Secure Internet Financial Transactions: A Framework Integrating Multi-Factor Authentication and Machine Learning

: Securing online ﬁnancial transactions has become a critical concern in an era where ﬁnancial services are becoming more and more digital. The transition to digital platforms for conducting daily transactions exposed customers to possible risks from cybercriminals. This study proposed a framework that combines multi-factor authentication and machine learning to increase the safety of online ﬁnancial transactions. Our methodology is based on using two layers of security. The ﬁrst layer incorporates two factors to authenticate users. The second layer utilizes a machine learning component, which is triggered when the system detects a potential fraud. This machine learning layer employs facial recognition as a decisive authentication factor for further protection. To build the machine learning model, four supervised classiﬁers were tested: logistic regression, decision trees, random forest, and naive Bayes. The results showed that the accuracy of each classiﬁer was 97.938%, 97.881%, 96.717%, and 92.354%, respectively. This study’s superiority is due to its methodology, which integrates machine learning as an embedded layer in a multi-factor authentication framework to address usability, efﬁcacy, and the dynamic nature of various e-commerce platform features. With the evolving ﬁnancial landscape, a continuous exploration of authentication factors and datasets to enhance and adapt security measures will be considered in future work.


Introduction
FinTech is described as a new financial development that enhances and automates financial services [1].Mobile wallets, online banking, and payment gateways that offer quick and easy services are examples of financial technologies [2].The increasing use of such technologies has led to a rise in fraudulent transactions, which makes securing these transactions an issue [3].Authentication is a procedure in which a user submits some form of credentials to prove identity [4].The authentication techniques can be one of three categories: something you know (password), something you have (tokens, cards), and something you are (biometrics) [5].A password has been widely used as a single-factor authentication technique to secure communication between two entities [6].Although it is a straightforward and easy-to-implement mechanism, it is not sufficient because of its high ability to be revealed [7].Sharing the password immediately compromises the account.Furthermore, unauthorized access can be gained using a rainbow table [8], a dictionary attack [9], or social engineering approaches [10].Following the demonstration that authentication with one factor is unsuitable to offer safety, according to various security vulnerabilities [11], two-factor authentication was suggested to enhance security in which a user must provide two credentials for authentication purposes [12][13][14].A powerful authentication mechanism, according to the European Union (EU) regulation [15], requires the employment of two or more factors from separate groups to verify users.NIST publications [16] show a link between the degree of safety and the number of authentication elements.Since then, multi-factor authentication (MFA) has presented a greater degree of security [17] by forcing users to provide multiple authentication credentials (more than two) when requesting access to an online system [18,19].
Machine learning (ML) is a branch of artificial intelligence that teaches machines to learn from given data to possess the ability to identify patterns and take actions without the need for human interaction [20].Since it can handle big data to provide predictions and classifications [21], many recent studies have used ML methods to solve real-world challenges [22][23][24][25][26][27][28][29].One of these challenges is financial fraud detection, also called credit card fraud detection.Financial fraud is described as unlawful deception that is done to make money [30].ML has enormous ways to handle financial fraud detection, which include but are not restricted to "intelligent decision engines, artificial neural networks, random forests, naive Bayes, support vector machines, decision trees, logistic regression, and k-nearest neighbor" [31][32][33][34].
To secure Internet financial transactions, this study proposes a framework that incorporates ML and MFA.This study's importance derives from its ability to do the following: • First: offering a model that can be implemented in the banking sector, e-commerce purchasing websites, and online payment systems.

•
Second: using ML as part of MFA will achieve the highest possible security.

•
Third: it shows the best way to use MFA conveniently.

•
Fourth: provide a comprehensive analysis of the most appropriate ML algorithms and training methods to use in combination with MFA for online transactions.

