Examining User Verification Schemes, Safety and Secrecy Issues Affecting M-Banking: Systematic Literature Review

Expediency and suppleness were the main reasons for customers’ patronage of m-banking apps. However, data stored or transmitted in these apps are susceptible to different attacks, threats, and risks. Thus, the need for robust safety mechanisms to cope with these security and privacy challenges. The purpose of this research is to examine the different components of m-banking security that merit investigation, and the vulnerability of present authentication methods in order to propose a more robust verification technique. PRISMA preferred items reporting for Systematic Review and Meta-Analyses approach was used in this study. Six databases were utilized; IEEE-Explore, Scopus, EBSCOhost, Taylor & Francis, ScienceDirect, and Web of Science. About 1,149 articles were extracted from these databases out of which 38 articles met the review selection criteria, thus included in the review. Findings of the study highlight the efficacy of PRISMA method with regard to items reporting and identification of research gaps compared to the usual literature review. Also, the results of the study found intrusion via other apps stored on mobile devices, and device lost or theft were the main safety and privacy issues. Furthermore, the study findings discovered that the present authentication schemes used by banks are becoming weak and open to various attacks due to an increase in online fraud. Based on the review findings, an Artificial Intelligence-based user authentication and anomalies detection model was proposed which may provide direction for upcoming studies. Also, banks and other financial institutions can use the review results to improve m-banking security.


Introduction
Nowadays, the ''digital payment market'' become an integral part of people lives, and contribute immensely to countries' economic development. Increased in internet speed and penetration, smartphone diffusion, and evolving technologies such as ''cryptocurrency'' offered individuals the opportunity to ''received and send'' payments from anytime, anywhere using any device (Laukkanen, 2016;Makarov & Schoar, 2020). Technological advancement has made it possible for people and organizations to perform a different kinds of banking activities such as ''bills payment, money transfer, and generation of account statements'' regardless of time or place via movable devices (Mostafa & Eneizan, 2018;Sharma, 2019). M-banking is a ''subset of electronic or online banking.'' The banking industry had experienced tremendous growth over the last two decades, especially during the COVID-19 lockdown. The ''global digital payment market was valued at USD3,885.57 billion in 2019'' and is projected to generate over USD8,686.68 billion by the year 2025 (Alkhowaiter, 2020). It generated over USD6,752,388 m in 2021 alone (Santosa et al., 2021). Similarly, Alkhowaiter (2020) argued that in addition to governments' insistence for a cashless society, other factors such as technological changes, internet, and mobile penetrations, and COVID-19 lockdown to contribute to the accelerated growth of the world's online payment platforms. Considering the fast growth of m-banking, the important of user authentication, and the complexity of other security issues, this topic attracted interest from both, banks and academics.
M-banking is based on wirelesses communication and movable devices, and consists of diverse dimensions such as ''telecommunication and internet services providers,'' mobile devices, and banking channels all serving as a gateway through which ''remote payment transactions'' are conducted via different apps (Montazemi & Qahri-Saremi, 2015;Tandon et al., 2018). Thus, exposing the confidentiality of information transmitted via these stations, making them vulnerable to attacks (Albashrawi & Motiwalla, 2019;Altındag˘& Bilalog˘lu Akt€ urk, 2020;Odongo, 2015;Siyal et al., 2019). In addition to gateway challenges, Apostolopoulos et al. (2013) in their study argued that information stored on ''Android applications were susceptible to third-party attacks'' even in apps where protection is highly needed for example, ''mobile-Health, password applications manager, and m-banking apps.'' Though, a large number of ''internet and mobile banking'' studies were conducted in an attempt to find out the reasons behind the increase in online frauds, and other factors affecting ''m-baking'' acceptance and continual usage concerning security, confidentiality, and user verification challenges. Most of the studies identified ''trust'' and ''risk'' as the main privacy and safety issues affecting m-banking development in a few developed nations, and majority of developing nations. Some of the studies succeeded in highlighting the different user authentication techniques used, attacks, and threats against these methods, while few studies proposed authentication frameworks based on a multi-factor approach which are difficult to memorize. However, the present literature possibly falls short in at least three study areas.
Firstly, the present m-banking literature fails to examine other aspects of risk as the studies only inspected risk from general perspectives (Albashrawi & Motiwalla, 2019;Tandon et al., 2018;Thakur & Srivastava, 2015). Secondly, the present literature ignored other parts of trust as trust discernment varies between individuals, intellectual cues, and time (Barkhordari et al., 2017;Dandena et al., 2020;Sharma, 2019;Zhang et al., 2018). Furthermore, Malaquias and Hwang (2016) stressed the need for further assessment of the ''trust'' factor in order to have clear knowledge about it influence with regards to m-banking usage. Thirdly, the present literature possibly fails to propose a more robust anomalies detection and authentication system for improving m-banking security. Nowadays, both customers and banks are calling for more robust anomalies and verification systems due to the increase in online fraud (Alhothaily et al., 2018;Bani-Hani et al., 2019;Barkadehi et al., 2018;Karim et al., 2020;Kiljan et al., 2018;Sinigaglia et al., 2020;Soviany et al., 2016;Zimmermann & Gerber, 2020). Furthermore, there is a lack of study which provides an inclusive analysis and synthesis of the present user authentication methods as majority of prior mpayments studies used conventional literature review approaches which are an appraisal of what is already known without prescribed methodology compared to present systematic techniques for example, PRISMA approach (Sezer et al., 2020;Snyder, 2019). Thus, this study aims to provide an inclusive systematic review of related literature and perform a meta-analysis on mbanking user authentication methods, safety, and secrecy issues to propose an Artificial Intelligence (AI) based user authentication framework. By conducting a comprehensive review of the literature and meta-analysis, the present study will reunite contradictory evidence and draw a ''big picture'' in m-banking research. For pecuniary institutions, this research offered real-world guidance built upon detailed analysis of precise user authentication, security, and privacy challenges that affect mbanking growth and continual usage, which can be used for developing schemes that may help improve the security of m-banking. For academics, in addition to understanding user authentication challenges, the study proposed an AI-based authentication scheme may provide directions for upcoming studies. In the next sections, studies search, filtration, inclusion and exclusion criterion, and quality assessment were offered in section 2, and study findings and most research were presented and debated in section 3, and section 4 respectively. Limitations, suggestions, and directions for future research were offered in section 5.

