A survey on multi-factor authentication for online banking in the wild

Federico Sinigaglia (Corresponding author), Roberto Carbone (Corresponding author), Gabriele Costa (Corresponding author), Nicola Zannone (Corresponding author)

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

In recent years, the usage of online banking services has considerably increased. To protect the sensitive resources managed by these services against attackers, banks have started adopting Multi-Factor Authentication (MFA). To date, a variety of MFA solutions have been implemented by banks, leveraging different designs and features and providing a non-homogeneous level of security and user experience. Public and private authorities have defined laws and guidelines to guide the design of more secure and usable MFA solutions, but their influence on existing MFA implementations remains unclear. In this work, we present a latitudinal study on the adoption of MFA and the design choices made by banks operating in different countries. In particular, we evaluate the MFA solutions currently adopted in the banking sector in terms of (i) compliance with laws and best practices, (ii) robustness against attacks and (iii) complexity. We also investigate possible correlations between these criteria. Based on this study, we identify a number of lessons learned and open challenges.

Original languageEnglish
Article number101745
Number of pages30
JournalComputers and Security
Volume95
DOIs
Publication statusPublished - Aug 2020

Keywords

  • Field study
  • Legal compliance
  • Mobile banking
  • Multi-factor authentication
  • Online banking
  • Remote payments
  • Threat models

Fingerprint Dive into the research topics of 'A survey on multi-factor authentication for online banking in the wild'. Together they form a unique fingerprint.

  • Cite this