IDEAS home Printed from https://ideas.repec.org/a/bcp/journl/v9y2025issue-3p3062-3076.html
   My bibliography  Save this article

A Novel Risk-Based Multi-Factor Authentication (MFA) Approach for Card-Not-Present (CNP) Transactions

Author

Listed:
  • Prakash Chandra Mondal

    (Independent Researcher, Joint Director (ICT), Information and Communication Technology Department, The Central Bank of Bangladesh (Bangladesh Bank), Bangladesh)

  • Pritu Parna Sarkar

    (Graduate Research Assistant, Dept. of Mechanical Engineering, The University of Texas Rio Grande Valley, Edinburg, Texas 78539, United States)

Abstract

Using biometric information and a Personal Identification Number (PIN) is not recommended for Card-Not-Present (CNP) online payments because merchants’ portals and payment processors are not standardized to accept or verify biometric data and PINs. Additionally, it increases the risk of critical information interception through keyloggers, malware, or phishing attacks. Similarly, using OTP poses several risks and limitations, including SIM swapping, delayed or failed OTP delivery, and vulnerabilities in the SS7 protocol. In this model, we utilized an innovative, configurable Multi-Factor Authentication (MFA) for user authentication and transaction authorization in CNP online payments, based on the theme “what we want.†The proposed additional factor for MFA consists of users’ expected transaction amount and time slot. MFA configuration is available via a bank’s or financial institution’s web portal or mobile app following a successful login and risk-based assessment. The risk-based assessment employs a weighted analysis of users’ historical activities to calculate the associative risk score (R). Dynamic Challenge Questions (CQs) are used to verify risky users with high-risk scores (R). The CQ(s) are enabled on a need basis, based on the value of the R for the user who is willing to configure MFA for transaction purposes. Implementing this risk-based MFA approach can significantly reduce financial losses from fraudulent actions in CNP online transactions, as transactions remain within users’ consent, predefined limits, and risk acceptance levels, whereas existing MFA solutions often require the use of registered mobile phones, tokens, or biometric information.

Suggested Citation

  • Prakash Chandra Mondal & Pritu Parna Sarkar, 2025. "A Novel Risk-Based Multi-Factor Authentication (MFA) Approach for Card-Not-Present (CNP) Transactions," International Journal of Research and Innovation in Social Science, International Journal of Research and Innovation in Social Science (IJRISS), vol. 9(3), pages 3062-3076, March.
    • Handle: RePEc:bcp:journl:v:9:y:2025:issue-3:p:3062-3076
    as

