Feasibility of Two-Factor Payment Authentication using EEG-based BCIs

M. A. Rahman 1, A. A. Puzi 1, H. Md. Yusof 2

1. Department of Computer Science, Faculty of Information and Communication Technology,

International Islamic University Malaysia, Kuala Lumpur, Malaysia
2. Department of Mechatronics, Faculty of Engineering, International Islamic University Malaysia, Kuala
Lumpur, Malaysia
[email protected], {asmarani, myhazlina}@iium.edu.my

Abstract— Two-Factor Authentication (2FA) is a powerful conventional biometric payment systems are slowly
method for use in payment authentications. However, very becoming more and more mainstream; it is imperative
little work has been done to gauge the feasibility of the use
we investigate more authentication methods for use in
of brainwaves as a factor in 2FA. This study investigates
the feasibility of brain activity as a factor in 2FA payment said payment systems. This study introduces a novel
methods. Previous studies have shown that brain-wave 2FA payment system augmented with EEG signals.
patterns from electroencephalogram (EEG) can be used
for mental task classification and biometric identification. EEG is a widely prominent and well adopted technology
Although EEG-based biometry and mental task for Brain-Computer Interfaces (BCIs) due to its safe,
classification has been a thoroughly studied research topic, reliable, affordable, and practical nature [2]. It provides
almost no work has been done to find the feasibility of such high temporal resolution of the electrical signals
systems in real world applications such as payment
generated in the brain albeit with very low spatial
authentication systems. In this study, EEG data is obtained
from 4 channels and denoised and preprocessed using resolution. Another reason why it is often the first
various methods. It was then augmented with Gyroscopic choice for most BCI projects is due to its portability and
and Accelerometer data and was finally used to train and affordability compared to a functional Magnetic
benchmark multiple machine learning models and a Resonance Imaging (fMRI) machine or Positron
Feedforward Neural Network to translate brain activity
Emission Tomography (PET) machine giving it a boost
from EEG signals to a direction-based two-factor pin
system. Intensive experimental simulations using multiple in better technology acceptance and widespread
training and testing protocols were used to measure the adoption rates.
feasibility of such a system. Results show that the
Feedforward Neural Network performed the best with a This study investigates the feasibility of brain-activity in
best mean accuracy of 94.18% and a standard deviation of 2FA for payment systems. As EEG signals are dynamic
+/-0.51%. This shows that there is indeed potential in the and sensitive to individuals and their mental states; it is
use of brainwaves as a factor in 2FA for payment systems. a great candidate as an authentication factor since any
Keywords— Electroencephalogram, Machine Learning, pressure or stress stemming from an attacker forcing
Two-factor authentication, Brain Computer Interface. authentication will significantly affect the signal.
I. INTRODUCTION Although much work has been done to study brain-wave
2FA is a thoroughly researched and vastly relied on patterns from EEG signals especially in the field of the
security mechanism typically used to enhance classification of mental tasks, very little work has been
authentication security by requiring users to provide 2 done to study the feasibility of EEG signals in biometric
types of credentials to verify their identity. 2FA has authentication systems [3]–[8] and even less has been
gained significant traction as a reliable method of done for 2FA systems [9]. This is due to the noisy and
combating the ever-increasing threat of unauthorized unpredictable nature of EEG signals. It is even harder to
access and identity theft in various online services and implement real-time systems based on EEG signals due
systems. It offers an additional layer of protection to its complex and high dimensional structure.
beyond traditional single-factor authentication methods Therefore, complex machine learning (ML) and deep
as it does not just rely on just knowledge-based factors learning (DL) algorithms are needed to solve such
such as passwords or pins or possession-based factors problems.
such as physical tokens or mobile devices but instead The study first introduces the problem of the lack of
typically combines the two different methods. This brainwave use as a factor in 2FA to the reader then
approach significantly improves the security posture by presents how the steps of data acquisition with a 4
mitigating the risks associated with compromised channel EEG headset, data preprocessing to remove
passwords or stolen credentials[1]. And seeing that outliers and noise, feature extraction methods, ML and

