More Web Proxy on the site http://driver.im/

article

A model for evaluating the security and usability of e-banking platforms

Authors:

Abdulrahman Alarifi,

Mansour Alsaleh,

Noura AlomarAuthors Info & Claims

Computing, Volume 99, Issue 5

Pages 519 - 535

https://doi.org/10.1007/s00607-017-0546-9

Published: 01 May 2017 Publication History

Abstract

Convenience and the ability to perform advanced transactions encourage banks clients to use e-banking systems. As security and usability are two growing concerns for e-banking users, banks have invested heavily in improving their web portals security and user experience and trust in them. Despite considerable efforts to evaluate particular security and usability features in e-banking systems, a dedicated security and usability evaluation model that can be used as a guide in the development of e-banking assets remains much less explored. To build a comprehensive security and usability evaluation framework, we first extract security and usability evaluation metrics from the conducted literature review and then include several other evaluation metrics that were not previously identified in the literature. We then propose a structured inspection model for thoroughly evaluating the usability and security of internal and external e-banking assets. We argue that the proposed e-banking security and usability evaluation frameworks in the literature in addition to the existing standards of security best practices (e.g., NIST and ISO) are by no means comprehensive and lack some essential and key evaluation metrics that are of particular interest to e-banking portals. In order to demonstrate the inadequacy of existing models, we use the proposed framework to evaluate five major banks. The evaluation reveals several shortcomings in identifying both missing or incorrectly implemented security and privacy features. Our goal is to encourage other researchers to build upon our work.

References

[1]

YeeLoong Chong A, Ooi K, Lin B, Tan B (2010) Online banking adoption: an empirical analysis. Int J Bank Mark 28(4):267---287

[2]

Laukkanen P, Sinkkonen S, Laukkanen T (2008) Consumer resistance to internet banking: postponers, opponents and rejectors. Int J Bank Mark 26(6):440---455

[3]

Lichtenstein S, Williamson K (2006) Understanding consumer adoption of internet banking: an interpretive study in the Australian banking context. J Electron Commer Res 7(2):50---66

[4]

Weir CS, Douglas G, Richardson T, Jack M (2010) Usable security: user preferences for authentication methods in ebanking and the effects of experience. Interact Comput 22(3):153---164

Digital Library

[5]

Mannan M, van Oorschot PC (2008) Security and usability: the gap in real-world online banking. In: Proceedings of the 2007 workshop on new security paradigms. ACM, pp 1---14

[6]

Casalo LV, Flavián C, Guinalíu M (2007) The role of security, privacy, usability and reputation in the development of online banking. Online Inf Rev 31(5):583---603

[7]

Pervaiz FRT. Online banking security

[8]

Aladwani AM (2001) Online banking: a field study of drivers, development challenges, and expectations. Int J Inf Manag 21(3):213---225

Digital Library

[9]

Subsorn P, Limwiriyakul S (2011) A comparative analysis of the security of internet banking in Australia: a customer perspective. In: Proceedings of the 2nd international cyber resilience conference, pp 70---83

[10]

Zarifopoulos M, Economides AA (2009) Evaluating mobile banking portals. Int J Mobile Commun 7(1):66---90

Digital Library

[11]

Gutmann P, Grigg I (2005) Security usability. Secur Priv IEEE 3:56---58

Digital Library

[12]

Seffah A, Donyaee M, Kline R, Padda H (2006) Usability metrics: a roadmap for a consolidated model. J Softw Qual 14(2):159---178

Digital Library

[13]

Braz C, Seffah A, M'Raihi D (2007) Designing a trade-off between usability and security: a metrics based-model. In: Proceedings of the INTERACT07. Springer, NewYork, pp 114---126

[14]

Möckel C (2011) Usability and security in eu e-banking systems-towards an integrated evaluation framework. In: Applications and the internet (SAINT), 2011 IEEE/IPSJ 11th international symposium on IEEE, pp 230---233

[15]

Just M, Aspinall, D (2012) On the security and usability of dual credential authentication in UK online banking. In: Internet technology and secured transactions, 2012 international conference for IEEE, pp 259---264

[16]

