Computing

, Volume 99, Issue 5, pp 519–535 | Cite as

A model for evaluating the security and usability of e-banking platforms

  • Abdulrahman Alarifi
  • Mansour Alsaleh
  • Noura Alomar
Article
First Online:
Received:
Accepted:

Abstract

Convenience and the ability to perform advanced transactions encourage banks clients to use e-banking systems. As security and usability are two growing concerns for e-banking users, banks have invested heavily in improving their web portals security and user experience and trust in them. Despite considerable efforts to evaluate particular security and usability features in e-banking systems, a dedicated security and usability evaluation model that can be used as a guide in the development of e-banking assets remains much less explored. To build a comprehensive security and usability evaluation framework, we first extract security and usability evaluation metrics from the conducted literature review and then include several other evaluation metrics that were not previously identified in the literature. We then propose a structured inspection model for thoroughly evaluating the usability and security of internal and external e-banking assets. We argue that the proposed e-banking security and usability evaluation frameworks in the literature in addition to the existing standards of security best practices (e.g., NIST and ISO) are by no means comprehensive and lack some essential and key evaluation metrics that are of particular interest to e-banking portals. In order to demonstrate the inadequacy of existing models, we use the proposed framework to evaluate five major banks. The evaluation reveals several shortcomings in identifying both missing or incorrectly implemented security and privacy features. Our goal is to encourage other researchers to build upon our work.

Keywords

Security Usability evaluation E-banking Online consumers trust 

Mathematics Subject Classification

68N01 68N99 68N30 

Notes

Acknowledgements

We thank Mashael Almeatani, Nouf Alnufaie, Mona Alsemayen, Njoud Alshehri, and Nora Alswailem for helping in conducting the evaluation. We also thank the anonymous reviewers for their comments which helped improve this paper to its present form. This work was supported in part by KACST.

Supplementary material

607_2017_546_MOESM1_ESM.pdf (63 kb)
Supplementary material 1 (pdf 63 KB)