•
Fifth: the possibility of modifying the ML algorithm to comply with the requirements of any electronic system and integrating this algorithm with MFA to provide secure access to data.
Many studies implement an MFA schema to secure online transactions.For example, the authors of [35] utilized a combination of personal identification number (PIN), one-time password (OTP), and global positioning system (GPS).According to a predetermined space between the user's smart tool and the present payment tool, their framework was designed to either approve or deny the payment.Another framework to secure wireless payment systems was proposed by [36]; they used username-password, transaction identification code (TIC), and SMS.TICs are payment identifiers provided by financial organizations to their customers.This code is like OTP, except it provides more secure transaction authentication.Each TIC code is only used once, and then an encryption/decryption mechanism is used for storing TICs as secret codes on mobile devices.The user can quickly select a TIC from a saved list of TICs to begin a secure online transaction utilizing mobile phones.Based on risk assessment criteria, ref. [37] used a layered MFA architecture.The model developed consists of five levels each of which includes one or more authentication elements such as possession, knowledge, or biometric-based elements.The model was improved by including control information components in the last two layers to accommodate layering requirements.Another study [38] used a PIN, device-specific ID, and voice recognition to secure a mobile money application called MPESA.The system stored the mentioned credentials in a database and used them to confirm the identity of the user when performing transactions.Password, OTP, and fingerprint were utilized to secure electronic payment systems [39][40][41][42].Firstly, the user logged into the system using the password, and when the user went to the transferring page, the system asked for fingerprint verification.Finally, after submitting the transaction details, the system sent an OTP to finish the process successfully.Another similar study was proposed in [43], their approach included a PIN, OTP, and face recognition schema.Firstly, the bank collected the user's data such as PIN code, phone number, and user face picture.Secondly, the user needed to sign in with a PIN code and facial picture.When the facial characteristics and PIN were confirmed, the system presented a menu from which the user needed to select a service.Finally, for the process to be performed successfully, the system produced an OTP and sent it to the user's phone for verification.Adding more layers of authentication is conducted by [44].
Four factors were utilized to secure the grid environment consisting of a password, user ID, biometrics, and the user's current location.The addition of the fourth component improved the security standards necessary for large distributed systems such as Banking Grid settings.All mentioned studies in this section [31][32][33][34][35][36][37][38][39][40] proposed a different MFA approach without the utilization of ML.Another important point is that these MFA systems do not address the importance of whether the system is convenient for users or not, which affects the usability and attitude toward using such a system.The user's negative feelings towards MFA were mentioned and proved by many studies in the literature [11,[45][46][47].
Other researchers went further and tested using ML with the authentication approach.For example, ref. [48] proposed a two-factor authentication in which the user firstly logs in using his username and password; as a next step, they used neural networks for face recognition.Another two-factor authentication schema based on radio-frequency identification (RFID), IOT, and ML for the attendance system was conducted by [49].For the initial phase of verification, a microcontroller, GSM module, RFID tag, and RFID reader were utilized.For the second verification, a camera with the "Multi-task Cascaded Convolutional Network (MTCNN)" model was utilized.Students were given attendance if both were satisfactory.In [50], two ML classifiers to analyze user behavior as an authentication schema were deployed; after the user logged in, the authors applied the random forest and k-nearest neighbor to analyze the player's behavior when playing a specific game using two fingers, and they used the collected data to ensure the user authenticity as a continued authentication schema.One type of the MFA that adjusts to the risk profile of the users is called risk-based authentication.To determine the user's degree of risk, ref. [51] determines the authentication techniques that may affect user confidentiality by designing a risk engine that integrates with the system.This engine looks at the user's historical login logs and deploys machine learning techniques to create an appropriate pattern and risk level for authentication factors for every user.To establish a safe and easy authentication method, ref. [52] also utilized risk-based authentication and MFA.They developed two separate libraries, one for backend servers and one for Android applications.The server-side library of the study included an ML risk engine.The choice of authentication elements was informed by the risk levels that this machine learning engine determined using user-specific information including Internet Protocol (IP) addresses, device types, and access times.
The research gap is the shortage of knowledge on the potential of merging ML techniques with the MFA approach to raise the safety of Internet financial transactions.The utilization of the MFA schema without addressing the fact of negative feelings toward MFA systems is not the best way to secure financial transactions.To enhance security, ML techniques have been extensively employed in isolation, but integrating their applications with MFA has not received much attention.Some studies talk about this possible combination; for example, ref. [51,52] utilized ML for ranking authentication factors, denoting which one may be vulnerable.In [50], ML is used for continuous checking for user authenticity by evaluating user actions when using the system.In this study, the detection of fraud access happens after the user signs in to the system, and this is not a sufficient way either.Meanwhile, in [48,49], ML was deployed to enhance the face recognition quality of the users.
This research uses an ML model as an embedded layer of security in the MFA framework.Our system utilizes two stages of security, fingerprint and OTP were deployed to authenticate users in the first stage.In the second, the ML model classifies the current process and asks for a third factor (face recognition) in the scene of fraud.In this way, legitimate users interact with a two-factor authentication system to complete a purchase.Therefore, this research will bridge the gap in the literature by integrating MFA with ML to gain a secure and easy-to-use system.