Al-Wabil A, Al-Khalifa H (2009) A framework for integrating usability evaluations methods: the mawhiba web portal case study. In: Current trends in information technology (CTIT), 2009 international conference on the IEEE, pp 1---6

[17]

Althobaiti MM, Mayhew P (2014) Security and usability of authenticating process of online banking: user experience study. In: Security technology (ICCST), 2014 international carnahan conference on IEEE, pp 1---6

[18]

Weir CS, Douglas G, Carruthers M, Jack M (2009) User perceptions of security, convenience and usability for ebanking authentication tokens. Comput Secur 28(1):47---62

Digital Library

[19]

Alomar N, Alsaleh M, Alarifi A (2017) Social authentication applications, attacks, defense strategies and future research directions: a systematic review. IEEE Commun Surv Tutor. http://ieeexplore.ieee.org/abstract/document/7814222/

[20]

Becker S, Mottay FE et al (2001) A global perspective on web site usability. IEEE Softw 18(1):54---61

Digital Library

[21]

Jääskeläinen R (2010) Think-aloud protocol. Handb Transl Stud 1:371---373

[22]

Nielsen J, Landauer TK (1993) A mathematical model of the finding of usability problems. In: Proceedings of the INTERACT'93 and CHI'93 conference on human factors in computing systems. ACM, pp 206---213

[23]

Nielsen J (1994) Estimating the number of subjects needed for a thinking aloud test. Int J Hum Comput Stud 41(3):385---397

Digital Library

[24]

Nielsen J (1994) Enhancing the explanatory power of usability heuristics. In: Proceedings of the SIGCHI conference on human factors in computing systems. ACM, pp 152---158

[25]

Hofstede G (1993) Cultural constraints in management theories. Acad Manag Exec 7(1):81---94

[26]

Yoon HS, Steege LMB (2013) Development of a quantitative model of the impact of customers personality and perceptions on internet banking use. Comput Hum Behav 29(3):1133---1141

[27]

Alsaleh M, Alomar N, Alarifi A (2017) Smartphone users: understanding how security mechanisms are perceived and new persuasive methods. PloS One

[28]

Nielsen A (2005) Online banking continues despite security concerns. ACNielsen, NewYork

[29]

Alhumoud S, Alabdulkarim L, Almobarak N, Al-Wabil A (2015) Socio-cultural aspects in the design of multilingual banking interfaces in the arab region. In: Human---computer interaction: users and contexts. Springer, NewYork, pp 269---280

[30]

Al-Ageel N, Al-Wabil A, Badr G, AlOmar N (2015) Human factors in the design and evaluation of bioinformatics tools. Proc Manuf 3:2003---2010

[31]

DeWitt AJ, Kuljis J (2006) Aligning usability and security: a usability study of polaris. In: Proceedings of the second symposium on usable privacy and security. ACM, pp 1---7

[32]

Boehm BW (1988) A spiral model of software development and enhancement. Computer 21(5):61---72

Digital Library

[33]

Yee K-P (2002) User interaction design for secure systems. Springer, NewYork

[34]

Kainda R, Flechais I, Roscoe A (2010) Security and usability: analysis and evaluation. In: Availability, reliability, and security, 2010. ARES'10 international conference on IEEE, pp 275---282

[35]

Hertzum M, JØrgensen N, NØrgaard M (2004) Usable security and e-banking: ease of use vis-a-vis security. Aust J Inf Syst 11(2):52---65

[36]

Dourish P, Redmiles D (2002) An approach to usable security based on event monitoring and visualization. In: Proceedings of the 2002 workshop on new security paradigms, ACM, pp 75---81

[37]

John BE, Bass L (2001) Usability and software architecture. Behav Inf Technol 20(5):329---338

[38]

Vrancianu M, Popa LA et al (2010) Considerations regarding the security and protection of e-banking services consumers interests. Amfiteatru Econ J 12(28):388---403

[39]

Landauer TK (1995) The trouble with computers: usefulness, usability, and productivity, vol 21. Taylor & Francis, Milton Park

[40]

Folmer E, Van Gurp J, Bosch J (2003) A framework for capturing the relationship between usability and software architecture. Softw Process Improv Pract 8(2):67---87

[41]

