IEEE Access (Jan 2024)

Online Banking User Authentication Methods: A Systematic Literature Review

  • Nader Abdel Karim,
  • Osama Ahmed Khashan,
  • Hasan Kanaker,
  • Waleed K. Abdulraheem,
  • Mohammad Alshinwan,
  • Abedal-Kareem Al-Banna

DOI
https://doi.org/10.1109/ACCESS.2023.3346045
Journal volume & issue
Vol. 12
pp. 741 – 757

Abstract

Read online

Online banking has become increasingly popular in recent years, making it a target for cyberattacks. Banks have implemented various user authentication methods to protect their customers’ online accounts. This paper reviews the state-of-the-art user authentication methods used in online banking and potential cyber threats. This paper starts by exploring different user authentication methods, such as knowledge-based authentication (KBA), biometrics-based authentication (BBA), possession-based authentication (PBA), and other methods. The advantages and disadvantages of each user authentication method are then discussed. Furthermore, the paper discusses the various cyber threats that can compromise user authentication for online banking systems, such as malware attacks, social engineering, phishing attacks, man-in-the-middle (MiTM) attacks, denial of service (DoS) attacks, session hijacking, weak passwords, keyloggers, SQL injection, and replay attacks. Also, the paper explores the user authentication methods used by popular banks, which can provide insights into best practices for safeguarding online banking accounts and future user authentication methods in online banking and cyber threats. It states that the increasing use of BBA, two-factor authentication (2FA), and multi-factor authentication (MFA) will help improve the security of online banking systems. However, the paper also warns that new cyber challenges will emerge, and banks need to be vigilant in protecting their customers’ online banking accounts.

Keywords