nach oben

Computing

Erschienen in:

09.03.2017

A model for evaluating the security and usability of e-banking platforms

verfasst von: Abdulrahman Alarifi, Mansour Alsaleh, Noura Alomar

Erschienen in: Computing | Ausgabe 5/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Convenience and the ability to perform advanced transactions encourage banks clients to use e-banking systems. As security and usability are two growing concerns for e-banking users, banks have invested heavily in improving their web portals security and user experience and trust in them. Despite considerable efforts to evaluate particular security and usability features in e-banking systems, a dedicated security and usability evaluation model that can be used as a guide in the development of e-banking assets remains much less explored. To build a comprehensive security and usability evaluation framework, we first extract security and usability evaluation metrics from the conducted literature review and then include several other evaluation metrics that were not previously identified in the literature. We then propose a structured inspection model for thoroughly evaluating the usability and security of internal and external e-banking assets. We argue that the proposed e-banking security and usability evaluation frameworks in the literature in addition to the existing standards of security best practices (e.g., NIST and ISO) are by no means comprehensive and lack some essential and key evaluation metrics that are of particular interest to e-banking portals. In order to demonstrate the inadequacy of existing models, we use the proposed framework to evaluate five major banks. The evaluation reveals several shortcomings in identifying both missing or incorrectly implemented security and privacy features. Our goal is to encourage other researchers to build upon our work.

Vorheriger Artikel Enhanced Artificial Bee Colony Algorithm for QoS-aware Web Service Selection problem

Nächster Artikel They do! How the explicit motive-structure predicts user behavior in (business-) social network sites like Xing or LinkedIn

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Appendix 1 can be found in the supplementary material of this paper.

A web-based security mechanism that provides one type of mutual authentication between end-users and web servers.

YeeLoong Chong A, Ooi K, Lin B, Tan B (2010) Online banking adoption: an empirical analysis. Int J Bank Mark 28(4):267–287CrossRef

Laukkanen P, Sinkkonen S, Laukkanen T (2008) Consumer resistance to internet banking: postponers, opponents and rejectors. Int J Bank Mark 26(6):440–455CrossRef

Lichtenstein S, Williamson K (2006) Understanding consumer adoption of internet banking: an interpretive study in the Australian banking context. J Electron Commer Res 7(2):50–66

Weir CS, Douglas G, Richardson T, Jack M (2010) Usable security: user preferences for authentication methods in ebanking and the effects of experience. Interact Comput 22(3):153–164CrossRef

Mannan M, van Oorschot PC (2008) Security and usability: the gap in real-world online banking. In: Proceedings of the 2007 workshop on new security paradigms. ACM, pp 1–14

Casalo LV, Flavián C, Guinalíu M (2007) The role of security, privacy, usability and reputation in the development of online banking. Online Inf Rev 31(5):583–603CrossRef

Pervaiz FRT. Online banking security

Aladwani AM (2001) Online banking: a field study of drivers, development challenges, and expectations. Int J Inf Manag 21(3):213–225CrossRef

Subsorn P, Limwiriyakul S (2011) A comparative analysis of the security of internet banking in Australia: a customer perspective. In: Proceedings of the 2nd international cyber resilience conference, pp 70–83

10.

Zarifopoulos M, Economides AA (2009) Evaluating mobile banking portals. Int J Mobile Commun 7(1):66–90CrossRef

11.

Gutmann P, Grigg I (2005) Security usability. Secur Priv IEEE 3:56–58CrossRef

12.

Seffah A, Donyaee M, Kline R, Padda H (2006) Usability metrics: a roadmap for a consolidated model. J Softw Qual 14(2):159–178CrossRef

13.

Braz C, Seffah A, M’Raihi D (2007) Designing a trade-off between usability and security: a metrics based-model. In: Proceedings of the INTERACT07. Springer, NewYork, pp 114–126

14.

Möckel C (2011) Usability and security in eu e-banking systems-towards an integrated evaluation framework. In: Applications and the internet (SAINT), 2011 IEEE/IPSJ 11th international symposium on IEEE, pp 230–233

15.

Just M, Aspinall, D (2012) On the security and usability of dual credential authentication in UK online banking. In: Internet technology and secured transactions, 2012 international conference for IEEE, pp 259–264

16.

Al-Wabil A, Al-Khalifa H (2009) A framework for integrating usability evaluations methods: the mawhiba web portal case study. In: Current trends in information technology (CTIT), 2009 international conference on the IEEE, pp 1–6

17.