System Architecture
In this study, we propose a framework to secure online transactions.This framework can be compatible with any e-commerce platform in which users use their mobile device or tablet to perform purchases.The system components are shown in Figure 1.
Therefore, this research will bridge the gap in the literature by integrating MFA with ML to gain a secure and easy-to-use system.

System Architecture
In this study, we propose a framework to secure online transactions.This framework can be compatible with any e-commerce platform in which users use their mobile device or tablet to perform purchases.The system components are shown in Figure 1.As shown in Figure 1, the system operates through three main parts.Firstly, authentication factors like fingerprint and OTP verify the user.Then, the ML model analyzes transaction data to spot potential fraud.Finally, the information goes to the e-commerce platform (website or app) where users can securely conduct their financial transactions.This streamlined process ensures a strong and easy-to-use mechanism.

Methodology Used to Secure Internet Transactions
This study's approach is demonstrated in Figure 2. As shown in Figure 1, the system operates through three main parts.Firstly, authentication factors like fingerprint and OTP verify the user.Then, the ML model analyzes transaction data to spot potential fraud.Finally, the information goes to the e-commerce platform (website or app) where users can securely conduct their financial transactions.This streamlined process ensures a strong and easy-to-use mechanism.

Methodology Used to Secure Internet Transactions
This study's approach is demonstrated in Figure 2.
Therefore, this research will bridge the gap in the literature by integrating MFA with ML to gain a secure and easy-to-use system.

System Architecture
In this study, we propose a framework to secure online transactions.This framework can be compatible with any e-commerce platform in which users use their mobile device or tablet to perform purchases.The system components are shown in Figure 1.As shown in Figure 1, the system operates through three main parts.Firstly, authentication factors like fingerprint and OTP verify the user.Then, the ML model analyzes transaction data to spot potential fraud.Finally, the information goes to the e-commerce platform (website or app) where users can securely conduct their financial transactions.This streamlined process ensures a strong and easy-to-use mechanism.

Methodology Used to Secure Internet Transactions
This study's approach is demonstrated in Figure 2. As seen in Figure 2, the components of our methodology include three main categories: First, the ML part, which consists of a credit card fraud dataset obtained using an open-source site; the dataset will be discussed in the next section.After performing the preprocessing phase for the dataset, we test different classifiers and use the best one in our model.Second, in the MFA part, we choose the suitable factors to authenticate users and determine the model architecture to gain a feasible MFA implementation.Finally, e-commerce application screens were designed; this design utilizes the integration of ML and MFA for security purposes.

ML Phase
This section will illustrate the journey to build the ML model.The roadmap starts with the dataset acquisition.After performing the dataset cleaning, different classifiers were tested to build the model.We will discuss the experiment environment, dataset, data preprocessing, and a justification for the chosen ML algorithms in different sections.

Experiment
An HP laptop "Intel(R) Core (TM) i5-10210U CPU @ 1.60GHz 2.11GHz" was used for the testing.The experiment's code was written in Python, and an Anaconda Jupyter Notebook V3 was used to conduct it.
The experiment's purpose was to create a trustworthy detection model with precise classification and identification capabilities.Data for testing and training were taken out of the dataset.To address the imbalanced dataset problem and avoid bias when implementing multiple classifiers, we utilized an oversampling strategy.Finally, to find the optimal settings, we conducted a grid search and standard scaler to achieve the best precision feasible.

