University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Breaking e-banking CAPTCHAs

Li, SJ, Shah, SAH, Khan, MAU, Khayam, SA, Sadeghi, A-R and Schmitz, R (2010) Breaking e-banking CAPTCHAs In: 26th Annual Computer Security Applications Conference (ACSAC 2010), 2010-12-06 - 2010-12-10, Austin, TX, USA.

[img] Text
Restricted to Repository staff only
Available under License : See the attached licence file.

Download (800kB)
[img] Text (licence)
Restricted to Repository staff only

Download (33kB)


Many financial institutions have deployed CAPTCHAs to protect their e-banking systems from automated attacks. In addition to traditional CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition techniques is proposed to break all e-banking CAPTCHA schemes that we have found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by a large number of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible enhancements to these e-banking CAPTCHA schemes and show some essential difficulties of designing e-banking CAPTCHAs that are both secure and usable.

Item Type: Conference or Workshop Item (UNSPECIFIED)
Divisions : Surrey research (other units)
Authors : Li, SJ, Shah, SAH, Khan, MAU, Khayam, SA, Sadeghi, A-R and Schmitz, R
Date : 2010
DOI : 10.1145/1920261.1920288
Contributors :
Related URLs :
Depositing User : Symplectic Elements
Date Deposited : 28 Mar 2017 14:42
Last Modified : 23 Jan 2020 12:47

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800