Juristo N, Lopez M, Moreno AM, Sánchez MI (2003) Improving software usability through architectural patterns. In: ICSE workshop on SE-HCI. Citeseer, pp 12---19

[42]

Abowd G, Bass L, Clements P, Kazman R, Northrop L (1997) Recommended best industrial practice for software architecture evaluation. Technical report, DTIC document

[43]

Folmer E, van Gurp J, Bosch J (2003) Scenario-based assessment of software architecture usability. In: ICSE workshop on SE-HCI, Citeseer, pp 61---68

[44]

Folmer E, Gurp JV, Bosch J (2003) Investigating the relationship between usability and software architecture. Software process improvement and practice. Wiley, Colorado

[45]

Folmer E, Bosch J (2010) Experiences with software architecture analysis of usability. Web engineering advancements and trends: building new dimensions of information technology: building new dimensions of information technology, p 177

[46]

Sommerville I (2011) Software engineering. Addison-Wesley, Boston

[47]

Kassab M, El-Boussaidi G, Mili H (2012) A quantitative evaluation of the impact of architectural patterns on quality requirements. In: Software engineering research, management and applications 2011, Springer, NewYork, pp 173---184

[48]

Bass L, Clements P, Kazman R (2003) Software architecture in practice. Addison Wesley, Boston

[49]

Barbacci MR, Klein MH, Weinstock CB (1997) Principles for evaluating the quality attributes of a software architecture, Technical report, DTIC document

[50]

Raza A, Capretz LF (2015) Usability as a dominant quality attribute. arXiv preprint arXiv:1508.06195

[51]

Jeng J (2005) Usability assessment of academic digital libraries: effectiveness, efficiency, satisfaction, and learnability. Libri 55(2---3):96---121

[52]

Diniz E, Porto RM, Adachi T (2005) Internet banking in Brazil: evaluation of functionality, reliability and usability. Electron J Inf Syst Eval 8(1):41---50

[53]

Uusitalo I, Catot JM, Loureiro R (2009) Phishing and countermeasures in spanish online banking. In: Emerging security information, systems and technologies, 2009. SECURWARE'09. Third international conference on IEEE, pp 167---172

[54]

Möckel C, Abdallah AE (2010) Threat modeling approaches and tools for securing architectural designs of an e-banking application. In: Information assurance and security (IAS), 2010 sixth international conference on IEEE, pp 149---154

[55]

Mairiza D, Zowghi D (2010) An ontological framework to manage the relative conflicts between security and usability requirements. In: Managing requirements knowledge (MARK), 2010 third international workshop on IEEE, pp 1---6

[56]

Gunson N, Marshall D, Morton H, Jack M (2011) User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput Secur 30(4):208---220

Digital Library

[57]

Mihajlov M, Jerman-Blazic B, Josimovski S (2011) A conceptual framework for evaluating usable security in authentication mechanisms-usability perspectives. In: Network and system security (NSS), 2011 5th international conference on IEEE, pp 332---336

[58]

Nayebi F, Desharnais J-M, Abran A (2013) An expert-based framework for evaluating ios application usability. In: Software measurement and the 2013 eighth international conference on software process and product measurement (IWSM-MENSURA), 2013 joint conference of the 23rd international workshop on IEEE, pp 147---155

[59]

Hutchinson D, Warren M (2003) Security for internet banking: a framework. Logist Inf Manag 16(1):64---73

[60]

Sivaji A, Abdullah MR, Downe AG, Ahmad WFW (2013) Hybrid usability methodology: integrating heuristic evaluation with laboratory testing across the software development lifecycle. In: Information technology: new generations (ITNG), 2013 tenth international conference on IEEE, pp 375---383

[61]

Alomar N et al (2016) Usability engineering of agile software project management tools. In: International conference of design, user experience, and usability. Springer, Cham. http://link.springer.com/chapter/10.1007/978-3-319-40409-7_20

[62]

Flechais I, Sasse MA, Hailes S (2003) Bringing security home: a process for developing secure and usable systems. In: Proceedings of the 2003 workshop on new security paradigms. ACM, pp 49---57

