Department of Computer Application

Report Writing Assignment of Soft Skill and Interpersonal Communication

(MCAN-190)

PROJECT TITLE:

SECURE ATM USING CARD SCANNING PLUS OTP

SUBMITTED BY
NAME: SUDIPA BISWAS

STREAM: MCA

ROLL NO: 10271022027

REGISTRATION NO: 221020510031

YEAR: 1ST

SEMESTER: 1ST SEMESTER

SUBJECT: SOFT SKILL AND INTERPERSONAL COMMUNICATION

SUBJECT CODE: MCAN-190

 DECLARATION
I hereby declare that investigatory project entitled “Secure ATM using card scanning plus OTP” has been
carried out by own efforts and fact arrived at my observation under the motivation of our Principal Dr. Sourav
Kumar Das, our Head of the department, Dr. Surya Sarathi Das and under the guidance of subject teacher,
Mrs. Swati Pradhan Majumder.

I understand that any act of academic dishonesty, including plagiarism, will result in serious consequences. I
am aware that I am responsible for the originality and authenticity of the work presented in this project.

I further declare that the work reported in this project has not been submitted and will not be submitted, either
in part or in full, for the award of any other degree or diploma in this institute or any other institute or
university.

----------------------------------
Name: Sudipa Biswas
Roll no.: 10271022027
Registration no.: 221020510031
Date:

1|Page
 APPROVAL AND CERTIFICATION

This is to certify that Sudipa Biswas student of MCA 1ST semester has successfully completed her Project
on “Secure ATM using card scanning plus OTP” under our Principal Dr. Sourav Kumar Das, our Head
of the department, Dr. Surya Sarathi Das and under the guidance of subject teacher, Mrs. Swati Pradhan
Majumdar.

----------------------------------- ------------------------------------- ------------------------------------------

Dr. Sourav Kumar Das Dr. Surya Sarathi Das Mrs. Swati Pradhan Majumdar
(Principal) (HOD , MCA Dept) (Project Guide)

Date: Date: Date:

2|Page
 ACKNOWLEDGEMENT
It is great pleasure to express my sincere thanks to my supervisor Mrs. Swati Pradhan Majumdar for her
sincere guidance, helpful discussion, and supervision throughout the work, without which the completion of
this project would have been a difficult one.

I would also like to thank our hon’ble principal Dr. Sourav Kumar Das for his valuable support regarding
the work.

I am also thankful to the Department of Computer Application, Kalyani Government Engineering College
for the valuable support.

I also express my heartiest gratitude to my friends who have directly or indirectly extended their
valuable advice during the preparation of this project.

----------------------------------
Name: Sudipa Biswas
Roll no.: 10271022027
Registration no.: 221020510031
Date: 02-01-2023

3|Page
 ABSTRACT OR EXECUTIVE SUMMERY
In today’s world, money can be required at any time or anywhere such as shopping, travelling or health
emergencies etc. The need of money can only be satisfied when you are carrying money with you. That also
increases the risk of getting robed. Bank is a safest place to keep money. Bank provides Automated teller
machine (ATM) which can provide money anywhere you want. ATM is an easy way to get money, you just
need to insert card and password and you just got the money. But what if someone will steal your card and
somehow, he/she will know your password, it will grant him/her full access to your money. That raise question
on present security and demands something new in the system that can provide second level of security.
We are going to make use of one-time password (OTP) verification along with the use of ATM pin. In the
present system there is no security layer is implemented in the ATM card except pin number. This system
proposes a one-time password (OTP) to the user’s mobile number for further and more secure authentication
system process. Thus, the system provides a totally secure way to perform ATM transaction with two level
security.

