International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 13 Issue: 03 | Mar 2026
p-ISSN: 2395-0072
www.irjet.net
Multi-Layered Security Framework for Online Banking Systems Using Java and MySQL IMRAN RIYAZ AHMAD D B1, B SHYAMALA DEVI 2 1 PG Student, Department of Computer Applications, Jaya College of Arts and Science, Chennai 2Assistant Professor & Head, Department of Computer Applications, Jaya College of Arts and Science,Chennai
---------------------------------------------------------------------***--------------------------------------------------------------------2. Literature Review digital transformation of banking
Abstract: The
necessitates robust applications resilient to escalating cyber threats. This paper details the engineering of a fortified online banking platform leveraging the Java EE ecosystem, JDBC for database connectivity, and MySQL for data persistence. The system's core innovation is its multi-layered security model, which integrates defense mechanisms at every application tier, including an Adaptive Risk-Based Authentication (RBA) framework. Critical implemented features include adaptive bcrypt hashing for credential storage, AES-256 encryption for sensitive data at rest, and mandatory parameterized queries through JDBC to nullify SQL injection. Role-based access control and mandatory session validation enforce strict authorization policies. The results confirm that the proposed architecture effectively upholds the principles of data confidentiality, integrity, and availability, providing a scalable and secure framework for remote financial operations, mitigating risks like phishing, data breaches, and injection attacks.
Previous studies in secure financial systems consistently emphasize several critical pillars. A common theme is the indispensability of strong encryption and multi-factor authentication as primary defenses. Java is frequently lauded for its built-in security manager and sandboxed execution environment, making it a stalwart choice for enterprise backend development. JDBC is recognized as the standard conduit for secure database operations in Java, while MySQL's adherence to ACID properties ensures transactional reliability for financial records. Despite these established practices, a recurring shortfall in many existing systems is the ad-hoc implementation of security, lacking a centralized, enforceable strategy and consistent secure-coding standards. Furthermore, many systems employ static authentication, which provides a poor user experience or insufficient security for high-risk scenarios. This work aims to bridge this gap by proposing a cohesive security architecture that is integral to the system's design rather than a supplementary feature, incorporating an adaptive authentication model.
Keywords: Secure Banking Architecture, Java Security Framework, JDBC Transaction Integrity, MySQL Data Encryption, Multi-layer Cyber Defense, Financial Application Development.
3. Proposed Adaptive RBA Framework Architecture This is the core innovation of the platform. The architecture can be visualized as a pipeline integrated within the broader system architecture, designed to dynamically assess risk and challenge users appropriately.
1. INTRODUCTION The proliferation of digital finance has made web-based banking a global standard, introducing significant challenges in safeguarding user assets and data from sophisticated cyber-attacks. Threats such as phishing, SQL injection, and session hijacking continuously evolve, demanding a proactive and layered security approach. This research addresses this imperative by constructing a secure banking environment founded on the core tenets of information security: confidentiality, integrity, authentication, and nonrepudiation. The technological triad of Java, JDBC, and MySQL provides a powerful foundation for this endeavor, offering platform-agnostic development, secure database communication, and transactional reliability. This study explores the end-to-end implementation of this system, from its architectural blueprint to its functional modules and the integrated security protocols that fortify it, with a specific focus on an innovative Adaptive RBA framework.
© 2026, IRJET
|
Impact Factor value: 8.315
[User Action] -> [Risk Analysis Engine] -> [Policy Decision Point] -> [Security Enforcement]
3.1. Risk Analysis Engine This component collects and analyzes contextual data to generate a real-time risk score. Input Modules:
|
Transaction Context: Amount, beneficiary (new vs. frequent), transaction type.
User Context: IP Address & Geo-Location (compared to usual), time of day (unusual?).
Device & Session Context: Device fingerprint, session age, login history.
ISO 9001:2008 Certified Journal
|
Page 427