Public terminals for service provision provide high convenience to users due to their constant availability. Yet, the interaction with them lacks security and privacy as it takes place in a public setting. Additionally, users have to wait in line until they can interact with the terminal. In comparison to that, personal mobile devices allow for private service execution. Since many services, like with-drawing money from an ATM, require physical presence at the terminal, hybrid approaches have been developed. These move parts of the interaction to a mobile device. In this work we present the results of a four week long real world user study, in which we investigated whether hybrid approaches would actually be used. The results show that users accept the hybrid service as they understood that they could use down downtimes (like bus rides) to prepare the interaction with the public terminal. Our findings give novel insights about security relevant aspects such as where and when users interact with the mobile service before accessing the public terminal. So the preparation of the transaction on the mobile phone was often conducted much further away from the terminal than expected (81.0% with a distance greater than 400m) and earlier than expected (82.1% at least 5 minutes in advance).
[1]
Ian Oakley,et al.
Using mobile device screens for authentication
,
2011,
OZCHI.
[2]
Roy Want,et al.
Near field communication
,
2011,
IEEE Pervasive Computing.
[3]
J. B. Brooke,et al.
SUS: A 'Quick and Dirty' Usability Scale
,
1996
.
[4]
Richard Sharp,et al.
Secure Mobile Computing Via Public Terminals
,
2006,
Pervasive.
[5]
Heinrich Hußmann,et al.
Towards understanding ATM security: a field study of real world ATM use
,
2010,
SOUPS.
[6]
J. Boyd.
Here comes the wallet phone [wireless credit card]
,
2005,
IEEE Spectrum.
[7]
Uwe Hansmann,et al.
Pervasive Computing
,
2003
.
[8]
Qi Shi,et al.
Ubiquitous Secure Cash Withdrawal
,
2009
.
[9]
Edward Cutrell,et al.
Usably secure, low-cost authentication for mobile banking
,
2010,
SOUPS.
[10]
Alexander De Luca,et al.
A privacy-respectful input method for public terminals
,
2008,
NordiCHI.
[11]
Lujo Bauer,et al.
Lessons learned from the deployment of a smartphone-based access-control system
,
2007,
SOUPS '07.