- ©2023 IEEE IEEE SPMB 2023 December 3, 2022

M. A. Rahman et al.: Feasibility of Two-Factor… Page 2 of 6

DL models. The DL model implemented is a simple activities and asked to concentrate on the visual cues
feedforward neural network and is benchmarked against displayed as a test to ensure they understood the
other ML models. Finally, the results are presented, directions properly. (6) Examiners start recording data
discussed and a system architecture for DL integration and moves visual cues to different parts of the screen
is proposed. every 5 seconds. The location and time of each shift was
II. METHODOLOGY logged. (7) After 5 minutes of shifting visual cues have
elapsed, the examiner ends the recording. (8)
To implement 2FA in payment systems, an
Participants were again asked to close their eyes and
authentication method must first be devised using EEG
meditate for 5 minutes. This data was also recorded in a
signals. Earlier studies have implemented authentication
separate file.
methods using pass-thoughts (thoughts as passwords) or
motor movements [4]–[7], [9]. We propose a pin system The data obtained was then processed based on Figure
based on visual stimulus. This is achieved by flashing 2. The signals were first run through a notch filter as it
parts of a blank screen with a single visible dot so the was being recorded to suppress powerline interference
participants would focus on that section of the screen. as these brainwave signals from EEG recordings are
When shown in a sequence, these dots can form a shown to be normally mixed with power line artifacts
directional pin just as you would do with numbers in a [11]. As all sessions took place in Kuala Lumpur,
pin number system. Malaysia; a notch filter of 50 Hz was used.
15 participants (12 male, 3 female) between the ages of
18 and 25 wore a 5 dry-electrode Muse 2 EEG headset
[10] as shown in Figure 1 during data collection. Each
participant attended 1 session lasting 15 minutes each (5
minutes of meditation, 5 minutes of tasks, and finally 5
minutes of rest post-task completion). During sessions,
the participants were prompted with 5 different visual
ques (up, down, left, right and center) while raw EEG
data and built-in gyroscopic and accelerometer data was
collected at 256 Hz.

Figure 2. Methodology

The data was denoised and preprocessed with the

following methods;
1) We employed a low-pass Butterworth filter to
preprocess the EEG signals. The goal was to remove
high-frequency noise and artifacts that could potentially
Figure 1. EEG headset electrode placement interfere with the extraction of meaningful features. The
Butterworth filter is a popular choice in EEG signal
Several steps were carried out during the data processing due to its ability to provide a sharp roll-off
acquisition phase to minimize noise and increase overall and minimal distortion in the passband [2], [12]. By
setting an appropriate cutoff frequency, we ensured that
signal capture quality as detailed below. the filter attenuated frequencies above the desired range,
(1) Examiners first sanitized the EEG dry electrodes and effectively reducing high-frequency noise while
wiped participant’s foreheads and any other relevant preserving the lower-frequency components relevant to
our EEG analysis. This preprocessing step improved the
points of contacts with a wet cloth. (2) The participants
quality of the EEG signals and facilitated the subsequent
were then asked to sit ~40 centimeters away from the feature extraction and selection processes, leading to
monitor in which visual cues were being displayed. (3) more accurate and reliable classification results. The
Examiners then placed the EEG headset onto the filter can be computed as shown in (1).
participants head and waited for a stable raw reading 1
from all sensors. (4) Participants were asked to close H(jω) = (1)
2n
ω
√1+ε2 ( )
their eyes and meditate for 5 minutes. This data was ωp

