Usable Security and E-Banking: Ease of Use vis-à-vis Security

Morten Hertzum, Niels Christian Juul, Niels Henrik Jørgensen, Mie Nørgaard

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearch

    Abstract

    Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Analysis of the weaknesses suggests that security requirements are among their causes and that the weaknesses may in turn cause decreased security. Conceptually we view the conflict between ease of use and security in the context of usable security, intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems.
    Original languageEnglish
    Title of host publicationOZCHI 2004 Conference Proceedings
    PublisherUniversity of Wollongong
    Publication date2004
    ISBN (Print)1 74128 079 6
    Publication statusPublished - 2004
    EventOZCHI: the annual conference for the Computer-Human Interaction Special Interest Group (CHISIG) of the Human Factors and Ergonomics Society of Australia - Wollongong, Australia
    Duration: 21 Nov 200424 Nov 2004

    Conference

    ConferenceOZCHI: the annual conference for the Computer-Human Interaction Special Interest Group (CHISIG) of the Human Factors and Ergonomics Society of Australia
    Country/TerritoryAustralia
    CityWollongong
    Period21/11/200424/11/2004

    Keywords

    • usable security
    • ease of use
    • electronic banking
    • public key infrastructure
    • strong passwords

    Cite this