|
Type of paper:
|
Thesis
|
|
Academic level:
|
Master's
|
|
Subject or discipline:
|
Information
Technology
|
|
Topic:
Paper Details
|
Information Systems
with a Technology Management cognate
I have to write a
thesis where the main objective is to:Successful
capstones will
follow an objective research methodology to collect
or generate data
that informs the analysis and design of a new
computing system
related to the primary domains identified by the
Association
for Computing Machinery (ACM): cloud architecture
and/or computing,
cybersecurity systems, databases and/or data
analytics
systems, enterprise architecture, information systems,
integrated systems,
internet of things systems, networks,
platform
systems, software development, user interfaces,
virtual systems,
and/or web and mobile applications.
The thesis is broken
down into three parts explained in
the attachments
below. The first part is due in to weeks,
second part two
weeks after the due date of the first part,
and the final
part is due three weeks afters the second part.
|
Investigating How User Behavior
Compromises the Security of Banking Systems
Student’s Name
Institution Affiliation
Investigating How User Behavior
Compromises the Security of Banking Systems
Introduction
The banking sector has revolutionized
courtesy of digitization and the introduction of social collaborations (Alimolaei, 2015).
Hence, this change has improved business operations, operations, user training
and information sharing. Similarly, technological advancements such as the
internet have increased opportunities for businesses like banks to reach their
customers using new channels. As a result, small-sized operations turn to
corporate-sized transactions done instantly through web and mobile applications
(Airehrour, Nair & Madanian, 2018).
Thus, this development explains the global widespread dependency on electronic
banking systems. In addition, this trend is facilitated by the convenience,
safety and security of these applications. Sadly, the ease of using banking
systems has introduced vulnerabilities that affect businesses and the industry
as a whole. Therefore, cybercriminals take advantage of this upheaval to
compromise banking systems. A study by Price Waterhouse Coopers confirmed that
the susceptibility of financial institutions to cyber threats stands at 93% (Alimolaei, 2015).
In the banking sector, technology is
applied to enhance customer satisfaction and the efficiency of transactions. In
this case, it facilitates business-to-business and business-to-consumer
operational models (Airehrour,
Nair & Madanian, 2018). Therefore, system intrusion by
malicious parties compromises system security and transaction efficiency. In
particular, intrusion can be done by anyone with and without their knowledge.
As a result, cyber-attackers target system users by establishing their trust to
gain information that will help them break systems. This problem is a huge risk
for financial systems because it leads to loss of assets and money (Airehrour, Nair & Madanian, 2018).
On the contrary, banks avoid bad publicity because it results in loss of business.
Therefore, the key challenge in ensuring cybersecurity for banking applications
is handling system users. Nevertheless, financial institutions strive to handle
market pressures, ensure business needs and modernize their operations.
The volume of information transmitted and
stored by banking systems is valuable and hence attracts the attention of cyber
attackers (Althobaiti
& Mayhew, 2014). In that regard, system administrators
and software developers of financial systems work hand in hand to prevent
possible intrusions. For instance, data breaches threaten system because they
become accessible by unauthorized personnel, which necessitates better system
security (Airehrour,
Nair & Madanian, 2018). Financial businesses vary in terms
of size and hence experience different degrees of losses. Fortunately, the
advancement of technology has improved online transactions where third-party
service providers such as SWIFT collaborate with financial institutions to
facilitate money transfer via web applications (Airehrour, Nair & Madanian,
2018). Nevertheless, even with the investment in a good infrastructure, it is
imperative to consider cybersecurity vulnerabilities introduced by user
behavior. In this case, the complexity of online financial systems requires the
application of proper practices to mitigate cyber threats such as denial of
service.
Notably, the implementation of security in
financial systems depends of the proper classification of possible
vulnerabilities and the methods of attacks. In particular, this classification
should consider external and intrinsic factors (Airehrour, Nair & Madanian,
2018). For example, the relationship between financial service providers and
users should be considered. More so, the classification should consider the
responsibility of every party in ensuring the security of banking systems from
the strongest to the weakest link. Else, the inability to factor in the
vulnerability of user behavior will compromise communication, security models
and technologies integrated in financial applications. In addition, this
problem is complicated by the fact that attackers are motivated by the need to
access clients’ data, money and testing their abilities to penetrate banking
systems. Therefore, the element of user behavior requires due attention to
increase the consciousness to the possibility of system attacks at any moment.
Background
of the Research
The banking industry relies heavily on
information technology to obtain, process and provide information to the
relevant end-users (Chatzipoulidis & Mavridis, 2010). Therefore, banks not
only process client information but also provide a means for customers to
differentiate services and products. As a result, these financial institutions
have to continuously update and innovate solutions to maintain their service
demand and understand consumer needs. In this case, it is imperative for banks
to ensure that their online systems are reliable, convenient, secure and
expedient the required services (Chatzipoulidis & Mavridis, 2010). Therefore,
banks are motivated by the need to expand their customer base in different
markets as part of extending their geographical and service coverage. However,
some banks consider the utilization of online applications as a suitable
approach to offering banking services through the internet. Since the internet
introduction in 1969, it has evolved from an academic to a communication
channel. Recent studies shows that the internet’s popularity has increased
following its potential in electronic commerce.
Businesses such banks access various
opportunities and threats from the internet. However, the internet is almost
becoming the primary distribution and delivery channel for customer-based
applications operating through electronic commerce platforms (Dzomira, 2016; Suping
& Yizheng, 2010). On the other hand, the rapid spread of the internet
promotes the banking cyberspace, which offers online services. For example, in
the United States, banks provide internet services like Security First National
Bank (Chavali & Kumar, 2018). Hence, this development shows how the
internet is leveraged as a competitive advantage to revolutionize how banks
deliver services, operate and compete with other financial institutions. In
that regard, electronic banking has become a critical driver of modern
economies. Nevertheless, despite the potential of the internet in growing
banks, it poses cyber risks to customers (Dzomira, 2016). In addition, with the
growth of online banking, physical banks premises are disappearing because the
internet provides on-demand and convenient services unlike in traditional
banking where customers queue to access services.
Significantly, the growth of the internet
has promoted most banks to change their information technology strategies to
remain competitive. On the other hand, customers expect better services,
flexibility and convenience from their banks (Fuqing & Guohong, 2011). More
so, these demands should be provided in easy to use online systems with
management tools unlike in traditional banking. Fortunately, the extensive
infrastructure of public networks allows banks to extend services to their
customers (Fuqing & Guohong, 2011; Tassabehji & Kamala, 2009).
Nevertheless, despite the ability of financial institutions in creating online
systems to benefit their customers, the main challenge in operating banking
applications is dealing with the threat of end-user security behaviour.
However, this teething problem can be addressed to maintain the convenience of
online banking services. Otherwise, the importance of internet banking will
recede without the implementation of strategies to increase the competitiveness
of banks.
Problem
Statement
Cybersecurity experts classify user
behavior as a human-based form of social engineering, which may involve a
combination of single or multiple-staged attacks (Althobaiti & Mayhew, 2014).
However, in the context of financial systems, social engineering occurs as a
single attack because it results from one incident. Research by Althobaiti & Mayhew (2014)
determined that cyber attackers exploit end-user behavior because the internet
creates the opportunity to communicate, and hence coarse unsuspecting users to
provide significant information to hackers. Similarly, reckless behaviors such
as violating password policies and sharing system credentials increases the
possibility of attacks (Airehrour,
Nair & Madanian, 2018). In addition, banks should
implement policies to bridge the gap between the safe transfer of information
and reducing the probability of cyberattacks escalates this problem to avoid
the possibility of failure.
Therefore, financial institutions have the
responsibility of detecting and mitigating attacks in spite of user negligence.
As a result, this issue results from the inability of financial institutions to
close the gap between the behavioral responses of users and the expectations of
banks (Alimolaei, 2015).
As a result, the ease of accessing user credential by attackers leads to
impersonation where they can manipulate or access unauthorized information. Hence,
this problem demonstrates the vulnerability of user behavior and their need to
show responsibility towards system security (Althobaiti & Mayhew, 2014). Similarly,
there are research gaps in how user behavior affects electronic banking. More
so, there is limited research on how security awareness is a vital ingredient
in changing end-user behaviors. In that regard, this thesis will investigate
how to address the problem of user behavior as a cybersecurity threat.
Research
Questions
This study seeks to answer the following
questions to address the problem of user behavior as it affects banking
systems;
a. To
investigate how security awareness influences user behavior that creates cyber
risks to online banking applications.
b. To
determine how the health of online financial services can be improved
Literature
Review
Security
Behavior of System Users
The idea of security awareness for the
users of banking systems arises from the advancements of internet technologies
(D’Alessandro & Leone, 2011). In particular, the entire process entails the
introduction of users to computers to understand the increasing reliability and
complexity of information technology and applications used to perform different
tasks. In this case, the objective is diversifying the perspectives of banking
systems users, to raise their awareness about cyber threats and increase their
acceptance to such applications (D’Alessandro & Leone, 2011). In that
regard, various researchers have highlighted the criticality of security
awareness as an integral part of improving user behavior when accessing online
services. More so, this topic has acquired academic attention because it leads
towards the development of suitable theories used to increase the campaigns on
security awareness. One of the solutions suggested is the implementation of
security awareness policies by organisations to establish a culture where
end-users are cautious about their online behavior. In organisations and
businesses with online systems, this solution is helpful in increasing staff
compliance to acceptable online behaviors.
Notably, the researchers interested in
this study topic have focused on end-user security awareness of employees while
others focused on the awareness of end-users when using particular devices such
as smartphones to access internet services (Farzianpour et al., 2014; Harel et
al., 2018; Jerald, 2017). However, the focal points of most of the researchers
is the role of the end-users in banking information systems. In the case of
internet banking, the end-users are the customers authorized to access services
like checking mini statements through their smartphones or home computers.
Interestingly, the major discrepancy in most of the studies is that the current
security awareness knowledge is not only applied in internet banking scenarios
(Farzianpour et al., 2014). Similarly, another observation from the works of
different researchers is that inconsistencies exist in their findings and they
list their results instead of examining them. In addition, rather than focusing
on security awareness and understanding the issue, concrete recommendations are
made which limits the effectiveness of online banking applications. Hence,
there is need to process sufficient information on the issue of customers’
awareness of online banking security.
Research gaps exist concerning the
behaviors of computer users and how it impacts security practices. However,
some studies on security behaviors and motivational antecedents affecting the relationships
between situational factors and end-user behaviors have been done (ILIE, 2013;
Khurana, 2019; Jaksic & Marinc, 2017). Similarly, related research
concerning users in their home environment instead of computer use within
workplaces. For example, such studies include the review of factors promoting
the intentions of home end-users to implement security practices using planned
behavior theory. In that regard, the lack of adequate studies on end-user
behaviors has led to the focus on theories to determine decision-making and
risk factors under uncertainty conditions (Jaksic & Marinc, 2017).
Therefore, in this light, a research was done to develop a safety climate
model, which includes supervisory and management practices to positively impact
employee perceptions. The motivation behind this research is that the inability
of workers to actualize security practices compromises the security of
information systems.
Security risks are defined as adverse
events that result to loss of confidentiality, disruption of system integrity,
denial of services and violation of policies (ILIE, 2013). In that regard, the
adoption of security practices by financial institutions and end-users promotes
protective behavior that prevents security incidences (Kumar Choubey &
Agarwal, 2015). Similarly, a line can be established between preventive and
protective behaviors to improve the health of banking systems. In particular,
such conduct is characterized by reduced incidences from reckless user
behaviour. Different scholars using different models have reviewed such user
behaviors to determine their safety and security when using online banking
applications.
General
Deterrence and Protection Motivation Theories
In electronic banking, threat likelihood
and severity can be explained using two theories; general deterrence and
protection motivation (Fuqing & Guohong, 2011). Firstly, general deterrence
theory examines end-user security behaviors in organisations where the
compliance to security policies is required. This model is rooted in
criminology and was developed to help institutions such as banks to deter the
possibility of undesirable information system events such as hacking and denial
of services. Studies by Fuqing & Guohong (2011) determined that a
significant factor influencing proper user behavior is sanction certainty.
Therefore, the security of an information system is considered effective when
organisations address issues such as computer abuse, deterrents and rival
explanations (Gupta Rao & Upadhyaya, 2006). These factors are relevant when
accounting for the degree of user behaviour that either promotes or
deteriorates the security of banking systems. Therefore, financial institutions
can take relevant measures such as end-user training to improve cybersecurity.
Secondly, protection motivation theory
examines the ability of system users to protect themselves from threats. In
particular, this model complements the expected-value concept in providing a
complete understanding of fear effects towards change (Fuqing & Guohong,
2011; Jerald, 2017). When using banking applications, fear appeal concerns the
communication threats to individuals concerning one’s well-being (Fuqing &
Guohong, 2011). Earlier works on this theory focused on mediated psychology,
stress reactions and cognitive appraisal of end-users towards a certain
stimulus. In this case, two processes occur; coping and threat appraisal
(Jerald, 2017). It was determined that a fear appeal develops from
intrapersonal and environmental information, which is influenced by factors
such as the possibility of a threat and the severity of the perceived security
event. As a result, fear arousal manifests as a perceived threat that includes
intrinsic and extrinsic threats Fuqing & Guohong, 2011. Initially,
protection motivation theory focused on the effect of response efficacy,
vulnerability and severity on retention. The reasoning behind this focus was
that these components influence the security adaptive responses of information
system users.
Notably, researchers established that a
fear appeal connotes the existence of threat severity without the probability
of occurrence (Kumar & Agarwal, 2015; Chatzipoulidis & Mavridis, 2010).
Hence, in such an instance, a countermeasure is unnecessary despite the levels
of system confidence. On the other hand, a severe threat exists when the
probability of security events is high and end-users do not see the need for
countermeasures (Chatzipoulidis & Mavridis, 2010). Sadly, while this
interaction is reasonable, it lacks adequate empirical support. However, the
revised protection motivation theory argues that an additional relationship
between vulnerability and severity is critical in the comprehension of self and
response efficacy (Chatzipoulidis & Mavridis, 2010). Similarly, in the new
approach, it was observed that second-order interactions are required between
the two efficacy processes. Sadly, these interactions lacks due empirical
support. Nevertheless, various studies with inconsistent and different findings
have reviewed the issues of self and response efficacy (Drennan, Sullivan &
Previte, 2008). For example, some of the observable differences in study
findings include vulnerability and self-efficacy. Therefore, the general
observation is that the interactions within the protection motivation theory
depend on the research context like threat topic and sample size.
The general protection and protection
motivation theories are widely used in information system research. Researchers
argue that the susceptibility and severity of threats influences the
self-efficacy and response efficacy of end-users. In particular, the greater
the magnitude of perceived threat, the lesser the responses to implement
countermeasures. Therefore, the behavioral intention of users of banking
systems can be determined by how their perceptions change.
Perceived
Risk in Online Banking
Studies on the perceived risk of consumer
behavior focus on the end-users perception of the potential cyberspace risks
and the uncertainty of purchasing products or services. Therefore, the
perceived level of risk is a factor that influences purchase decisions of
consumers (Drennan, Sullivan & Previte, 2008; Farzianpour et al, 2014).
Similarly, the introduction of new technologies exposes the users of online
banking services to both risks and benefits where the consumers are compelled
to adopt technological advancements by weighing the perceived benefits. In that
regard, electronic banking is not exempted from this change but the adoption of
technology reduces the consumer-perceived risk. Nguyen & Nguyen (2017)
identified perceived risk as a significant factor in the implementation of
online banking systems. In particular, it is defined as the probable loss when
pursuing the desired outcomes of electronic services (Farzianpour et al, 2014).
Therefore, the degree of perceived risk is proportional to uncertainty levels.
In that light, most researchers determined the end-user perceived risk is a
multi-dimensional construct that varies according to the nature of products and
services.
Previous studies by (Lafraxo et al., 2018;
Ojeniyi et al., 2015) explored the dimensions of perceived risk that include
private, financial, performance, social and time risks. In particular,
performance risk entails the losses incurred in electronic services. As a
result, customers of banking services worry about issues such as server
breakdown when accessing online services. A system failure results in expected
losses and therefore reduces the numbers of customers willing to use online
banking (Lafraxo et al., 2018). On the other hand, social risk addresses the
loss in status resulting from the adoption of a service or product. Hence, it
is highly-likely that one’s social position is influenced by how they perceive
internet banking services. Nguyen & Nguyen (2017) found that social risk
negatively affects consumer attitudes towards internet banking. Financial risk
leads to monetary losses and bank customers may resist online services
following the fear of losing their money. Similarly, the fear losing their
personal information because of privacy risk.
Cybersecurity
Threats Caused By User Behavior in Electronic Banking
The steady growth in online banking has
changed how consumers interact with their banks (Bradshaw, 2015). Most of the
end-users use either their smartphones or computers to access their preferred
banking services. User authentication and other security combinations such as
passwords remains useful in the identification and authentication of users in
online banking. Unfortunately, computer users are a security risk because their
password practices directly affect the degree of system security (Bradshaw,
2015). In this case, the poor management of passwords increases the
susceptibility of users to potential misuse and abuse. Similarly, complex
banking systems can be compromised when users fail to use secure passwords (Bradshaw,
2015). Nevertheless, despite the password challenge in identifying users in
electronic banking, this technique remains as one of the widely used
authentication method. Recent authentication technologies such as One-Time-Pin
and biometrics are used to improve security in electronic banking (Chen,
Ebrahim & Taboada, 2013). Sadly, the application of these technologies is
inconsistent.
In online banking, non-standard user
behavior creates a weak link in banking systems. Despite the use of passwords
and other authentication methods, security practices are avoided or neglected
by computer users. Studies determined that the implementation of a
sophisticated authentication plan is necessary in creating a fail-safe despite
the probability of limited security knowledge by end-users (Harel et al., 2018;
Khurana, 2019; Bradshaw, 2015). Therefore, it is imperative that banks
differentiate the degree of application and knowledge amongst customers because
it is a security concern. Mbelli & Dwolatzky (2016) reviewed different
security features implemented by different banks. They range from simple
passwords to complex structures such as One-Time-Pins. In this case, the
researcher determined that the dilemma of banks is that increasing security
layers results in system complexity and hence customers shy away from internet
banking (Mbelli & Dwolatzky, 2018). Similarly, spreading security features
makes the process of security testing difficult which inconveniences the
customers using electronic banking.
The following are the probable
cybersecurity attacks in electronic banking that result from user behavior;
Firstly, phishing involves tactics used by
cyber criminals to make their victims disclose personal and organisational
information. In the case of financial institutions, cyber attackers fetch
information by sending phishing emails to unsuspecting end-users that appear as
legitimate (Pitera, 2017). Notably, this problem occurs because system users
are unable to identify spoofing websites because they lack security education.
Similarly, as long as banking systems work properly, no one cares to check for
security loopholes and educating users about potential attacks (Mirza Abdullah,
Ahmed & M.Ameen, 2018). As a result, the protection of online banking
systems is becoming a daunting task in the age of mobile applications.
Researchers have uncovered that cyber attackers use complex techniques such as
DNS redirection to hijack data during online transmission (Khurana, 2019; Ahmed
& M.Ameen, 2018). More so, phishing continues to be a serious issue in
social media, computer and mobile applications. A report by the Anti-Fraud
Command Centre indicates that phishing activities cause losses amounting to
$4.5 billion (Mirza Abdullah, Ahmed & M.Ameen, 2018).
Secondly, denial-of-service attacks are
common to banking applications. Cyber attackers who use network resources for
their gain leave system users unable to access resources initiate these
attacks. The design of denial-of service may affect other affiliated systems
hence causing a distributed attack (Mirza, Ahmed & M.Ameen, 2018). As a
result, banks may have trouble in accessing complementary services from third
parties. Notably, these attacks affect the critical infrastructure of financial
institutions where a single attack can cause significant losses (Ahmed &
M.Ameen, 2018). In that light, banks are obligated to take their system
security with utmost seriousness to ensure sustainable growth. Researchers
suggest the implementation of additional security layers to minimize the
possibility of cyber threats (Mirza, Ahmed & M.Ameen, 2018; Rizov, 2018).
The need for protection also follows the fact that cybercriminals automate
online fraud using spyware. Hence, without proper end-user behaviors, banking
systems become vulnerable to hacking activities and hence compromise the
quality of their services.
Thirdly, local and hybrid attacks are
common in electronic banking. In particular, local attacks are specific to a
user’s computer. These attacks occur when a customer access their bank’s
website and it becomes spoofed (Lemley & Miller, 2014). One such attack is
surfing when an attacker observes the personal information of an online banking
user. Hence, they can get valuable information like the personal identification
number used to authorize transactions. On the other hand, hybrid attacks can be
local and remote (Ahmed & M.Ameen, 2018). Therefore, they are more powerful
than local attacks (Lemley & Miller, 2014). For example, a cyber-criminal
can launch a Trojan, which infects multiple machines in a network. The same
attack can affect a user’s home computer when they access their bank’s website
without proper security measures. During such incidences, the Trojan replaces
browser information such as bookmarks with fake ones. Studies by Rizov (2018)
show that financial institutions have to deploy sophisticated security
approaches to make it difficult for cyber attackers to manipulate end-users.
Lastly, repudiation attacks occur when
systems are unable to log and track user actions therefore allowing malicious
activities. The genesis of this problem stems from the ability of attackers to
forge authentication of specified action (Mbelli & Dwolatzky, 2016). As a
result, they can alter the authoring information to allow malicious activities
in banking systems. In that regard, the inability of users to use standard
security procedures allows cyber attackers to log into systems using the
unauthorized access (Mbelli & Dwolatzky, 2016). Similarly, social
engineering is a concern in online banking because it allows attackers to
persuade authorized users to comply with particular requests concerning
computer-based entities (Mbelli & Dwolatzky, 2016). Hence, this problem is
rampant in the case where system users are not cautious about the authenticity
of information from unspecified sources. As a result, social engineering
manifests as a form of deception targeting the human aspect of computer
security.
Solutions
to Cyber Threats Caused by User Behavior in Electronic Banking
In light of the cyber issues discussed
above, various solutions can be used to protect users in internet banking.
Firstly, end-users have to protect their online identities. Therefore, that
means users have to stop sharing information with anyone who befriends them
online (Khurana, 2019). In so doing, it becomes possible to avoid social
engineering, which is one of the techniques used by attackers to gather useful
information. Similarly, users of internet banking are obligated to use strong
passwords while following their organisational policies (Khurana, 2019). The
goal in this case is creating passwords that are difficult to crack. In
addition, when using electronic banking it is imperative that system users
choose a unique password (Khurana, 2019). The reason is that using one password
for multiple websites increases the chances of cyber breaches. Additionally,
automatic login features should be avoided in electronic banking because they
violate account usage.
Secondly, bank employees and customers
have the responsibility of surfing safely as a requirement of standard user
behavior. Hence, they have to adopt practices such as using firewalls and
anti-virus programs (Mbelli & Dwolatzky, 2016). These measures allow
computers and smartphones to detect and deter worms, Trojans and viruses.
Similarly, the activation of firewalls prevents unauthorized system access. As
a result, online banking risks like financial losses are mitigated.
Additionally, the safety of online banking is dependent on the application of
anti-spyware software (Mbelli & Dwolatzky, 2016). In particular, these
applications allow devices to surf the internet safety by preventing attackers
from eavesdropping on user activities. Most importantly, a secure wireless
communication is required to create a security perimeter for information system
users. For example, banks should adopt secure Wi-Fi passwords and change them
according to password policies.
Thirdly, the use of intrusion detection
systems is an effective electronic banking strategy use to detect and prevent
possible cyber-attacks. More so, these systems help system administrators in
banks to comprehend the nature of user traffic and determine possible loopholes
(Ray-Chaudhuri, 2012; Juariah, 2015). For example, during normal use, a user
who forgets their passwords when attempting to use electronic banking is locked
out of the system after various login attempts. Therefore, this measure is
implemented to prevent unauthorized users from accessing electronic banking
services (Ray-Chaudhuri, 2012). Similarly, intrusion detection systems can
security logs to flag suspicious activities. Hence, in case malicious
activities are identified, then the intrusion detection system take immediate
action such as locking the affected user accounts (Salam, 2019). In addition,
it becomes easy to audit banking systems because a log file is available.
Therefore, all inappropriate interaction can be seen and security strategies
for internet banking developed.
Fourthly, the use of biometrics is one of
the solutions that improves traditional user authentication and transaction
efficiency. Presently, biometrics technology is applied as an integral part of
e-banking user authorization technique (Butler & Butler, 2015). Hence, user
identify is verified upon the confirmation of characteristics such as
fingerprints. The suitability of biometrics is the ability to identify users
based on physiological and physical characteristics (Mbelli & Dwolatzky,
2016). For instance, during account enrollment, biometric sensors capture
parameters used for user verification. Fortunately, the uniqueness of
fingerprints makes it difficult for hackers to bypass (Butler & Butler,
2015). Therefore, even when user behavior is below the acceptable levels, the
use of biometrics makes it difficult for cyber criminals to access unauthorized
online banking accounts. Similarly, once customers are enrolled into their
bank’s systems, they do not need to change their fingerprints from time to time
(Kumar & Agarwal, 2015). These parameters are more secure when compared to
traditional techniques such as passwords.
Lastly, new research focuses on the
implementation of artificial intelligence (AI) in electronic banking. In
particular, this technology is a significant step in the transformation and
digitization of businesses like banks (Jaksic & Marinc, 2017). Therefore,
due to the potential of artificial intelligence, investors are willing to be
part of this change. Currently, the integration of artificial intelligence in
banking applications is modest. However, real-time tests are being conducted in
fraud detection and prevention (Jaksic & Marinc, 2017). For instance, some
banks have deployed robot advisors and chatbots. The choice of using artificial
intelligence in electronic banking stems from the need to follow regulatory
measures concerning data privacy and other concerns that might prevent proper
functioning of online banking applications (Butler & Butler, 2015).
Notably, the continued exploration of artificial intelligence lies in its
ability to automate user routines. Therefore, with this technology developers
can design dynamic authentication to improve the traditional user verification
procedures.
The suitability of artificial intelligence
lies in the ability of computer programs to learn and use acquired knowledge
without human involvement (Yazhou, 2011). Such systems observe and analyze
autonomous information to make appropriate actions. Hence, in the context of
electronic banking systems, AI applications will improve the accuracy and
performance of banks. This capability is realized through the increased
processing capacity of digital information by AI applications. Fuqing &
Guohong (2011) estimate that by 2025, big data will be the epicenter of
decision-making. Significantly, the applicability of AI electronic banking
follows the need to conduct real-time authentication to prevent fraud (Butler
& Butler, 2015). Recently, banking fraud using credit card has been a
problem for banks to deal with. In addition, in the digital age, cybercrime has
increased courtesy of the development in internet technologies (Fuqing Zhu,
& Guohong, 2011). In that regard, the plausibility of AI algorithms will
allow banking systems to verify online transactions by ensuring that fraudsters
do not exploit users.
As
banks continue finding solutions to dealing with improper user behavior, which
increase the susceptibility of banking systems to cyber-attacks, AI stands as
the much-needed solution to this issue (Yazhou, 2011). Currently, financial
tools like robot advisors are being tested to allow customers to improve their
banking decisions. The same tools can be modified to inform end-users about the
need for proper user behavior (Butler & Butler, 2015). That can be
accomplished by offering users with information bits on how to conduct
themselves online to avoid compromising the security of electronic banking
(Yazhou, 2011). Nevertheless, while AI has a lot of potential, it faces
implementation challenges from laws such as the General Data Protection
Regulation (Jaksic & Marinc, 2017). In particular, preventative clauses
detailing the automation of decision making in information systems makes this
process expensive for businesses to manage. However, AI has the potential to
shape user behavior because application can learn proper practices for users of
electronic banking. Thus, they will be reminded to comply with standard
security practices to minimize cyber threats.
Literature
Review Findings and Research Gaps
The results of the literature review
demonstrate that limited studies have been conducted on the impact of user
behavior in electronic banking. Most of the research addresses security risks
and solutions. However, the available information is supports the need for user
education as part of reducing their vulnerability to cyber-attacks when using
electronic banking. Significantly, El
Maliki & Seigneur (2014) realized that one issue affecting the
implementation of security in online banking lies in organisational cultures
where people react during incidences only. Therefore, customers will only
complain in case of an attack but will be reluctant to enforce security
policies during normal system use (El
Maliki & Seigneur, 2014; Yang & Padmanabhan, 2010). In that
case, considering the advancements of internet technologies, the human element
of electronic banking makes it difficult to improve security standards. The
result is that trust levels in online banking reduce and customers switch from
bank to bank (Yang & Padmanabhan,
2010). Thus, banks continue losing business and clients are unsatisfied
about their online banking experiences.
Notably, the researchers who conducted
studies on security awareness of users in electronic banking focused on
organisational settings. Therefore, to have a better glimpse of this problem,
security awareness studies should advance. The goal is to analyze other aspects
influencing user behavior (Aljawarneh,
2016). In particular, the difference in end-user behaviors lies in their
organisational roles in (Aljawarneh,
2016; Musa & Redzuan, 2014). For example, employees of banks advance
their security awareness unlike customers who are only interested in accessing
banking services. Therefore, this discrepancy in security awareness illustrates
the need for user education to minimize the possibility of cyber-attacks (Musa & Redzuan, 2016). On the
other hand, most of the researchers show inconsistencies in their studies on
user behavior. Hence, it is difficult to understand this issue as it affects internet
banking (Yang & Padmanabhan,
2010). More so, various recommendations are provided without properly analyzing
the issue of user behavior and security awareness in online banking.
Electronic banking comprises various
transactions done in diverse environments between information systems and the
end-users (El Maliki & Seigneur,
2014). These transactions are prone to attacks such as hacking.
Therefore, it is imperative that banks should design effective security models
to enhance the safety of online transactions (Gheciu, 2018; Yang & Padmanabhan, 2010). One
of the research challenge is that most of the effort focuses on traditional
solutions and techniques. According to Gheciu (2018), there is minimal coverage on new technologies and
practical solutions to the problem of poor user behavior in electronic banking.
Similarly, most of the research recommendations advocate for the banking
industry to improve authentication standards and using medium-risk information
systems. The objective is to allow end-users to utilize tokens and passwords
while easing the security responsibility in internet banking. However, a few
researchers remain optimistic about the adoption of superior technologies in
online banking to enhance security such as block chain.
In the context of academic research, this
study has helped to fill the gap in end-user security behavior in internet
banking. Although it has suggested various practical guidelines on how to
protect banking customers from cyber-attacks, it has not investigated the
effectiveness of these measures. However, this study is purposeful because it
has addressed the lack of empirical and theoretical research on standard user
behaviors. In that light, this study has explored how the security awareness of
users influences their online behaviors when using electronic banking services.
More so, how to mitigate cyber threats which reduce the efficiency and
convenience of internet banking systems. In truth, moderate success has been
realized therefore paving the way for future research on the effect of user
behavior on the security of electronic banking. This study has stressed on the
importance of security awareness as the foundation of adjusting user behavior
when accessing online banking services.
Apart from security awareness, this study
established that organisations have the responsibility of initiating security
education to create widespread security awareness. In this case, banks deal
with both trained and novice users who have different understandings of online
system security. Therefore, to bridge the close in security knowledge, banks
have to inform their customers on how to behave when using online services (Gheciu, 2018). Hence, the role of
banks is not only providing the relevant infrastructure, but also ensuring the
security of online transactions as the service provider (Gheciu, 2018; Aljawarneh, 2016). As
identified in this research, users shift from bank to bank in search of the
convenience and security of their money. In that regard, this discussion
delineates towards the need for security awareness programs by banks to retain
their customers and prevent cyber incidences. Unfortunately, a research gap
exists on security education and most researchers have highlighted the issue as
a solution without proper investigation.
Significantly, this study has demonstrated
the implication of information security experts to design awareness programs.
