DynamicPIN: A Novel Approach towards Secure ATM Authentication
Jong-Hoon Kim ATR Lab, Dept. of Computer Science Kent State Univ., Kent, Ohio, USA firstname.lastname@example.org
Gokarna Sharma Dept. of Computer Science Kent State Univ., Kent, Ohio, USA email@example.com
Irvin Steve Cardenas ATR Lab, Dept. of Computer Science Kent State Univ., Kent, Ohio, USA firstname.lastname@example.org
Do Yeon Kim Dept. of Biomedical Engineering Hanyang Univ., Seoul, South Korea email@example.com
Nagarajan Prabakar Discovery Lab, SCIS Florida International Univ. Miami, FL, USA prabakar@cis.ﬁu.edu
S.S. Iyengar Discovery Lab, SCIS Florida International Univ. Miami, FL, USA iyengar@cis.ﬁu.edu
Abstract—Along with the popularity and widespread use of automated teller machines (ATMs), ATM frauds are also increasingdrasticallythesedays.Shoulder-surﬁngattacks,such as card skimming, PIN capturing using fake machines or fake PINpads,arethemostcommonmethodsusedbyadversariesto capture data from the magnetic stripe on the back of the ATM card. The main problem lies in the existing static PIN-based authentication mechanism which does not provide any security measure (besides displaying asterisks when an user enters a preassigned PIN to the ATM). In this paper, we give a novel approach called DynamicPIN for secure ATM authentication, which is resilient to shoulder-surﬁng attacks. DynamicPIN is very simple, does not require any hardware changes, and does not pose any signiﬁcant overhead to the system. A realtime experimental study showed that DynamicPIN improves signiﬁcantly the ATM authentication compared to the existing static PIN-based authentication mechanism.