Free Freelance Contract Template (To Keep You Safe) in 2020

Free Freelance Contract Template (To Keep You Safe) in 2020

 

Free Freelance Contract Template (To Keep You Safe) in 2020

Miri Colman
September 06, 2020

Whether you are working as a freelancer or you want to hire a freelancer, a contract is essential to maintain a level of clarity and prevent disputes.

Here’s a freelance contract template we’ve created (and used) to keep both our company and the freelancers we employ, safe. It’s FREE! So please use it and share it with your friends and colleagues.

The point of a freelance contract is to eliminate those fears and to keep everyone safe, and aligned, with what each party has committed to. The contract should outline the scope of the project including the goals, deliverables and deadlines. And it should explicitly state the number of work hours expected, as well as the payment rate and the payment schedule.

Freelancer Contract

Freelance AGREEMENT DATED _______________ BETWEEN:

(1)        YOUR COMPANY NAME, whose principal place of business is located at YOUR COMPANY ADDRESS (the “Company”); and

(2)        ________________________ ID number __________________, from ___________________________ (the “Freelancer”), (each a “Party” and together the “Parties”).

WHEREAS the Company is in the business of online marketing (the “Business”);

AND WHEREAS the Company desires to cooperate with the Freelancer in Business as freelancer and without to form an employer-employee relations;

AND WHEREAS the Freelancer desires to cooperate with the Company in Business as freelancer and without to form an employer-employee relations;

IT IS THEREBY AGREED:

1.        Contents of Agreement

1.1.        The preamble and the exhibits to this Agreement constitute an integral part hereof and are hereby incorporated by reference.

2.        Duties

2.1.        Commencing from the Effective Date (as defined in Section 3 below), the Company shall cooperate with the Freelancer and the Freelancer shall cooperate with the Company in any project decided by the Company as a content editor upon the terms and conditions set forth herein.

2.2.        The Freelancer shall devote all his time, attention and abilities to fulfill the terms of this Agreement, to promote the Business of the Company and shall perform his duties diligently, conscientiously and promptly to the best of his ability and to the satisfaction and benefit of the Company.

2.3.        The Freelancer shall have no authority toward third parties on behalf of the Company and shall not execute any agreements or contracts that bind the Company or deviate from the standard policy of the Company, without the prior written authorization of the Board of Directors of the Company.

2.4.        The Freelancer undertakes to notify the Company, immediately and without any delay, of any interest or matter which he may have a personal interest or which is likely to create a conflict of interest with his role in the Company.

2.5.        The Freelancer acknowledges that the Company will provide him an email account that is designated for working purpose (the “Email”). The Email shall not be used for the Freelancer’s private purposes, and the Freelancer hereby gives his irrevocable consent to the Company to enter the Email at any time and for any purpose.

3.        3 Term and Termination of Work

3.1.        The Freelancer’s work under this Agreement shall commence on XXX (the “Effective Date”) and shall end on the earliest of: (i) the death or disability (as defined below) of Freelancer; (ii) termination by either Party in an explicit notice that shall take effect in 30 days.

3.2.        Either Party may terminate this Agreement without cause.

3.3.        For the purposes of this Agreement, “disability” shall mean any physical or mental illness or injury as a result of which the Freelancer remains absent from work for a period of two (2) successive months, or an aggregate of two (2) months in any twelve-month period. Disability shall occur upon the end of such two (2) month period.

4.        Compensation

4.1.        (Option 1) It is agreed, that the Compensation shall be calculated on an hourly basis and shall be the total amount of USD/EUR/ILS/CAD/AUD/GBP Amount + VAT (the “Basic Fee”).

4.2.        The Freelancer undertakes to report to the Company the actual working hours that had performed by him each month on a daily basis, in accordance with the applicable practices and policies of the Company regarding such reports.

4.3.        (Option 2) It is agreed, that the Compensation shall be calculated on an global basis and shall be the total amount of USD/EUR/ILS/CAD/AUD/GBP Amount + VAT (the “Basic Fee”).

(Option 3) It is agreed, that the Compensation shall be calculated on a per project basis and shall be determined by the Company before each project in a separate appendix (the “Basic Fee”).

4.4.        In addition to the Basic fee, the Freelancer shall be entitled to a monthly compensation of USD/EUR/ILS/CAD/AUD/GBP Amount +VAT in return to fully and meticulously complying with his non-compete undertakings following the termination of this Agreement as set out in Section 8 below (the “Non-Compete Payment”, and together with the Basic Fee: the “FEE”).

4.5.        (Option 1+2) The Fee shall be paid to the Freelancer up to the 10th (Tenth) day of each month, in relation to the previous calendar month.

4.6.        (Option 3) The Fee shall be paid to the Freelancer only after the project is completed to the satisfaction of the Company, up to the 10th (Tenth) of the month following the completion of the project.

4.7.        The Freelancer shall not be reimbursed for the cost of traveling to and from his working place using public transportation or by any other way.

5.        Employer-employee relations

5.1.        It is agreed and clarified that in any case, there will be no an employer-employee relation between the Parties. Therefore, the Freelancer shall not be entitled to sick days, days off or any other right derived from an employer-employee relation.

6.        Secrecy and Nondisclosure

6.1.        The Freelancer acknowledges that immediately after commencing the cooperation with the Company, he will be granted unlimited access to the Company’s Confidential Information and its trade secrets.

6.2.        Except as herein expressly provided, the Freelancer agrees that during the term of this Agreement and after the termination of this Agreement thereof for any reason whatsoever, he: (i) shall keep Confidential Information (as defined below) confidential and shall not directly or indirectly, use (for personal and/or commercial and/or any other type of usage), keep and/or extract, share, divulge, publish or otherwise disclose or allow to be disclosed any aspect of Confidential Information without the Company’s prior written consent; (ii) shall refrain from any action or conduct which might reasonably or foreseeable be expected to compromise the confidentiality or proprietary nature of the Confidential Information; and (iii) shall follow recommendations made by the Board of Directors, officers or supervisors of the Company from time to time regarding Confidential Information; (iv) shall not lie and/or change his findings, data or any other Confidential Information; shall not access accounts with data found on the Company’s servers.

6.3.        “Confidential Information” includes but not limited to: trade secrets, confidential information, knowledge or data of the Company, or of any of its existing or future clients, investors, customers, consultants, shareholders, licensees, licensors, vendors or affiliates, that the Freelancer may produce, obtain or otherwise acquire or have access to during the course of his work with the Company (whether before or after the Effective Date), including (but not limited to) business plans, records, and affairs; customer files and lists; special customer matters; sales practices; methods and techniques; details of marketing campaigns merchandising concepts, strategies and plans; sources of supply and vendors; special business relationships with vendors, agents, and brokers; promotional materials and information; financial matters; equipment, technologies and processes; selective personnel matters; developments; product specifications; procedures; pricing information; intellectual property; know-how; technical data; software programs; operations costs; processes; designs; formulas; ideas; plans; devices; materials; and other similar matters which are confidential. All Confidential Information and all tangible materials containing Confidential Information are and shall remain the sole property of the Company.

6.4.        The Freelancer shall have no obligation under this Agreement to maintain in confidence any information which (i) is lawfully in the public domain at the time of disclosure, or (ii) disclosure of which is required by law or any other relevant regulation or requirement by a court or other legal authority of competent jurisdiction, provided however that the Freelancer shall duly notify the Company, as soon as possible prior to such disclosure, in order to allow the Company reasonable time to challenge, restrain or quash such disclosure and shall only disclose the Confidential Information so far as is necessary.

6.5.        The Freelancer agrees that during the term of this Agreement he: (i) shall do utmost to secure any of the Company’s Confidential Information (as defined above); (ii) shall do utmost to make sure the Company is capable to secure any of its Confidential Information.

6.6.        The Freelancer acknowledge that he will be granted unlimited access to the Company’s Confidential Information and its trade secrets, therefore the Freelancer declares he: (i) will not save the data seen in these databases internally or externally, other than screenshots taken with respect for the specific project, that shall be saved internally and will be removed and deleted in two (2) weeks after the articles published; (ii) will not share or disclose his findings with anyone (includes but not limited to other freelancers hired by the Company, other companies etc.) but the Company’s other employees; (iii) will neither steal, sell or make any personal usage of the Confidential Information; (iv) will not accept any position at the companies he shall examine.

6.7.        If, at some point during the term of this Agreement and after the termination of this Agreement thereof for any reason whatsoever, the Freelancer will find people he knows in the databases, the Freelancer shall not share with them his findings before the report is being published, and once published the Freelancer will not give them the exact data found about them.

6.8.        The Freelancer shall keep the terms of this Agreement including any changes in the terms of this Agreement strictly confidential and not disclose this Agreement, any of the terms therein or any part thereof, to any third party including any other Freelancers of the company.

6.9.        The Freelancer agrees that during the term of this Agreement he shall not: (i) improperly use or disclose any proprietary information or trade secrets of any former employer or other person or entity with which the Freelancer has an agreement or duty to keep in confidence information acquired by the Freelancer, if any, or (ii) bring onto the premises of the Company any document of confidential or proprietary information belonging to such employer, person or entity unless consented to in writing by such employer, person or entity. The Freelancer will indemnify the Company and hold it harmless from and against all claims, liabilities, damages and expenses, including reasonable attorneys’ fees and costs of suit, arising out of or in connection with any violation of the foregoing.

6.10.        The Freelancer recognizes that the Company may have received, and may receive in the future, from third parties, their confidential or proprietary information subject to a duty on the Company’s part to maintain the confidentiality of such information and to use it only for certain limited purposes. The Freelancer agrees that he owes the Company and such third parties, starting the Effective Date and thereafter, a duty to hold all such confidential or proprietary information in the strictest confidence and not to disclose it to any person or firm and to use it in a manner consistent with, and for the limited purposes permitted by, the Company’s agreement with such third party. Such information will be regarded for the purposes of this Agreement as a part of the Confidential Information. The Freelancer will indemnify the Company and hold it harmless from and against all claims, liabilities, damages and expenses, including reasonable attorneys’ fees and costs of suit, arising out of or in connection with any violation of the foregoing.

