Vulnerabilities in One Time Passwords and Protection Method Using Secret Key and Biometric Hash Code

In the present era, conducting financial transactions online is both simple and widely embraced for its convenience. However, engaging in internet-based financial transactions exposes individuals to potential threats like password attacks, malware, phishing, and other illicit activities. Recognizing these risks, many banks have enhanced security measures by incorporating One-Time Password (OTP) authentication alongside traditional login credentials. Despite these improvements, security issues persist in online transactions. To mitigate such concerns, OTPs can be delivered via SMS to the account owner's mobile number. Even with heightened security, internet banking remains susceptible to various attacks, including online phishing, Man-in-the-Middle attacks, SQL injection, and brute force attacks. To address these challenges, this proposed model introduces a Biometric mobile OTP-based transaction authentication method.