Cited By

Sauer MAlpers SBecker C(2023)Comparison of methods for analyzing the correlation of user experience and information securityProceedings of the 2023 5th International Conference on Software Engineering and Development10.1145/3637792.3637794(8-16)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1145/3637792.3637794
Jalali FAlidoost Nia MErmakova TAbdollahi MFabian B(2022)Investigating the role of usable security in developers' intention toward security enhancement in service‐oriented applicationsSecurity and Privacy10.1002/spy2.1995:2Online publication date: 6-Mar-2022
https://dl.acm.org/doi/10.1002/spy2.199
Chaimaa BNajib ERachid H(2021)E-banking Overview: Concepts, Challenges and SolutionsWireless Personal Communications: An International Journal10.1007/s11277-020-07911-0117:2(1059-1078)Online publication date: 1-Mar-2021
https://dl.acm.org/doi/10.1007/s11277-020-07911-0
Show More Cited By

Recommendations

An evaluation of e-banking and m-banking adoption factors and preference in Malaysia: a case study

This study aims to investigate the factors influencing adoption of electronic banking (e banking) and mobile banking (m-banking) and to identify customer preferences in choosing either e-banking or m-banking when conducting transactions. The findings ...
Usability and Security in EU E-Banking Systems - Towards an Integrated Evaluation Framework
SAINT '11: Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the Internet

The proposed work highlights the interaction between security and usability in the context of e-banking security and proposes a theoretical evaluation framework to analyse this interaction and related extrinsic factors. It is felt that current ...
Improving e-banking security with biometrics: modelling user attitudes and acceptance
NTMS'09: Proceedings of the 3rd international conference on New technologies, mobility and security

Despite the widespread success of online banking, there remains a reluctance to use it primarily because of uncertainty and security concerns. This study evaluates the potential of biometric authentication for online banking (bbanking) as a way of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computing

Computing Volume 99, Issue 5

May 2017

117 pages

ISSN:0010-485X

Issue’s Table of Contents

Copyright © Copyright © 2017 Springer-Verlag Wien.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 May 2017

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sauer MAlpers SBecker C(2023)Comparison of methods for analyzing the correlation of user experience and information securityProceedings of the 2023 5th International Conference on Software Engineering and Development10.1145/3637792.3637794(8-16)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1145/3637792.3637794
Jalali FAlidoost Nia MErmakova TAbdollahi MFabian B(2022)Investigating the role of usable security in developers' intention toward security enhancement in service‐oriented applicationsSecurity and Privacy10.1002/spy2.1995:2Online publication date: 6-Mar-2022
https://dl.acm.org/doi/10.1002/spy2.199
Chaimaa BNajib ERachid H(2021)E-banking Overview: Concepts, Challenges and SolutionsWireless Personal Communications: An International Journal10.1007/s11277-020-07911-0117:2(1059-1078)Online publication date: 1-Mar-2021
https://dl.acm.org/doi/10.1007/s11277-020-07911-0
Broders NMartinie CPalanque PWinckler MHalunen K(2020)A Generic Multimodels-Based Approach for the Analysis of Usability and Security of Authentication MechanismsHuman-Centered Software Engineering10.1007/978-3-030-64266-2_4(61-83)Online publication date: 30-Nov-2020
https://dl.acm.org/doi/10.1007/978-3-030-64266-2_4
Falconi FZapata CMoquillaza APaz F(2020)A Systematic Literature Review About Quantitative Metrics to Evaluate Usability and Security of ATM InterfacesDesign, User Experience, and Usability. Case Studies in Public and Personal Interactive Systems10.1007/978-3-030-49757-6_7(100-113)Online publication date: 19-Jul-2020
https://dl.acm.org/doi/10.1007/978-3-030-49757-6_7
Alsaleh MAlomar NAlshreef MAlarifi AAl-Salman A(2017)Performance-Based Comparative Assessment of Open Source Web Vulnerability ScannersSecurity and Communication Networks10.1155/2017/61581072017Online publication date: 24-May-2017
https://dl.acm.org/doi/10.1155/2017/6158107
Alomar NAlsaleh MAlarifi A(2017)Someone in Your Contact List: Cued Recall-Based Textual PasswordsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2017.271212612:11(2574-2589)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.1109/TIFS.2017.2712126

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents