Enhancing Transactional Security in U.S. Banking Systems by Implementing OTP-Based Two-Factor Authentication to Mitigate Debit and Credit Card Fraud

The rapid rise in debit and credit card fraud within the United States has become a significant threat to financial institutions and consumer trust. Despite the widespread use of encryption and secure socket layer (SSL) technologies, traditional single-factor authentication methods such as static passwords and Card Verification Value (CVV) codes remain susceptible to cyber threats, including phishing, data breaches, and credential stuffing. This paper proposes the implementation of One-Time Password (OTP)-based Two-Factor Authentication (2FA) as a scalable and effective mechanism to enhance the security of card-based transactions in the U.S. banking system. By combining a user-known credential with a dynamic, time-sensitive OTP, the study presents a robust authentication framework designed to reduce unauthorized access and transactional fraud. The discussion draws on a comprehensive review of current fraud trends, limitations of existing authentication models, and a conceptual OTP-integrated security architecture adaptable to banking infrastructures. The paper also considers technical feasibility, user experience implications, and regulatory compliance. Findings offer practical insights and implementation strategies to support U.S. financial institutions in mitigating fraud risks while maintaining accessibility and usability for consumers.

One-Time Password (OTP), Two-Factor Authentication (2FA), Card-Not-Present (CNP), Time-Based One-Time Password (TOTP), Authentication

1. Abhishek, K., Roshan, S., Kumar, A., & Ranjan, R. (2013). A Comprehensive Study on Two-factor Authentication with One Time Passwords. In Lecture notes in electrical engineering (p. 405). Springer Science+Business Media. https://doi.org/10.1007/978-1-4614-6154-8_40 [Google Scholar] [Crossref]

2. Aboulaiz, L., Akintade, B., Daud, H., Lansey, M., Rodden, M., Sawyer, L., & Yip, M. (2024). Offline Payments: Implications for Reliability and Resiliency in Digital Payment Systems. FEDS Notes. https://doi.org/10.17016/2380-7172.3456 [Google Scholar] [Crossref]

3. Aibangbee, Y. (2023). Multifactor Authentication: Opportunities and Challenges. https://bpi.com/multifactor-authentication-opportunities-and-challenges/ [Google Scholar] [Crossref]

4. Akinyede, R. O., & Esese, O. A. (2019). Development of a Secure Mobile E-Banking System. https://ijcjournal.org/index.php/InternationalJournalOfComputer/article/download/981/442 [Google Scholar] [Crossref]

5. Al-Furiah, S., & Al-Braheem, L. (2009). Comprehensive study on methods of fraud prevention in credit card e-payment system. 592. https://doi.org/10.1145/1806338.1806450 [Google Scholar] [Crossref]

6. Ali, G., Dida, M. A., & Sam, A. (2020). Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures [Review of Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures]. Future Internet, 12(10), 160. Multidisciplinary Digital Publishing Institute. https://doi.org/10.3390/fi12100160 [Google Scholar] [Crossref]

7. Authentication in Internet Banking: A Lesson in Risk Management. (2023). https://www.fdic.gov/bank-examinations/authentication-internet-banking-lesson-risk-management [Google Scholar] [Crossref]

8. Brown, M. A., Bendiab, G., Shiaeles, S., & Ghita, B. (2021). A Novel Multimodal Biometric Authentication System Using Machine Learning and Blockchain. In Lecture notes in networks and systems (p. 31). Springer International Publishing. https://doi.org/10.1007/978-3-030-64758-2_3 [Google Scholar] [Crossref]

9. Das, A., Bonneau, J., Caesar, M., Borisov, N., & Wang, X. (2014). The Tangled Web of Password Reuse. https://doi.org/10.14722/ndss.2014.23357 [Google Scholar] [Crossref]

10. Federal Financial Institutions Examination Council. (2021). Authentication and access to financial institution services and systems. https://www.ffiec.gov/press/pdf/Authentication-and-Access-to-Financial-Institution-Services-and-Systems.pdfNational Credit Union Administration+6 [Google Scholar] [Crossref]