    Download full text from publisher

    File URL: https://www.rsisinternational.org/journals/ijriss/Digital-Library/volume-9-issue-3/3062-3076.pdf
    Download Restriction: no
    File URL: https://rsisinternational.org/journals/ijriss/articles/a-novel-risk-based-multi-factor-authentication-mfa-approach-for-card-not-present-cnp-transactions/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Yuanfeng Cai & Dan Zhu, 2016. "Fraud detections for online businesses: a perspective from blockchain technology," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 2(1), pages 1-10, December.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Xiaobao Zhu & Jing Shi & Fengjie Xie & Rouqi Song, 2020. "Pricing strategy and system performance in a cloud-based manufacturing system built on blockchain technology," Journal of Intelligent Manufacturing, Springer, vol. 31(8), pages 1985-2002, December.
    2. Wangcheng Yan & Wenjun Zhou, 2023. "Is blockchain a cure for peer-to-peer lending?," Annals of Operations Research, Springer, vol. 321(1), pages 693-716, February.
    3. Emilio Abad-Segura & Alfonso Infante-Moro & Mariana-Daniela González-Zamar & Eloy López-Meneses, 2021. "Blockchain Technology for Secure Accounting Management: Research Trends Analysis," Mathematics, MDPI, vol. 9(14), pages 1-26, July.
    4. Sahebi, Iman Ghasemian & Mosayebi, Alireza & Masoomi, Behzad & Marandi, Fatemeh, 2022. "Modeling the enablers for blockchain technology adoption in renewable energy supply chain," Technology in Society, Elsevier, vol. 68(C).
    5. Archana A Mukherjee & Rajesh Kumar Singh & Ruchi Mishra & Surajit Bag, 2022. "Application of blockchain technology for sustainability development in agricultural supply chain: justification framework," Operations Management Research, Springer, vol. 15(1), pages 46-61, June.
    6. Nguyen, Loan T.Q. & Hoang, Thinh G. & Do, Linh H. & Ngo, Xuan T. & Nguyen, Phuong H.T. & Nguyen, Giang D.L. & Nguyen, Giang N.T., 2021. "The role of blockchain technology-based social crowdfunding in advancing social value creation," Technological Forecasting and Social Change, Elsevier, vol. 170(C).
    7. J. Leon Zhao & Shaokun Fan & Jiaqi Yan, 2016. "Overview of business innovations and research opportunities in blockchain and introduction to the special issue," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 2(1), pages 1-7, December.
    8. Drăgan, George Bogdan & Ben Arfi, Wissal & Tiberius, Victor & Ammari, Aymen & Khvatova, Tatiana, 2025. "Navigating the green wave: Understanding behavioral antecedents of sustainable cryptocurrency investment," Technological Forecasting and Social Change, Elsevier, vol. 210(C).
    9. Maik Hesse & Timm Teubner, 2020. "Reputation portability – quo vadis?," Electronic Markets, Springer;IIM University of St. Gallen, vol. 30(2), pages 331-349, June.
    10. Yunmei Liu & Shuai Zhang & Min Chen & Yenchun Wu & Zhengxian Chen, 2021. "The Sustainable Development of Financial Topic Detection and Trend Prediction by Data Mining," Sustainability, MDPI, vol. 13(14), pages 1-19, July.
    11. Vincent, Nishani Edirisinghe & Skjellum, Anthony & Medury, Sai, 2020. "Blockchain architecture: A design that helps CPA firms leverage the technology," International Journal of Accounting Information Systems, Elsevier, vol. 38(C).
    12. Dulani Jayasuriya Daluwathumullagamage & Alexandra Sims, 2021. "Fantastic Beasts: Blockchain Based Banking," JRFM, MDPI, vol. 14(4), pages 1-43, April.
    13. Alireza Farnoush & Ashish Gupta & Hamidreza Ahady Dolarsara & David Paradice & Shashank Rao, 2022. "Going beyond intent to adopt Blockchain: an analytics approach to understand board member and financial health characteristics," Annals of Operations Research, Springer, vol. 308(1), pages 93-123, January.
    14. Sun, Yi & Jiang, Shiqing & Jia, Wanjiao & Wang, Yu, 2022. "Blockchain as a cutting-edge technology impacting business: A systematic literature review perspective," Telecommunications Policy, Elsevier, vol. 46(10).
    15. Mohammed Shuaib & Shadab Alam & Rafeeq Ahmed & S. Qamar & Mohammed Shahnawaz Nasir & Mohammad Shabbir Alam, 2022. "Current Status, Requirements, and Challenges of Blockchain Application in Land Registry," International Journal of Information Retrieval Research (IJIRR), IGI Global, vol. 12(2), pages 1-20, April.
    16. Xiaolin Li & Hongbo Jiao & Liming Cheng & Yilin Yin & Huimin Li & Wenqing Mu & Ruirui Zhang, 2023. "A Quantitative and Qualitative Review of Blockchain Research from 2015 to 2021," Sustainability, MDPI, vol. 15(6), pages 1-20, March.
    17. Wenlong Liu & Rongrong Ji, 2019. "Do Hotel Responses Matter?: A Comprehensive Perspective on Investigating Online Reviews," Information Resources Management Journal (IRMJ), IGI Global, vol. 32(3), pages 70-89, July.
    18. Li Zhou & Chunqiao Tan & Huimin Zhao, 2022. "Information Disclosure Decision for Tourism O2O Supply Chain Based on Blockchain Technology," Mathematics, MDPI, vol. 10(12), pages 1-21, June.
    19. Tiberius, Victor & Hirth, Stefanie, 2019. "Impacts of digitization on auditing: A Delphi study for Germany," Journal of International Accounting, Auditing and Taxation, Elsevier, vol. 37(C).
    20. Randy Priem, 2020. "Distributed ledger technology for securities clearing and settlement: benefits, risks, and regulatory implications," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 6(1), pages 1-25, December.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:bcp:journl:v:9:y:2025:issue-3:p:3062-3076. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Dr. Pawan Verma (email available below). General contact details of provider: https://rsisinternational.org/journals/ijriss/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.