IDEAS home Printed from https://ideas.repec.org/a/bcp/journl/v9y2025issue-3p3062-3076.html

A Novel Risk-Based Multi-Factor Authentication (MFA) Approach for Card-Not-Present (CNP) Transactions

Author

Listed:
  • Prakash Chandra Mondal

    (Independent Researcher, Joint Director (ICT), Information and Communication Technology Department, The Central Bank of Bangladesh (Bangladesh Bank), Bangladesh)

  • Pritu Parna Sarkar

    (Graduate Research Assistant, Dept. of Mechanical Engineering, The University of Texas Rio Grande Valley, Edinburg, Texas 78539, United States)

Abstract

Using biometric information and a Personal Identification Number (PIN) is not recommended for Card-Not-Present (CNP) online payments because merchants’ portals and payment processors are not standardized to accept or verify biometric data and PINs. Additionally, it increases the risk of critical information interception through keyloggers, malware, or phishing attacks. Similarly, using OTP poses several risks and limitations, including SIM swapping, delayed or failed OTP delivery, and vulnerabilities in the SS7 protocol. In this model, we utilized an innovative, configurable Multi-Factor Authentication (MFA) for user authentication and transaction authorization in CNP online payments, based on the theme “what we want.†The proposed additional factor for MFA consists of users’ expected transaction amount and time slot. MFA configuration is available via a bank’s or financial institution’s web portal or mobile app following a successful login and risk-based assessment. The risk-based assessment employs a weighted analysis of users’ historical activities to calculate the associative risk score (R). Dynamic Challenge Questions (CQs) are used to verify risky users with high-risk scores (R). The CQ(s) are enabled on a need basis, based on the value of the R for the user who is willing to configure MFA for transaction purposes. Implementing this risk-based MFA approach can significantly reduce financial losses from fraudulent actions in CNP online transactions, as transactions remain within users’ consent, predefined limits, and risk acceptance levels, whereas existing MFA solutions often require the use of registered mobile phones, tokens, or biometric information.

Suggested Citation

  • Prakash Chandra Mondal & Pritu Parna Sarkar, 2025. "A Novel Risk-Based Multi-Factor Authentication (MFA) Approach for Card-Not-Present (CNP) Transactions," International Journal of Research and Innovation in Social Science, International Journal of Research and Innovation in Social Science (IJRISS), vol. 9(3), pages 3062-3076, March.
    • Handle: RePEc:bcp:journl:v:9:y:2025:issue-3:p:3062-3076
    as