6.11.        Upon Company’s request, or in the event of the termination of this Agreement for any reason whatsoever, the Freelancer agrees promptly to surrender and deliver to the Company all records, materials, equipment, drawings, documents, including and without the limitation to all written materials, records, documents, computer software and hardware or any other material which belongs to the Company and that might be in his possession, and data of any nature pertaining to any Confidential Information or to his work, and the Freelancer will not retain or take with him any tangible materials or electronically stored data, containing or pertaining to any Confidential Information that the Freelancer may produce, acquire or obtain access to during the course of his work, and if requested by the Company to do so, will execute a written statement confirming compliance with the above said.

6.12.        In the event of the termination of this Agreement. The Freelancer hereby agrees that the Company shall notify his future employer about his obligations under this Agreement.

6.13.        The Freelancer acknowledges that all of the secrets, information, or documents aforementioned above, are essential commercial and proprietary information of the Company which is not public information and cannot be easily discovered by others, whose confidentiality provides the Company a commercial advantage over its competitors, and the Company is taking reasonable measures to safeguard its confidentiality.

6.14.        The Freelancer’s undertakings pursuant to this Section shall remain in force even after the termination of this Agreement and for an unlimited period.

7.        Intellectual Property

7.1.        If, at any time during the term of this Agreement, the Freelancer (either alone or with others):

7.1.1.        makes or discovers any invention, development, process or secret whatsoever whether patentable or not (the “Inventions”); or

7.1.2.        produces any work in any medium whatsoever including any model, drawing, document, plan, tape, disk or photograph and whether in two or three dimensions (the “Works”); or

7.1.3.        contributes to any technical or other knowledge of the Company, including by compiling lists, approaching customers and suppliers, formulating trade names, gathering information and data or contributes in any way to any other right of the Company (the “Information”),

7.2.        in each case which relate to any of the services, products or processes of the Company or otherwise to its business or which results from or is suggested by anything done in the course of or in connection with this Agreement, then all intellectual property and proprietary rights in such Inventions, Works and Information shall belong to and be the sole legal and beneficial property of the Company (or any other entity, as the Company may elect), and the Freelancer shall communicate and deliver up to the Company without any delay all available information and materials relating to all Inventions, Works and Information, all of which shall be the exclusive property of the Company (or any other entity, as the Company may elect), and the Freelancer shall not use, reproduce or disclose any part of them without the prior written consent of the Company.

7.3.        The provisions of Section 7.1 shall not apply to any rights in Inventions, Works and Information to the extent that the same by operation of applicable law cannot be vested in the Company (or any other entity, as the Company may elect) (the “Rights”). However, The Freelancer, at the request and cost of the Company (whether during the term of this Agreement or thereafter), shall forthwith assign to the Company (or any other entity, as the Company shall instruct it) by written instrument (or, if by the operation of law assignment is not possible, shall license to the Company) all Rights and upon such assignment (or licensing) shall deliver up to the Company (or to any other entity, as the Company shall instruct him) any relevant Works, Inventions and Information. It is hereby clarified and agreed that the Fee prescribed under Section 4 above is paid and granted, inter alia, in respect of such assignment or license and no additional payment, fee or royalty of any kind shall be payable to the Freelancer in this respect. For further avoidance of doubt, it is also clarified that such license (or assignment) shall be worldwide, royalty-free, irrevocable, perpetual exclusive license to use, make, manufacture, sell, reproduce, distribute, modify, display, prepare derivative works, or any other rights available with respect to such Inventions, Works or Information.

7.4.        The Freelancer, at the request and cost of the Company (whether during the term of this Agreement or thereafter), shall sign and execute all such deeds and documents and do all such acts and things as the Company, may reasonably require to:

7.4.1.        Apply for, obtain and vest in the name of the Company alone (unless the Company otherwise directs) letters, patent, registered designs or other protection of any nature whatsoever in respect of Inventions, Works and Information in any country throughout the world and, when so obtained or vested, to renew and maintain the same including, without limitation, to assist the Company in any proceedings concerning the infringement of rights in Inventions, Works and Information; and

7.4.2.        Defend any proceedings in respect of such applications and any petitions or applications for revocation of such letters patent, registered designs or other protection.

7.5.        The Freelancer hereby grants the Company an irrevocable power of attorney to do on his behalf (whether during the term of this Agreement or thereafter) anything that the Freelancer is obliged to do or that is required in order to exercise any right granted to the Company under Sections 8.

7.6.        The Freelancer shall give notice in writing to the Company promptly on becoming aware (whether during the term of this Agreement or thereafter) of any infringement or suspected infringement of any intellectual property rights in any Inventions, Works or Information.

7.7.        The Freelancer shall at the request of the Company (whether during the term of this Agreement or thereafter) provide any reasonable assistance required in connection with any proceedings regarding any of the Inventions, Works or Information.

7.8.        Whether during the term of this Agreement or thereafter the Freelancer shall not do and/or allow to do anything which would or might prejudice the rights of the Company under this Section 7 or any intellectual property rights of the Company in any Inventions, Works and Information.

7.9.        The Freelancer hereby waives any moral rights he might have in Inventions, Works and Information.

8.        Non-Competition

8.1.        Without prejudice to the Freelancer’s commitments under sections 6 and 7 above, the Freelancer hereby expressly agrees and undertakes that:

8.1.1.        During the term of this Agreement, he will not, directly or indirectly, either personally or through a third party, whether for his own account or as a Freelancer, officer, director,

partner, shareholder, investor, consultant or otherwise, through a company, partnership, joint venture, trust or any other corporation, interest himself, be involved, or engage in any business or enterprise, anywhere in the world, that either directly or indirectly competes with the business of the Company that exists now or will exist in the future, Including but not limited to other comparison websites in the Company’s business field, without a prior written consent of the Company;

8.1.2.        During the term of this Agreement and for a period of eighteen (18) months after, the Freelancer ceases to be employed by the Company for whatsoever reason, he shall not, directly or indirectly, contact or enter into any agreement with any of the Company’s customers (including past customers) with regard to any matter that either directly or indirectly competes with the Company, either personally or through a third party, whether for his own account or as an Freelancer, officer, director, partner, shareholder, investor, consultant or otherwise, through a company, partnership, joint venture, trust or any other corporation, Including but not limited to other comparison websites in the Company’s business field, without the Company’s prior written consent;

8.1.3.        During a period of nine (9) months from the termination of this Agreement, he shall not employ, directly or indirectly, any individual that was employed by the Company during the six (6) months period which preceded such date of termination.

8.2.        In addition and without derogating from the aforementioned, in return for the Non-Compete Payment, the Freelancer hereby expressly agrees and undertakes that for a period of nine (9) months after he ceases to be employed by the Company for whatsoever reason, he will not, directly or indirectly, either personally or through a third party, whether for his own account or as an Freelancer, officer, director, partner, shareholder, investor, consultant or otherwise, through a company, partnership, joint venture, trust or any other corporation, interest himself, be involved, or engage in any business or enterprise, anywhere in the world, that either directly or indirectly competes with the business of the Company that exists now or will exist in the future, Including but not limited to other comparison websites in the Company’s business field, without the prior written consent of the Company.

8.3.        The Freelancer acknowledges that the restricted periods of time this Sections are reasonable, in view of the nature of the business in which the Company is engaged and the Freelancer’s knowledge of the Business.

8.4.        Notwithstanding anything contained in Section 8.3 to the contrary, if the period of time or the geographical area specified under Sections 8.1 or 8.2 hereof should be determined to be unreasonable in any judicial proceeding, then the period of time and area of the restriction shall be reduced so that this Agreement may be enforced in such area and during such period of time as shall be determined to be reasonable by such judicial proceeding.

9.        Injunctive Relief and Indemnification

9.1.        The Freelancer acknowledges and confirms that any breach of any provisions under Sections 6, 7 or 8, may give rise to irreparable injury to the Company. Therefore, without derogating from or limitation to any right, remedy or relief to which the Company may be entitled under this Agreement, by law or otherwise, in the event of such breach or a threatened breach under Sections 6, 7 or 8, the Company shall be entitled to an injunctive relief without the requirement of posting a bond.

9.2.        The Freelancer acknowledges and confirms that any breach of any provisions under this Agreement by the Freelancer, especially but not limited to any breach of any provisions under Sections 6, 7 or 8, may cause the Company Significant damages. Therefore, without derogating from or limitation to any right, remedy or relief to which the Company may be entitled under this Agreement, by law or otherwise, in the event of such breach under this Agreement, the Company shall be entitled to a full indemnification from the Freelance.

9.3.        In addition, and Subject to the provisions of any applicable law, as will be in force from time to time, the Freelancer shall indemnify the Company for any liability or expense imposed on the Company or spent by the Company, due to the Freelancer action as a Company Freelancer.

10.        Freelancer Representations and Acknowledgments

10.1.        The Freelancer represents and warrants to the Company that the execution and delivery of this Agreement and the fulfillment of the terms hereof: (i) will not constitute a default under or breach of any agreement or other instrument to which he is a party or by which he is bound, including and without limitation to, any confidentiality or non-competition agreement, (ii) does not require the consent of any person or entity, and (iii) shall not utilize during the term of his work any proprietary information of any third party, including prior employers of the Freelancer.

11.        Benefit

11.1.        Except as otherwise herein expressly provided, this Agreement shall inure to the benefit of and be binding upon the Company, its successors and assigns, including and without limitation to, any subsidiary or affiliated entity. For the avoidance of doubt, the obligations of the Freelancer hereunder shall not be assignable or delegable.

12.        Entire Agreement

12.1.        This Agreement constitutes the entire understanding and agreement between the Parties, supersedes any and all prior discussions, agreements and correspondence with regard to the subject matter hereof, and may not be amended, modified or supplemented in any respect, except by a subsequent writing executed by both Parties.

13.        Notices

13.1.        All notices, requests and other communications to any Party shall be given or made in writing, mailed (by registered or certified mail) or delivered by hand to the respective Party at the address set forth in the caption of this Agreement or to such other address as such Party may hereafter specify for the purpose of notice to the other Party. Each such notice, request or other communication shall be effective: (i) if given by facsimile, when such facsimile is transmitted to the facsimile number specified herein and the appropriate answerback is received or (ii) if given by any other means, when delivered at the address specified herein.

