Internet based scams and crimes are on the rise as electronic commerce grows. To prevent personal account information from being misappropriated by malicious individuals, a service provider typically verifies the identity of a user accessing a service over the Internet. For example, a user logs onto a secure Internet banking website to make a transfer often goes through the following process: initially, the user registers his or her own number of a mobile phone during registration with Internet banking. Later, when the user selects the transfer service over the Internet, a banking server generates a verification code and transmits the generated verification code in a short message to the mobile phone of the user over a wireless communication network. The user then picks up the verification code, inserts the verification code in response to a prompt from a webpage, the verification code with which the user filled in is transmitted to the bank server over the Internet, and the bank server compares the generated verification code and the verification code received at this time for consistency and only allows the user to proceed if the two codes match.
A recent study shows that this approach has some drawbacks. For example, short messages are prone to delays or data loss, therefore the user sometimes cannot acquire the verification code in a timely manner or even fails to acquire it, thus degrading the reliability of the verification technique.