User perceptions of security, convenience and usability for ebanking authentication tokens

This research compared three different two-factor methods of eBanking authentication. Three devices employing incremental security layers in the generation of one time passcodes (OTPs) were compared in a repeated-measures, controlled experiment with 50 eBanking customers. Attitudes towards usability and usage logs were taken for each experience. Comparisons of the devices in terms of overall quality, security and convenience as perceived by participants were also recorded. There were significant differences between all three methods in terms of usability measures, perceived quality, convenience and security ratings - with the perceived security ratings following a reverse order to the other measures. Almost two thirds of the participant sample chose the device they perceived the least secure as their preference. Participants were asked to use their preferred method again and tended to find their chosen device more usable. This research illustrates the usability-security trade off, where convenience, quality and usability are sacrificed when increasing layers of security are required. In their preferences, customers were driven by their attitudes towards usability and convenience rather than their perceptions of security.

[1]  Matthew S. Eastin,et al.  Diffusion of e-commerce: an analysis of the adoption of four e-commerce activities , 2002, Telematics Informatics.

[2]  A. A. Gabiani,et al.  The Price of "Love" , 1989 .

[3]  Tom Carey,et al.  Human-computer interaction , 1994 .

[4]  Anne Adams,et al.  Building security and trust in online banking , 2005, CHI Extended Abstracts.

[5]  Steve Draper,et al.  Questionnaires as a software evaluation tool , 1983, CHI '83.

[6]  Paul Foley,et al.  Changes in the banking sector - the case of Internet banking in the UK , 2000, Internet Res..

[7]  Kasper Hornbæk,et al.  Meta-analysis of correlations among usability measures , 2007, CHI.

[8]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[9]  Paolo Salvaneschi,et al.  The usability of security devices , 2004 .

[10]  Richard W. Scamell,et al.  The Effects of Information System User Expectations on Their Performance and Perceptions , 1993, MIS Q..

[11]  Sean W. Smith,et al.  The TIPPI Point: Toward Trustworthy Interfaces , 2005, IEEE Secur. Priv..

[12]  Mervyn A. Jack,et al.  Functionality and usability in design for eStatements in eBanking services , 2007, Interact. Comput..

[13]  Kasper Hornbæk,et al.  Current practice in measuring usability: Challenges to usability studies and research , 2006, Int. J. Hum. Comput. Stud..

[14]  Diana K. Smetters,et al.  Moving from the design of usable security technologies to the design of useful secure applications , 2002, NSPW '02.

[15]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[16]  Bruce Schneier,et al.  Two-factor authentication: too little, too late , 2005, CACM.

[17]  Moshe Zviran,et al.  Password Security: An Empirical Study , 1999, J. Manag. Inf. Syst..

[18]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[19]  Ivan Flechais,et al.  Usable Security: Why Do We Need It? How Do We Get It? , 2005 .

[20]  Helmut Schneider,et al.  The domino effect of password reuse , 2004, CACM.

[21]  T. Landauer,et al.  Handbook of Human-Computer Interaction , 1997 .

[22]  Margaret Tan,et al.  Factors Influencing the Adoption of Internet Banking , 2000, J. Assoc. Inf. Syst..

[23]  Gavriel Salvendy,et al.  Usability and Security An Appraisal of Usability Issues in Information Security Methods , 2001, Comput. Secur..

[24]  Simson L. Garfinkel,et al.  Security and Usability , 2005 .

[25]  P. Kline Handbook of Psychological Testing , 2013 .

[26]  Nigel Bevan Design for usability , 1999, HCI.

[27]  Thomas Weigold,et al.  Secure Internet banking authentication , 2006, IEEE Security & Privacy.

[28]  Jorgen P. Bansler,et al.  Corporate Intranet Implementation: Managing Emergent Technologies and Organizational Practices , 2000, J. Assoc. Inf. Syst..

[29]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[30]  William Knight Technology: The price of love , 2008 .

[31]  M. Sadiq Sohail,et al.  E-Banking and Customer Preferences in Malaysia: An Empirical Investigation , 2003, Inf. Sci..

[32]  Paul A. Henry Authentication: Two-factor authentication - a look behind the headlines , 2006 .

[33]  Thomas K. Landauer,et al.  Research Methods in Human-Computer Interaction , 1988 .

[34]  James N. Anderson,et al.  On the role of metaphor and language in design of third party payments in eBanking: Usability and quality , 2006, Int. J. Hum. Comput. Stud..

[35]  Nigel Reavley Securing online banking , 2005 .

[36]  Jan H. P. Eloff,et al.  Security and human computer interfaces , 2003, Comput. Secur..

[37]  Steven Furnell,et al.  Why users cannot use security , 2005, Comput. Secur..