Abstract: In this project, we implement a system for protecting user passwords from being stolen by adversaries in Automated Teller Machines (ATM).We use VIRTUAL PASSWORD MECHANISM in which a user has the freedom to choose a virtual password scheme ranging from weak security to strong security and also BIOMETRICS. ATM allows the account holder to have transactions with their own accounts without allowing them to access the entire bankís database. Traditional ATM transaction method is replaced with virtual password generation and fingerprint technology. With the use of these technologies a genuine user can be identified. The userís details such as fingerprint, 4 digit account number, phone number etc are stored in system database during registration. After identifying the user using its ID, the server generates virtual password and sends it to the userís mobile phone. The user then inputs this virtual password. If it is correct his/her fingerprint is verified and allowed to make transactions.

Keywords: Phishing, Codebooks, differentiated virtual passwords, secret little functions, shoulder-surfing.