Methodology
The study aims at providing a comprehensive systematic review of related m-banking studies, and perform a meta-analysis on user verification methods, safety, and secrecy issues affecting m-banking advancement. The study realized its objectives, by identifying key protection and verification issues that negatively affect m-banking progress. Thus, proposed an AI-based authentication framework. Details of the study's methodological process were offered in the following subsections.

Study Design
This research is a ''Systematic Literature Review'' (SLR) that attempt to assess the problems associated with the present verification techniques, and the influence of security and confidentiality issues on ''m-banking'' acceptance and continual usage, especially in developing nations. PRISMA statement (i.e., Four-stage) items reportage techniques for ''Meta-Analysis and Systematic Literature Review'' were adopted as recommended by Moher et al. (2009). The approach (i.e., PRISMA) became popular in 2009 and is considered by a large number of researchers as the most favored reporting technique for ''Systematic Reviews and Meta-Analysis'' (Stewart et al., 2015). It comprises 27 list of items and a flow diagram, developed primarily for systematic reviews and meta-analysis of randomized trials of aggregated data, usually extracted from published articles and other reports.
Selection of databases, and extraction of relevant literature based on the study theme were done in the first phase; While in the second phase, non-related articles were removed based on title and abstract; Exclusion and inclusion activities based on suitability (i.e., Eligibility) were performed in the third phase. Lastly, studies to be included in the SLR were picked in the fourth phase.

