Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Introduction Kapitel lesen Erstes Kapitel lesen

2021 | OriginalPaper | Buchkapitel

Shifting the Blame? Investigation of User Compliance with Digital Payment Regulations

verfasst von : Sophie Van Der Zee

Erschienen in: Cybercrime in Context

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Users play a crucial role in the majority of successful cyberattacks. Compliance with information security guidelines can lead to more secure digital behavior and thereby reduce the chance of successful attacks. Since customer compliance is especially relevant for banks, the Dutch Banking Association (DBA) has developed and implemented a set of five security guidelines for customers. Each guideline is split into several specific actions that customers need to undertake in order to comply. Failure to comply can lead to a negligence claim and financial losses when falling victim to cybercrime. Such security guidelines are only successful if people are aware of their existence and mostly comply. In a user survey (n = 119) we tested whether this was the case. Results indicate that only a quarter of our sample (24.4%) was aware guidelines existed. When asked about compliance with the five general guidelines, less than a quarter (23.5%) of participants reported following all five guidelines. When asked about compliance with all specified actions needed to comply with these guidelines, only 3.4% reported complete compliance. A more in-depth analysis revealed that awareness of the guidelines did not increase compliance. The findings from this paper support recent findings in the security literature that knowledge and awareness alone do not increase secure digital behavior. Taken together, the low awareness and even lower compliance rates with the DBA security guidelines demonstrated in this study suggest that banks may be unfairly shifting the blame towards their customers.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel No Gambles with Information Security: The Victim Psychology of a Ransomware Attack
Nächstes Kapitel Protect Against Unintentional Insider Threats: The Risk of an Employee’s Cyber Misconduct on a Social Media Site
Literatur
Anderson, R., Barton, C., Bohme, R., Clayton, R., van Eeten, M., Levi, M., … Savage, S. (2013). Measuring the cost of cybercrime. InThe economics of information security and privacy (pp. 265–300). Berlin: Springer-Verlag.CrossRef
Bauer, S., Bernroider, E. W. N., & Chudzikowski, K. (2017). Prevention is better than cure! Designing information security awareness programs to overcome users’ non-compliance with information security policies in banks. Computers & Security, 68, 145–159.CrossRef
Bossler, A. M., & Holt, T. J. (2010). The effect of self-control on victimization in the cyberworld. Journal of Criminal Justice, 38, 227–236.CrossRef
Bravo-Lillo, C., Egelman, S., Herley, C., Schechter, S., & Tsai, J. (2013). You needn’t build that: Reusable ethics compliance infrastructure for human subjects research. InCybersecurity Research Ethics Dialog & Strategy Workshop. San Francisco, CA: IEEE.
Claessens, J., Dem, V., De Cock, D., Preneel, B., & Vandewalle, J. (2002). On the security of today’s online electronic banking systems. Computers & Security, 21, 253–265.CrossRef
Coventry, L., Briggs, P., Jeske, D., & van Moorsel, A. (2014). SCENE: A structured means for creating and evaluating behavioral nudges in a cyber security environment. International Conference of Design, User Experience, and Usability, 2014, 229–239.
Cross, C. (2015). No laughing matter: Blaming the victim of online fraud. International Review of Victimology, 21(2), 187–204.CrossRef
Cross, C., & Blackshaw, D. (2014). Improving the police response to online fraud. Policing: A Journal of Policy and Practice, 9(2), 119–128.CrossRef
Dhamija, R., Tygar, J. D., & Hearst, M. (2006). Why phishing works. CHI ‘06 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 2006, 581–590.CrossRef
Egelman, S., Harbach, M., & Peer, E. (2016). Behavior ever follows intention? A validation of the security behavior intentions scale (SeBIS). InThe 2016 Chi Conference (pp. 5257–5261). San Jose, CA: CHI.
Egelman, S., & Peer, E. (2015). Scaling the security wall. Developing a security behavior intentions scale (SeBIS). InChi 2015. Seoul: CHI.
Gratian, M., Bandi, S., Cukier, M., Dykstra, J., & Ginther, A. (2018). Correlating human traits and cyber security behavior intentions. Computers & Security, 73, 345–358.CrossRef
Holtfreter, K., Reisig, M. D., & Pratt, T. C. (2008). Low self-control, routine activities, and fraud victimization. Criminology, 46, 189–220.CrossRef
Jakobsson, M. (2007). The human factor in phishing. Privacy & Security of Consumer Information, 7, 1–19.
Jansen, J., & Leukfeldt, E. R. (2016). Phishing and malware attacks on online banking customers in the Netherlands: A qualitative analysis of factors leading to victimization. International Journal of Cyber Criminology, 10(1), 79–91.
Jones, H. S., Towse, J. N., & Race, N. (2015). Susceptibility to email fraud: A review of psychological perspectives, data-collection methods, and ethical considerations. International Journal of Cyber Behavior, Psychology and Learning., 5(3), 13–29.CrossRef
Krol, K., Spring, J. M., Parkin, S., & Sasse, M. A. (2016). Towards robust experimental design for user studies in security and privacy. InLearning from authoritative security experiment results (LASER), USENIX (pp. 21–31). San Jose, CA: USENIX.
Lewis, J. (2018). Economic Impact of Cybercrime— No Slowing Down. McAfee report, February 2018.
Ngo, F. T., & Paternoster, R. (2011). Cybercrime victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5(1), 773–793.
Öğütçü, G., Testik, Ö. M., & Chouseinoglou, O. (2016). Analysis of personal information security behavior and awareness. Computers & Security, 56, 83–93.CrossRef
Parsons, K., Calic, D., Pattison, M., Butavicius, M., McCormack, A., & Zwaans, T. (2017). The human aspects of information security questionnaire (HAIS-Q): Two further validation studies. Computers & Security, 66, 40–51.CrossRef
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Computers & Security, 42, 165–176.CrossRef
Rajivan, P., & Gonzalez, C. (2018). Creative persuasion: A study on adversarial behaviors and strategies in phishing attacks. Frontiers in Psychology, 9, 135.CrossRef
Sasse, M. A., Brostoff, S., & Weirich, D. (2001). Transforming the ‘weakest link’. A human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3), 122–131.CrossRef
Scheerder, A., van Deursen, A., & van Dijk, J. (2017). Determinants of internet skills, uses and outcomes. A systematic review of the second- and third-level digital divide. Telematics and Informatics, 34(8), 1607–1624.CrossRef
Schneier, B. (2000). Secrets and lies: Security in a digital world. Hoboken, NJ: John Wiley and Sons.
Van de Weijer, S., Leukfeldt, R., Van der Zee, S. (2020). Reporting cybercrime victimization: Determinants, motives, and previous experiences. Policing: An International Journal 2020, 1363-951X.
Van de Weijer, S. G. A., & Leukfeldt, E. R. (2017). Big five personality traits of cybercrime victims. Cyberpsychology, Behavior and Social Networking, 20(7), 407–412.CrossRef
Metadaten
Titel
Shifting the Blame? Investigation of User Compliance with Digital Payment Regulations
verfasst von
Sophie Van Der Zee
Copyright-Jahr
2021
Verlag
Springer International Publishing
Buch
Cybercrime in Context

Print ISBN: 978-3-030-60526-1

Electronic ISBN: 978-3-030-60527-8

Copyright-Jahr: 2021

DOI
https://doi.org/10.1007/978-3-030-60527-8_5