recorded. (5) The participants were briefed on the

- ©2023 IEEE IEEE SPMB 2023 December 3, 2022

M. A. Rahman et al.: Feasibility of Two-Factor… Page 3 of 6

2) A Gaussian Mixture Model (GMM) was Delta, Theta, and Gamma waves. The EEG signals were
employed to identify and remove outliers from the EEG first segmented into epochs of interest, and then the FFT
data. Outliers can arise due to various factors such as was applied to each epoch to transform the time-domain
electrode malfunctions or artifacts during data signals into the frequency domain. By examining the
collection. To address this issue, we employed the amplitude spectra obtained from the FFT, we calculated
GMM's capability to model the underlying distribution the power spectral density or band power within the
of the EEG signals. By assuming that most of the data specific frequency ranges associated with each wave.
points follow a Gaussian distribution, the GMM allowed The Alpha wave, typically ranging from 8 to 13 Hz, is
us to estimate the parameters of multiple Gaussian linked to relaxation and cognitive processing. The Beta
components present in the EEG data. We then employed wave (13-30 Hz) is associated with alertness and
the expectation-maximization algorithm to assign each cognitive engagement. The Delta wave (0.5-4 Hz)
data point to its most probable cluster. Through this reflects deep sleep or unconsciousness. The Theta wave
process, any data points that deviated significantly from (4-8 Hz) is related to creativity, memory formation, and
the expected distribution were identified as outliers. By meditative states. The Gamma wave (30-100 Hz) is
subsequently removing these outliers from the dataset, associated with high-level cognitive processes and
we were able to enhance the overall quality and attention. By quantifying the power or other statistical
reliability of the EEG data. measures within these frequency bands, we obtained
features that captured the strength or relative
3) Principal Component Analysis (PCA) was contribution of each wave, enabling our machine
utilized to engineer additional features from the original learning algorithms to classify directional intention
EEG data. PCA allowed us to explore the underlying based on these specific frequency components. Through
structure and relationships among the EEG features, the application of FFT on Alpha, Beta, Delta, Theta, and
enabling us to derive new, informative features that Gamma waves, we enhanced the feature representation
captured important variations in the data. By of the EEG data and achieved improved accuracy in our
decomposing the high-dimensional EEG data into its machine learning models for EEG analysis and
principal components, PCA provided us with a set of classification tasks. FFT is a reliable feature extraction
orthogonal features ranked by their importance in method and is commonly used to investigate cognitive
explaining the variance in the data. We selected a subset and reasoning activities in the brain [2], [15].
of these principal components as new features,
representing different patterns and characteristics The extracted features were then added into the original
present in the EEG signals. These engineered features dataset containing raw input from the 4 channels,
encompassed a broader range of information, allowing gyroscope, and accelerometer data. This resulting
our machine learning algorithms to capture more dataset was then used for model training and evaluation.
nuanced patterns and improve the discriminatory power
for our classification task. We conducted a comprehensive analysis by training
4) Independent Component Analysis (ICA) allowed multiple machine learning models and a feedforward
us to separate the EEG signals into statistically neural network, and subsequently compared their
independent components, each representing a distinct accuracies. We aimed to identify the most effective
source or underlying process contributing to the model for accurately classifying the proposed direction-
recorded signals. By decomposing the EEG data into based pin. A diverse set of ML algorithms, including
these independent components, ICA enabled us to logistic regression, support vector classifier (SVC), k-
identify and extract hidden patterns that might not be
nearest neighbors (KNN), decision trees, 2 random
apparent in the original signal. We selected a subset of
these independent components as new features, which forest models (one using a Gini index and another using
provided a more diverse representation of the Entropy), and a feedforward neural network. The
underlying neural activity. These engineered features Feedforward neural network architecture consisted of an
encompassed a wider range of spatial and temporal input layer, a hidden layer, and an output layer. The
characteristics, allowing our machine learning input layer and the hidden layer contained 64 nodes
algorithms to capture more specific and discriminative each whereas the output layer had 5 nodes representing
information relevant to our classification task. By
the different directions as classes. To optimize the
leveraging the power of ICA to uncover latent sources
and engineer additional features, we enhanced the hyperparameters of the neural network, we employed
representation of the EEG data for better analysis. ICA grid search, a technique that systematically explores
is known to be the most used method for artifact different combinations of hyperparameter values. We
removal [13] as it is very efficient [14]. selected a range of values for parameters such as the
5) Fast Fourier Transform (FFT) was utilized to learning rate, batch size, and activation functions.
analyze and extract frequency domain features from Additionally, we explored different optimizers to
specific EEG frequency bands, namely Alpha, Beta, determine the most suitable one for our task.