Dataset
Using the URL "https://www.kaggle.com/datasets/mlg-ulb/creditcardfraud(accessed on 5 August 2023)", the dataset was downloaded from the Kaggle website.It involves credit card transactions carried out by customers around Europe in September 2013.The dataset entails 31 features: Time, V1-V28, Amount, and Class.All features only have numeric variables; most of these features were transformed using the principal component analysis (PCA) technique.The original characteristics of the data were hidden from the dataset owner due to confidentiality concerns.The PCA transformation is a statistical strategy that aids the dimensionality reduction of big and complicated data.Essentially, the PCA is a calculation of a new coordinate system for the data subspace such that the projecting along each axis has the maximum value for the residual variance.By keeping a subset of the PCA coefficients, we identify the axis that explains most of the variance in the original data.This method aims to facilitate the examination of data by ML models [53].Table 1 shows a dataset sample.
As shown in Table 1, the only components that did not change by PCA are Time and Amount.The "Time" feature indicates the interval of time in seconds between each payment.The value of the payment is represented by the feature "Amount".It indicates the amount of money involved in each payment.The response feature "Class" has a value of 0 or 1 (0 represents legitimate and 1 represents fraud).This binary categorization is essential to train the ML model to distinguish between legal and illegal transactions.The features "V1-V28" represent various aspects related to financial transaction characteristics and user behavior.There is no more information about the exact description of these variables according to user confidentiality.The dataset includes a count of 285,299 transactions.The dataset is highly imbalanced.Approximately 0.172% of all transactions are fraudulent, accounting for 492.Using an imbalanced dataset directly may generate several unexpected behaviors.Positive samples (the fraudulent class) are very likely to be incorrect, and the algorithm will have a bias towards forecasting the negative class [54].In this situation, using over-or under-sampling techniques is the best course of action.The technique that is most frequently employed in the literature is the synthetic minority over-sampling (SMOTE) technique [55][56][57][58][59].Following a random selection of neighbors from the k-nearest neighbors, for each chosen neighbor, a single sample would be produced in their approximate direction to create the necessary number of synthetic samples.Then, the distance between the feature vector being examined and its neighbor is calculated, that distance is multiplied by an arbitrary digit from 0 to 1, and that difference is added to the feature vector being examined.After performing the SMOTE oversampling approach, the count for each class was 283,253 transactions with a distribution of 50:50.Finally, we split the dataset into training data (80% of transactions with a count of 453,204) and testing data (20% of transactions with a count of 113,302).After that, the dataset became ready to test multiple supervised ML classifiers.

The Choice of ML Classifiers
Credit card fraud detection is an issue of binary categorization (0 is legal and 1 is fraud).To overcome this issue, different ML approaches were implemented in the literature [54][55][56][57].This investigation deploys multiple supervised ML algorithms: naive Bayes, decision trees, logistic regression, and random forest.Notably, the random forest was selected because of its ensemble-based strategy, which is a preferred method according to its capability to deal with complicated, high-dimensional data and avoid overfitting [58].Decision trees, known for their interpretability, are useful for deciphering the thought process that leads to fraudulent behavior [59].The inclusion of logistic regression was made possible by the way it offers modeling simplicity and efficiency while perfectly aligning with binary classification jobs.Despite its simplicity, naive Bayes has been successful in handling the categorical data that is frequently encountered in fraud detection scenarios [60].We examined different algorithms to locate the most accurate one.These algorithms were chosen due to their effectiveness and simplicity, making them easier and faster when integrating them with the MFA framework.

MFA Phase
The choice of authentication factors was carefully considered.A strong security architecture was built using three authentication factors: username-password (user can activate fingerprint), OTP, and face recognition.These criteria were chosen because of their distinct advantages and capacity to offer a multi-layered security solution.Numerous online systems frequently use username-password combinations, which offer a fundamental level of protection.Additionally, using OTPs provides a further level of dynamic security, ensuring that a time-sensitive code is required to access the system [61].Face recognition as the third authentication factor makes use of biometric technology to further strengthen security [62].Utilizing the capabilities of contemporary biometric authentication technology, the research tries to achieve a balance between user familiarity and increased safety.

Combining MFA with ML
After building the ML model and determining the authentication factors to use in the final MFA model, we combine both in the final MFA framework.This section will discuss the hardware and software tools, the workflow of our proposed framework, and the e-commerce platform (application) that has been designed.

Experiment
The processing power needed for the phases of application design and development was supplied by the same device used in building the ML model.The "Adalo" website was the key piece of software used to customize the application displays.Adalo is an empowering no-code platform that lets people and companies create web and mobile applications without requiring a deep understanding of coding.It enables users to visually build and customize application components with its simple drag-and-drop functionality [63].