4|Page
 Table Of Contents
1. List of Figures………………………………………………..............................6
2. List of Abbreviations……………………………………………………………6
3. List Of Symbols ………………………………………………………………..6
4. Introduction……………………………………………………………………..7
5. Body of the project………………………………………………………………8-11
5.1. Problem Statement………………………………………………………..8
5.2. Existing System…………………………………………………………..8
5.3. Perspective of proposed system…………………………………………..8-9
5.4. Design and Implementation constraints…………………………………..9-10
5.5. Flow Chart ………………………………………………………………..10
5.6. Objective ………………………………………………………………….11
6. Conclusions ……………………………………………………………………...11
7. Future Scopes ………………………………..…………………………………..11
8. References ……………………………………..………………………………...12
9. Appendix ……………………………………….………………………………..13-14

5|Page
 1.List Of Figures
Figure 1: [Basic Flowchart Symbols] .....…………………………………..……...……….…....6
Figure 2: [Block Diagram of Proposed System] …………………………….……………….…9
Figure 3: [Flow chart of the proposed system .…………………………………………………10

2.List Of Abbreviations
Abbreviation Meaning

1.ATM 1. Automated Teller Machine

2.OTP 2.One-time Password
3.IMEI 3.International Mobile Equipment Identity
4.PIN 4.Personal Identification Number
5.SHA-1 5.Secure Hash Algorithm 1
6.SMS 6.Short Message Service
7.GUI 7.Graphical User Interface

3.List Of Symbols

Figure 1: Basic Flowchart Symbols

6|Page
 4.Introduction
In the war of functionality versus security, the functionality wins more often. Security has always been viewed
upon as an overhead or afterthought by software developers. But in the case of banking and money
transactions, the security should hold highest priority. Increase in daily attacks on ATM and banking security
the developers getting on right track and putting security their important aspect in developing projects.

The multifactor authentication is an approach to authentication which requires the presentation of two or more
authentication factors: a knowledge factor (something only the user knows), a possession factor ("something
only the user has"), and an inherence factor ("something only the user is"). After presentation, each factor
must be validated by the other party for authentication to occur [2][5]. In present days the ATM holds only
one thing (i.e., PIN) to secure the money saved in the bank if we are not considering the physical attacks. In
our system we are going beyond this level of security to enhance security of the ATM. We introduce the
concept of one-time password (OTP) [3][4] in ATM banking. Our system will provide the second level of
security using different factors to generate OTP. This will send over customer’s mobile number stored

in records. In secure ATM, user will have to register mobile and its IMEI number in bank system. When user
puts/swipes card into machine, user get request to insert PIN (which is current way of ATM banking). In the
proposed system user will get OTP on mobile. When user enters OTP to the system, he/she will be having
access to the machine else no transaction can be made.

7|Page
 5.Body of the project
1. Problem Statement: The problem with current ATM banking is, every day there is something new
that make bad impact on security related to ATM banking. This leads to necessity of new techniques
or algorithms to deal with new possible attacks that can happen. This project will give a good way to
solve problems like card fraud, skimming, card data stealing/trapping. This project will be presenting
an algorithm, which will be capable of considering more than two factors to generate an OTP. While
generating an OTP, the proposed algorithm will consider current time, location of ATM the IMEI
number and mobile number of users.
2. Existing system: In present days the ATM holds only one thing (i.e., PIN) to secure the money saved
in the bank and if we are not considering the physical attacks.
Step-1: User enters the card to machine.
Step-2: Card Reader reads the information on the magnetic strip on the card and sends the
information to the bank server. If the card information is valid according to the bank, the ATM
will ask for PIN.
Step-3: User will enter PIN to the ATM machine.
Step-4: If PIN entered by User is correct according to server, User will be allowed further to access
for transactions.
Step-5: This is process will only be applicable for one time, i.e., if user want to withdraw more
money than he/she have to repeat the process again.
But there are problems and vulnerabilities in the present system.
• It is possible that the machine is tempered and read wrong information as correct information.
• It is also possible that the magnetic strips hold legitimate information but that card is
duplicated.
• PIN can be hacked by any means like shoulder surfing, mutual friends, family friends etc.
• After PIN is correct there is no one who can catch attacker to steal money from bank. It is just
like stealing from cupboard.
3. Proposed System: The objective is to provide secondary security to ATM systems, which may be
done by using OTP (Single Password), which is a safe and dependable way to increase system security.
An OTP will be sent to the user's registered mobile number, which can be seen on the website [1][2].
These applications provide the safest method of making ATM transactions. The system requests a PIN
to confirm the user's identification when they enter their account number into an ATM. Once the PIN
number has been verified, an OTP is generated and sent to the user's mobile phone number [4][5][6].
The procedure will be successful if the user provides a valid OTP; if not, the operation will be
unsuccessful. If the OTP setup is incorrect more often than a specific threshold, the card will be
blacklisted. When an account is opened, the banking system will inquire for the user's cell phone
number's mobile registration. This information will be saved on the bank's website for future use