14.        Applicable Law and Jurisdiction

14.1.        This Agreement shall be governed by, and construed and enforced in accordance with, the laws of Israel, without giving effect to principles of conflicts of law, and the courts of Tel Aviv shall have exclusive jurisdiction over the Parties in all disputes related to or in connection with this Agreement or the subject matter hereof.

SIGNED BY:
__________________
 

__________________

The FreelancerThe Company
By:
Title:

Conclusion

Freelancer contracts exist to prevent miscommunications from occurring, and to add legitimacy (and detail) to the agreement between both parties. They should be utilized no matter if you are using a top freelance platform to hire freelancers or not. The only way to stay safe is by ensuring that both parties are protected with a signed contract.

FAQ

Do I need a contract for freelance work?
Yes, in order to protect yourself you should make sure you sign a new contract with every new client. Both of your expectations should be outlined in the contract including the agreed hours, and pay. You can use our freelance contract template as many times as you like. It’s free, and all you need to do is fill in the missing details. To learn more about being a freelancer, read our in-depth guide.
What should a freelance contract include?
To make sure all the essential issues are covered, a freelance contract should include:
  • Contact details
  • Project scope and deliverables
  • Agreed pricing and payment schedule
  • Ownership and copyright details
  • Cancellation policies for both sides

Lastly, and most importantly, it must have both parties signatures, and the date, on it.

How does a freelance contract protect the freelancer and the client?
Without a contract in place, both parties are leaving themselves open to miscommunication, liability issues, and payment disputes. Freelance contracts protect both the freelancer and the company by formally, and legally, outlining both parties expectations, and deliverables. It ensures that the freelancer delivers the work that they committed to, and that the company pays the freelancer, in a timely manner, for that work

How To Get Employed After Losing Your Job During Covid-19

 

How To Get Employed After Losing Your Job During Covid-19



During the pandemic, the unemployment rate has indeed increased significantly. In April 2020, the US unemployment rate rose to 14.7 percent. In July 2020, there was a drop, but it  was still 10.3 percent. As a result, many workers are struggling to meet employers’ demands and find employment.


Companies are looking for candidates with technical skills not only because they can work from home but also because they help organizations remain competitive. Since customers’ requirements are higher, the competition has become more challenging. And companies are battling each other to see who stays on top. 


The demands of today’s employers are higher, but that doesn’t mean you can’t tailor to their needs. To catch their attention and get a new job during Covid-19, you should consider the tips below. They will allow you to meet employers’ requirements and put an end to your unemployment.

Change Your Mindset

Before looking for a job, you should change your mindset and keep a positive outlook. Job hunting can be hard, but you will indeed get hired if you remain positive. A positive mindset will allow you to analyze your alternatives better and stay motivated during the process.


During the pandemic, many people have decided to change careers in order to adapt. The tech market is disrupting every industry, and having tech skills is now essential. Remote workers are the most wanted these days because they can continue working remotely even during lockdown.


Being positive allows you to focus on your goals and do everything you need to achieve them. Also, keeping a good mood will help you move in the right direction. You won’t drop out of the race until you cross the finish line.

Learn New Skills

No matter what profession you are in, you need tech skills. Tech professionals are indispensable for companies these days, and by learning new skills, you’ll be able to meet their demands. You can learn Python, JavaScript, or AWS. Whichever you settle on, you will become an attractive candidate.


Python is useful for analyzing, interpreting, and visualizing information. If you like to deal with data and create statistics, Python is what you need. Data scientists often use Python to create insights that help organizations succeed. Large companies like Facebook use Python to provide more personalized experiences.


On the other hand, if you like to use your creativity at work, you can learn JavaScript. It’ll allow you to create outstanding websites that will make employers and customers feel engaged. JavaScript can be used for both front and back end development. Whether you want to become a full stack or a front end developer, JavaScript is a must.


You can build augmented reality web apps using JavaScript. By using AR features, you can make customers feel engaged and help organizations reduce costs. Employers would love to have you in their team, and the days of being unemployed would end.


To learn JavaScript, you can enroll in Thinkful’s coding bootcamp. The company has designed its courses not only to meet your needs but to help you stand out from the competition. As you will learn other in-demand programming languages, you can convince employers in the blink of an eye.


If you’re more into using the cloud, AWS is what you need. In 2020, most companies are moving to the cloud not only to store data but to analyze it. AWS provides companies with machine learning features they can use to get better results. As they create better insights, they can transform the market.


A programmer’s salary is, on average, $142,000 per year at Epic Games. Learning how to code will help you get a new job and change your lifestyle. As you’ll have more income, dealing with expenses will no longer make you stressed.    

Build an Attractive LinkedIn Profile

To increase your chances of getting hired, you should build a LinkedIn profile. Most employers and hiring managers use LinkedIn to find potential hirings. To create a profile that catches employers’ attention, you should first add a professional profile photo. This will help you increase employers’ trust.


The second thing you can’t stop doing is to add an attractive headline. Most people use the headline space to write their current job title, but you can go further and write more about it. Try to add relevant information to make employers feel engaged. For example, you can write “Web developer | WordPress | AWS | JavaScript.”


To build an attractive profile, you can’t forget to write a detailed summary. Write about what keeps you motivated and what’s your mission. Also, adding your most relevant skills will get the job done. Try to be concise so employers can read it quickly and see if you meet their demands. 


Requesting recommendations is the last and most important step. Ask your friends, past co-workers, and even your previous boss to write a recommendation. It’ll help you to improve your connections, and you’ll reach a bigger audience. Employers can see how good your performance is and will be convinced by just checking your profile. 

Build a portfolio

Today’s employers are looking for candidates who deliver, not just who hold a fancy title or degree. Using a portfolio during interviews is an excellent option as employers have a chance to see your actual abilities. They can check previous projects you have worked on and see if you meet their needs. 


You can build a portfolio of personal or team projects. But, if you have no projects to add, you can enroll in a coding school. Companies like Flatiron School offer courses where you can learn through hands-on projects. After graduation, you’ll have a portfolio full of projects to impress potential employers. 

In Summary

To get hired, you need to implement new strategies and be positive. It will help you stay on track and achieve your goals. Also, as more companies are making a digital transition, learning tech skills is something you can’t stop doing. Follow these tips, and you’ll undoubtedly land a new position during these hard times. 

 


Information Systems with a Technology Management cognate





Type of paper:
Thesis
Academic level:
Master's
Subject or discipline:
Information Technology
Topic:
Paper Details
Information Systems with a Technology Management cognate
I have to write a thesis where the main objective is to:Successful 
capstones will follow an objective research methodology to collect 
or generate data that informs the analysis and design of a new 
computing system related to the primary domains identified by the
 Association for Computing Machinery (ACM): cloud architecture 
and/or computing, cybersecurity systems, databases and/or data
 analytics systems, enterprise architecture, information systems, 
integrated systems, internet of things systems, networks,
 platform systems, software development, user interfaces, 
virtual systems, and/or web and mobile applications. 
The thesis is broken down into three parts explained in 
the attachments below. The first part is due in to weeks, 
second part two weeks after the due date of the first part,
 and the final part is due three weeks afters the second part.

Phase one 

Investigating How User Behavior Compromises the Security of Banking Systems
Student’s Name
Institution Affiliation

 Table of Contents















Investigating How User Behavior Compromises the Security of Banking Systems

Introduction

The banking sector has revolutionized courtesy of digitization and the introduction of social collaborations (Alimolaei, 2015). Hence, this change has improved business operations, operations, user training and information sharing. Similarly, technological advancements such as the internet have increased opportunities for businesses like banks to reach their customers using new channels. As a result, small-sized operations turn to corporate-sized transactions done instantly through web and mobile applications (Airehrour, Nair & Madanian, 2018). Thus, this development explains the global widespread dependency on electronic banking systems. In addition, this trend is facilitated by the convenience, safety and security of these applications. Sadly, the ease of using banking systems has introduced vulnerabilities that affect businesses and the industry as a whole. Therefore, cybercriminals take advantage of this upheaval to compromise banking systems. A study by Price Waterhouse Coopers confirmed that the susceptibility of financial institutions to cyber threats stands at 93% (Alimolaei, 2015).
In the banking sector, technology is applied to enhance customer satisfaction and the efficiency of transactions. In this case, it facilitates business-to-business and business-to-consumer operational models (Airehrour, Nair & Madanian, 2018). Therefore, system intrusion by malicious parties compromises system security and transaction efficiency. In particular, intrusion can be done by anyone with and without their knowledge. As a result, cyber-attackers target system users by establishing their trust to gain information that will help them break systems. This problem is a huge risk for financial systems because it leads to loss of assets and money (Airehrour, Nair & Madanian, 2018). On the contrary, banks avoid bad publicity because it results in loss of business. Therefore, the key challenge in ensuring cybersecurity for banking applications is handling system users. Nevertheless, financial institutions strive to handle market pressures, ensure business needs and modernize their operations.
The volume of information transmitted and stored by banking systems is valuable and hence attracts the attention of cyber attackers (Althobaiti & Mayhew, 2014). In that regard, system administrators and software developers of financial systems work hand in hand to prevent possible intrusions. For instance, data breaches threaten system because they become accessible by unauthorized personnel, which necessitates better system security (Airehrour, Nair & Madanian, 2018). Financial businesses vary in terms of size and hence experience different degrees of losses. Fortunately, the advancement of technology has improved online transactions where third-party service providers such as SWIFT collaborate with financial institutions to facilitate money transfer via web applications (Airehrour, Nair & Madanian, 2018). Nevertheless, even with the investment in a good infrastructure, it is imperative to consider cybersecurity vulnerabilities introduced by user behavior. In this case, the complexity of online financial systems requires the application of proper practices to mitigate cyber threats such as denial of service.
Notably, the implementation of security in financial systems depends of the proper classification of possible vulnerabilities and the methods of attacks. In particular, this classification should consider external and intrinsic factors (Airehrour, Nair & Madanian, 2018). For example, the relationship between financial service providers and users should be considered. More so, the classification should consider the responsibility of every party in ensuring the security of banking systems from the strongest to the weakest link. Else, the inability to factor in the vulnerability of user behavior will compromise communication, security models and technologies integrated in financial applications. In addition, this problem is complicated by the fact that attackers are motivated by the need to access clients’ data, money and testing their abilities to penetrate banking systems. Therefore, the element of user behavior requires due attention to increase the consciousness to the possibility of system attacks at any moment.

Background of the Research

The banking industry relies heavily on information technology to obtain, process and provide information to the relevant end-users (Chatzipoulidis & Mavridis, 2010). Therefore, banks not only process client information but also provide a means for customers to differentiate services and products. As a result, these financial institutions have to continuously update and innovate solutions to maintain their service demand and understand consumer needs. In this case, it is imperative for banks to ensure that their online systems are reliable, convenient, secure and expedient the required services (Chatzipoulidis & Mavridis, 2010). Therefore, banks are motivated by the need to expand their customer base in different markets as part of extending their geographical and service coverage. However, some banks consider the utilization of online applications as a suitable approach to offering banking services through the internet. Since the internet introduction in 1969, it has evolved from an academic to a communication channel. Recent studies shows that the internet’s popularity has increased following its potential in electronic commerce.
Businesses such banks access various opportunities and threats from the internet. However, the internet is almost becoming the primary distribution and delivery channel for customer-based applications operating through electronic commerce platforms (Dzomira, 2016; Suping & Yizheng, 2010). On the other hand, the rapid spread of the internet promotes the banking cyberspace, which offers online services. For example, in the United States, banks provide internet services like Security First National Bank (Chavali & Kumar, 2018). Hence, this development shows how the internet is leveraged as a competitive advantage to revolutionize how banks deliver services, operate and compete with other financial institutions. In that regard, electronic banking has become a critical driver of modern economies. Nevertheless, despite the potential of the internet in growing banks, it poses cyber risks to customers (Dzomira, 2016). In addition, with the growth of online banking, physical banks premises are disappearing because the internet provides on-demand and convenient services unlike in traditional banking where customers queue to access services.
Significantly, the growth of the internet has promoted most banks to change their information technology strategies to remain competitive. On the other hand, customers expect better services, flexibility and convenience from their banks (Fuqing & Guohong, 2011). More so, these demands should be provided in easy to use online systems with management tools unlike in traditional banking. Fortunately, the extensive infrastructure of public networks allows banks to extend services to their customers (Fuqing & Guohong, 2011; Tassabehji & Kamala, 2009). Nevertheless, despite the ability of financial institutions in creating online systems to benefit their customers, the main challenge in operating banking applications is dealing with the threat of end-user security behaviour. However, this teething problem can be addressed to maintain the convenience of online banking services. Otherwise, the importance of internet banking will recede without the implementation of strategies to increase the competitiveness of banks.

Problem Statement

Cybersecurity experts classify user behavior as a human-based form of social engineering, which may involve a combination of single or multiple-staged attacks (Althobaiti & Mayhew, 2014). However, in the context of financial systems, social engineering occurs as a single attack because it results from one incident. Research by Althobaiti & Mayhew (2014) determined that cyber attackers exploit end-user behavior because the internet creates the opportunity to communicate, and hence coarse unsuspecting users to provide significant information to hackers. Similarly, reckless behaviors such as violating password policies and sharing system credentials increases the possibility of attacks (Airehrour, Nair & Madanian, 2018). In addition, banks should implement policies to bridge the gap between the safe transfer of information and reducing the probability of cyberattacks escalates this problem to avoid the possibility of failure.
Therefore, financial institutions have the responsibility of detecting and mitigating attacks in spite of user negligence. As a result, this issue results from the inability of financial institutions to close the gap between the behavioral responses of users and the expectations of banks (Alimolaei, 2015). As a result, the ease of accessing user credential by attackers leads to impersonation where they can manipulate or access unauthorized information. Hence, this problem demonstrates the vulnerability of user behavior and their need to show responsibility towards system security (Althobaiti & Mayhew, 2014). Similarly, there are research gaps in how user behavior affects electronic banking. More so, there is limited research on how security awareness is a vital ingredient in changing end-user behaviors. In that regard, this thesis will investigate how to address the problem of user behavior as a cybersecurity threat.

Research Questions

This study seeks to answer the following questions to address the problem of user behavior as it affects banking systems;
a.       To investigate how security awareness influences user behavior that creates cyber risks to online banking applications.
b.      To determine how the health of online financial services can be improved




















Literature Review

Security Behavior of System Users

The idea of security awareness for the users of banking systems arises from the advancements of internet technologies (D’Alessandro & Leone, 2011). In particular, the entire process entails the introduction of users to computers to understand the increasing reliability and complexity of information technology and applications used to perform different tasks. In this case, the objective is diversifying the perspectives of banking systems users, to raise their awareness about cyber threats and increase their acceptance to such applications (D’Alessandro & Leone, 2011). In that regard, various researchers have highlighted the criticality of security awareness as an integral part of improving user behavior when accessing online services. More so, this topic has acquired academic attention because it leads towards the development of suitable theories used to increase the campaigns on security awareness. One of the solutions suggested is the implementation of security awareness policies by organisations to establish a culture where end-users are cautious about their online behavior. In organisations and businesses with online systems, this solution is helpful in increasing staff compliance to acceptable online behaviors.
Notably, the researchers interested in this study topic have focused on end-user security awareness of employees while others focused on the awareness of end-users when using particular devices such as smartphones to access internet services (Farzianpour et al., 2014; Harel et al., 2018; Jerald, 2017). However, the focal points of most of the researchers is the role of the end-users in banking information systems. In the case of internet banking, the end-users are the customers authorized to access services like checking mini statements through their smartphones or home computers. Interestingly, the major discrepancy in most of the studies is that the current security awareness knowledge is not only applied in internet banking scenarios (Farzianpour et al., 2014). Similarly, another observation from the works of different researchers is that inconsistencies exist in their findings and they list their results instead of examining them. In addition, rather than focusing on security awareness and understanding the issue, concrete recommendations are made which limits the effectiveness of online banking applications. Hence, there is need to process sufficient information on the issue of customers’ awareness of online banking security.                         
Research gaps exist concerning the behaviors of computer users and how it impacts security practices. However, some studies on security behaviors and motivational antecedents affecting the relationships between situational factors and end-user behaviors have been done (ILIE, 2013; Khurana, 2019; Jaksic & Marinc, 2017). Similarly, related research concerning users in their home environment instead of computer use within workplaces. For example, such studies include the review of factors promoting the intentions of home end-users to implement security practices using planned behavior theory. In that regard, the lack of adequate studies on end-user behaviors has led to the focus on theories to determine decision-making and risk factors under uncertainty conditions (Jaksic & Marinc, 2017). Therefore, in this light, a research was done to develop a safety climate model, which includes supervisory and management practices to positively impact employee perceptions. The motivation behind this research is that the inability of workers to actualize security practices compromises the security of information systems.
Security risks are defined as adverse events that result to loss of confidentiality, disruption of system integrity, denial of services and violation of policies (ILIE, 2013). In that regard, the adoption of security practices by financial institutions and end-users promotes protective behavior that prevents security incidences (Kumar Choubey & Agarwal, 2015). Similarly, a line can be established between preventive and protective behaviors to improve the health of banking systems. In particular, such conduct is characterized by reduced incidences from reckless user behaviour. Different scholars using different models have reviewed such user behaviors to determine their safety and security when using online banking applications.

General Deterrence and Protection Motivation Theories

In electronic banking, threat likelihood and severity can be explained using two theories; general deterrence and protection motivation (Fuqing & Guohong, 2011). Firstly, general deterrence theory examines end-user security behaviors in organisations where the compliance to security policies is required. This model is rooted in criminology and was developed to help institutions such as banks to deter the possibility of undesirable information system events such as hacking and denial of services. Studies by Fuqing & Guohong (2011) determined that a significant factor influencing proper user behavior is sanction certainty. Therefore, the security of an information system is considered effective when organisations address issues such as computer abuse, deterrents and rival explanations (Gupta Rao & Upadhyaya, 2006). These factors are relevant when accounting for the degree of user behaviour that either promotes or deteriorates the security of banking systems. Therefore, financial institutions can take relevant measures such as end-user training to improve cybersecurity.
Secondly, protection motivation theory examines the ability of system users to protect themselves from threats. In particular, this model complements the expected-value concept in providing a complete understanding of fear effects towards change (Fuqing & Guohong, 2011; Jerald, 2017). When using banking applications, fear appeal concerns the communication threats to individuals concerning one’s well-being (Fuqing & Guohong, 2011). Earlier works on this theory focused on mediated psychology, stress reactions and cognitive appraisal of end-users towards a certain stimulus. In this case, two processes occur; coping and threat appraisal (Jerald, 2017). It was determined that a fear appeal develops from intrapersonal and environmental information, which is influenced by factors such as the possibility of a threat and the severity of the perceived security event. As a result, fear arousal manifests as a perceived threat that includes intrinsic and extrinsic threats Fuqing & Guohong, 2011. Initially, protection motivation theory focused on the effect of response efficacy, vulnerability and severity on retention. The reasoning behind this focus was that these components influence the security adaptive responses of information system users.
Notably, researchers established that a fear appeal connotes the existence of threat severity without the probability of occurrence (Kumar & Agarwal, 2015; Chatzipoulidis & Mavridis, 2010). Hence, in such an instance, a countermeasure is unnecessary despite the levels of system confidence. On the other hand, a severe threat exists when the probability of security events is high and end-users do not see the need for countermeasures (Chatzipoulidis & Mavridis, 2010). Sadly, while this interaction is reasonable, it lacks adequate empirical support. However, the revised protection motivation theory argues that an additional relationship between vulnerability and severity is critical in the comprehension of self and response efficacy (Chatzipoulidis & Mavridis, 2010). Similarly, in the new approach, it was observed that second-order interactions are required between the two efficacy processes. Sadly, these interactions lacks due empirical support. Nevertheless, various studies with inconsistent and different findings have reviewed the issues of self and response efficacy (Drennan, Sullivan & Previte, 2008). For example, some of the observable differences in study findings include vulnerability and self-efficacy. Therefore, the general observation is that the interactions within the protection motivation theory depend on the research context like threat topic and sample size.
The general protection and protection motivation theories are widely used in information system research. Researchers argue that the susceptibility and severity of threats influences the self-efficacy and response efficacy of end-users. In particular, the greater the magnitude of perceived threat, the lesser the responses to implement countermeasures. Therefore, the behavioral intention of users of banking systems can be determined by how their perceptions change.

Perceived Risk in Online Banking

Studies on the perceived risk of consumer behavior focus on the end-users perception of the potential cyberspace risks and the uncertainty of purchasing products or services. Therefore, the perceived level of risk is a factor that influences purchase decisions of consumers (Drennan, Sullivan & Previte, 2008; Farzianpour et al, 2014). Similarly, the introduction of new technologies exposes the users of online banking services to both risks and benefits where the consumers are compelled to adopt technological advancements by weighing the perceived benefits. In that regard, electronic banking is not exempted from this change but the adoption of technology reduces the consumer-perceived risk. Nguyen & Nguyen (2017) identified perceived risk as a significant factor in the implementation of online banking systems. In particular, it is defined as the probable loss when pursuing the desired outcomes of electronic services (Farzianpour et al, 2014). Therefore, the degree of perceived risk is proportional to uncertainty levels. In that light, most researchers determined the end-user perceived risk is a multi-dimensional construct that varies according to the nature of products and services.
Previous studies by (Lafraxo et al., 2018; Ojeniyi et al., 2015) explored the dimensions of perceived risk that include private, financial, performance, social and time risks. In particular, performance risk entails the losses incurred in electronic services. As a result, customers of banking services worry about issues such as server breakdown when accessing online services. A system failure results in expected losses and therefore reduces the numbers of customers willing to use online banking (Lafraxo et al., 2018). On the other hand, social risk addresses the loss in status resulting from the adoption of a service or product. Hence, it is highly-likely that one’s social position is influenced by how they perceive internet banking services. Nguyen & Nguyen (2017) found that social risk negatively affects consumer attitudes towards internet banking. Financial risk leads to monetary losses and bank customers may resist online services following the fear of losing their money. Similarly, the fear losing their personal information because of privacy risk.

Cybersecurity Threats Caused By User Behavior in Electronic Banking

The steady growth in online banking has changed how consumers interact with their banks (Bradshaw, 2015). Most of the end-users use either their smartphones or computers to access their preferred banking services. User authentication and other security combinations such as passwords remains useful in the identification and authentication of users in online banking. Unfortunately, computer users are a security risk because their password practices directly affect the degree of system security (Bradshaw, 2015). In this case, the poor management of passwords increases the susceptibility of users to potential misuse and abuse. Similarly, complex banking systems can be compromised when users fail to use secure passwords (Bradshaw, 2015). Nevertheless, despite the password challenge in identifying users in electronic banking, this technique remains as one of the widely used authentication method. Recent authentication technologies such as One-Time-Pin and biometrics are used to improve security in electronic banking (Chen, Ebrahim & Taboada, 2013). Sadly, the application of these technologies is inconsistent.
In online banking, non-standard user behavior creates a weak link in banking systems. Despite the use of passwords and other authentication methods, security practices are avoided or neglected by computer users. Studies determined that the implementation of a sophisticated authentication plan is necessary in creating a fail-safe despite the probability of limited security knowledge by end-users (Harel et al., 2018; Khurana, 2019; Bradshaw, 2015). Therefore, it is imperative that banks differentiate the degree of application and knowledge amongst customers because it is a security concern. Mbelli & Dwolatzky (2016) reviewed different security features implemented by different banks. They range from simple passwords to complex structures such as One-Time-Pins. In this case, the researcher determined that the dilemma of banks is that increasing security layers results in system complexity and hence customers shy away from internet banking (Mbelli & Dwolatzky, 2018). Similarly, spreading security features makes the process of security testing difficult which inconveniences the customers using electronic banking.
The following are the probable cybersecurity attacks in electronic banking that result from user behavior;
Firstly, phishing involves tactics used by cyber criminals to make their victims disclose personal and organisational information. In the case of financial institutions, cyber attackers fetch information by sending phishing emails to unsuspecting end-users that appear as legitimate (Pitera, 2017). Notably, this problem occurs because system users are unable to identify spoofing websites because they lack security education. Similarly, as long as banking systems work properly, no one cares to check for security loopholes and educating users about potential attacks (Mirza Abdullah, Ahmed & M.Ameen, 2018). As a result, the protection of online banking systems is becoming a daunting task in the age of mobile applications. Researchers have uncovered that cyber attackers use complex techniques such as DNS redirection to hijack data during online transmission (Khurana, 2019; Ahmed & M.Ameen, 2018). More so, phishing continues to be a serious issue in social media, computer and mobile applications. A report by the Anti-Fraud Command Centre indicates that phishing activities cause losses amounting to $4.5 billion (Mirza Abdullah, Ahmed & M.Ameen, 2018).
Secondly, denial-of-service attacks are common to banking applications. Cyber attackers who use network resources for their gain leave system users unable to access resources initiate these attacks. The design of denial-of service may affect other affiliated systems hence causing a distributed attack (Mirza, Ahmed & M.Ameen, 2018). As a result, banks may have trouble in accessing complementary services from third parties. Notably, these attacks affect the critical infrastructure of financial institutions where a single attack can cause significant losses (Ahmed & M.Ameen, 2018). In that light, banks are obligated to take their system security with utmost seriousness to ensure sustainable growth. Researchers suggest the implementation of additional security layers to minimize the possibility of cyber threats (Mirza, Ahmed & M.Ameen, 2018; Rizov, 2018). The need for protection also follows the fact that cybercriminals automate online fraud using spyware. Hence, without proper end-user behaviors, banking systems become vulnerable to hacking activities and hence compromise the quality of their services.
Thirdly, local and hybrid attacks are common in electronic banking. In particular, local attacks are specific to a user’s computer. These attacks occur when a customer access their bank’s website and it becomes spoofed (Lemley & Miller, 2014). One such attack is surfing when an attacker observes the personal information of an online banking user. Hence, they can get valuable information like the personal identification number used to authorize transactions. On the other hand, hybrid attacks can be local and remote (Ahmed & M.Ameen, 2018). Therefore, they are more powerful than local attacks (Lemley & Miller, 2014). For example, a cyber-criminal can launch a Trojan, which infects multiple machines in a network. The same attack can affect a user’s home computer when they access their bank’s website without proper security measures. During such incidences, the Trojan replaces browser information such as bookmarks with fake ones. Studies by Rizov (2018) show that financial institutions have to deploy sophisticated security approaches to make it difficult for cyber attackers to manipulate end-users.
Lastly, repudiation attacks occur when systems are unable to log and track user actions therefore allowing malicious activities. The genesis of this problem stems from the ability of attackers to forge authentication of specified action (Mbelli & Dwolatzky, 2016). As a result, they can alter the authoring information to allow malicious activities in banking systems. In that regard, the inability of users to use standard security procedures allows cyber attackers to log into systems using the unauthorized access (Mbelli & Dwolatzky, 2016). Similarly, social engineering is a concern in online banking because it allows attackers to persuade authorized users to comply with particular requests concerning computer-based entities (Mbelli & Dwolatzky, 2016). Hence, this problem is rampant in the case where system users are not cautious about the authenticity of information from unspecified sources. As a result, social engineering manifests as a form of deception targeting the human aspect of computer security.