Proposed Framework
This part will discuss the system's working principle, which is illustrated in Figure 3.
algorithms were chosen due to their effectiveness and simplicity, making them easier and faster when integrating them with the MFA framework.

MFA Phase
The choice of authentication factors was carefully considered.A strong security architecture was built using three authentication factors: username-password (user can activate fingerprint), OTP, and face recognition.These criteria were chosen because of their distinct advantages and capacity to offer a multi-layered security solution.Numerous online systems frequently use username-password combinations, which offer a fundamental level of protection.Additionally, using OTPs provides a further level of dynamic security, ensuring that a time-sensitive code is required to access the system [61].Face recognition as the third authentication factor makes use of biometric technology to further strengthen security [62].Utilizing the capabilities of contemporary biometric authentication technology, the research tries to achieve a balance between user familiarity and increased safety.

Combining MFA with ML
After building the ML model and determining the authentication factors to use in the final MFA model, we combine both in the final MFA framework.This section will discuss the hardware and software tools, the workflow of our proposed framework, and the ecommerce platform (application) that has been designed.

Experiment
The processing power needed for the phases of application design and development was supplied by the same device used in building the ML model.The "Adalo" website was the key piece of software used to customize the application displays.Adalo is an empowering no-code platform that lets people and companies create web and mobile applications without requiring a deep understanding of coding.It enables users to visually build and customize application components with its simple drag-and-drop functionality [63].

Proposed Framework
This part will discuss the system's working principle, which is illustrated in Figure 3.As seen in Figure 3, the user first will sign in to the application using his credentials: username and password.After registration, the user can enable the fingerprint API to sign in to the system.When finished with browsing different products and choosing what to buy, the user has to go to the cart page and perform a purchasing process.Before redirecting the user to the credit card information page, an OTP verification will be delivered to the user's phone.At this stage, the ML model will classify this payment as fraudulent or legitimate.If the classifications were fraud, the user will be asked for face recognition authentication to complete the purchasing process successfully.Otherwise, the process will be canceled.

Application Design
Android e-commerce application screens were designed to make the idea simple to comprehend.The MFA framework was successfully implemented due to the design of the application panels.A user-centered approach was used during the design process to guarantee user-friendliness and ease of use.The design approach includes a logical and clear screen flow during the purchase process.The location of authentication elements was given special consideration to reduce user friction while ensuring high security.The design of the application is shown in the results part.

Results
The results will be divided into two parts: ML results, which show the supervised classifiers implemented in this study, and mobile application results, which show the application screens' design with the MFA implementation principle.

Confusion Matrix
A statistic called the confusion matrix gives information about the groups that were correctly and incorrectly categorized.The confusion matrix produces a two-by-two matrix as its output, which shows the values of true positive (TP), true negative (TN), false positive (FP), and false negative (FN).TP and TN indicate that the positive and negative predictions made by the model are accurate.FP and FN denote a false prediction done by the model [64].Figure 4 presents the confusion matrix results.

Classification Report
Because of working with an extremely skewed dataset, testing the algorithm and just demonstrating its accuracy is insufficient to demonstrate its dependability.This led to the utilization of precision, recall, and F1 score metrics to assess results.Accuracy is a measure that indicates how a classifier predicts results correctly.It can be computed by dividing the total number of precise estimates by the overall predictions (Equation ( 1)) [27].
Precision is a measure of the number of accurate positive guesses.It can be computed by dividing the number of TP by the sum of FP and TP (Equation ( 2)) [27].
The percentage of favorable instances where the classifier correctly predicted is called recall.It can be computed by dividing the total of the TP and FN by the TP (Equation ( 3)) [27].
Recall and precision are combined into one metric called the F1 score.It is a technique for figuring out the harmonic mean, which works better for ratios than the conventional mean (Equation ( 4)) [27].
The classification report results for each classifier are presented in Table 2.As stated in Table 2, decision tree and logistic regression obtained approximately the same degree of accuracy.The decision tree gained an accuracy of 97.881%, with precision, recall, and F1 scores of 97%, 99%, and 98% consequently for class 0 (legitimate transaction) and precision, recall, and F1 scores of 99%, 97%, and 98% consequently for class 1 (fraud transaction).Logistic regression gained an accuracy of 97.938%, with a precision of 97%, recall of 99%, and F1 scores of 98% for class 0 and a precision of 99%, recall of 97%, and F1 score of 98% for class 1.The random forest accuracy was 96.717%, and the naive Bayes accuracy was 92.354%.

