Usable Security and E-Banking: ease of use vis-a-vis security

Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes and that the weaknesses may in turn cause decreased security. We view the conflict between ease of use and security in the context of usable security, a concept that is intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems.

[1]  Paul Dourish,et al.  An approach to usable security based on event monitoring and visualization , 2002, NSPW '02.

[2]  Jakob Nielsen,et al.  Heuristic evaluation of user interfaces , 1990, CHI '90.

[3]  Ergonomic requirements for office work with visual display terminals ( VDTs ) — Part 11 : Guidance on usability , 1998 .

[4]  Margaret Tan,et al.  Factors Influencing the Adoption of Internet Banking , 2000, J. Assoc. Inf. Syst..

[5]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[6]  M. Sadiq Sohail,et al.  E-Banking and Customer Preferences in Malaysia: An Empirical Investigation , 2003, Inf. Sci..

[7]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[8]  Diana K. Smetters,et al.  Moving from the design of usable security technologies to the design of useful secure applications , 2002, NSPW '02.

[9]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[10]  Wen-Jang Jih,et al.  Effects of Perceived Risks on Adoption of Internet Banking Services: An Empirical Investigation in Taiwan , 2005, Int. J. E Bus. Res..

[11]  Gavriel Salvendy,et al.  Usability and Security An Appraisal of Usability Issues in Information Security Methods , 2001, Comput. Secur..

[12]  Dirk C. Keene Acknowledgements , 1975 .

[13]  M. Angela Sasse,et al.  Making Passwords Secure and Usable , 1997, BCS HCI.

[14]  Michael Tow Cheung,et al.  Internet-based e-banking and consumer attitudes: an empirical study , 2002, Inf. Manag..

[15]  Benny Pinkas,et al.  Securing passwords against dictionary attacks , 2002, CCS '02.

[16]  Karen Holtzblatt,et al.  Contextual design , 1997, INTR.

[17]  Ben Shneiderman,et al.  Designing the User Interface: Strategies for Effective Human-Computer Interaction , 1998 .

[18]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[19]  Balachandran Shanmugham,et al.  E-Banking and Customer Preferences in Malaysia: An Empirical Investigation , 2003 .

[20]  Rajiv M. Dewan,et al.  Current issues in e-banking: introduction , 2001, CACM.

[21]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[22]  Joos Vandewalle,et al.  On the Security of Today's Online Electronic Banking Systems , 2002, Comput. Secur..

[23]  Jens Rasmussen,et al.  Cognitive Systems Engineering , 2022 .