Solutions to Cyber Threats Caused by User Behavior in Electronic Banking

In light of the cyber issues discussed above, various solutions can be used to protect users in internet banking. Firstly, end-users have to protect their online identities. Therefore, that means users have to stop sharing information with anyone who befriends them online (Khurana, 2019). In so doing, it becomes possible to avoid social engineering, which is one of the techniques used by attackers to gather useful information. Similarly, users of internet banking are obligated to use strong passwords while following their organisational policies (Khurana, 2019). The goal in this case is creating passwords that are difficult to crack. In addition, when using electronic banking it is imperative that system users choose a unique password (Khurana, 2019). The reason is that using one password for multiple websites increases the chances of cyber breaches. Additionally, automatic login features should be avoided in electronic banking because they violate account usage.
Secondly, bank employees and customers have the responsibility of surfing safely as a requirement of standard user behavior. Hence, they have to adopt practices such as using firewalls and anti-virus programs (Mbelli & Dwolatzky, 2016). These measures allow computers and smartphones to detect and deter worms, Trojans and viruses. Similarly, the activation of firewalls prevents unauthorized system access. As a result, online banking risks like financial losses are mitigated. Additionally, the safety of online banking is dependent on the application of anti-spyware software (Mbelli & Dwolatzky, 2016). In particular, these applications allow devices to surf the internet safety by preventing attackers from eavesdropping on user activities. Most importantly, a secure wireless communication is required to create a security perimeter for information system users. For example, banks should adopt secure Wi-Fi passwords and change them according to password policies.
Thirdly, the use of intrusion detection systems is an effective electronic banking strategy use to detect and prevent possible cyber-attacks. More so, these systems help system administrators in banks to comprehend the nature of user traffic and determine possible loopholes (Ray-Chaudhuri, 2012; Juariah, 2015). For example, during normal use, a user who forgets their passwords when attempting to use electronic banking is locked out of the system after various login attempts. Therefore, this measure is implemented to prevent unauthorized users from accessing electronic banking services (Ray-Chaudhuri, 2012). Similarly, intrusion detection systems can security logs to flag suspicious activities. Hence, in case malicious activities are identified, then the intrusion detection system take immediate action such as locking the affected user accounts (Salam, 2019). In addition, it becomes easy to audit banking systems because a log file is available. Therefore, all inappropriate interaction can be seen and security strategies for internet banking developed.
Fourthly, the use of biometrics is one of the solutions that improves traditional user authentication and transaction efficiency. Presently, biometrics technology is applied as an integral part of e-banking user authorization technique (Butler & Butler, 2015). Hence, user identify is verified upon the confirmation of characteristics such as fingerprints. The suitability of biometrics is the ability to identify users based on physiological and physical characteristics (Mbelli & Dwolatzky, 2016). For instance, during account enrollment, biometric sensors capture parameters used for user verification. Fortunately, the uniqueness of fingerprints makes it difficult for hackers to bypass (Butler & Butler, 2015). Therefore, even when user behavior is below the acceptable levels, the use of biometrics makes it difficult for cyber criminals to access unauthorized online banking accounts. Similarly, once customers are enrolled into their bank’s systems, they do not need to change their fingerprints from time to time (Kumar & Agarwal, 2015). These parameters are more secure when compared to traditional techniques such as passwords.
Lastly, new research focuses on the implementation of artificial intelligence (AI) in electronic banking. In particular, this technology is a significant step in the transformation and digitization of businesses like banks (Jaksic & Marinc, 2017). Therefore, due to the potential of artificial intelligence, investors are willing to be part of this change. Currently, the integration of artificial intelligence in banking applications is modest. However, real-time tests are being conducted in fraud detection and prevention (Jaksic & Marinc, 2017). For instance, some banks have deployed robot advisors and chatbots. The choice of using artificial intelligence in electronic banking stems from the need to follow regulatory measures concerning data privacy and other concerns that might prevent proper functioning of online banking applications (Butler & Butler, 2015). Notably, the continued exploration of artificial intelligence lies in its ability to automate user routines. Therefore, with this technology developers can design dynamic authentication to improve the traditional user verification procedures.
The suitability of artificial intelligence lies in the ability of computer programs to learn and use acquired knowledge without human involvement (Yazhou, 2011). Such systems observe and analyze autonomous information to make appropriate actions. Hence, in the context of electronic banking systems, AI applications will improve the accuracy and performance of banks. This capability is realized through the increased processing capacity of digital information by AI applications. Fuqing & Guohong (2011) estimate that by 2025, big data will be the epicenter of decision-making. Significantly, the applicability of AI electronic banking follows the need to conduct real-time authentication to prevent fraud (Butler & Butler, 2015). Recently, banking fraud using credit card has been a problem for banks to deal with. In addition, in the digital age, cybercrime has increased courtesy of the development in internet technologies (Fuqing Zhu, & Guohong, 2011). In that regard, the plausibility of AI algorithms will allow banking systems to verify online transactions by ensuring that fraudsters do not exploit users.
 As banks continue finding solutions to dealing with improper user behavior, which increase the susceptibility of banking systems to cyber-attacks, AI stands as the much-needed solution to this issue (Yazhou, 2011). Currently, financial tools like robot advisors are being tested to allow customers to improve their banking decisions. The same tools can be modified to inform end-users about the need for proper user behavior (Butler & Butler, 2015). That can be accomplished by offering users with information bits on how to conduct themselves online to avoid compromising the security of electronic banking (Yazhou, 2011). Nevertheless, while AI has a lot of potential, it faces implementation challenges from laws such as the General Data Protection Regulation (Jaksic & Marinc, 2017). In particular, preventative clauses detailing the automation of decision making in information systems makes this process expensive for businesses to manage. However, AI has the potential to shape user behavior because application can learn proper practices for users of electronic banking. Thus, they will be reminded to comply with standard security practices to minimize cyber threats.

Literature Review Findings and Research Gaps

The results of the literature review demonstrate that limited studies have been conducted on the impact of user behavior in electronic banking. Most of the research addresses security risks and solutions. However, the available information is supports the need for user education as part of reducing their vulnerability to cyber-attacks when using electronic banking. Significantly, El Maliki & Seigneur (2014) realized that one issue affecting the implementation of security in online banking lies in organisational cultures where people react during incidences only. Therefore, customers will only complain in case of an attack but will be reluctant to enforce security policies during normal system use (El Maliki & Seigneur, 2014; Yang & Padmanabhan, 2010). In that case, considering the advancements of internet technologies, the human element of electronic banking makes it difficult to improve security standards. The result is that trust levels in online banking reduce and customers switch from bank to bank (Yang & Padmanabhan, 2010). Thus, banks continue losing business and clients are unsatisfied about their online banking experiences.
Notably, the researchers who conducted studies on security awareness of users in electronic banking focused on organisational settings. Therefore, to have a better glimpse of this problem, security awareness studies should advance. The goal is to analyze other aspects influencing user behavior (Aljawarneh, 2016). In particular, the difference in end-user behaviors lies in their organisational roles in (Aljawarneh, 2016; Musa & Redzuan, 2014). For example, employees of banks advance their security awareness unlike customers who are only interested in accessing banking services. Therefore, this discrepancy in security awareness illustrates the need for user education to minimize the possibility of cyber-attacks (Musa & Redzuan, 2016). On the other hand, most of the researchers show inconsistencies in their studies on user behavior. Hence, it is difficult to understand this issue as it affects internet banking (Yang & Padmanabhan, 2010). More so, various recommendations are provided without properly analyzing the issue of user behavior and security awareness in online banking.
Electronic banking comprises various transactions done in diverse environments between information systems and the end-users (El Maliki & Seigneur, 2014). These transactions are prone to attacks such as hacking. Therefore, it is imperative that banks should design effective security models to enhance the safety of online transactions (Gheciu, 2018; Yang & Padmanabhan, 2010). One of the research challenge is that most of the effort focuses on traditional solutions and techniques. According to Gheciu (2018), there is minimal coverage on new technologies and practical solutions to the problem of poor user behavior in electronic banking. Similarly, most of the research recommendations advocate for the banking industry to improve authentication standards and using medium-risk information systems. The objective is to allow end-users to utilize tokens and passwords while easing the security responsibility in internet banking. However, a few researchers remain optimistic about the adoption of superior technologies in online banking to enhance security such as block chain.
In the context of academic research, this study has helped to fill the gap in end-user security behavior in internet banking. Although it has suggested various practical guidelines on how to protect banking customers from cyber-attacks, it has not investigated the effectiveness of these measures. However, this study is purposeful because it has addressed the lack of empirical and theoretical research on standard user behaviors. In that light, this study has explored how the security awareness of users influences their online behaviors when using electronic banking services. More so, how to mitigate cyber threats which reduce the efficiency and convenience of internet banking systems. In truth, moderate success has been realized therefore paving the way for future research on the effect of user behavior on the security of electronic banking. This study has stressed on the importance of security awareness as the foundation of adjusting user behavior when accessing online banking services.
Apart from security awareness, this study established that organisations have the responsibility of initiating security education to create widespread security awareness. In this case, banks deal with both trained and novice users who have different understandings of online system security. Therefore, to bridge the close in security knowledge, banks have to inform their customers on how to behave when using online services (Gheciu, 2018). Hence, the role of banks is not only providing the relevant infrastructure, but also ensuring the security of online transactions as the service provider (Gheciu, 2018; Aljawarneh, 2016). As identified in this research, users shift from bank to bank in search of the convenience and security of their money. In that regard, this discussion delineates towards the need for security awareness programs by banks to retain their customers and prevent cyber incidences. Unfortunately, a research gap exists on security education and most researchers have highlighted the issue as a solution without proper investigation.
Significantly, this study has demonstrated the implication of information security experts to design awareness programs. In this case, the criticality of perceived benefits and susceptibility emphasizes security awareness. Therefore, system users become aware of the probability of cyber threats and hence the need to check their security behavior (Musa, & Redzuan, 2014). Consequently, end-users adopt preventive behaviors, which protect banking systems from exploitation by attackers (Musa, N. M., & Redzuan, 2014; Yang, Y. & Padmanabhan, 2010). However, there is limited research on this topic. Therefore, security awareness programs should concentrate on educating end-users on the likelihood of cyber threats so that they can understand their role in banking systems. Eventually, these users will correct their behaviors because they know that their actions affect information assets. Notably, it is evident that there is a research gap on how banks can design their security awareness campaigns to improve user behavior. A lot of the user knowledge is acquired through experiences, which means user education is required to enforce effective deterrence measures (Yang, Y. & Padmanabhan, 2010).

Conclusion

In internet banking, user behavior is a source of security breaches if remains unchecked. Unfortunately, the issues that financial institutions have to deal with is the increasing numbers of customers and employees using online banking. Therefore, to maintain and increase business, it is inevitable for banks to promote security awareness through user education. This research has explored various studies and identified gaps in the design of user security awareness by banks. In particular, most of the studies focus on security recommendation hence deviating from the issue of improving user security in online banking. Most importantly, this research has suggested various solutions to address user security challenge. These solutions comprise strong passwords, system firewalls, intrusion detection systems, biometrics and integrating artificial intelligence. Nevertheless, security in online banking is a collective responsibility between bank employees and customers.   



















