Assessing anti-phishing preparedness: A study of online banks in Hong Kong

Phishing has enormous impacts on the financial industry. This research aims to investigate anti-phishing preparedness of banks in Hong Kong. Web sites of registered Hong Kong banks are analyzed. Information related to phishing and anti-phishing measures adopted by banks are gathered and scores are assigned to banks according to a model measuring accessibility, usability, and information content. A combined score is computed for each bank by measuring the average performance of the bank Web site in all three aspects. The analysis revealed that banks in Hong Kong were generally prepared for countering phishing attacks, and separated out into three clusters that differed in terms of accessibility. The research identified that phishing information was easier to access and was richer in content and coverage compared to information related to anti-phishing measures. Although banks attached importance to information related to anti-phishing measures they needed to improve the accessibility of such information on their Web sites and needed to provide anti-phishing measures related information corresponding to all possible types of phishing attacks including malware and phishing e-mail.

[1]  M. Warren,et al.  Security for Internet banking: a framework , 2003 .

[2]  Justine Cassell,et al.  External manifestations of trustworthiness in the interface , 2000, CACM.

[3]  Kyung Kyu Kim,et al.  Initial trust and the adoption of B2C e-commerce: The case of internet banking , 2004, DATB.

[4]  Chang Liu,et al.  Exploring the factors associated with Web site success in the context of electronic commerce , 2000, Inf. Manag..

[5]  Susan Wiedenbeck,et al.  On-line trust: concepts, evolving themes, a model , 2003, Int. J. Hum. Comput. Stud..

[6]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[7]  Barrie Dale,et al.  Key quality factors in Web site design and use: an examination , 2002 .

[8]  Dan Jong Kim,et al.  Customer self-service systems: The effects of perceived Web quality with service contents on enjoyment, anxiety, and e-trust , 2007, Decis. Support Syst..

[9]  Kicka Lindroos,et al.  Use quality and the World Wide Web , 1997, Inf. Softw. Technol..

[10]  Giovanni Vigna,et al.  Detecting malicious JavaScript code in Mozilla , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).

[11]  Donna L. Hoffman,et al.  Building consumer trust online , 1999, CACM.

[12]  Christopher Krügel,et al.  Protecting Users against Phishing Attacks , 2006, Comput. J..

[13]  Lorrie Faith Cranor Proceedings of the 2005 symposium on Usable privacy and security , 2005 .

[14]  John G. Lynch,et al.  Interactive Home Shopping: Consumer, Retailer, and Manufacturer Incentives to Participate in Electronic Marketplaces , 1997 .

[15]  Tsuyoshi Abe,et al.  Cryptographic alias e-mail addresses for privacy enforcement in business outsourcing , 2005, DIM '05.

[16]  Barbara D. Klein,et al.  User evaluations of IS as surrogates for objective performance , 2000, Inf. Manag..

[17]  Rian van der Merwe,et al.  A framework and methodology for evaluating e-commerce Web sites , 2003, Internet Res..

[18]  Fatemeh Zahedi,et al.  The Measurement of Web-Customer Satisfaction: An Expectation and Disconfirmation Approach , 2002, Inf. Syst. Res..

[19]  Ephraim R. McLean,et al.  Information Systems Success: The Quest for the Dependent Variable , 1992, Inf. Syst. Res..

[20]  Richard T. Watson,et al.  Service Quality: A Measure of Information System Effectiveness , 1995, MIS Q..

[21]  Lopo L. Rego,et al.  What makes commercial Web pages popular , 1998 .

[22]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[23]  Xiang Fang,et al.  An empirical study of web site navigation structures' impacts on web site usability , 2007, Decis. Support Syst..

[24]  Niels Bjørn-Andersen,et al.  Towards a Framework for Evaluation of Commercial Web Sites , 2000 .

[25]  Jeffrey T. Hancock,et al.  Impression Formation in Computer-Mediated Communication Revisited , 2001, Commun. Res..

[26]  Ingoo Han,et al.  Security threats to Internet: a Korean multi-industry investigation , 2001, Inf. Manag..