The ROC Curve
The ROC curve is a visual depiction that indicates the capability to identify problems of a binary classification system by drawing the rate of true positives against the rate of false positives.AUC values range from 0 to 1, where 0.5 denotes a classifier that is no more successful than a wild guess and 1 denotes perfect performance [65].Figure 5 shows the ROC results.The AUC for the logistic regression and decision tree classifiers was 0.98, as seen in Figure 5.It indicates that 98% of positive cases are accurately classified as positive and 98% of negative examples as negative by the classifier.Additionally, it demonstrates that the classifier has a low rate of false positives or the percentage of times it mistakenly classifies negative cases as positive.In contrast, the AUC of random forest and naive Bayes was 0.98, 0.97, and 0.92, respectively.

Mobile Application Results
At this stage, we are focused on developing the user interface for an Android application.The primary objective is to create screens and visual elements that effectively convey the principles of our proposed security model.Figure 6 provides a clear visual representation of the security measures required to complete a purchase through the application.The AUC for the logistic regression and decision tree classifiers was 0.98, as seen in Figure 5.It indicates that 98% of positive cases are accurately classified as positive and 98% of negative examples as negative by the classifier.Additionally, it demonstrates that the classifier has a low rate of false positives or the percentage of times it mistakenly classifies negative cases as positive.In contrast, the AUC of random forest and naive Bayes was 0.98, 0.97, and 0.92, respectively.

Mobile Application Results
At this stage, we are focused on developing the user interface for an Android application.The primary objective is to create screens and visual elements that effectively convey the principles of our proposed security model.Figure 6 provides a clear visual representation of the security measures required to complete a purchase through the application.As shown in Figure 6, (A) the user has to choose to go to the login screen or sign-up screen.In the sign-up screen of Figure 6, (B) the user will make an account by providing some information such as e-mail address, password, address, and mobile number.After making an account, the user can sign in (C) using the username and password or he can activate the fingerprint to browse the application; this step is the first authentication factor.Figure 6D shows the products offered in the e-commerce application in which the user can browse and add any product to the cart.After finishing browsing, the user will proceed to the My Cart page (Figure 6E) to revise the chosen products and the amount of the transaction; the user must enter the shipping address and mobile number to communicate with the delivery company.When finishing this step and pressing proceed to check out, an OTP will be delivered to the user's phone.The user must enter the sent number into the screen (Figure 6F) (second authentication factor).After successful OTP verification, the user shall be routed to the credit card information page (Figure 6G).While the user As shown in Figure 6, (A) the user has to choose to go to the login screen or sign-up screen.In the sign-up screen of Figure 6, (B) the user will make an account by providing some information such as e-mail address, password, address, and mobile number.After making an account, the user can sign in (C) using the username and password or he can activate the fingerprint to browse the application; this step is the first authentication factor.Figure 6D shows the products offered in the e-commerce application in which the user can browse and add any product to the cart.After finishing browsing, the user will proceed to the My Cart page (Figure 6E) to revise the chosen products and the amount of the transaction; the user must enter the shipping address and mobile number to communicate with the delivery company.When finishing this step and pressing proceed to check out, an OTP will be delivered to the user's phone.The user must enter the sent number into the screen (Figure 6F) (second authentication factor).After successful OTP verification, the user shall be routed to the credit card information page (Figure 6G).While the user enters the credit card information, the ML model will evaluate the purchasing process and classify it as fraudulent or legitimate.If the process is classified as legitimate, the process will be completed successfully, as shown in Figure 6H.Otherwise, the user will be asked for face recognition (third authentication factor).Successful face recognition (Figure 7A) will complete the purchasing process successfully.Otherwise (Figure 7B) the purchasing process will be canceled and the transaction will be classified as fraudulent.
AI 2024, 5, FOR PEER REVIEW 13 enters the credit card information, the ML model will evaluate the purchasing process and classify it as fraudulent or legitimate.If the process is classified as legitimate, the process will be completed successfully, as shown in Figure 6H.Otherwise, the user will be asked for face recognition (third authentication factor).Successful face recognition (Figure 7A) will complete the purchasing process successfully.Otherwise (Figure 7B) the purchasing process will be canceled and the transaction will be classified as fraudulent.The application shown in Figures 6 and 7 considers crucial factors: user perceptions and experiences about the usability and efficacy of the multi-layer security strategy.If the security measures are too complex, usability issues might arise, which might frustrate users and possibly cause resistance.However, usability can be improved by a simple and well-designed system.User trust in security measures is an essential requirement for effectiveness, and problems like false positives or negatives may harm that faith.The deployment of secured authentication factors and an accurate ML model is crucial to maintain efficiency.