References

Airehrour, D., Nair, N. V., & Madanian, S. (2018). Social Engineering Attacks and Countermeasures in the New Zealand Banking System: Advancing a User-Reflective Mitigation Model. Information9(5), 110. Doi: 10.3390/info9050110
Alimolaei, S. (2015). An intelligent system for user behavior detection in Internet Banking. 2015 4th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS). doi:10.1109/cfis.2015.7391642
Aljawarneh, S. A. (2016). Emerging Challenges, Security Issues, and Technologies in Online Banking Systems. Online Banking Security Measures and Data Protection, 90-112. doi:10.4018/978-1-5225-0864-9.ch006
Althobaiti, M. M., & Mayhew, P. (2014). Security and usability of authenticating process of online banking: User experience study. 2014 International Carnahan Conference on Security Technology (ICCST). doi:10.1109/ccst.2014.6986978
Bradshaw, S. (2015). Combating Cyber Threats: CSIRTs and Fostering International Cooperation on Cybersecurity. SSRN Electronic Journal. doi:10.2139/ssrn.2700899
Butler, M., & Butler, R. (2015). Investigating the possibility to use differentiated authentication based on risk profiling to secure online banking. Information and Computer Security23(4), 421-434. doi:10.1108/ics-11-2014-0074
Chatzipoulidis, A., & Mavridis, I. (2010). A Study on User Behavior and Acceptance of Electronic Banking Services. 2010 14th Panhellenic Conference on Informatics. doi:10.1109/pci.2010.33
Chavali, K., & Kumar, A. (2018). Adoption of Mobile Banking and Perceived Risk in GCC. Banks and Bank Systems13(1), 72-79. doi:10.21511/bbs.13(1).2018.07
Chen, Z., Ebrahim, A., & Taboada, A. G. (2013). Turnover Threat and CEO Risk-Taking Behavior in the Banking Industry. SSRN Electronic Journal. doi:10.2139/ssrn.2230145
D’Alessandro, R., & Leone, M. (2011). A Mechanism for e-Banking Frauds Prevention and User Privacy Protection. ISSE 2010 Securing Electronic Business Processes, 226-235. doi:10.1007/978-3-8348-9788-6_22
Drennan, J., Sullivan, G. S., & Previte, J. (2008). Privacy, Risk Perception, and Expert Online Behavior. End-User Computing, 1-18. doi:10.4018/978-1-59904-945-8.ch001
Dzomira, S. (2016). Financial consumer protection: internet banking fraud awareness by the banking sector. Banks and Bank Systems11(4), 127-134. doi:10.21511/bbs.11(4-1).2016.03
El Maliki, T., & Seigneur, J. (2014). Online Identity and User Management Services. Managing Information Security, 75-118. doi:10.1016/b978-0-12-416688-2.00004-0
Farzianpour, F., Pishdar, M., Shakib, M. M., & Toloun, M. (2014). CONSUMERS’ PERCEIVED RISK AND ITS EFFECT ON ADOPTION OF ONLINE BANKING SERVICES. American Journal of Applied Sciences11(1), 47-56. doi:10.3844/ajassp.2014.47.56
Fuqing Zhu, & Guohong Li. (2011). Study on security of electronic commerce information system. 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC). doi:10.1109/aimsec.2011.6010713
Gheciu, A. (2018). Normative Dilemmas and Challenges of Security Commercialization. Oxford Scholarship Online. doi:10.1093/oso/9780198813064.003.0006
Gupta, M., Rao, R., & Upadhyaya, S. (2006). Electronic Banking and Information Assurance Issues. Advanced Topics in End User Computing, Volume 416(3). doi:10.4018/9781591404743.ch012
Harel, A., Ben David, T., Kashani, A., Iyer, G., Motonori, A., & Masumi, E. (2018). Mitigating Unknown Cybersecurity Threats in Performance Constrained Electronic Control Units. SAE Technical Paper Series. doi:10.4271/2018-01-0016
ILIE, R. (2013). Online Transactions Security in Internet Banking and e-Commerce. International Journal of Information Security and Cybercrime2(1), 9-16. doi:10.19107/ijisc.2013.01.01
Jaksic, M., & Marinc, M. (2017). Relationship Banking and Information Technology: The Role of Artificial Intelligence and Fintech. SSRN Electronic Journal. doi:10.2139/ssrn.3059426
Jerald, M. (2017). Controlling Images: How Awareness of Group Stereotypes Affects Black Women’s Well-Being. doi:10.31234/osf.io/dajc5
Khurana, A. (2019). Digitalization in Banking: Convenience versus Security Threat. SSRN Electronic Journal. doi:10.2139/ssrn.3358058
Kumar Choubey, S., & Agarwal, A. (2015). Improving banking authentication using hybrid cryptographic technique. 2015 International Conference on Computer, Communication and Control (IC4). doi:10.1109/ic4.2015.7375511
Lafraxo, Y., Hadri, F., Amhal, H., & Rossafi, A. (2018). The Effect of Trust, Perceived Risk and Security on the Adoption of Mobile Banking in Morocco. Proceedings of the 20th International Conference on Enterprise Information Systems. doi:10.5220/0006675604970502
Lemley, M. A., & Miller, S. P. (2014). If You Can't Beat 'Em, Join 'Em? How Sitting by Designation Affects Judicial Behavior. SSRN Electronic Journal. doi:10.2139/ssrn.2449349
Mbelli, T. M., & Dwolatzky, B. (2016). Cyber Security, a Threat to Cyber Banking in South Africa: An Approach to Network and Application Security. 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud). doi:10.1109/cscloud.2016
Mirza Abdullah, S., Ahmed, B., & M.Ameen, M. (2018). A New Taxonomy of Mobile Banking Threats, Attacks and User Vulnerabilities. IEC2018 Proceedings Book. doi:10.23918/iec2018.29
Musa, N. M., & Redzuan, F. (2014). Understanding user behavior towards mobile messaging application use in support for banking system. 2014 3rd International Conference on User Science and Engineering (i-USEr). doi:10.1109/iuser.2014.7002715
Nguyen, T. D., & Nguyen, T. C. (2017). The role of perceived risk on intention to use online banking in Vietnam. 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI). doi:10.1109/icacci.2017.8126122
Pitera, M. R. (2017). CONTEMPORARY PROBLEMS AND THREATS OF CYBER SECURITY IN THE SECTOR OF ELECTRONIC BANKING SEVICES. Przegląd Nauk o Obronności1(4), 181-191. doi:10.5604/01.3001.0013.0120
Ray-Chaudhuri, R. (2012). How Banking Deregulation Affects Growth: Evidence from a Panel of U.S. States. SSRN Electronic Journal. doi:10.2139/ssrn.2131960
Salam, M. (2019). Inclusion of Perceived Risk with TAM in Measuring Attitude Toward online Banking. European Journal of Business and Management11(2). doi:10.7176/ejbm/11-2-08
Yang, Y. & Padmanabhan, B. (2010). Toward user patterns for online security: Observation time and online user identification. Decision Support Systems48(4), 548-558. doi:10.1016/j.dss.2009.11.005
Yazhou Xiong. (2011). Research on the Internet banking security based on dynamic password. 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC). doi:10.1109/aimsec.2011.6010871

  











Investigating How User Behavior Compromises the Security of Banking Systems
Student’s Name
Institution Affiliation









Table of Contents




List of Figures





















Research Methodology

Introduction

The quality of any research results from the vigor in the involved activities (Morgan, 2013). In that regard, this section will seek find a methodology to answer the research questions. Research design provides a glue that binds a study together. More so, it provides the structure that shows how other parts of a research relate using samples, treatments and data analysis methods (Morgan, 2013; Watzlawik & Born, 2017). However, the focus of a research methodology is addressing research questions using either qualitative or quantitative methodology. Therefore, a researcher has to take careful consideration in their study design, decisions and details (Watzlawik & Born, 2017). In that light, a qualitative research design was adopted to explore the research questions. In particular, this form of research focuses on the interpretation of previously done research to derive meaningful phenomena.
This section will use the design research methodology to explore how user security behavior affects electronic banking. In information systems, design science as a discipline helps in the development of meaningful artifacts in the exploration of research questions (Wieringa, 2014). More so, this methodology incorporates procedures, principles and practices needed to conduct a research to meet its objectives (Miah & Genemo, 2016). In particular, it follows steps such as issue identification, objectives definition towards a solution, design and development, evaluation, demonstration and communication. The suitability of design science methodology is that it offers a systematic method of designing a solution and acquiring knowledge (Wieringa, 2014; Hevner & Chatterjee, 2010). In addition, it emphasizes on testing and communicating methods when investigating research questions. Therefore, design science methodology is suitable in the exploration of the study topic; user security behavior in online banking systems.
The objective of this phase is developing a design research methodology to find a solution to the problem of user security vulnerability in electronic banking. More so, the study intends to use qualitative data collection method to find suitable data to satisfy the research questions and find solutions. In particular, the choice of this method stems from the fact that the researcher can verify the authenticity of data used to produce favorable outputs (Bilgin, 2017). The quality of a research is based on a researcher’s ability to verify the quality of results. In addition, the researcher will create a plan for analyzing data. In design research science methodology, researcher do not have to necessarily follow a certain plan during data analysis (Bilgin, 2017). However, a plan is necessary to guide them through their data analysis process.

Research Design and Methodology

Problem Identification

Organizations such as banks depend of sensible user security behavior in all the operational tasks (Aljawarneh, 2017). Therefore, despite the implementation of security standards and policies, it is difficult for security documentation to spell out how customers and banking staff should act in different situations (Aljawarneh, 2017; Tassabehji & Kamala, 2009). Similarly, banks cannot control their staff and customers’ behavior by compelling them to adopt sensible behaviors whether small. More so, this challenge manifests even when transactions are validated and end-users are careful when accessing electronic banking systems (Aljawarneh, 2017). Hence, a bank becomes susceptible to cyber-attacks because of end-user decisions (Aljawarneh, 2017). On the other hand, recent studies by the Information Security Culture (ISC) indicate that about 80% of information security hazards result from the implementation of poor solutions (Nagar & Suman, 2017). Hence, the development of user-focused security applications can improve the safety of banking systems.
User security behavior in banking is influenced by employees hear, practice daily, common sense decisions, personal standards and end-user’s sense of obligation (Althobaiti & Mayhew, 2014). In most organizations, system security does not follow strict guidelines. Hence, employees embrace such principles and values in their daily interactions with banking systems (Aljawarneh, 2017). Similarly, new employees adopt the security cultures they find in their workplaces (Althobaiti & Mayhew, 2014). As a result, it becomes difficult to erode substandard user-security behavior in banking environments where employees have little concern for their actions. In addition, banking employees make most of the decisions when using online information systems (Aljawarneh, 2017). Therefore, they have the responsibility of making sensible security decisions. Such responsibility builds a personal history that either determines whether their behaviors is acceptable or unacceptable (Aljawarneh, 2017). Additionally, the other security challenge in electronic banking lies in whether end-user conduct that compromise security.
The challenge of electronic banking is that cyber threats the threat actors create different techniques of gathering critical and confidential information (Nagar & Suman, 2017). Hackers are interested in stealing the identity of unsuspecting employees to manipulate their way through banking systems. Therefore, researchers focus on the levels of security awareness in organizations such as banks (Nagar & Suman, 2017). Similarly, the difference in user roles when interacting with online banking applications is a security concern. For example, employees are users within banks while customers are users in electronic banking operating from their homes (Althobaiti & Mayhew, 2014). In this case, the difference in security awareness is that challenge that banks deal with when looking for ways to counter the resultant cybersecurity threats. In that regard, this study proposes an improved electronic banking system to overcome the challenge of user security in banking information systems.