[27]  Francisco Javier Miranda González,et al.  Quantitative evaluation of commercial web sites: : an empirical study of Spanish firms , 2004, Int. J. Inf. Manag..

[28]  Lance James,et al.  Phishing exposed , 2005 .

[29]  Russell Dean Vines,et al.  Phishing: Cutting the Identity Theft Line , 2005 .

[30]  J. Hagel,et al.  The Real Value of Online Communities , 2000 .

[31]  Andrea Everard,et al.  How Presentation Flaws Affect Perceived Site Quality, Trust, and Intention to Purchase from an Online Store , 2005, J. Manag. Inf. Syst..

[32]  George Lawton E-mail authentication is here, but has it arrived yet? , 2005, Computer.

[33]  Maarten Gelderman,et al.  The relation between user satisfaction, usage of information systems and performance , 1998, Inf. Manag..

[34]  Dale Goodhue,et al.  Understanding user evaluations of information systems , 1995 .

[35]  Gustavo Rossi,et al.  Specifying Quality Characteristics and Attributes for Websites , 2001, Web Engineering.

[36]  Diane M. Strong,et al.  Data quality in context , 1997, CACM.

[37]  Sue Fowell,et al.  Expectations versus reality: a snapshot of consumer experiences with Internet retailing , 2000, Int. J. Inf. Manag..

[38]  David M. Szymanski,et al.  Customer satisfaction: A meta-analysis of the empirical evidence , 2001 .

[39]  Markus Jakobsson,et al.  Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft , 2006 .

[40]  James Ho,et al.  Evaluating the World Wide Web: A Global Study of Commercial Sites , 2006, J. Comput. Mediat. Commun..

[41]  Walid G. Aref,et al.  Security models for web-based applications , 2001, CACM.

[42]  Stefan Savage,et al.  Proceedings of the 2003 ACM Workshop on Rapid Malcode, WORM 2003, Washington, DC, USA, October 27, 2003 , 2003, WORM.

[43]  Joel R. Evans,et al.  Business-to-Business Marketing and the World Wide Web: Planning, Managing, and Assessing Web Sites , 1999 .

[44]  Keng Siau,et al.  Measuring information quality of web sites: development of an instrument , 1999, ICIS.

[45]  Sirkka L. Jarvenpaa,et al.  Consumer Trust in an Internet Store: A Cross-Cultural Validation , 2006, J. Comput. Mediat. Commun..

[46]  Jakob Nielsen,et al.  Improving a human-computer dialogue , 1990, CACM.

[47]  Matthew C. Elder,et al.  Recent worms: a survey and trends , 2003, WORM '03.

[48]  Steven M. Bellovin Spamming, phishing, authentication, and privacy , 2004, CACM.

[49]  T. C. Edwin Cheng,et al.  Adoption of internet banking: An empirical study in Hong Kong , 2006, Decis. Support Syst..

[50]  Simson L. Garfinkel,et al.  How to make secure email easier to use , 2005, CHI.

[51]  Ewald A. Kaluscha,et al.  Empirical research in on-line trust: a review and critical assessment , 2003, Int. J. Hum. Comput. Stud..

[52]  Charles J. Kacmar,et al.  Developing and Validating Trust Measures for e-Commerce: An Integrative Typology , 2002, Inf. Syst. Res..

[53]  Avivah Litan Phishing Attack Victims Likely Targets for Identity Theft , 2005 .

[54]  John D'Ambra,et al.  Emerging factors in user evaluation of the World Wide Web , 2001, Inf. Manag..

[55]  Jonathan W. Palmer,et al.  Web Site Usability, Design, and Performance Metrics , 2002, Inf. Syst. Res..

[56]  G. Tally,et al.  Anti-Phishing: Best Practices for Institutions and Consumers , 2004 .

[57]  John Eighmey Profiling user responses to commercial web sites , 1997 .

[58]  M.H.P. Kleijnen,et al.  Customer adoption of e‐service: an experimental study , 2001 .

[59]  Prashant C. Palvia,et al.  Developing and validating an instrument for measuring user-perceived web quality , 2002, Inf. Manag..

[60]  Aaron Weiss,et al.  Trends for 2005 , 2004, NTWK.