Discussion
As shown in the results section, the logistic regression outperformed the other classifiers.Based on Figure 4, it gains a total of 110,966 accurate predictions.This demonstrates how well the model classified transactions with accuracy.The high percentage of accurate predictions attests to the model's dependability in differentiating between fraud and legitimate payments.However, the 2336 inaccurate predictions show when the algorithm misclassified transactions, highlighting the trade-off between overall accuracy and error rates.
The results of the accuracy, precision, recall, and F1 scores are presented in Table 2.The logistic regression classifier gains an accuracy of 97.938%.For class 1, the classifier gains a precision of 99%, indicating a low level of false positives, and a recall of 97%, effectively detecting transactions of fraud.The F1 score of 98% represents a balanced performance in recognizing fraudulent transactions.Overall, the logistic regression model showcases robust accuracy and well-balanced precision, recall, and F1 scores for both instances, making it a highly effective choice for the binary classification task.These results The application shown in Figures 6 and 7 considers crucial factors: user perceptions and experiences about the usability and efficacy of the multi-layer security strategy.If the security measures are too complex, usability issues might arise, which might frustrate users and possibly cause resistance.However, usability can be improved by a simple and well-designed system.User trust in security measures is an essential requirement for effectiveness, and problems like false positives or negatives may harm that faith.The deployment of secured authentication factors and an accurate ML model is crucial to maintain efficiency.

Discussion
As shown in the results section, the logistic regression outperformed the other classifiers.Based on Figure 4, it gains a total of 110,966 accurate predictions.This demonstrates how well the model classified transactions with accuracy.The high percentage of accurate predictions attests to the model's dependability in differentiating between fraud and legitimate payments.However, the 2336 inaccurate predictions show when the algorithm misclassified transactions, highlighting the trade-off between overall accuracy and error rates.
The results of the accuracy, precision, recall, and F1 scores are presented in Table 2.The logistic regression classifier gains an accuracy of 97.938%.For class 1, the classifier gains a precision of 99%, indicating a low level of false positives, and a recall of 97%, effectively detecting transactions of fraud.The F1 score of 98% represents a balanced performance in recognizing fraudulent transactions.Overall, the logistic regression model showcases robust accuracy and well-balanced precision, recall, and F1 scores for both instances, making it a highly effective choice for the binary classification task.These results were too close to the decision trees results, which gained an accuracy of 97.881%, with precision, recall, and F1 scores of 99%, 97%, and 98% correspondingly for group 1.
The AUC values vary from 0 to 1, where 1 represents a perfect score and 0.5 represents an arbitrary guess classifier.According to Figure 5, both logistic regression and decision trees strike an AUC of 0.98.This denotes that these classifiers have an excellent capability to distinguish between different instances.The model's predictions are highly accurate, and it performs well across different thresholds.
To compare our results with other studies, Table 3 mentions some of the studies that used the same dataset and the same ML algorithms to solve the financial fraud issue.Depending on Table 3, we can notice that our results demonstrate its superiority over other related studies.Some studies, refs.[69,73], gain an accuracy of 0.99, which indicates that their algorithms are overfitted and need further enhancements.Despite the good results, other studies in the table do not use different metrics to improve the quality of their investigation, like showing results for both classes or using the ROC curve.
According to Figure 6, the mobile application design demonstrated the usefulness of combining MFA processes with ML.It was carefully built through the combination of hardware and software.The application panels showed an easy-to-use interface that led users through a safe transaction procedure, from creating an account and choosing a product to implementing multi-layered authentication during transactions.
The suggested framework can be tailored to suit various e-commerce platforms and payment systems by integrating platform-specific authentication techniques and modifying the data collection procedure, integrating security measures as the first layer of security.Building the ML models is included in the second layer.Crucial actions include customizing these layers to the specifications of each platform, modifying application design by applicable rules, and ensuring compliance with security and laws.Retraining the ML model using user profiles after a period will improve accuracy and enable data to be tuned to maximize model efficiency.The efficacy of the framework is further improved by feedback mechanisms, iterative enhancements, and continuous monitoring across a variety of online transaction scenarios.
Integrating MFA and ML in securing Internet financial transactions may face many challenges, some of these challenges are as follows: 1.
Authentication factors: potential user resistance or discomfort with the chosen methods presents one challenge when choosing MFA for security purposes.Sometimes people feel that multi-factor authentication is too complicated and annoying to use, which can cause resistance or lower user acceptance of such systems.The challenge is to choose a secure factor to authenticate users along with taking into consideration the ease of use.