Althobaiti MM, Mayhew P (2014) Security and usability of authenticating process of online banking: user experience study. In: Security technology (ICCST), 2014 international carnahan conference on IEEE, pp 1–6

18.

Weir CS, Douglas G, Carruthers M, Jack M (2009) User perceptions of security, convenience and usability for ebanking authentication tokens. Comput Secur 28(1):47–62CrossRef

19.

Alomar N, Alsaleh M, Alarifi A (2017) Social authentication applications, attacks, defense strategies and future research directions: a systematic review. IEEE Commun Surv Tutor. http://ieeexplore.ieee.org/abstract/document/7814222/

20.

Becker S, Mottay FE et al (2001) A global perspective on web site usability. IEEE Softw 18(1):54–61CrossRef

21.

Jääskeläinen R (2010) Think-aloud protocol. Handb Transl Stud 1:371–373CrossRef

22.

Nielsen J, Landauer TK (1993) A mathematical model of the finding of usability problems. In: Proceedings of the INTERACT’93 and CHI’93 conference on human factors in computing systems. ACM, pp 206–213

23.

Nielsen J (1994) Estimating the number of subjects needed for a thinking aloud test. Int J Hum Comput Stud 41(3):385–397CrossRef

24.

Nielsen J (1994) Enhancing the explanatory power of usability heuristics. In: Proceedings of the SIGCHI conference on human factors in computing systems. ACM, pp 152–158

25.

Hofstede G (1993) Cultural constraints in management theories. Acad Manag Exec 7(1):81–94

26.

Yoon HS, Steege LMB (2013) Development of a quantitative model of the impact of customers personality and perceptions on internet banking use. Comput Hum Behav 29(3):1133–1141CrossRef

27.

Alsaleh M, Alomar N, Alarifi A (2017) Smartphone users: understanding how security mechanisms are perceived and new persuasive methods. PloS One

28.

Nielsen A (2005) Online banking continues despite security concerns. ACNielsen, NewYork

29.

Alhumoud S, Alabdulkarim L, Almobarak N, Al-Wabil A (2015) Socio-cultural aspects in the design of multilingual banking interfaces in the arab region. In: Human–computer interaction: users and contexts. Springer, NewYork, pp 269–280

30.

Al-Ageel N, Al-Wabil A, Badr G, AlOmar N (2015) Human factors in the design and evaluation of bioinformatics tools. Proc Manuf 3:2003–2010

31.

DeWitt AJ, Kuljis J (2006) Aligning usability and security: a usability study of polaris. In: Proceedings of the second symposium on usable privacy and security. ACM, pp 1–7

32.

Boehm BW (1988) A spiral model of software development and enhancement. Computer 21(5):61–72CrossRef

33.

Yee K-P (2002) User interaction design for secure systems. Springer, NewYorkCrossRefMATH

34.

Kainda R, Flechais I, Roscoe A (2010) Security and usability: analysis and evaluation. In: Availability, reliability, and security, 2010. ARES’10 international conference on IEEE, pp 275–282

35.

Hertzum M, Jørgensen N, Nørgaard M (2004) Usable security and e-banking: ease of use vis-a-vis security. Aust J Inf Syst 11(2):52–65

36.

Dourish P, Redmiles D (2002) An approach to usable security based on event monitoring and visualization. In: Proceedings of the 2002 workshop on new security paradigms, ACM, pp 75–81

37.

John BE, Bass L (2001) Usability and software architecture. Behav Inf Technol 20(5):329–338CrossRef

38.

Vrancianu M, Popa LA et al (2010) Considerations regarding the security and protection of e-banking services consumers interests. Amfiteatru Econ J 12(28):388–403

39.

Landauer TK (1995) The trouble with computers: usefulness, usability, and productivity, vol 21. Taylor & Francis, Milton Park

40.

Folmer E, Van Gurp J, Bosch J (2003) A framework for capturing the relationship between usability and software architecture. Softw Process Improv Pract 8(2):67–87CrossRef

41.

Juristo N, Lopez M, Moreno AM, Sánchez MI (2003) Improving software usability through architectural patterns. In: ICSE workshop on SE-HCI. Citeseer, pp 12–19

42.

Abowd G, Bass L, Clements P, Kazman R, Northrop L (1997) Recommended best industrial practice for software architecture evaluation. Technical report, DTIC document

43.