Selection Criteria
Nowadays, scholars in engineering, science, and social sciences used the ''PRISMA'' selection technique due to its precision and flexibility in literature reportage (Moher et al., 2009). This study is not exceptional. Thus, employed the same approach. The study's key selection standards are; studies that discussed m-banking protection and privacy issues and verification challenges. Irrelevant studies based on titles and brief descriptions (abstracts) were removed at the early evaluation stage by the researchers. Therefore, the study inclusion and exclusion standards were used in selecting studies to be included in the review, and those to be excluded. Studies that met the review inclusion standards were extracted from the source and imported into a worksheet designed for the study. Full text of the selected studies was obtained by the authors for further assessment in the subsequent screening phase.
In the second screening phase, the authors independently read the full text of the extracted studies using the review quality assessment queries, search terms, and purpose in to determine their significance. Due to travel restriction caused by the ''COVID-19 Pandemic,'' google meet and zoom platforms was used by the authors to resolve any disagreement concerning study relevancy. One thousand, one hundred and forty-nine (n = 1,149) studies were extracted from the selected databases. After removing duplicate copies (n = 337), eight hundred and twelve studies (n = 812) were further screened based on titles and brief descriptions out of which seven hundred and twenty-six (n = 726) were removed. Full-text of the remaining eighty-six studies (n = 86) were obtained for further evaluation in the third (eligibility) screening phase, out of which forty-eight studies (n = 48) were removed due to the following reasons; (i) Out of scope (n = 13), (ii) Inadequate details (n = 22), and (iii) Insufficient precisions (n = 13). Details of the study's inclusion and exclusion standards is presented in Table 2. Therefore, thirty-eight studies (n = 38) fulfilled the study inclusion standards. The above-mentioned review procedure was achieved with the aid of the ''PRISMA'' approach as shown in Figure 1.

Articles Exclusion and Inclusion Standards
Preliminary relevance for all extracted studies was ascertained based on the study heading and description. Where heading and description seemed to deliberate on the review procedure, then its reference and full text were extracted and grouped for further evaluation as shown in Figure 1. The study elimination and inclusion standards were offered in Table 1.

Quality Assessment
To ensure adherence to the review designed procedures, the process was carefully monitored by all the researchers in to improve the review quality as suggested by Mohammed and Karagozlu (2021). Also, the authors supervised the progress of all activities at each stage to confirm that each activity conformed with the study standards and intended deadlines for completion. Furthermore, the authors created an ''EndNote library'' and worksheet for accurate citations and referencing of the chosen studies. Five evaluation questions that is, ''Quality Assessment Queries'' (QAs) were created to assess the quality of all the extracted articles to pick the most pertinent studies that respond to the review queries. Exported data, authors' observations, and other important information were kept in the worksheet specially designed for the review. Furthermore, to ensure a balance and positive evaluation of the selected studies. The eighty-six articles (n = 86) whose full text was obtained for eligibility were marked with ''Yes'' if the paper answered half or more than half of the study quality assessment queries, and marked with ''No'' if it did not answer any of the quality assessment queries. It was discovered that some studies partially answered the review QA queries. For this reason, scores or values were assigned to each study based on responses to the review QA queries. There are only three possible answers for each question that is, ''Yes,'' ''No,'' and ''Partial,'' where ''Yes'' = 1, ''partial'' = 0.5, and ''No'' = 0, as suggested by (Liao et al., 2020). Table 2, depicts the study Quality assessment queries.
As seen in Table 2, QA queries were first defined, followed by scale definition and assignments based on the review QA queries list. The ''aggregate value''

Q. ID
Quality assessment queries QAQ1 Are the study purposes clearly defined? QAQ2 Are the study precisions sufficient? QAQ3 Are any authentication, security, and privacy issues related to m-banking, m-payment, or internet banking reported? QAQ4 Does the study provide an answer to authentication, security, and privacy challenges related to m-banking, m-payment, or internet banking? QAQ5 Are the authentication, and other security issues of mbanking, m-payment, or internet banking contributing to this study?
(A.V) for each study was gotten after summating all the weightages given based on the review QA queries.
Were the study A.V was higher than 2.5, then the study was accepted for inclusion, and if it was less than 2.5 then the study was rejected. Out of the eighty-six (n = 86) studies accessed for eligibility, forty-eight (n = 48) studies were rejected for having less than 2.5 A.V, while studies with A.V higher than 2.5 were included for final synthesis as per Linnenluecke et al. (2020). Thus, thirty-eight (n = 38) studies were finally included in our study. Details of the review QA process are offered in Figure 2.