    Download full text from publisher

    File URL: https://www.rsisinternational.org/journals/ijriss/Digital-Library/volume-9-issue-3/3062-3076.pdf
    Download Restriction: no
    File URL: https://rsisinternational.org/journals/ijriss/articles/a-novel-risk-based-multi-factor-authentication-mfa-approach-for-card-not-present-cnp-transactions/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Yuanfeng Cai & Dan Zhu, 2016. "Fraud detections for online businesses: a perspective from blockchain technology," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 2(1), pages 1-10, December.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Yuk Ming Tang & Ka Yin Chau, 2025. "Blockchain evolution and management theoretical (BEMT) model based on integrated semantic similarity and co-citation analysis for next generation service industry," Operations Management Research, Springer, vol. 18(2), pages 475-494, June.
    2. Xiaobao Zhu & Jing Shi & Fengjie Xie & Rouqi Song, 2020. "Pricing strategy and system performance in a cloud-based manufacturing system built on blockchain technology," Journal of Intelligent Manufacturing, Springer, vol. 31(8), pages 1985-2002, December.
    3. Wangcheng Yan & Wenjun Zhou, 2023. "Is blockchain a cure for peer-to-peer lending?," Annals of Operations Research, Springer, vol. 321(1), pages 693-716, February.
    4. Sun, Yi & Jiang, Shiqing & Jia, Wanjiao & Wang, Yu, 2022. "Blockchain as a cutting-edge technology impacting business: A systematic literature review perspective," Telecommunications Policy, Elsevier, vol. 46(10).
    5. Papatya Duman & Claus-Jochen Haake & Alexander Koch & Sarah Kühn & Simon Hemmrich & Daniel Beverungen, 2025. "Does the Blockchain Technology Help to Reduce Information Asymmetries," Working Papers Dissertations 152, Paderborn University, Faculty of Business Administration and Economics.
    6. Mohammed Shuaib & Shadab Alam & Rafeeq Ahmed & S. Qamar & Mohammed Shahnawaz Nasir & Mohammad Shabbir Alam, 2022. "Current Status, Requirements, and Challenges of Blockchain Application in Land Registry," International Journal of Information Retrieval Research (IJIRR), IGI Global Scientific Publishing, vol. 12(2), pages 1-20, April.
    7. Emilio Abad-Segura & Alfonso Infante-Moro & Mariana-Daniela González-Zamar & Eloy López-Meneses, 2021. "Blockchain Technology for Secure Accounting Management: Research Trends Analysis," Mathematics, MDPI, vol. 9(14), pages 1-26, July.
    8. Xiaolin Li & Hongbo Jiao & Liming Cheng & Yilin Yin & Huimin Li & Wenqing Mu & Ruirui Zhang, 2023. "A Quantitative and Qualitative Review of Blockchain Research from 2015 to 2021," Sustainability, MDPI, vol. 15(6), pages 1-20, March.
    9. Wenlong Liu & Rongrong Ji, 2019. "Do Hotel Responses Matter?: A Comprehensive Perspective on Investigating Online Reviews," Information Resources Management Journal (IRMJ), IGI Global Scientific Publishing, vol. 32(3), pages 70-89, July.
    10. Sahebi, Iman Ghasemian & Mosayebi, Alireza & Masoomi, Behzad & Marandi, Fatemeh, 2022. "Modeling the enablers for blockchain technology adoption in renewable energy supply chain," Technology in Society, Elsevier, vol. 68(C).
    11. Li Zhou & Chunqiao Tan & Huimin Zhao, 2022. "Information Disclosure Decision for Tourism O2O Supply Chain Based on Blockchain Technology," Mathematics, MDPI, vol. 10(12), pages 1-21, June.
    12. Archana A Mukherjee & Rajesh Kumar Singh & Ruchi Mishra & Surajit Bag, 2022. "Application of blockchain technology for sustainability development in agricultural supply chain: justification framework," Operations Management Research, Springer, vol. 15(1), pages 46-61, June.
    13. Tiberius, Victor & Hirth, Stefanie, 2019. "Impacts of digitization on auditing: A Delphi study for Germany," Journal of International Accounting, Auditing and Taxation, Elsevier, vol. 37(C).
    14. Nguyen, Loan T.Q. & Hoang, Thinh G. & Do, Linh H. & Ngo, Xuan T. & Nguyen, Phuong H.T. & Nguyen, Giang D.L. & Nguyen, Giang N.T., 2021. "The role of blockchain technology-based social crowdfunding in advancing social value creation," Technological Forecasting and Social Change, Elsevier, vol. 170(C).
    15. J. Leon Zhao & Shaokun Fan & Jiaqi Yan, 2016. "Overview of business innovations and research opportunities in blockchain and introduction to the special issue," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 2(1), pages 1-7, December.
    16. Drăgan, George Bogdan & Ben Arfi, Wissal & Tiberius, Victor & Ammari, Aymen & Khvatova, Tatiana, 2025. "Navigating the green wave: Understanding behavioral antecedents of sustainable cryptocurrency investment," Technological Forecasting and Social Change, Elsevier, vol. 210(C).
    17. Maik Hesse & Timm Teubner, 2020. "Reputation portability – quo vadis?," Electronic Markets, Springer;IIM University of St. Gallen, vol. 30(2), pages 331-349, June.
    18. Yunmei Liu & Shuai Zhang & Min Chen & Yenchun Wu & Zhengxian Chen, 2021. "The Sustainable Development of Financial Topic Detection and Trend Prediction by Data Mining," Sustainability, MDPI, vol. 13(14), pages 1-19, July.
    19. Vincent, Nishani Edirisinghe & Skjellum, Anthony & Medury, Sai, 2020. "Blockchain architecture: A design that helps CPA firms leverage the technology," International Journal of Accounting Information Systems, Elsevier, vol. 38(C).
    20. Randy Priem, 2020. "Distributed ledger technology for securities clearing and settlement: benefits, risks, and regulatory implications," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 6(1), pages 1-25, December.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:bcp:journl:v:9:y:2025:issue-3:p:3062-3076. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Dr. Pawan Verma (email available below). General contact details of provider: https://rsisinternational.org/journals/ijriss/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.