Lost Debit Card ATM Card Management System

Abstract

Authentication require two or more factors: “something only the user knows”, “something only the user has” and “something only the user is”. The factors must be validated by the other party for validation to occur. In debit cards authentication mechanisms which can be easily cracked using different mechanisms. According to US attorney report at least 7,000 fake identities are used to obtain more than 25,000 credit cards and documented $200 million in losses, but the figure could rise. The present authentication mechanisms use mechanism where we enter our PIN in pos (point of sale) devices where it is vulnerable in case if we have any skimmer devices installed in any one of the component. Sometimes we have to enter OTP (one time password) in card reader, but it’s vulnerable in case of lost or theft of both mobile and card together. In proposed method, GSM mobile service is used provide the security. Lost Debit Card ATM Card Management System When the Debit card is used, Server will request user to enter a password in his/her mobile phone. If the password valid, Server precedes the transaction, if not so, denies it. The proposed solution effectively prevents clone cards and relay attacks on Debit cards using mobile phone authentication through the flash message service. The proposed solution effectively prevents clone cards and relay attacks on Debit cards using mobile phone authentication through the flash message service. This methodology can be implemented with the current system.

Lost Debit Card ATM Card Management System

Software Requirements: –
Front End: HTML5, CSS3, Bootstrap
Back End: PHP, MYSQL
Control End: Angular Java Script

Android Tools:
Android Emulator
xampp-win32-5.5.19-0-VC11
Android SDK – adt-bundle-windows-x86
IDE: Eclipse Mars
jdk-8u66-windows-i586

PHP Tools:
xampp-win32-5.5.19-0-VC11

Objectives

This web application will provide the ATM CARD for Customer. Customer can register and select the lost and stolen debit card, credit cards get sms from another customer give. Customer can view the alert sms immediately. Admin can manage the whole process.

Existing Solution:

For some debit cards, we do not have any security mechanisms; we just swipe those cards and make the transaction. This system is highly vulnerable for all attacks, now a days security is added to these cards that we have to enter the PIN in card reader, but its vulnerable to relay attack which makes duplicate transactions and may leads the cards to be skimmed when they are swiped on malicious, For few other cards, we have to enter OTP in card reader, but it’s vulnerable in case of lost or theft of both mobile and card together.

Proposed Solution:      

In proposed method, flash message mobile service is used provide the security. When the Debit card is swiped at terminal, the transaction information send to visa server through acquirer bank and with an authentication normal procedures. Visa server will request user to enter a password in his/her mobile phone through the mobile network. If the password is valid, Server proceed the transaction towards the card holder bank and checks availability of required amount then flow of the transaction is as usual, if the password is not valid, server denies the transaction and lets the merchant and user to know that the transaction is denied. So this method can resolve three drawbacks in existing system first case if a card is cloned and swiped at some terminal, anyway the request for password to original owner of the card, he/she can know this transaction is not done by them and they can decline the transaction.

Second case, if relay attack happens in a transaction, the user will be requested for password to perform a parallel transaction also, so he/she can avoid duplicate transaction. In third case, if the mobile phone and card are lost together, no one can make any transaction because the password is not known to anyone other than original user

Module Description

.USER REGISTRATION

This module is used to create a user registrationsform.After registering application form the users able to enter into process. To register the form following details should be given by the user, the details that should be filled by the user is their personal details and the required details by the bank i.e. the card number, pin code, secret password, account type account branch etc. Then only the users allowed entering the server. Once they activate their account, they are allowed to access their user id.

SERVER

The particular server will certainly monitor the complete User’s data inside their data source along with verify all of them if expected. Additionally the server will certainly shop the complete User’s data inside their data source. Additionally the server has to establish the connection to be able to get in touch with the users. The particular server will certainly bring up to date the each and every users activities with it is data source. The particular server will certainly authenticate each and every individual previous to many people admittance the application. So that the server will certainly stop the unauthorized individual coming from being able to view the application.

LOCATION TRACKING

In this module, we track the location of the user access. Every time we monitor the location of the system that they are accessing. The user will frequently use the same location to access the location. So that we can monitor the User usage. This will increase the security level. Also the server stores this information in the database.

ACCESS TIME TAKEN AND AVERAGE AMOUNT

Here we will monitor the access information of the users. The server will monitor the user’s access information along with the time taken to access the ATM. So that based on the Time of usage and amount withdrawn by the users will be stored in the database. So that we may able to retrieve the usage time and amount withdrawn by the users.

SEQUENCE OF USAGE

We also track the usage sequence of each and every user. [4]So that we may able to track the users access details. The system will recognize the users usage sequence. For an example if the users are login into their account and they check their balance and then proceed to withdraw the cash from their respective account.

OTP GENERATION AND SECURITY

The server will check the above mentioned details and generate an One Time Password if these details are varies. This One Time Password will be send to the users mobile number. So that the user is requested to enter their One Time Password and that will be verified by the Server, then only they are allowed to access to the system. To generate the One Time Password, we are using a Secure Random Number Generation algorithm. To generate the SMS to User mobile number we are using JSMS. Jar file which is used to send the SMS from the Server system to external device will transmit the SMS to the Concerned User‟s Mobile Number. In very rare cases we handle a difficulty about the coverage of mobile network is nil, so at that time we use security question as an alternative to access the ATM.

System Features

This section gives a functional requirement that applicable to the On-Line ATM cards system.

There are two sub modules in this phase.

Customer module.

Administrator module.

System Modules:

 Administrator:

• The administrator has the full-fledged rights over the OES.
• Can create/delete an account.
• Can view the accounts.
• Can change the password.
• Can hide any kind of features from the both of users.
• Insert/delete/edit the information of available on OES.

Can access all the accounts of the customer.

User:

• Register
• Can change password.
• Can view their Account.
• Can view the sms alert.
• Can view and modify its profile but can modify it to some limited range.