Utilization of Mobile Network Infrastructure to Prevent Financial Mobile Application Account Takeover
Dublin Core
Title
Utilization of Mobile Network Infrastructure to Prevent Financial Mobile Application Account Takeover
Subject
SMS OTP vulnerability; mobile network verification; header enrichment; account takeover prevention
Description
The Covid-19 pandemic has kept almost everyone at home and forced them to do activity online using their mobile gadgets.
Penetration of internet and mobile use are increased as lockdowns or restrictions on meeting face to face are getting used to.
This has become a new market for cyber criminals to carry out their actions, such as spreading Social Engineering, sending
Phishing, doing Account Take Over, and ending in theft of money in Financial Mobile Applications. Application protection
with OTP SMS and Magic Link SMS still has vulnerabilities with several examples of cases that have occurred. For this reason,
this problem was raised to find a solution by utilizing the Mobile Network Infrastructure. The research methodology used is a
quantitative experiment and literature review of previous studies to compare the uniqueness of this study. The experiment was
carried out by comparing the compatibility between the phone numbers registered in the application and the phone numbers
used on smartphones. Every time a user signs in or signs up, the Financial Mobile Application will perform Mobile Network
Verification to cellular operators via API. Verification is carried out by utilizing the header enrichment in the background of
the application process that installed on the user's smartphone or tablet to the Mobile Network Verification Server. Then the
Financial Mobile Applications can find out, the user is using a valid or invalid phone number. Thus, the target account cannot
be taken over, because the cyber criminal's mobile gadget does not have the phone number which is attached in the victim’s
mobile gadget. This proof was carried out with four test case scenarios with 10 trials each with the sign-up and sign-in
processes on the same phone number and differed between devices and applications. The results obtained from the four test
case scenarios and each of the 10 trials were 100% successful as expected results. It is hoped that this kind of protection model
can reduce losses experienced by Financial Mobile Application users due to Account Take Over
Penetration of internet and mobile use are increased as lockdowns or restrictions on meeting face to face are getting used to.
This has become a new market for cyber criminals to carry out their actions, such as spreading Social Engineering, sending
Phishing, doing Account Take Over, and ending in theft of money in Financial Mobile Applications. Application protection
with OTP SMS and Magic Link SMS still has vulnerabilities with several examples of cases that have occurred. For this reason,
this problem was raised to find a solution by utilizing the Mobile Network Infrastructure. The research methodology used is a
quantitative experiment and literature review of previous studies to compare the uniqueness of this study. The experiment was
carried out by comparing the compatibility between the phone numbers registered in the application and the phone numbers
used on smartphones. Every time a user signs in or signs up, the Financial Mobile Application will perform Mobile Network
Verification to cellular operators via API. Verification is carried out by utilizing the header enrichment in the background of
the application process that installed on the user's smartphone or tablet to the Mobile Network Verification Server. Then the
Financial Mobile Applications can find out, the user is using a valid or invalid phone number. Thus, the target account cannot
be taken over, because the cyber criminal's mobile gadget does not have the phone number which is attached in the victim’s
mobile gadget. This proof was carried out with four test case scenarios with 10 trials each with the sign-up and sign-in
processes on the same phone number and differed between devices and applications. The results obtained from the four test
case scenarios and each of the 10 trials were 100% successful as expected results. It is hoped that this kind of protection model
can reduce losses experienced by Financial Mobile Application users due to Account Take Over
Creator
Aldiansah Prayogi, Rizal Fathoni Aji
Source
http://jurnal.iaii.or.id
Publisher
Professional Organization Ikatan Ahli Informatika Indonesia (IAII)/Indonesian Informatics Experts Association
Date
August 2023
Contributor
Sri Wahyuni
Rights
ISSN Media Electronic: 2580-0760
Format
PDF
Language
English
Type
Text
Files
Collection
Citation
Aldiansah Prayogi, Rizal Fathoni Aji, “Utilization of Mobile Network Infrastructure to Prevent Financial Mobile Application Account Takeover,” Repository Horizon University Indonesia, accessed January 12, 2026, https://repository.horizon.ac.id/items/show/10044.