Extraction Procedure
In the extraction stage, 38 out of the 86 studies selected for eligibility assessment were found to be suitable for the review, and thus considered for final synthesis. The following contents were extracted from the 38 studies.

Articles (Conference proceedings and Journals) Authors Name/Year of publication Published Journals Number of Citations
Research Techniques/Architecture, and Framework for m-banking security Aim of the study Authentication, Safety, and confidentiality challenges in m-banking

Results
Findings of the study regarding authentication, safety, and confidentiality challenges in m-banking are presented in the following subsections. The inclinations of the studies based on the extracted data show the most published journal, the most quoted journal and references, and publications distribution over years. As shown in Figure 3, few m-banking studies were conducted in the early period of the last decade. However, with the increasing rate of mobile and internet penetrations, and customers' patronage of m-banking apps, there was a rapid increase in the number of publications in m-banking studies; from 2016-to-2022, particularly during the COVID-19 lockdown. It was observed that the increase may not be unconnected with the increasing rate of online fraud (Datta et al., 2020), as ''banks and customers'' are calling for a stronger user authentication technique (Fathima & Balaji, 2021). Obviously, number of studies on m-banking will continue to increase until solutions regarding the security challenges are provided.
Based on the extracted data per journal, it can be said that the study provides a compressive systematic review of related studies as the 38 articles included in the study spread across 24 journals which are either indexed as ''Science Citation Index Expanded'' (SCIE), ''Science Citation Index'' (SCI), ''Social Science Citation Index''

Key Findings of the Studies
Major findings of the reviewed articles provide vital considerations for banks and researchers regarding ''mbanking'' authentication, safety, and privacy challenges. Categorically, the results could be used to address various m-banking challenges, improve customers' trust and confidence in the services channel, and provide strategies for improving m-banking security. Also, the study results could be used to address diverse m-banking security challenges by identifying other ''security and privacy dimensions'' that requires serious attention. This outcome is supported by the findings of prior studies (Alalwan et al., 2018;Albashrawi & Motiwalla, 2019;Merhi et al., 2019;Sharma & Sharma, 2019), who argued that there may be other protection and secrecy issues that are responsible for slow m-banking growth. Furthermore, the review results highlight the weaknesses of present m-banking user authentication schemes as the study found majority of the user authentication techniques used by employed  by payment institutions to be vulnerable. This result was reinforced by the findings of Hanif and Lallie (2021), and Moon et al. (2022). The authors argued that an ''insecure verification process and poor credentials recovery system'' makes present authentication techniques vulnerable and ineffective. Consequently, some of the major findings highlight the importance of user verification in the mbanking channel, and the need for robust authentication technique. Table 3, depicts the authors name/year, number of citations, published journals, the purpose of the study, and techniques used.
Based on the review extracted citations data, as seen in Table 3