8|Page
 [8][11]. When a user uses an ATM, he must swipe his card into the device, and the device and the bank
server will then verify and authenticate the card.
The device will prompt the user for his PIN after verifying that the card and its information are correct.
The banking system will examine the card's details and PIN [9][12].
When the cardholder and PIN have been validated, the system will access user information from the
website and generate an OTP, which will be sent to the user's mobile phone number [5][7]. A user
must enter an OTP code they get on their mobile device just like they would a PIN on the screen.
Unexpected repercussions might, however, include a dead phone battery, a spotty network, or a delay
in SMS transmission. Users will be able to access their accounts through the ATM system if the OTP
is accurate [9][10].

4. Design and implementation constraints: This project needs some changes in current design of ATM
system that are listed below:
1. Mobile number of the user should be present in the system which is necessary for this project.
2. Database should be maintained.
3. While opening an account bank should get mobile number of the user.
4. Bank should have a fast and trusted SMS gateway to deliver OTP on customer’s mobile
number.
5. New System should be explained to customer so that while accessing ATM he/she should not
face any difficulties or problems.
Given in the diagram is block diagram in Figure 1 is of the proposed system.

Figure 2: Block Diagram of Proposed System

First block denotes user who is accessing the ATM machine (i.e., user). At the time of opening account,
the bank system will ask about mobile registration of the mobile number of the user. This information
will be stored in the bank database for further reference [10][11][12]. When User goes to any ATM
machine, he/she has to swipe card to machine after that machine and bank server will check validation
9|Page
 and authentication of that card, if card and its information is correct machine will ask the PIN of the
user [7][8]. That card detail and PIN will be verified on the banking system. If PIN entered by the user
is correct then the user will undergo another steps. After verification of the card owner and PIN, bank
system will access the user details from database and generate the OTP (by using SHA-1[5][6]
algorithm and proposed OTP extract method) that will be further send to the mobile number of the
user. When user gets OTP code on mobile, he/she has to enter that OTP on the screen in same way as
PIN. If entered OTP is correct then ATM system will allow access to user for transaction.[9][11]
5. Flow chart of the proposed system:

Figure 3: Flow chart of the proposed system

10 | P a g e
 6. Objective: The main objective of this project is to provide more security to the ATM system by
using most trusted and easy way that is One Time Password (OTP).
• When user wants to use OTP of the ATM System, the OTP should be produced at that time only
with current time and user’s available data in the present database system and OTP should be
delivered on registered mobile of the user [3][5].
• Other Objective of this project is to introduce user friendly system for those people who are less
familiar with newer technologies, with very few changes in the current system. That is
accomplished by using current technologies/devices like Mobile, SMS, and ATM GUI [11][12].