- ©2023 IEEE IEEE SPMB 2023 December 3, 2022

M. A. Rahman et al.: Feasibility of Two-Factor… Page 4 of 6

Each model was trained on the combined preprocessed (a)

dataset, utilizing feature extraction and selection
techniques detailed above. We then employed k-fold
cross-validation to evaluate the performance of each
model and calculated the accuracy metric to measure
their classification performance. By comparing the
accuracies achieved by each model, we were able to
assess their relative strengths and weaknesses. The
selected model’s accuracy and loss curves and
confusion is also studied to better understand the nature
of the selected model.

III. RESULTS
In this study, we aimed to investigate the feasibility of
utilizing a low-cost, consumer-grade EEG system for
(b)
individual authentication. Our approach utilized a cost-
effective EEG headset priced at $250, which has the Figure 3. (a) Brainwaves after Butterworth filter application
potential to facilitate widespread adoption in consumer and outlier removal; (b) Some of the features engineered with
PCA, ICA and FFT
applications, in contrast to expensive laboratory-grade
equipment. A simple three-layer Feedforward neural network
We employed several preprocessing techniques to seemed to have the best average performance as
enhance the quality of the EEG signals. Firstly, a Notch reflected in Table 1 and Figure 4.
filter was applied at 50 Hz to remove power line Table 1. Model Acccuracies
interference, ensuring cleaner data. Additionally, a
Model Accuracy
Butterworth filter was utilized to suppress unwanted
LogisticRegression 0.309079
noise and artifacts, further improving the signal quality.
SVC 0.231015
Finally, GMM was employed to detect and remove
LinearSVC 0.348816
outliers in the data. These preprocessing steps aimed to
KNeighbors 0.233126
enhance the accuracy and reliability of subsequent
DecisionTree 0.35165
analysis.
RandomForest 0.41802
For feature extraction, we adopted a combination of RandomForest2 0.430799
techniques to capture relevant information from the MLPClassifier 0.247685
EEG signals. Specifically, we utilized Principal Feedforward Neural Network 0.9392
Component Analysis (PCA), Independent Component
Analysis (ICA), and Fast Fourier Transform (FFT).
Figure 3 shows the processing of raw signals retrieved
from the Muse 2 EEG headset and how the resulting
signal looks after going through the feature extraction
phase.

Figure 4. Model Accuracy Benchmark plot

Among the various optimizers evaluated, grid search

revealed Adamax to be the best choice for our neural
network. This aligns with the findings in [16]. Adamax
is an extension of the Adam optimizer that provides
adaptive learning rates and effectively handles sparse
gradients. It performed better than its counterparts,
leading to improved convergence and faster training

- ©2023 IEEE IEEE SPMB 2023 December 3, 2022

M. A. Rahman et al.: Feasibility of Two-Factor… Page 5 of 6

times compared to other optimizers. The resulting stratified k-fold cross-validation with varying fold sizes,
model had accuracy and loss curves shown in Figures 5 we were able to validate the accuracy of our neural
and 6. network model on multiple partitions of the dataset,
minimizing the impact of data partitioning on the
evaluation results. This approach ensured robustness
and provided a more reliable estimate of the neural
network's generalization performance in our study
which was shown to have the best mean accuracy of
94.18% and a standard deviation of +/-0.51% reflected
in Table 2.
Table 2. A comparison of performance demonstrating the
impact of including the Ax channels