Discussion and Conclusion
The purpose of this study (Systematic Literature Review) is to examine the influence of safety and secrecy issues, and user ''authentication'' challenges on ''m-banking'' expansion and customers' continued commitment from extant literature with the view to identify the ''missing gaps,'' and propose an AI-based user verification method which may reduce and/or solve the problems. Though, a few authentications framework were offered in the recent past. However, this present study discovered that user authentication remains an issue as majority of the verification schemes employed by m-payments organizations were found to be susceptible. This result was supported by the findings of Kiljan et al. (2018), the authors examined the different authentication techniques deployed by banks and other proposed frameworks. They argued that present user authentication methods neglect or casually considered the following issues; user intellectual capacity, active participation, honesty, action, and other ''m-banking essentials'' while designing these schemes. These and other problems led to the failure of the existing ''authentication schemes'' to adequately protect clients from attacks (Cavus et al., 2022).
The review results also found majority of the existing user ''authentication methods,'' to be feeble and susceptible to various attacks and threats due to rise in online frauds, particularly during the COVID-19 lockdown. This is because findings of the study exposed that singlefactor, two factors, multi-factor, and the newly introduced Biometric verification methods were all vulnerable as hackers can gain access to someone's account via surface utilized by such person, and other applications stored on users' mobile devices. This outcome is supported by the results of Parker et al. (2015) and Bani-Hani et al. (2019) who stressed that both ''single and two factors verification schemes'' are becoming frail and exposed to various threats as hackers can access client login information such as ''username, pin, and password'' through other applications that are stored on moveable devices. Similarly, in addition to feebleness and susceptibility issues, memorability is another factor affecting the robustness of ''multi-factor authentication'' techniques as clients find it hard to continue memorizing the multiple login particulars, particularly aging clients. Furthermore, the review findings also found the newly introduced ''Biometric authentication schemes'' to be susceptible as surface utilized by the legitimate users can be used to compromise the security of these devices in order to gain access to the system which may lead to identity theft, data theft, or financial loses. This result is in agreement with the result of D. Wang et al. (2020) that ''fingerprint authentication'' is not secured in an environment where there are multiple severs like that of ''mbanking'' platforms.
Based on the review findings and comments from prior m-banking studies, the review proposed an AIbased user authentication method that is less memorable but more secure (i.e., An AI-based anomalies detection, with modify-2-way OTP). As shown in Figure 6, the     To investigate mbanking data security and privacy concerns.

Cloud authentication framework for mbanking
Multi-factor verification technique is complicated as it involved a lot of risk, and makes banking ''governance, maintaining protection standards, regional confidentiality, and information laws'' difficult.
(continued) process begins with the user supplying his/her digital ID, via the ''m-banking apps,'' afterward the system verifies the digital ID and the number of failed login attempts. If the number of failed attempts is fewer than or equal to three (3), the system obtained users' login information such as; device type, IP address, location, platform, and browser agent, before allowing the user to advance. Where the number of failed attempts exceeds the system's login (failed login) limits, the system will redirect the process to the second login option (Modified 2-way OTP). However, where users' login information is valid, the system grant access, else the system will take the user to the second login option to ensure that only legitimate users are granted access. The novelty of the study's proposed AI-based user verification scheme is that the proposed authentication scheme can detect anomalies during login (i.e., velocity anomalies) as the system will artificially detect the usual location used by the legitimate user to logon, detect any anomaly between first and subsequent logins, and prevent simultaneous login. For instance, where the proximity between the first login location and the location where the second login attempt is made (in most cases attacks) are not near, and the time interval is not sufficient enough for the user to be in the second location, then the system blogs the login and direct the user to the second login option. In the second login, the system will send OTP codes to two different phone numbers provided by the user that is, the users phone number and alternate phone number (i.e., Line1 and Line2) as against the one-way OTP presently used by banks, where the OTP is sent to single phone number or user email which may be compromised by attackers. The system will resent new codes after 40 s in reverse order that is, to Line2 and Line1 instead of the first order. Account access can be granted only if the supplied codes are valid, else access will be denied. The reason behind this process (i.e., anomaly detection process) is that hackers usually used different locations other than legitimate user locations to carried out attacks during login or immediately user the logout. Figure 6, depicts the study proposed AIbased anomalies and user authentication framework.
For safety and secrecy issues, the review found customers' fear of third-party intrusion through other applications stored in mobile devise that is, ''device intrusion,'' network vulnerability that is, ''network intrusion,'' malicious insiders attacks, ''financial malware attacks,'' and absence of classy security devices to be the key protection and privacy issues upsetting the expansion of ''m-banking,'' especially in emerging nations. This outcome was reinforced by the judgments of previous studies Liao et al. (2020) who argued that mobile phone comprises at least five (5) risks; ''Financial malware attacks, Phishing attacks, Surveillance attacks, Network spoofing attacks, and Network congestion'' all of which affect ''m-payment systems'' not only in emerging nations but also in advanced countries (Naeem & Ozuem, 2021;Zhu et al., 2022). Furthermore, the review results exposed other aspects of ''m-banking'' security that is, ''privacy risk, economic risk, functional risk, and time risk'' that merit distinct investigation as opposed to the general examination of the concept by prior research. This outcome is in alignment with the verdicts of Mirza et al. (2019), Albashrawi and Motiwalla (2019), and Alkhurshan and Rjoub (2020) that individuals' perception of ''m-banking'' security and secrecy varies.
Interestingly, what makes the study findings unique is the emergence of another factor that affects m-banking advancement. In addition to the main factors that the study intends to examine, the study findings also found a lack of clear ''cyberspace laws'' in large number of developing nations, and few advanced states, which in turn negatively influenced clients' perception of ''m-banking'' safety and secrecy in those nations. The outcome is supported by the verdicts of Asongu (2018) who stressed that lack of clear ''m-banking regulatory framework'' that offers protection to individual and organizational clients in an online setting possibly may be the major cause for the little utilization of the ''m-payment system'' for microeconomics and business trades purposes in African region. Thus, the need for monetary institutes and agencies of government to come up with clear m-banking regulations that can guarantee clients fortification in digital payment settings. The study findings were pretty meaningful and important not only for m-banking progress but also for improved security of m-payment system platforms. This is because findings of the study highlight the focus of prior m-banking studies, missing gaps from the literature, identify the key security and authentication challenges, and proposed an AI-based authentication method for improved m-payment systems security.