6.Conclusion
Now a day’s ATM security is a key problem in banking system. Now a day ‘s security system used in ATMs
is completely based on PIN security system which is vulnerable. Banks deliver four digits PIN to the user
which can be changed later by the user. After first use, user generally changes the password and keeps
password quite guessable [5][6]. This is the main disadvantage of this PIN type ATM system. When ATM
card is lost or stolen it is essential to close the ATM card by contacting the bank immediately. The paper
indicates the strong verification of ATM card with the help of One Time Password (OTP) on mobile device.
So, in this paper with the help of Password authentication and OTP the system will be simple, profitable and
security level will get increase in an ATM transaction [2][7].
This project is established on the basis of more need of security in ATM banking system. Now-a-day’s ATM
is receiving less secure with emerging ways to hack/crack ATM PIN or ATM card. Use of OTP is best and
easy way to deal with these security threats. That OTP will be transfer on registered mobile number of the
user. And that OTP will be used toward access ATM transactions. Another significant point in proposed
system is that it demands lesser changes to the present system of Bank and ATM. That means minor overhead
will be required to change the whole system with enhanced security. In future work biometrics can be used as
future enhancement [1][6][8]. By taking the everyday life difficulties that is phone got switched off, battery
is down, less coverage of network can disturb the OTP.to avoid application-based problem this project also
suggests a solution i.e., biometric security, by using biometric security another security will be as same as
OTP. And OTP”,[1][3].

7.Future Scopes
In the future, cash withdrawals may use face or iris recognition for further security. When completely
implemented, the system will undoubtedly lower the frequency of fraudulent activity on ATMs.

11 | P a g e
 8.References
[1] European atmsecurity [Online]. Available: https://www.european-atm-security.eu/atm-industry.
[Accessed: 12 Nov 2014].
[2] Kristin s. Fuglerud and Oystein dale “Secure and Inclusive Authentication with a Talking Mobile One-
Time-Password Client” IEEE J. Security & Privacy, Volume: 9, Issue: 2, Pages 27-34, March-April
2011.
[3] N. Haller, C. Metz, P. Nesser, One-Time Password System, RFC 2289, February 1998.
[4] Aastha Bhargava, Priya Jain “Biometric; an Effective Shield in Today’s Scenario” RGPV International
Conference on Cloud, Big Data and Trust 2013, Nov 13-15.
[5] Secure Hash Standard (SHS), FIBS PUB180-4, March 2012.
[6] D. Eastlake, P. Jones. A US Secure Hash Algorithm 1 (SHA1), RFC 3174, September 2001.
[7] N. Haller, C. Metz, P. Nesser and M. Straw, “A one-time password system”, Internet Engineering Task
Force requested for comments 2289, IEFT,1998.
[8] L. Lamport,” Password Authentication with Insecure Communication”, vol.24,1981
[9] Mohsin Karovaliya, Saifali Karedia, Sharad Oza, Dr.D.R. Kalbande,” Enhanced security for ATM
machine with OTP and Facial recognition features”, International Conference on Advanced
Computing Technologies and Applications (ICACTA2015)
[10] Mohammed Hamid Khan, “Securing ATM with Biometric and OTP” International Journal on Recent
and Innovation Trends in Computing and Communication, Volume: 3 Issue: 4
[11] Leslie Lamport. (1981) Password Authentication with Insecure Communication Communications.
ACM 24.11, 4
[12] S. Pooranachandran, E. Aravind, D. Bharathipriya, A.K. Gokul, E. Karthika,” GENERATION OF
SECURE ONE TIME PASSWORD FOR ATM SECURITY AND THEFT PROTECTION”,
International Journal of Advanced Research
in Management Architecture Technology & Engineering (IJARMATE).

12 | P a g e
 9.Appendix
1. ATM - An automated teller machine (ATM) is an electronic telecommunications device that enables
customers of financial institutions to perform financial transactions, such as cash withdrawals,
deposits, funds transfers, balance inquiries or account information inquiries, at any time and without
the need for direct interaction with bank staff.

2. OTP - A one-time password (OTP), also known as a one-time PIN, one-time authorization code
(OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on
a computer system or other digital device. OTPs avoid several shortcomings that are associated with
traditional (static) password-based authentication; a number of implementations also incorporate two-
factor authentication by ensuring that the one-time password requires access to something a person has
(such as a small keyring fob device with the OTP calculator built into it, or a smartcard or specific cell
phone) as well as something a person knows (such as a PIN).