11. Federal Reserve Financial Services. (2023). 2023 Risk Officer Survey. https://www.frbservices.org/binaries/content/assets/crsocms/news/research/2023-risk-officer-survey.pdf [Google Scholar] [Crossref]

12. Federal Trade Commission. (2023). Consumer Sentinel Network Data Book 2022. https://www.ftc.gov/system/files/ftc_gov/pdf/CSN-Data-Book-2022.pdf [Google Scholar] [Crossref]

13. Gualdoni, J., Kurtz, A., Myzyri, I., Wheeler, M., & Rizvi, S. S. (2017). Secure Online Transaction Algorithm: Securing Online Transaction Using Two-Factor Authentication. Procedia Computer Science, 114, 93. https://doi.org/10.1016/j.procs.2017.09.016 [Google Scholar] [Crossref]

14. Hassan, M. A., Shukur, Z., & Kamrul, M. (2020). An Improved Time-Based One Time Password Authentication Framework for Electronic Payments. International Journal of Advanced Computer Science and Applications, 11(11). https://doi.org/10.14569/ijacsa.2020.0111146 [Google Scholar] [Crossref]

15. Hoffman, K. (2022). Account takeover poised to surpass malware as the No. 1 security concern. https://www.scmagazine.com/analysis/account-takeover-poised-to-surpass-malware-as-the-no-1-security-concern [Google Scholar] [Crossref]

16. Information Technology / Cybersecurity. (2021). Authentication and Access to Financial Institution Services and Systems. https://www.fdic.gov/news/financial-institution-letters/2021/fil21055.html [Google Scholar] [Crossref]

17. Jakobsson, M. (2020). Social Engineering Resistant 2FA. arXiv (Cornell University). https://doi.org/10.48550/arxiv.2001.06075 [Google Scholar] [Crossref]

18. Jover, R. P. (2020). Security Analysis of SMS as a Second Factor of Authentication. Queue, 18(4), 37. https://doi.org/10.1145/3424302.3425909 [Google Scholar] [Crossref]

19. Khattri, V., & Singh, D. K. (2019). Implementation of an Additional Factor for Secure Authentication in Online Transactions. Journal of Organizational Computing and Electronic Commerce, 29(4), 258. https://doi.org/10.1080/10919392.2019.1633123 [Google Scholar] [Crossref]

20. Khiaonarong, T., Leinonen, H., & Rizaldy, R. (2021). Operational Resilience in Digital Payments: Experiences and Issues. IMF Working Paper, 2021(288), 1. https://doi.org/10.5089/9781616355913.001 [Google Scholar] [Crossref]

21. Ku, Y., Choi, O., Kim, K., Shon, T., Hong, M., Yeh, H., & Kim, J.-H. (2012). Two-factor authentication system based on extended OTP mechanism. International Journal of Computer Mathematics, 90(12), 2515. https://doi.org/10.1080/00207160.2012.748901 [Google Scholar] [Crossref]

22. Liu, X., Ahmad, S. F., Anser, M. K., Ke, J., Irshad, M., Ul-Haq, J., & Abbas, S. (2022). Cyber security threats: A never-ending challenge for e-commerce [Review of Cyber security threats: A never-ending challenge for e-commerce]. Frontiers in Psychology, 13. Frontiers Media. https://doi.org/10.3389/fpsyg.2022.927398 [Google Scholar] [Crossref]

23. Mekterović, I., Karan, M., Pintar, D., & Brkić, L. (2021). Credit Card Fraud Detection in Card-Not-Present Transactions: Where to Invest? Applied Sciences, 11(15), 6766. https://doi.org/10.3390/app11156766 [Google Scholar] [Crossref]

24. Moepi, G. L., & Mathonsi, T. E. (2023). Implementation of an Enhanced Multi-Factor Authentication Scheme with a Track and Trace Capability for Online Banking Platforms. https://doi.org/10.20944/preprints202311.0950.v1 [Google Scholar] [Crossref]