2.
Data availability: one major obstacle is the absence of necessary data.Organizations may choose to hide financial transaction data according to privacy and security considerations, and the needed datasets may not be publicly accessible due to the sensitivity of this data.

3.
Data quality: this study is impacted by the quality of the accessible data.Data that is missing, incorrect, unbalanced, or inconsistent can make ML models and authentication systems less effective and possibly produce biased or incorrect results.In particular, most of the available datasets are transformed using the PCA transformation technique.4.
Technical limitations: technical barriers, such as compatibility issues or limited storage capacity, and processing speed may restrict the power to handle, process, and store big data efficiently.
To address these challenges, this research implements the following strategies: 1.
Suitable MFA implementation: a user-centric strategy was used to gain adaptable, and secure system implementation.The adaptive implementation of the MFA system led to interaction with only two factors when put into practice.A third factor is required if the ML algorithm classifies the transaction as fraud.This preserves strong security standards while simultaneously improving usability.

2.
Data cleaning and preprocessing: using techniques to remove errors and deal with unbalanced datasets that could affect the models' accuracy in cleaning and preparing data.This was conducted successfully and discussed in Section 2.3.3 (data preprocessing).

3.
Replication: conducting the ML analysis at different times to confirm and guarantee the reliability and consistency of the results while reducing the influence of anomalies or errors.4.
Algorithm and analysis suitability: using the right statistical techniques and ML algorithms to analyze the data while taking hardware constraints into account.Identifying and evaluating the best algorithms for the particular use case of safe financial transactions was conducted carefully.The implemented ML algorithms were simple and accurate to overcome the hardware limitations and facilitate the integration of ML and MFA into one model.
Our proposed framework does not conflict with the same studies in the literature [75][76][77][78][79].In future work, implementing this framework in real-world applications will be valuable, using other biometrics or adding more security layers may offer additional safety to the framework.

Conclusions
This study aims to propose a framework to secure Internet financial transactions by integrating MFA and ML.Our framework overcomes the previous work in the literature by adding more layers of security while offering a user-friendly system.Taking advantage of the abilities of ML and making it work as an embedded layer of security within an MFA framework was the strength and distinction of this study.Many supervised ML algorithms were investigated to build an ML model that can accurately identify illegal payments.The implemented algorithm's accuracy varied from 92.354 to 97.938%.The logistic regression algorithm was the best one, with AUC, precision, recall, and F1 scores of 0.98, 0.99, 0.97, and 0.98, respectively.
The username-password, fingerprint, OTP, and face recognition were deployed in the MFA model to authenticate users.E-commerce application screens were designed to offer a better understanding of the proposed framework and show how users will interact with the system easily and securely.
The results of this investigation show that many domains of security can be greatly improved and refined by incorporating ML techniques as a core component of MFA.However, this study is only the beginning of a larger and more thorough investigation into this kind of integration, highlighting the need for additional research that looks into various authentication factors across various datasets to balance security and usability.

Figure 4 .
Figure 4. Confusion matrix results for implemented classifiers.

Table 1 .
Dataset sample.Time represents the time in seconds that elapsed for every transaction; V1-V28 represents PCA-transformed numerical variables; Amount represents the transaction amount; Class represents the classification for each transaction (non-fraud is 0, fraud is 1).

Table 2 .
Classification report results for implemented classifiers.