3. IMEI - The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique,
for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed
inside the battery compartment of the phone but can also be displayed on-screen on most phones by
entering *#06# MMI Supplementary Service code on the Dialpad, or alongside other system
information in the settings menu on smartphone operating systems.

4. PIN - A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code,
is a numeric (sometimes alpha-numeric) passcode used in the process of authenticating a user
accessing a system. The PIN has been the key to facilitating the private data exchange between
different data-processing centres in computer networks for financial institutions, governments, and
enterprises. PINs may be used to authenticate banking systems with cardholders, governments with
citizens, enterprises with employees, and computers with users, among other uses. In common usage,
PINs are used in ATM or POS transactions, secure access control (e.g., computer access, door access,
car access), internet transactions, or to log into a restricted website.
5. SHA-1 - Secure Hash Algorithm 1 is a cryptographic hash function which takes an input and produces
a 160-bit (20-byte) hash value. This hash value is known as a message digest. This message digest is
usually then rendered as a hexadecimal number which is 40 digits long. It is a U.S. Federal Information
Processing Standard and was designed by the United States National Security Agency. SHA-1 is now
considered insecure since 2005. Major tech giants browsers like Microsoft, Google, Apple and Mozilla
have stopped accepting SHA-1 SSL certificates by 2017. To calculate cryptographic hashing value in
Java, MessageDigest Class is used, under the package java.security. MessageDigest Class provides
following cryptographic hash function to find hash value of a text as follows:
a. MD2
b. MD5

13 | P a g e
 c. SHA-1
d. SHA-224
e. SHA-256
f. SHA-384
g. SHA-512

These algorithms are initialized in static method called getInstance(). After selecting the algorithm the
message digest value is calculated and the results are returned as a byte array. BigInteger class is used,
to convert the resultant byte array into its signum representation. This representation is then converted
into a hexadecimal format to get the expected MessageDigest.

6. SMS - Short Message/Messaging Service, commonly abbreviated as SMS, is a text messaging service
component of most telephone, Internet, and mobile device systems. It uses standardized
communication protocols that let mobile devices exchange short text messages. An intermediary
service can facilitate a text-to-voice conversion to be sent to landlines.

SMS technology originated from radio telegraphy in radio memo pagers that used standardized phone
protocols. These were defined in 1986 as part of the Global System for Mobile Communications
(GSM) series of standards. The first SMS message was sent on 3 December 1992, when Neil Papworth,
a test engineer for Sema Group, sent "Merry Christmas" to the Orbitel 901 phone of colleague Richard
Jarvis. SMS rolled out commercially on many cellular networks that decade and became hugely
popular worldwide as a method of text communication. By the end of 2010, SMS was the most widely
used data application, with an estimated 3.5 billion active users, or about 80% of all mobile phone
subscribers.

7. GUI - The GUI, graphical user interface, is a form of user interface that allows users to interact with
electronic devices through graphical icons and audio indicator such as primary notation, instead of
text-based UIs, typed command labels or text navigation. GUIs were introduced in reaction to the
perceived steep learning curve of CLIs (command-line interfaces), which require commands to be
typed on a computer keyboard.

The actions in a GUI are usually performed through direct manipulation of the graphical elements.
Beyond computers, GUIs are used in many handheld mobile devices such as MP3 players, portable
media players, gaming devices, smartphones and smaller household, office and industrial controls. The
term GUI tends not to be applied to other lower-display resolution types of interfaces, such as video
games (where HUD (head-up display) is preferred), or not including flat screens like volumetric
displays because the term is restricted to the scope of 2D display screens able to describe generic
information, in the tradition of the computer science research at the Xerox Palo Alto Research Centre.

14 | P a g e