25. Mohammed, A. H. Y., Dziyauddin, R. A., & Latiff, L. A. (2023). Current Multi-factor of Authentication: Approaches, Requirements, Attacks and Challenges. International Journal of Advanced Computer Science and Applications, 14(1). https://doi.org/10.14569/ijacsa.2023.0140119 [Google Scholar] [Crossref]

26. Mutemi, A., & Bação, F. (2024). E-Commerce Fraud Detection Based on Machine Learning Techniques: Systematic Literature Review. Big Data Mining and Analytics, 7(2), 419. https://doi.org/10.26599/bdma.2023.9020023 [Google Scholar] [Crossref]

27. Ometov, A., Bezzateev, S., Mäkitalo, N., Andreev, S., Mikkonen, T., & Koucheryavy, Y. (2018). Multi-Factor Authentication: A Survey. Cryptography, 2(1), 1. https://doi.org/10.3390/cryptography2010001 [Google Scholar] [Crossref]

28. Panjwani, S. (2011). Towards end-to-end security in branchless banking. 28. https://doi.org/10.1145/2184489.2184496 [Google Scholar] [Crossref]

29. Penna, G. D., Frasca, P., & Intrigila, B. (2019). Two Factor Authentication for e-Government Services using Hardware-Like One Time Password Generators. Journal of Computer Science, 15(1), 171. https://doi.org/10.3844/jcssp.2019.171.189 [Google Scholar] [Crossref]

30. RecordedFuture. (2022). 2024 Payment Fraud Report: Trends, Insights, and Predictions for 2025. https://www.recordedfuture.com/research/annual-payment-fraud-intelligence-report-2024 [Google Scholar] [Crossref]

31. Sato, G. (2024). What Is Account Takeover Fraud and How Can You Prevent It? https://www.experian.com/blogs/ask-experian/what-is-account-takeover-fraud-how-to-prevent-it/ [Google Scholar] [Crossref]

32. Schneier, B. (2005). Two-factor authentication. Communications of the ACM, 48(4), 136. https://doi.org/10.1145/1053291.1053327 [Google Scholar] [Crossref]

33. Simmons, C. (2024). 2025 Predictions: Eliminating Gaps in Identity Security. https://www.savvy.security/blog/2025-predictions-eliminating-gaps-in-identity-security/ [Google Scholar] [Crossref]

34. Vanini, P., Rossi, S., Zvizdic, E., & Domenig, T. (2023). Online payment fraud: from anomaly detection to risk management. Financial Innovation, 9(1). https://doi.org/10.1186/s40854-023-00470-w [Google Scholar] [Crossref]

35. Yang, M., Luo, J.-N., Vijayalakshmi, M., & Shalinie, S. M. (2022). Contactless Credit Cards Payment Fraud Protection by Ambient Authentication. Sensors, 22(5), 1989. https://doi.org/10.3390/s22051989 [Google Scholar] [Crossref]

36. Yoo, C., Kang, B.-T., & Kim, H. K. (2014). Case study of the vulnerability of OTP implemented in internet banking systems of South Korea. Multimedia Tools and Applications, 74(10), 3289. https://doi.org/10.1007/s11042-014-1888-3 [Google Scholar] [Crossref]

37. Yousafzai, S., Pallister, J., & Foxall, G. R. (2004). Strategies for building and communicating trust in electronic banking: A field experiment. Psychology and Marketing, 22(2), 181. https://doi.org/10.1002/mar.20054 [Google Scholar] [Crossref]

38. Yuza, R. (2024). Importance of Adaptive Authentication in Financial Services. https://www.secureauth.com/resources/importance-of-adaptive-authentication-in-financial-services/ [Google Scholar] [Crossref]

• A Study on Customer Awareness on Green Banking Intiatives
• International Financial Reporting Standards and Earnings Management: A Global Research Landscape Analysis
• Analysis of Financial Performance and Operational Efficiency of State Bank of India Using the CAMEL Framework
• Roles and Performance of India Post Payment Bank (IPPB) With Special References to Shivamogga District