References

  1. 1.
    YeeLoong Chong A, Ooi K, Lin B, Tan B (2010) Online banking adoption: an empirical analysis. Int J Bank Mark 28(4):267–287CrossRefGoogle Scholar
  2. 2.
    Laukkanen P, Sinkkonen S, Laukkanen T (2008) Consumer resistance to internet banking: postponers, opponents and rejectors. Int J Bank Mark 26(6):440–455CrossRefGoogle Scholar
  3. 3.
    Lichtenstein S, Williamson K (2006) Understanding consumer adoption of internet banking: an interpretive study in the Australian banking context. J Electron Commer Res 7(2):50–66Google Scholar
  4. 4.
    Weir CS, Douglas G, Richardson T, Jack M (2010) Usable security: user preferences for authentication methods in ebanking and the effects of experience. Interact Comput 22(3):153–164CrossRefGoogle Scholar
  5. 5.
    Mannan M, van Oorschot PC (2008) Security and usability: the gap in real-world online banking. In: Proceedings of the 2007 workshop on new security paradigms. ACM, pp 1–14Google Scholar
  6. 6.
    Casalo LV, Flavián C, Guinalíu M (2007) The role of security, privacy, usability and reputation in the development of online banking. Online Inf Rev 31(5):583–603CrossRefGoogle Scholar
  7. 7.
    Pervaiz FRT. Online banking securityGoogle Scholar
  8. 8.
    Aladwani AM (2001) Online banking: a field study of drivers, development challenges, and expectations. Int J Inf Manag 21(3):213–225CrossRefGoogle Scholar
  9. 9.
    Subsorn P, Limwiriyakul S (2011) A comparative analysis of the security of internet banking in Australia: a customer perspective. In: Proceedings of the 2nd international cyber resilience conference, pp 70–83Google Scholar
  10. 10.
    Zarifopoulos M, Economides AA (2009) Evaluating mobile banking portals. Int J Mobile Commun 7(1):66–90CrossRefGoogle Scholar
  11. 11.
    Gutmann P, Grigg I (2005) Security usability. Secur Priv IEEE 3:56–58CrossRefGoogle Scholar
  12. 12.
    Seffah A, Donyaee M, Kline R, Padda H (2006) Usability metrics: a roadmap for a consolidated model. J Softw Qual 14(2):159–178CrossRefGoogle Scholar
  13. 13.
    Braz C, Seffah A, M’Raihi D (2007) Designing a trade-off between usability and security: a metrics based-model. In: Proceedings of the INTERACT07. Springer, NewYork, pp 114–126Google Scholar
  14. 14.
    Möckel C (2011) Usability and security in eu e-banking systems-towards an integrated evaluation framework. In: Applications and the internet (SAINT), 2011 IEEE/IPSJ 11th international symposium on IEEE, pp 230–233Google Scholar
  15. 15.
    Just M, Aspinall, D (2012) On the security and usability of dual credential authentication in UK online banking. In: Internet technology and secured transactions, 2012 international conference for IEEE, pp 259–264Google Scholar
  16. 16.
    Al-Wabil A, Al-Khalifa H (2009) A framework for integrating usability evaluations methods: the mawhiba web portal case study. In: Current trends in information technology (CTIT), 2009 international conference on the IEEE, pp 1–6Google Scholar
  17. 17.
    Althobaiti MM, Mayhew P (2014) Security and usability of authenticating process of online banking: user experience study. In: Security technology (ICCST), 2014 international carnahan conference on IEEE, pp 1–6Google Scholar
  18. 18.
    Weir CS, Douglas G, Carruthers M, Jack M (2009) User perceptions of security, convenience and usability for ebanking authentication tokens. Comput Secur 28(1):47–62CrossRefGoogle Scholar
  19. 19.
    Alomar N, Alsaleh M, Alarifi A (2017) Social authentication applications, attacks, defense strategies and future research directions: a systematic review. IEEE Commun Surv Tutor. http://ieeexplore.ieee.org/abstract/document/7814222/
  20. 20.
    Becker S, Mottay FE et al (2001) A global perspective on web site usability. IEEE Softw 18(1):54–61CrossRefGoogle Scholar
  21. 21.
    Jääskeläinen R (2010) Think-aloud protocol. Handb Transl Stud 1:371–373CrossRefGoogle Scholar
  22. 22.
    Nielsen J, Landauer TK (1993) A mathematical model of the finding of usability problems. In: Proceedings of the INTERACT’93 and CHI’93 conference on human factors in computing systems. ACM, pp 206–213Google Scholar
  23. 23.
    Nielsen J (1994) Estimating the number of subjects needed for a thinking aloud test. Int J Hum Comput Stud 41(3):385–397CrossRefGoogle Scholar
  24. 24.
    Nielsen J (1994) Enhancing the explanatory power of usability heuristics. In: Proceedings of the SIGCHI conference on human factors in computing systems. ACM, pp 152–158Google Scholar
  25. 25.
    Hofstede G (1993) Cultural constraints in management theories. Acad Manag Exec 7(1):81–94Google Scholar
  26. 26.
    Yoon HS, Steege LMB (2013) Development of a quantitative model of the impact of customers personality and perceptions on internet banking use. Comput Hum Behav 29(3):1133–1141CrossRefGoogle Scholar
  27. 27.
    Alsaleh M, Alomar N, Alarifi A (2017) Smartphone users: understanding how security mechanisms are perceived and new persuasive methods. PloS OneGoogle Scholar
  28. 28.
    Nielsen A (2005) Online banking continues despite security concerns. ACNielsen, NewYorkGoogle Scholar
  29. 29.
    Alhumoud S, Alabdulkarim L, Almobarak N, Al-Wabil A (2015) Socio-cultural aspects in the design of multilingual banking interfaces in the arab region. In: Human–computer interaction: users and contexts. Springer, NewYork, pp 269–280Google Scholar
  30. 30.
    Al-Ageel N, Al-Wabil A, Badr G, AlOmar N (2015) Human factors in the design and evaluation of bioinformatics tools. Proc Manuf 3:2003–2010Google Scholar
  31. 31.
    DeWitt AJ, Kuljis J (2006) Aligning usability and security: a usability study of polaris. In: Proceedings of the second symposium on usable privacy and security. ACM, pp 1–7Google Scholar
  32. 32.
    Boehm BW (1988) A spiral model of software development and enhancement. Computer 21(5):61–72CrossRefGoogle Scholar
  33. 33.
    Yee K-P (2002) User interaction design for secure systems. Springer, NewYorkCrossRefMATHGoogle Scholar
  34. 34.
    Kainda R, Flechais I, Roscoe A (2010) Security and usability: analysis and evaluation. In: Availability, reliability, and security, 2010. ARES’10 international conference on IEEE, pp 275–282Google Scholar