In this case, the criticality of perceived benefits and susceptibility
emphasizes security awareness. Therefore, system users become aware of the
probability of cyber threats and hence the need to check their security
behavior (Musa, & Redzuan, 2014).
Consequently, end-users adopt preventive behaviors, which protect banking
systems from exploitation by attackers (Musa, N. M., & Redzuan, 2014; Yang, Y. &
Padmanabhan, 2010). However, there is limited research on this topic.
Therefore, security awareness programs should concentrate on educating
end-users on the likelihood of cyber threats so that they can understand their
role in banking systems. Eventually, these users will correct their behaviors
because they know that their actions affect information assets. Notably, it is
evident that there is a research gap on how banks can design their security
awareness campaigns to improve user behavior. A lot of the user knowledge is
acquired through experiences, which means user education is required to enforce
effective deterrence measures (Yang, Y.
& Padmanabhan, 2010).
Conclusion
In internet banking, user behavior is a
source of security breaches if remains unchecked. Unfortunately, the issues
that financial institutions have to deal with is the increasing numbers of
customers and employees using online banking. Therefore, to maintain and
increase business, it is inevitable for banks to promote security awareness through
user education. This research has explored various studies and identified gaps
in the design of user security awareness by banks. In particular, most of the
studies focus on security recommendation hence deviating from the issue of
improving user security in online banking. Most importantly, this research has
suggested various solutions to address user security challenge. These solutions
comprise strong passwords, system firewalls, intrusion detection systems,
biometrics and integrating artificial intelligence. Nevertheless, security in
online banking is a collective responsibility between bank employees and
customers.
References
Airehrour, D.,
Nair, N. V., & Madanian, S. (2018). Social Engineering
Attacks and Countermeasures in the New Zealand Banking System: Advancing a
User-Reflective Mitigation Model. Information, 9(5),
110. Doi: 10.3390/info9050110
Alimolaei, S.
(2015). An intelligent system for user behavior detection in Internet
Banking. 2015 4th Iranian Joint Congress on Fuzzy and Intelligent
Systems (CFIS). doi:10.1109/cfis.2015.7391642
Aljawarneh, S. A.
(2016). Emerging Challenges, Security Issues, and Technologies in Online
Banking Systems. Online Banking Security Measures and Data Protection,
90-112. doi:10.4018/978-1-5225-0864-9.ch006
Althobaiti, M. M.,
& Mayhew, P. (2014). Security and usability of authenticating process
of online banking: User experience study. 2014 International Carnahan
Conference on Security Technology (ICCST). doi:10.1109/ccst.2014.6986978
Bradshaw, S. (2015). Combating Cyber Threats: CSIRTs and
Fostering International Cooperation on Cybersecurity. SSRN Electronic
Journal. doi:10.2139/ssrn.2700899
Butler, M., & Butler, R. (2015). Investigating
the possibility to use differentiated authentication based on risk profiling to
secure online banking. Information and Computer Security, 23(4),
421-434. doi:10.1108/ics-11-2014-0074
Chatzipoulidis, A., & Mavridis, I. (2010). A
Study on User Behavior and Acceptance of Electronic Banking Services. 2010
14th Panhellenic Conference on Informatics. doi:10.1109/pci.2010.33
Chavali, K., & Kumar, A. (2018). Adoption of
Mobile Banking and Perceived Risk in GCC. Banks and Bank Systems, 13(1),
72-79. doi:10.21511/bbs.13(1).2018.07
Chen, Z., Ebrahim, A., &
Taboada, A. G. (2013). Turnover Threat and CEO Risk-Taking Behavior
in the Banking Industry. SSRN Electronic Journal.
doi:10.2139/ssrn.2230145
D’Alessandro, R., & Leone, M. (2011). A
Mechanism for e-Banking Frauds Prevention and User Privacy Protection. ISSE
2010 Securing Electronic Business Processes, 226-235.
doi:10.1007/978-3-8348-9788-6_22
Drennan, J., Sullivan, G. S., &
Previte, J. (2008). Privacy, Risk Perception, and Expert Online
Behavior. End-User Computing, 1-18. doi:10.4018/978-1-59904-945-8.ch001
Dzomira, S. (2016). Financial consumer protection:
internet banking fraud awareness by the banking sector. Banks and Bank
Systems, 11(4), 127-134. doi:10.21511/bbs.11(4-1).2016.03
El
Maliki, T., & Seigneur, J. (2014). Online Identity and User
Management Services. Managing
Information Security,
75-118. doi:10.1016/b978-0-12-416688-2.00004-0
Farzianpour, F., Pishdar, M.,
Shakib, M. M., & Toloun, M. (2014). CONSUMERSรข€™ PERCEIVED
RISK AND ITS EFFECT ON ADOPTION OF ONLINE BANKING SERVICES. American
Journal of Applied Sciences, 11(1), 47-56.
doi:10.3844/ajassp.2014.47.56
Fuqing Zhu, & Guohong Li. (2011). Study on security of
electronic commerce information system. 2011 2nd International
Conference on Artificial Intelligence, Management Science and Electronic
Commerce (AIMSEC). doi:10.1109/aimsec.2011.6010713
Gheciu, A.
(2018). Normative Dilemmas and Challenges of Security Commercialization. Oxford Scholarship Online. doi:10.1093/oso/9780198813064.003.0006
Gupta, M., Rao, R., & Upadhyaya, S.
(2006). Electronic Banking and Information Assurance Issues. Advanced
Topics in End User Computing, Volume 4, 16(3).
doi:10.4018/9781591404743.ch012
Harel, A., Ben David, T., Kashani, A.,
Iyer, G., Motonori, A., & Masumi, E. (2018). Mitigating
Unknown Cybersecurity Threats in Performance Constrained Electronic Control
Units. SAE Technical Paper Series. doi:10.4271/2018-01-0016
ILIE, R. (2013). Online Transactions Security in
Internet Banking and e-Commerce. International Journal of Information Security
and Cybercrime, 2(1), 9-16. doi:10.19107/ijisc.2013.01.01
Jaksic, M., & Marinc, M. (2017). Relationship
Banking and Information Technology: The Role of Artificial Intelligence and
Fintech. SSRN Electronic Journal. doi:10.2139/ssrn.3059426
Jerald, M. (2017). Controlling Images: How Awareness of
Group Stereotypes Affects Black Women’s Well-Being. doi:10.31234/osf.io/dajc5
Khurana, A. (2019). Digitalization in Banking:
Convenience versus Security Threat. SSRN Electronic Journal.
doi:10.2139/ssrn.3358058
Kumar Choubey, S., & Agarwal, A. (2015).