Accuracy 3-Folds 5-Folds 10-Folds

Fold 1 93.94% 92.20% 91.13%
Fold 2 94.89% 97.34% 92.20%
Fold 3 93.72% 94.68% 97.52%
Fold 4 91.83% 95.74%
Figure 5. Model accuracy curve Fold 5 93.96% 95.74%
Fold 6 91.49%
Fold 7 91.84%
Fold 8 95.04%
Fold 9 93.24%
Fold 10 91.81%
Mean 94.18% 94.00% 93.58%
Std. Deviation +/- 0.51% +/- 1.98% +/- 2.13%

These results suggest that the model is generally reliable

and capable of making accurate predictions, warranting
further exploration and utilization in the proposed
system as proposed in Figure 7.

Figure 6. Model loss curve

The stable increase in the accuracy curve as seen in

Figure 5 and the stable decrease in the model loss of the
neural network as seen in Figure 6 indicates consistent
and steady improvement in the model's performance
over the course of training. The fact that there is very
little deviation from one epoch to another suggests that
the network is learning efficiently and converging
towards a good solution.
The model was further validated through various
stratified k-fold cross-validation tests. We employed Figure 7. Swimlane flowchart for proposed 2FA payment
stratified k-fold cross-validation with different fold system with Muse 2 EEG headset
sizes. Specifically, we utilized 10, 5, and 3 stratified k-
folds. Stratified k-fold cross-validation is a technique IV. SUMMARY
that partitions the dataset into k folds while preserving This study investigates the feasibility of the use of
the original class distribution in each fold. Through brain-wave activity for 2FA in payment systems. We

- ©2023 IEEE IEEE SPMB 2023 December 3, 2022

M. A. Rahman et al.: Feasibility of Two-Factor… Page 6 of 6

proposed the use of Deep Learning models to classify [6] C. Ashby, A. Bhatia, F. Tenore, and J. Vogelstein, “Low-
visual cues which could then be used to form a pin- cost electroencephalogram (EEG) based authentication,”
2011 5th International IEEE/EMBS Conference on Neural
sequence authenticating both the user and the payment.
Engineering, NER 2011, pp. 442–445, 2011, doi:
We achieved this by performing extensive data 10.1109/NER.2011.5910581.
preprocessing with the use of notch filters, the
Butterworth filter, and Gaussian Mixture Models. [7] A. Rajagopal, A. C. Nguyen, and D. M. Briggs, “NeuroPass:
Features were then engineered with PCA, ICA and FFT A secure neural password based on EEG,” 2013, Accessed:
Aug. 29, 2022. [Online]. Available: http://eeg.abhe.info
methods. We show that (1) It is possible to classify
directional intent with a small scale 5-electrode EEG [8] D. Jiang and J. Hu, “Research of computing in EEG
headset, (2) Neural Networks are perform better as the password based on wavelet,” FBIE 2009 - 2009
problem is too complex for simpler machine learning International Conference on Future BioMedical Information
models such as Decision Trees, (3) that there is potential Engineering, pp. 98–101, 2009, doi:
10.1109/FBIE.2009.5405782.
in developing 2FA payment system with brainwaves
augmented with accelerometer and gyroscopic data. [9] I. Svogor and T. Kisasondi, “Two factor authentication
using EEG augmented passwords,” Proceedings of the
However, no conclusive lessons can be extracted for International Conference on Information Technology
2FA with just EEG brainwaves as the dataset collected Interfaces, ITI, pp. 373–378, 2012, doi:
was too small. We plan to collect more data with a 10.2498/ITI.2012.0441.
bigger participant pool with a more sophisticated
[10] “Muse 2 | MuseTM EEG-Powered Meditation & Sleep
experimental setup in the future. We also aim to study
Headband.” https://choosemuse.com/products/muse-2
more and more feature extraction and data (accessed May 27, 2023).
preprocessing methods to explore better suited options
for a real time system. [11] M. Tibdewal, M. Mahadevappa, A. Ray, M. Malokar, and
H. R. Dey, “Power line and ocular artifact denoising from
ACKNOWLEDGMENTS EEG using notch filter and wavelet transform,” 2016 3rd
International Conference on Computing for Sustainable
This research has been financially supported by Marzex Global Development (INDIACom), 2016.
Technologies PLT. The authors hold full responsibility
for the content, and it does not necessarily represent the [12] N. Shajil, S. Mohan, P. Srinivasan, J. Arivudaiyanambi, and
official viewpoints of Marzex Technologies PLT. A. Arasappan Murrugesan, “Multiclass Classification of
Spatially Filtered Motor Imagery EEG Signals Using
REFERENCES Convolutional Neural Network for BCI Based
Applications,” J Med Biol Eng, vol. 40, no. 5, pp. 663–672,
[1] “Federal Financial Institutions Examination Council”, Oct. 2020, doi: 10.1007/S40846-020-00538-3.
Accessed: May 27, 2023. [Online]. Available:
http://www.ffiec.gov [13] H. Altaheri et al., “Deep learning techniques for
classification of electroencephalogram (EEG) motor
[2] A. Kawala-Sterniuk et al., “Summary of over Fifty Years imagery (MI) signals: a review,” Neural Comput Appl,
with Brain-Computer Interfaces—A Review,” Brain 2021, doi: 10.1007/S00521-021-06352-5.
Sciences 2021, Vol. 11, Page 43, vol. 11, no. 1, p. 43, Jan.
2021, doi: 10.3390/BRAINSCI11010043. [14] L. Albera et al., “ICA-based EEG denoising: a comparative
analysis of fifteen methods,” Bulletin of the Polish Academy
[3] T. Pham, W. Ma, D. Tran, P. Nguyen, and D. Phung, “A of Sciences: Technical Sciences, vol. 60, no. 3, pp. 407–418,
study on the feasibility of using EEG signals for 2012, doi: 10.2478/v10175-012-0052-3ï.
authentication purpose,” Lecture Notes in Computer Science
(including subseries Lecture Notes in Artificial Intelligence [15] H. U. Amin, Y. Hafeez, M. F. Reza, S. H. Adil, R. A.
and Lecture Notes in Bioinformatics), vol. 8227 LNCS, no. Hasan, and S. S. A. Ali, “EEG Feature Extraction with Fast
PART 2, pp. 562–569, 2013, doi: 10.1007/978-3-642- Fourier Transform for Investigating different Brain regions
42042-9_70/COVER. in Cognitive and Reasoning Activity,” 2022 IEEE 5th
International Symposium in Robotics and Manufacturing
[4] S. Marcel and J. del R. Millan, “Person authentication using Automation, ROMA 2022, 2022, doi:
brainwaves (EEG) and maximum a posteriori model 10.1109/ROMA55875.2022.9915664.
adaptation,” IEEE Trans Pattern Anal Mach Intell, vol. 29,
no. 4, pp. 743–748, Apr. 2007, doi: [16] D. R. Ramdhani, E. C. Djamal, and F. Nugraha, “Brain-
10.1109/TPAMI.2007.1012. Computer Interface Based on Motor Imagery and Emotion
Using Convolutional Neural Networks,” Proceeding - 1st
[5] J. Chuang, H. Nguyen, C. Wang, and B. Johnson, “I think, FORTEI-International Conference on Electrical
therefore I am: Usability and security of authentication Engineering, FORTEI-ICEE 2020, pp. 108–112, Sep. 2020,
using brainwaves,” Lecture Notes in Computer Science doi: 10.1109/FORTEI-ICEE50915.2020.9249937.
(including subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics), vol. 7862 LNCS, pp.
1–16, 2013, doi: 10.1007/978-3-642-41320-9_1/COVER.

- ©2023 IEEE IEEE SPMB 2023 December 3, 2022