  35. 35.
    Hertzum M, Jørgensen N, Nørgaard M (2004) Usable security and e-banking: ease of use vis-a-vis security. Aust J Inf Syst 11(2):52–65Google Scholar
  36. 36.
    Dourish P, Redmiles D (2002) An approach to usable security based on event monitoring and visualization. In: Proceedings of the 2002 workshop on new security paradigms, ACM, pp 75–81Google Scholar
  37. 37.
    John BE, Bass L (2001) Usability and software architecture. Behav Inf Technol 20(5):329–338CrossRefGoogle Scholar
  38. 38.
    Vrancianu M, Popa LA et al (2010) Considerations regarding the security and protection of e-banking services consumers interests. Amfiteatru Econ J 12(28):388–403Google Scholar
  39. 39.
    Landauer TK (1995) The trouble with computers: usefulness, usability, and productivity, vol 21. Taylor & Francis, Milton ParkGoogle Scholar
  40. 40.
    Folmer E, Van Gurp J, Bosch J (2003) A framework for capturing the relationship between usability and software architecture. Softw Process Improv Pract 8(2):67–87CrossRefGoogle Scholar
  41. 41.
    Juristo N, Lopez M, Moreno AM, Sánchez MI (2003) Improving software usability through architectural patterns. In: ICSE workshop on SE-HCI. Citeseer, pp 12–19Google Scholar
  42. 42.
    Abowd G, Bass L, Clements P, Kazman R, Northrop L (1997) Recommended best industrial practice for software architecture evaluation. Technical report, DTIC documentGoogle Scholar
  43. 43.
    Folmer E, van Gurp J, Bosch J (2003) Scenario-based assessment of software architecture usability. In: ICSE workshop on SE-HCI, Citeseer, pp 61–68Google Scholar
  44. 44.
    Folmer E, Gurp JV, Bosch J (2003) Investigating the relationship between usability and software architecture. Software process improvement and practice. Wiley, ColoradoGoogle Scholar
  45. 45.
    Folmer E, Bosch J (2010) Experiences with software architecture analysis of usability. Web engineering advancements and trends: building new dimensions of information technology: building new dimensions of information technology, p 177Google Scholar
  46. 46.
    Sommerville I (2011) Software engineering. Addison-Wesley, BostonMATHGoogle Scholar
  47. 47.
    Kassab M, El-Boussaidi G, Mili H (2012) A quantitative evaluation of the impact of architectural patterns on quality requirements. In: Software engineering research, management and applications 2011, Springer, NewYork, pp 173–184Google Scholar
  48. 48.
    Bass L, Clements P, Kazman R (2003) Software architecture in practice. Addison Wesley, BostonGoogle Scholar
  49. 49.
    Barbacci MR, Klein MH, Weinstock CB (1997) Principles for evaluating the quality attributes of a software architecture, Technical report, DTIC documentGoogle Scholar
  50. 50.
    Raza A, Capretz LF (2015) Usability as a dominant quality attribute. arXiv preprint arXiv:1508.06195
  51. 51.
    Jeng J (2005) Usability assessment of academic digital libraries: effectiveness, efficiency, satisfaction, and learnability. Libri 55(2–3):96–121Google Scholar
  52. 52.
    Diniz E, Porto RM, Adachi T (2005) Internet banking in Brazil: evaluation of functionality, reliability and usability. Electron J Inf Syst Eval 8(1):41–50Google Scholar
  53. 53.
    Uusitalo I, Catot JM, Loureiro R (2009) Phishing and countermeasures in spanish online banking. In: Emerging security information, systems and technologies, 2009. SECURWARE’09. Third international conference on IEEE, pp 167–172Google Scholar
  54. 54.
    Möckel C, Abdallah AE (2010) Threat modeling approaches and tools for securing architectural designs of an e-banking application. In: Information assurance and security (IAS), 2010 sixth international conference on IEEE, pp 149–154Google Scholar
  55. 55.
    Mairiza D, Zowghi D (2010) An ontological framework to manage the relative conflicts between security and usability requirements. In: Managing requirements knowledge (MARK), 2010 third international workshop on IEEE, pp 1–6Google Scholar
  56. 56.
    Gunson N, Marshall D, Morton H, Jack M (2011) User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput Secur 30(4):208–220CrossRefGoogle Scholar
  57. 57.
    Mihajlov M, Jerman-Blazic B, Josimovski S (2011) A conceptual framework for evaluating usable security in authentication mechanisms-usability perspectives. In: Network and system security (NSS), 2011 5th international conference on IEEE, pp 332–336Google Scholar
  58. 58.
    Nayebi F, Desharnais J-M, Abran A (2013) An expert-based framework for evaluating ios application usability. In: Software measurement and the 2013 eighth international conference on software process and product measurement (IWSM-MENSURA), 2013 joint conference of the 23rd international workshop on IEEE, pp 147–155Google Scholar
  59. 59.
    Hutchinson D, Warren M (2003) Security for internet banking: a framework. Logist Inf Manag 16(1):64–73CrossRefGoogle Scholar
  60. 60.
    Sivaji A, Abdullah MR, Downe AG, Ahmad WFW (2013) Hybrid usability methodology: integrating heuristic evaluation with laboratory testing across the software development lifecycle. In: Information technology: new generations (ITNG), 2013 tenth international conference on IEEE, pp 375–383Google Scholar
  61. 61.
    Alomar N et al (2016) Usability engineering of agile software project management tools. In: International conference of design, user experience, and usability. Springer, Cham. http://link.springer.com/chapter/10.1007/978-3-319-40409-7_20
  62. 62.
    Flechais I, Sasse MA, Hailes S (2003) Bringing security home: a process for developing secure and usable systems. In: Proceedings of the 2003 workshop on new security paradigms. ACM, pp 49–57Google Scholar

Copyright information

© Springer-Verlag Wien 2017

Authors and Affiliations

  • Abdulrahman Alarifi
    • 1
  • Mansour Alsaleh
    • 1
  • Noura Alomar
    • 2
  1. 1.King AbdulAziz City for Science and TechnologyRiyadhSaudi Arabia
  2. 2.College of Computer and Information SciencesKing Saud UniversityRiyadhSaudi Arabia

Personalised recommendations