Improving banking authentication using hybrid cryptographic technique. 2015
International Conference on Computer, Communication and Control (IC4).
doi:10.1109/ic4.2015.7375511
Lafraxo, Y., Hadri, F., Amhal, H., &
Rossafi, A. (2018). The Effect of Trust, Perceived Risk and Security on
the Adoption of Mobile Banking in Morocco. Proceedings of the 20th
International Conference on Enterprise Information Systems.
doi:10.5220/0006675604970502
Lemley, M. A., & Miller, S. P.
(2014). If You Can't Beat 'Em, Join 'Em? How Sitting by Designation Affects
Judicial Behavior. SSRN Electronic Journal.
doi:10.2139/ssrn.2449349
Mbelli, T. M., & Dwolatzky, B. (2016).
Cyber Security, a Threat to Cyber Banking in South Africa: An Approach to
Network and Application Security. 2016 IEEE 3rd International
Conference on Cyber Security and Cloud Computing (CSCloud).
doi:10.1109/cscloud.2016
Mirza Abdullah, S., Ahmed, B., &
M.Ameen, M. (2018). A New Taxonomy of Mobile Banking Threats, Attacks and
User Vulnerabilities. IEC2018 Proceedings Book.
doi:10.23918/iec2018.29
Musa, N. M., & Redzuan, F. (2014).
Understanding user behavior towards mobile messaging application use in support
for banking system. 2014 3rd International Conference on User Science
and Engineering (i-USEr). doi:10.1109/iuser.2014.7002715
Nguyen, T. D., & Nguyen, T. C.
(2017). The role of perceived risk on intention to use online banking in
Vietnam. 2017 International Conference on Advances in Computing,
Communications and Informatics (ICACCI). doi:10.1109/icacci.2017.8126122
Pitera, M. R. (2017). CONTEMPORARY PROBLEMS AND
THREATS OF CYBER SECURITY IN THE SECTOR OF ELECTRONIC BANKING SEVICES. Przeglฤ
d
Nauk o Obronnoลci, 1(4), 181-191.
doi:10.5604/01.3001.0013.0120
Ray-Chaudhuri, R. (2012). How Banking Deregulation
Affects Growth: Evidence from a Panel of U.S. States. SSRN Electronic
Journal. doi:10.2139/ssrn.2131960
Salam, M. (2019). Inclusion of Perceived Risk with TAM
in Measuring Attitude Toward online Banking. European Journal of
Business and Management, 11(2). doi:10.7176/ejbm/11-2-08
Yang, Y.
& Padmanabhan, B. (2010). Toward user patterns for online security:
Observation time and online user identification. Decision Support Systems, 48(4), 548-558.
doi:10.1016/j.dss.2009.11.005
Yazhou Xiong. (2011). Research on the Internet banking
security based on dynamic password. 2011 2nd International Conference
on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC).
doi:10.1109/aimsec.2011.6010871
Investigating How User Behavior
Compromises the Security of Banking Systems
Student’s Name
Institution Affiliation
Table of Contents
List of Figures
Figure 2: Use
case showing the bank customer and employee interaction with the online banking
system
Research Methodology
Introduction
The quality of any research results from
the vigor in the involved activities (Morgan, 2013).
In that regard, this section will seek find a methodology to answer the
research questions. Research design provides a glue that binds a study
together. More so, it provides the structure that shows how other parts of a
research relate using samples, treatments and data analysis methods (Morgan, 2013; Watzlawik & Born,
2017).
However, the focus of a research methodology is addressing research questions
using either qualitative or quantitative methodology. Therefore, a researcher
has to take careful consideration in their study design, decisions and details
(Watzlawik & Born, 2017). In that
light, a qualitative research design was adopted to explore the research
questions. In particular, this form of research focuses on the interpretation
of previously done research to derive meaningful phenomena.
This section will use the design research
methodology to explore how user security behavior affects electronic banking.
In information systems, design science as a discipline helps in the development
of meaningful artifacts in the exploration of research questions (Wieringa, 2014). More so, this methodology
incorporates procedures, principles and practices needed to conduct a research
to meet its objectives (Miah & Genemo, 2016).
In particular, it follows steps such as issue identification, objectives
definition towards a solution, design and development, evaluation,
demonstration and communication. The suitability of design science methodology
is that it offers a systematic method of designing a solution and acquiring
knowledge (Wieringa, 2014; Hevner & Chatterjee,
2010). In addition, it emphasizes on testing and communicating methods
when investigating research questions. Therefore, design science methodology is
suitable in the exploration of the study topic; user security behavior in
online banking systems.
The objective of this phase is developing
a design research methodology to find a solution to the problem of user
security vulnerability in electronic banking. More so, the study intends to use
qualitative data collection method to find suitable data to satisfy the
research questions and find solutions. In particular, the choice of this method
stems from the fact that the researcher can verify the authenticity of data
used to produce favorable outputs (Bilgin, 2017).
The quality of a research is based on a researcher’s ability to verify the
quality of results. In addition, the researcher will create a plan for
analyzing data. In design research science methodology, researcher do not have
to necessarily follow a certain plan during data analysis (Bilgin, 2017). However, a plan is necessary to guide
them through their data analysis process.
Research Design and Methodology
Problem Identification
Organizations such as banks depend of
sensible user security behavior in all the operational tasks (Aljawarneh, 2017). Therefore, despite the
implementation of security standards and policies, it is difficult for security
documentation to spell out how customers and banking staff should act in
different situations (Aljawarneh, 2017; Tassabehji
& Kamala, 2009). Similarly, banks cannot control their staff and
customers’ behavior by compelling them to adopt sensible behaviors whether
small. More so, this challenge manifests even when transactions are validated
and end-users are careful when accessing electronic banking systems (Aljawarneh, 2017). Hence, a bank becomes susceptible
to cyber-attacks because of end-user decisions (Aljawarneh,
2017). On the other hand, recent studies by the Information Security
Culture (ISC) indicate that about 80% of information security hazards result
from the implementation of poor solutions (Nagar & Suman, 2017). Hence, the development of user-focused
security applications can improve the safety of banking systems.
User security behavior in banking is
influenced by employees hear, practice daily, common sense decisions, personal
standards and end-user’s sense of obligation (Althobaiti
& Mayhew, 2014). In most organizations, system security does not
follow strict guidelines. Hence, employees embrace such principles and values
in their daily interactions with banking systems (Aljawarneh,
2017). Similarly, new employees adopt the security cultures they find in
their workplaces (Althobaiti & Mayhew, 2014).