Folmer E, van Gurp J, Bosch J (2003) Scenario-based assessment of software architecture usability. In: ICSE workshop on SE-HCI, Citeseer, pp 61–68

44.

Folmer E, Gurp JV, Bosch J (2003) Investigating the relationship between usability and software architecture. Software process improvement and practice. Wiley, Colorado

45.

Folmer E, Bosch J (2010) Experiences with software architecture analysis of usability. Web engineering advancements and trends: building new dimensions of information technology: building new dimensions of information technology, p 177

46.

Sommerville I (2011) Software engineering. Addison-Wesley, BostonMATH

47.

Kassab M, El-Boussaidi G, Mili H (2012) A quantitative evaluation of the impact of architectural patterns on quality requirements. In: Software engineering research, management and applications 2011, Springer, NewYork, pp 173–184

48.

Bass L, Clements P, Kazman R (2003) Software architecture in practice. Addison Wesley, Boston

49.

Barbacci MR, Klein MH, Weinstock CB (1997) Principles for evaluating the quality attributes of a software architecture, Technical report, DTIC document

50.

Raza A, Capretz LF (2015) Usability as a dominant quality attribute. arXiv preprint arXiv:1508.06195

51.

Jeng J (2005) Usability assessment of academic digital libraries: effectiveness, efficiency, satisfaction, and learnability. Libri 55(2–3):96–121

52.

Diniz E, Porto RM, Adachi T (2005) Internet banking in Brazil: evaluation of functionality, reliability and usability. Electron J Inf Syst Eval 8(1):41–50

53.

Uusitalo I, Catot JM, Loureiro R (2009) Phishing and countermeasures in spanish online banking. In: Emerging security information, systems and technologies, 2009. SECURWARE’09. Third international conference on IEEE, pp 167–172

54.

Möckel C, Abdallah AE (2010) Threat modeling approaches and tools for securing architectural designs of an e-banking application. In: Information assurance and security (IAS), 2010 sixth international conference on IEEE, pp 149–154

55.

Mairiza D, Zowghi D (2010) An ontological framework to manage the relative conflicts between security and usability requirements. In: Managing requirements knowledge (MARK), 2010 third international workshop on IEEE, pp 1–6

56.

Gunson N, Marshall D, Morton H, Jack M (2011) User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput Secur 30(4):208–220CrossRef

57.

Mihajlov M, Jerman-Blazic B, Josimovski S (2011) A conceptual framework for evaluating usable security in authentication mechanisms-usability perspectives. In: Network and system security (NSS), 2011 5th international conference on IEEE, pp 332–336

58.

Nayebi F, Desharnais J-M, Abran A (2013) An expert-based framework for evaluating ios application usability. In: Software measurement and the 2013 eighth international conference on software process and product measurement (IWSM-MENSURA), 2013 joint conference of the 23rd international workshop on IEEE, pp 147–155

59.

Hutchinson D, Warren M (2003) Security for internet banking: a framework. Logist Inf Manag 16(1):64–73CrossRef

60.

Sivaji A, Abdullah MR, Downe AG, Ahmad WFW (2013) Hybrid usability methodology: integrating heuristic evaluation with laboratory testing across the software development lifecycle. In: Information technology: new generations (ITNG), 2013 tenth international conference on IEEE, pp 375–383

61.

Alomar N et al (2016) Usability engineering of agile software project management tools. In: International conference of design, user experience, and usability. Springer, Cham. http://link.springer.com/chapter/10.1007/978-3-319-40409-7_20

62.

Flechais I, Sasse MA, Hailes S (2003) Bringing security home: a process for developing secure and usable systems. In: Proceedings of the 2003 workshop on new security paradigms. ACM, pp 49–57

Titel: A model for evaluating the security and usability of e-banking platforms
verfasst von: Abdulrahman Alarifi
Mansour Alsaleh
Noura Alomar
Publikationsdatum: 09.03.2017
Verlag: Springer Vienna
Erschienen in: Computing / Ausgabe 5/2017
Print ISSN: 0010-485X
Elektronische ISSN: 1436-5057
DOI: https://doi.org/10.1007/s00607-017-0546-9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 5/2017

CPS: a dynamic and distributed pricing policy in cyber foraging systems for fixed state cloudlets

Iterated endorsement deduction and ranking

Enhanced Artificial Bee Colony Algorithm for QoS-aware Web Service Selection problem

An efficient signcryption for data access control in cloud computing

A methodology for measuring structure similarity of fuzzy XML documents

RDF approximate queries based on semantic similarity