Abstract: Internet provides easy and convenient way to do e–Commerce transaction or transfer money from one account to another account using online banking system. In order to complete the transfer process, banking system generates One–Time Password (OTP) and then the generated OTP is sent to authenticate the transaction. If customer enters correct OTP, then transfer gets executed successfully. However, if impostor somehow able to know the customer’s online accounts details with password and gets customer’s registered Subscriber Identity Module (SIM), then impostor may do online shopping or transfer money successfully as per his will. This study proposes a secure one–time password authentication scheme using Elliptic Curve Cryptography (ECC) with fingerprint biometric in which only the legitimate customer can decrypt cipher OTP and upon decryption, the plain OTP gets appeared and then the customer has to enter the plain OTP into the Banking transaction page to make the transaction successful. Customer generates his/her private and public keys for ECC with the help of his/her fingerprint. This scheme suggests more security with less key length than RSA and there is no need to store any private key anywhere. Private key of the user gets generated when user needs to provide his/her authenticity.