It works like this. When you are doing online banking, you sometimes get a one-time-password (OTP) for the bank to prove it is you. However, it may still not be you but someone stealing your money. “With this app, before the bank sends you an OTP, it first receives a face image from you to make sure that it is you to whom the OTP has to be sent,” says the National University of Lesotho (NUL) trained Mokhutli Letsae.

The details of this brilliant app were accepted for presentation at the prestigious "International Conference on Computer Security: Information Security and Internet Security" in Toronto, Canada.

(WhatsApp him here : +266 68061082 or call +26669368403)

Let’s see why this app is so important.

Those of you who have ever done online banking will know what we are talking about. Let’s say you, Mr Tiny, want to transfer money from your account to the account of Mr Joe in a business transaction. You don’t just put Mr Joe’s banking details and send the money. That would be too risky.

It could be that it is not you but a cyber-shark (somebody who stole your password without you being aware of it) doing the online transactions, transferring your money to his account. So the bank folks are clever. They know the tricks of these online predators.

So before making a transaction, they send you a One Time Password (OTP).

The benefits of the OTP are obvious. It is a password sent to a phone number you registered with your bank.

Unless you were held at gun-point, it is highly unlikely that someone stole both your password and your cell-phone. So we have high degree of confidence that the OTP is going only to you.

If you put in the OTP, then the bank is satisfied (kind of) that it is you. The money is then transferred.

But in an imperfect world, guess what? It might still not be you!


Look! The cyber-sharks are always coming up with ways to evade the latest technology meant to cure their mischief. “So they may have a way of hacking into your system and getting that OTP,” Letsae said. “That is so, despite the fact that banks have made everything possible to ensure that the OTP is hidden (encrypted).”

However, as we enter the age of the Fourth Industrial Revolution, something called Artificial Intelligence (AI) is reinventing itself in a big way. More importantly, there is a branch of AI that is called Deep Learning or Machine Learning which is even more exciting.

So Letsae’s work is using some kind of AI to evade the cyber sharks even further, using machine learning.

This is how.

When you make an online transaction, the system asks for your face image. When your face image reaches the bank, it is compared with an image that the bank took at the time when you were registering for an online banking.

When it is convinced that is indeed you, it is only then that it can send an OTP. This is so that it doesn’t send the OTP to a stranger or cyber-shark.

There is a good reason for using your face. No one has your face, even your twin brother (sister). And no one can steal your face (unless they chop your head off, which is highly unlikely).

In short, his app uses both encrypted OTPs and images to ensure maximum protection.

But how did he do it?

“I used a Microsoft based programming language called C-sharp to build the app,” he said. “It is user-friendly and easy to understand. If someone wants to improve on my app, it is easy to do so. Even more, it works on a number of operating systems such as Linux, Microsoft, Android and Apple.”

From there, the system was improved through the use of Application Programming Interface (API). APIs are systems that add more functionality to the app. For instance, “I have to make sure that my OTPs are encrypted (hidden from the cyber sharks),” he said, “So I use API to encrypt the OTPs.”

But how does the system identify your facial image? First, a number of your pictures are taken in and stored. They are first stored as pixels which are later changed into numbers that can only match your image. It is a complicated process.

However, the closer the stored numbers are to the number that we get when we receive your image during a transaction, the more likely it is you who is doing the transaction.

No wonder the international cyber-security gurus were impressed!

Call for business proposals for the second phase of the NUL Innovation Hub …

Also, apply for NULISTICE 2020 …