Conclusions
The review systematically studied present ''m-banking'' studies and offers solutions to present-day m-banking safety, secrecy, and authentication challenges by revealing the missing areas (i.e., missing gaps) in prior ''mbanking'' studies. Despite the fact that several studies were conducted in an attempt to find explanations regarding factors influencing ''m-banking'' acceptance and continued usage. Safety and secrecy issues and vulnerabilities of existing verification systems remain under-examined but merit detailed examination. Findings of the study exposed intrusion through other applications stored in mobile device, network vulnerability, malicious insiders' attacks, ''financial malware attacks,'' and the absence of classy security devices to be the key protection and privacy issues upsetting the expansion of ''m-banking.'' Also, outcomes of the study highlight other aspects of ''m-banking'' safety and secrecy issues that require separate examination, and susceptibilities of the present ''authentication schemes'' used by banks and other payment institutions. Additionally, the study succeeded in identifying at least three research gaps from prior m-banking studies; other dimensions of m-banking security that require further investigation, some key privacy issues that merit investigation, but were overlooked or casually examined by prior studies and exposed the vulnerability of majority if not all the authentication methods used by payment institutions. The originality of this present study is that the study does not only itemize the ''missing gaps'' from extant literature for future research as usually done by other reviewed studies that used the usual literature review approach, but also proposed an AI-based anomalies detection and authentication framework with a modified 2-way OPT which can assist in addressing some of the security challenges. Furthermore, the review results highlight the effectiveness of the PRISMA approach of meta-analysis and items reporting compared to the normal literature review process as the method provides an inclusive analysis of prior studies that led to the identification of at least three research gaps with regard to m-banking security, confidentiality, and authentication issues affecting m-payment platforms development. Thus, it can be said that the study results provide answers to some of the security challenges hindering the progress of m-payment systems, especially in developing nations. Like any other study, this review too has limitations; the main downside of this research is that the study concentrated more on the verdicts of the reviewed studies with little devotion to other factors such as; study participants, and techniques. Upcoming studies can use the review findings to examine other aspects of ''m-banking'' safety and secrecy issues identified in the review that merit distinct investigation. Also, future research can use the review proposed framework to design an AI-based authentication system for improved m-banking security.

Declaration of Conflicting Interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding
The author(s) received no financial support for the research, authorship, and/or publication of this article.