardless Withdrawal System for Mobile Banking Applications, J Mob Embed Distrib Syst. 2014; 6(1): 11–16. ISSN 2067–4074.
Rbi.org.in. (2018). Reserve Bank of India---Bankwise ATM/POS/Card Statistics. [Online] Available at: https://www.rbi.org.in/scripts/ATMView.aspx?atmid=86.
Velasiri Dwarakamayi Amareswari, et al. Card less ATM Using 3-Level Authentication System, Int J Adv Res Comput Commun Eng. 2021; 10(2): 130–135.
Rbi.org.in. 2023. Available from: https://rbidocs.rbi.org.in/rdocs/notification/PDFs/MC177DF24 D0B0964448286BC682385CDA1F3.PDF
Downloads
Published
Issue
Section
License
Declaration and Copyright Transfer Form
(to be completed by authors)
I/ We, the undersigned author(s) of the submitted manuscript, hereby declare, that the above manuscript which is submitted for publication in the STM Journals(s), is not published already in part or whole (except in the form of abstract) in any journal or magazine for private or public circulation, and, is not under consideration of publication elsewhere.
- I/We will not withdraw the manuscript after 1 week of submission as I have read the Author Guidelines and will adhere to the guidelines.
- I/We Author(s ) have niether given nor will give this manuscript elsewhere for publishing after submitting in STM Journal(s).
- I/ We have read the original version of the manuscript and am/ are responsible for the thought contents embodied in it. The work dealt in the manuscript is my/ our own, and my/ our individual contribution to this work is significant enough to qualify for authorship.
- I/We also agree to the authorship of the article in the following order:
Author’s name
1. ________________
2. ________________
3. ________________
4. ________________
| We Author(s) tick this box and would request you to consider it as our signature as we agree to the terms of this Copyright Notice, which will apply to this submission if and when it is published by this journal. |