Defining Objectives for a Solution

            The entire objective of this paper is developing a methodology for design science research as applied in information systems. In particular, design a security proof system to address the challenge of end-user vulnerabilities in electronic banking. Therefore, this study will build on existing research while following the research questions;
a.       To investigate how security awareness influences user behavior that creates cyber risks to online banking applications.
b.      To determine how the health of online financial services can be improved

Nominal Process

The purpose of this process in design science is creating a roadmap for other researchers who want to explore the issue of end-user security vulnerability in electronic banking to develop their design mechanisms. In addition, design research as applied in this study will create an understanding of the empirical elements of information system research using acceptable processes (Drechsler, 2012).

Building on Existing Studies

The process of developing a design research methodology involves the integration of different principles in conducting research. In particular, applicable research includes design studies where different processes are referenced (Geerts, 2011). The reference to completed studies focuses on the access to rich ideas that can be applied to address the study problem and accomplish the objectives of design research. Therefore, design research methodology will provide suitable descriptions when analyzing the research context (Miah & Genemo, 2016). The research design methodology will therefore borrow concepts applied in internet banking by connecting the design plan with the involved process. In information systems, design research is suitable for creating intelligent systems (Miah & Genemo, 201). In this case, the study intends to find a solution to electronic banking by developing a system that is immune to the vulnerabilities of user security. Hence, research design methodology will serve as the process in creating a solution to the study problem.

Design and Development

            In this study, a consensus building approach will be used to determine the appropriate elements of designing a design research methodology. The objective is creating an acceptable framework for conducting research (Geerts, 2011). More so, the demonstration of design research methodology will be realized using a case study (Geerts, 2011). In this case, the purpose of such a demonstration is analyzing user security awareness to determine how it affects internet banking applications. In that regard, the study will borrow from the Chengdu case study where a survey and semi-structured interviews were used to investigate the impact of user security awareness in banking applications.

Demonstration

After the review of a case study, the researcher will determine whether a new or improved system is needed to address the challenge of user security behavior in internet banking. At this point in the development of a research science methodology, researchers focus on the outputs of a study to test their research questions and hypothesis (Geerts, 2011). However, in this case, the researcher will investigate the Chengdu study to determine how to improve user security awareness in electronic banking.

Evaluation

            The results of the case study used have to be refined and verified for accuracy. According to Hevner & Chatterjee (2010), the accuracy of the results of a research science methodology are based on the development of a comprehensive checklist. In that case, the researcher will thoroughly assess the results of the study to improve the accuracy of the outcomes. The objective is paving the way for the development of an improved information system (Hevner & Chatterjee, 2010). Hence, as design research methodology requires, the researcher will have the chance to contribute towards new research.

Data Analysis Plan

The researcher will follow the following plan when conducting qualitative research to answer the research questions;
a.       Aims – in this case, they will be guided by the initially specified research questions to test them and develop outcomes. The objective of this step is distinguishing the difference between qualitative data and ideas.
b.      Data source – since the researcher will use qualitative data, they will specify the study population, data collection method used in the reference study and technique of data analysis.
c.       Planned tables – an important role of the researcher when conducting their research is outlining the relevant tables to complement the explanation of study results. Therefore, the display of tables will focus on discussions to refine the research.

Data Collection Methodology

Data collection is a process that involves seeking answers to answer the research problem, test hypothesis and test the research questions (Maxwell, 2018). It is categorized to primary and secondary methods. The former refers to facts and figures while the latter entails data from publications such as books and journals (Maxwell, 2018; Flick, 2018). However, this study will use qualitative method as a primary data collection technique. In particular, it is an exploratory research technique used to gain an understanding about motivations, reasons and opinions about a research topic (Maxwell, 2018). Therefore, it provides insight into a research problem and helps in the development of ideas. However, the comprehensives of qualitative research is based on the vastness of the semi-structured and unstructured techniques used in data collection (Flick, 2018). In this study, the choice of qualitative research stems from the fact that the researcher can evaluate the subject content with greater attention to develop measurable outcomes.
Significantly, the application of qualitative research will provide the researcher with a fluid technique of analyzing trends in data collection, questioning and reporting information (Copeland, 2014). Hence, if the available data is insufficient, they can seek an alternative direction. More so, this technique appreciates human experiences and instinctual observations. In addition, the data gathered produced has predictive quality which can be verified by the researcher (Copeland, 2014). This ability stems from the fact that the researcher can draw perspectives about the research from the real world (Flick, 2018). Thus, they can isolate data complexities and present meaningful results to answer the research questions. However, to realize success in using qualitative data collection, a researcher has to address various challenges. They have to analyze data rigidity, assess data value and overcome difficult decisions to prevent repetition of results.

System Analysis

In light of the design research methodology discussion, this will review user and system interactions in online banking applications. The objective is to gain an understanding of how vulnerabilities arise due to user security behavior. Banks invest in information systems but using recent technologies is an advantage for these institutions. In electronic banking, security starts from the users as it advances to the administrators and critical infrastructure. Therefore, this section will demonstrate how different actors using different access rights using unified modeling language diagrams. In particular, use cases, activity diagrams, timeline and sequence diagrams are provided. The following diagrams demonstrate user and system interactions in online banking;

a.      Use cases


Figure 1: Use case showing the interaction the customers, bank tellers, system administrator and the banking system.
Figure 2: Use case showing the bank customer and employee interaction with the online banking system
Figure 3: Use case showing the super administrator and bank users interaction with the banking system

b.      Activity Diagrams


Figure 4: Activity diagram demonstrating the customer and bank teller interactions from the time the customer requests to withdraw money to when they request a loan and its gets approved.
Figure 5: Activity diagram showing the processes bank customers go through when using online banking services
Figure 6: Activity diagram showing how the banking system differentiates employee permissions and roles.

c.       Class Diagrams


Figure 7: The class diagram provides a static representation of online banking applications
Figure 8: Class diagram showing the relationship amongst bank, employee, customer, account and loan using multiplicities
Figure 9: Class diagram showing the relationships amongst bank, customers, account, statement and account type

d.      Sequence diagrams


Figure 10: The sequence diagram demonstrates how the customer and bank teller perform different roles in the banking system
Figure 11: Sequence diagram demonstrating how the banking system checks user requests such as bank balances
Figure 12: Sequence diagram showing how the customer, account and account entities relate in the banking system

Conclusion

            The objective of the methodology section was to identify the most suitable technique of answering the research question and testing the study outcomes. In that case, the researcher determined design science research methodology as the most appropriate technique. In particular, the suitability of this methodology results from its application of procedures, practices and principles of research. For example, this methodology defines the study problem, objectives, demonstrates a case and its evaluation. More so, the researcher has proposed the use of qualitative research to explore how user security behavior can be improved in online banking applications. The choice of qualitative data collection methodology arises from the ability of a researcher to verify the results of a study. Therefore, they can use appropriate data to test their research question.





















References

Aljawarneh, S. A. (2017). Analysis of Data Validation Techniques for Online Banking Services. Online Banking Security Measures and Data Protection, 127-139. doi:10.4018/978-1-5225-0864-9.ch008
Althobaiti, M. M., & Mayhew, P. (2014). Security and usability of authenticating process of online banking: User experience study. 2014 International Carnahan Conference on Security Technology (ICCST). doi:10.1109/ccst.2014.6986978
Bilgin, Y. (2017). Qualitative Method Versus Quantitative Method in Marketing Research: An Application Example at Oba Restaurant. Qualitative versus Quantitative Research. doi:10.5772/67848
Brannen, J. (2017). Combining qualitative and quantitative approaches: an overview. Mixing Methods: qualitative and quantitative research, 3-37. doi:10.4324/9781315248813-1
Copeland, D. C. (2014). Quantitative Analysis and Qualitative Case Study Research. Economic Interdependence and War. doi:10.23943/princeton/9780691161587.003.0003
Ditchfield, H., & Meredith, J. (2018). Collecting Qualitative Data from Facebook: Approaches and Methods. The SAGE Handbook of Qualitative Data Collection, 496-510. doi:10.4135/9781526416070.n32
Drechsler, A. (2012). Design Science as Design of Social Systems – Implications for Information Systems Research. Lecture Notes in Computer Science, 191-205. doi:10.1007/978-3-642-29863-9_15
Flick, U. (2018). Doing Qualitative Data Collection – Charting the Routes. The SAGE Handbook of Qualitative Data Collection, 3-16. doi:10.4135/9781526416070.n1
Geerts, G. L. (2011). A design science research methodology and its application to accounting information systems research. International Journal of Accounting Information Systems12(2), 142-151. doi:10.1016/j.accinf.2011.02.004
Hevner, A., & Chatterjee, S. (2010). Design Science Research in Information Systems. Integrated Series in Information Systems, 9-22. doi:10.1007/978-1-4419-5653-8_2
Maxwell, J. A. (2018). Collecting Qualitative Data: A Realist Approach. The SAGE Handbook of Qualitative Data Collection, 19-31. doi:10.4135/9781526416070.n2
Miah, S. J., & Genemo, H. (2016). A Design Science Research Methodology for Expert Systems Development. Australasian Journal of Information Systems20. doi:10.3127/ajis.v20i0.1329
Morgan, D. (2013). Integrating Qualitative and Quantitative Methods: A Pragmatic Approach. Thousand Oaks, CA: SAGE Publications.
Nagar, N., & Suman, U. (2017). Prevention, Detection, and Recovery of CSRF Attack in Online Banking System. Online Banking Security Measures and Data Protection, 172-188. doi:10.4018/978-1-5225-0864-9.ch011
Tassabehji, R., & Kamala, M. A. (2009). Improving E-Banking Security with Biometrics: Modelling User Attitudes and Acceptance. 2009 3rd International Conference on New Technologies, Mobility and Security. doi:10.1109/ntms.2009.5384806
Watzlawik, M., & Born, A. (2007). Capturing Identity: Quantitative and Qualitative Methods. Lanham, MD: University Press of America.
Wieringa, R. J. (2014). Research Design. Design Science Methodology for Information Systems and Software Engineering, 121-133. doi:10.1007/978-3-662-43839-8_11

Appendices






Featured Post

Buy A+ papers at affordable prices

Buy an A+ Essay Finding a reliable and experienced writer to hire for handling your essay is often a stressful experience. Issues ...

Why Use our service

Why Use our service
We are the best essay writing service