EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

A Novel Risk-Based Multi-Factor Authentication (MFA) Approach for Card-Not-Present (CNP) Transactions

Prakash Chandra Mondal and Pritu Parna Sarkar
Additional contact information
Prakash Chandra Mondal: Independent Researcher, Joint Director (ICT), Information and Communication Technology Department, The Central Bank of Bangladesh (Bangladesh Bank), Bangladesh
Pritu Parna Sarkar: Graduate Research Assistant, Dept. of Mechanical Engineering, The University of Texas Rio Grande Valley, Edinburg, Texas 78539, United States

International Journal of Research and Innovation in Social Science, 2025, vol. 9, issue 3, 3062-3076

Abstract: Using biometric information and a Personal Identification Number (PIN) is not recommended for Card-Not-Present (CNP) online payments because merchants’ portals and payment processors are not standardized to accept or verify biometric data and PINs. Additionally, it increases the risk of critical information interception through keyloggers, malware, or phishing attacks. Similarly, using OTP poses several risks and limitations, including SIM swapping, delayed or failed OTP delivery, and vulnerabilities in the SS7 protocol. In this model, we utilized an innovative, configurable Multi-Factor Authentication (MFA) for user authentication and transaction authorization in CNP online payments, based on the theme “what we want.†The proposed additional factor for MFA consists of users’ expected transaction amount and time slot. MFA configuration is available via a bank’s or financial institution’s web portal or mobile app following a successful login and risk-based assessment. The risk-based assessment employs a weighted analysis of users’ historical activities to calculate the associative risk score (R). Dynamic Challenge Questions (CQs) are used to verify risky users with high-risk scores (R). The CQ(s) are enabled on a need basis, based on the value of the R for the user who is willing to configure MFA for transaction purposes. Implementing this risk-based MFA approach can significantly reduce financial losses from fraudulent actions in CNP online transactions, as transactions remain within users’ consent, predefined limits, and risk acceptance levels, whereas existing MFA solutions often require the use of registered mobile phones, tokens, or biometric information.

Date: 2025
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.rsisinternational.org/journals/ijriss/ ... ssue-3/3062-3076.pdf (application/pdf)
https://rsisinternational.org/journals/ijriss/arti ... nt-cnp-transactions/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:bcp:journl:v:9:y:2025:issue-3:p:3062-3076

Access Statistics for this article

International Journal of Research and Innovation in Social Science is currently edited by Dr. Nidhi Malhan

More articles in International Journal of Research and Innovation in Social Science from International Journal of Research and Innovation in Social Science (IJRISS)
Bibliographic data for series maintained by Dr. Pawan Verma ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-06-14
Handle: RePEc:bcp:journl:v:9:y:2025:issue-3:p:3062-3076