As a result, it becomes difficult to erode substandard user-security behavior
in banking environments where employees have little concern for their actions.
In addition, banking employees make most of the decisions when using online
information systems (Aljawarneh, 2017).
Therefore, they have the responsibility of making sensible security decisions.
Such responsibility builds a personal history that either determines whether
their behaviors is acceptable or unacceptable (Aljawarneh,
2017). Additionally, the other security challenge in electronic banking
lies in whether end-user conduct that compromise security.
The challenge of electronic banking is
that cyber threats the threat actors create different techniques of gathering
critical and confidential information (Nagar & Suman, 2017). Hackers are interested in stealing the
identity of unsuspecting employees to manipulate their way through banking
systems. Therefore, researchers focus on the levels of security awareness in
organizations such as banks (Nagar
& Suman, 2017). Similarly, the difference in user roles when
interacting with online banking applications is a security concern. For
example, employees are users within banks while customers are users in
electronic banking operating from their homes (Althobaiti
& Mayhew, 2014). In this case, the difference in security awareness
is that challenge that banks deal with when looking for ways to counter the
resultant cybersecurity threats. In that regard, this study proposes an
improved electronic banking system to overcome the challenge of user security
in banking information systems.
Defining Objectives for a Solution
The entire objective of this paper
is developing a methodology for design science research as applied in
information systems. In particular, design a security proof system to address
the challenge of end-user vulnerabilities in electronic banking. Therefore,
this study will build on existing research while following the research
questions;
a. To
investigate how security awareness influences user behavior that creates cyber
risks to online banking applications.
b. To
determine how the health of online financial services can be improved
Nominal Process
The purpose of this process in design
science is creating a roadmap for other researchers who want to explore the
issue of end-user security vulnerability in electronic banking to develop their
design mechanisms. In addition, design research as applied in this study will
create an understanding of the empirical elements of information system
research using acceptable processes (Drechsler, 2012).
Building on Existing Studies
The process of developing a design
research methodology involves the integration of different principles in
conducting research. In particular, applicable research includes design studies
where different processes are referenced (Geerts,
2011). The reference to completed studies focuses on the access to rich
ideas that can be applied to address the study problem and accomplish the
objectives of design research. Therefore, design research methodology will
provide suitable descriptions when analyzing the research context (Miah & Genemo, 2016). The research design
methodology will therefore borrow concepts applied in internet banking by
connecting the design plan with the involved process. In information systems,
design research is suitable for creating intelligent systems (Miah & Genemo, 201). In this case, the study
intends to find a solution to electronic banking by developing a system that is
immune to the vulnerabilities of user security. Hence, research design
methodology will serve as the process in creating a solution to the study
problem.
Design and Development
In this study, a consensus building
approach will be used to determine the appropriate elements of designing a
design research methodology. The objective is creating an acceptable framework
for conducting research (Geerts, 2011). More
so, the demonstration of design research methodology will be realized using a
case study (Geerts, 2011). In this case, the
purpose of such a demonstration is analyzing user security awareness to
determine how it affects internet banking applications. In that regard, the
study will borrow from the Chengdu case study where a survey and
semi-structured interviews were used to investigate the impact of user security
awareness in banking applications.
Demonstration
After the review of a case study, the
researcher will determine whether a new or improved system is needed to address
the challenge of user security behavior in internet banking. At this point in
the development of a research science methodology, researchers focus on the
outputs of a study to test their research questions and hypothesis (Geerts, 2011). However, in this case, the researcher
will investigate the Chengdu study to determine how to improve user security
awareness in electronic banking.
Evaluation
The results of the case study used
have to be refined and verified for accuracy. According to Hevner & Chatterjee (2010), the accuracy of the
results of a research science methodology are based on the development of a
comprehensive checklist. In that case, the researcher will thoroughly assess
the results of the study to improve the accuracy of the outcomes. The objective
is paving the way for the development of an improved information system (Hevner & Chatterjee, 2010). Hence, as design
research methodology requires, the researcher will have the chance to
contribute towards new research.
Data Analysis Plan
The researcher will follow the following
plan when conducting qualitative research to answer the research questions;
a. Aims
– in this case, they will be guided by the initially specified research
questions to test them and develop outcomes. The objective of this step is
distinguishing the difference between qualitative data and ideas.
b. Data
source – since the researcher will use qualitative data, they will specify the
study population, data collection method used in the reference study and
technique of data analysis.
c. Planned
tables – an important role of the researcher when conducting their research is
outlining the relevant tables to complement the explanation of study results.
Therefore, the display of tables will focus on discussions to refine the
research.
Data Collection Methodology
Data collection is a process that involves
seeking answers to answer the research problem, test hypothesis and test the
research questions (Maxwell, 2018). It is
categorized to primary and secondary methods. The former refers to facts and
figures while the latter entails data from publications such as books and
journals (Maxwell, 2018; Flick, 2018).
However, this study will use qualitative method as a primary data collection
technique. In particular, it is an exploratory research technique used to gain
an understanding about motivations, reasons and opinions about a research topic
(Maxwell, 2018). Therefore, it provides
insight into a research problem and helps in the development of ideas. However,
the comprehensives of qualitative research is based on the vastness of the
semi-structured and unstructured techniques used in data collection (Flick, 2018). In this study, the choice of
qualitative research stems from the fact that the researcher can evaluate the
subject content with greater attention to develop measurable outcomes.
Significantly, the application of
qualitative research will provide the researcher with a fluid technique of
analyzing trends in data collection, questioning and reporting information (Copeland, 2014). Hence, if the available data is
insufficient, they can seek an alternative direction. More so, this technique
appreciates human experiences and instinctual observations. In addition, the
data gathered produced has predictive quality which can be verified by the researcher
(Copeland, 2014). This ability stems from the
fact that the researcher can draw perspectives about the research from the real
world (Flick, 2018). Thus, they can isolate
data complexities and present meaningful results to answer the research
questions. However, to realize success in using qualitative data collection, a
researcher has to address various challenges. They have to analyze data
rigidity, assess data value and overcome difficult decisions to prevent
repetition of results.
System Analysis
In light of the design research
methodology discussion, this will review user and system interactions in online
banking applications. The objective is to gain an understanding of how
vulnerabilities arise due to user security behavior. Banks invest in information
systems but using recent technologies is an advantage for these institutions.
In electronic banking, security starts from the users as it advances to the
administrators and critical infrastructure. Therefore, this section will
demonstrate how different actors using different access rights using unified
modeling language diagrams. In particular, use cases, activity diagrams,
timeline and sequence diagrams are provided. The following diagrams demonstrate
user and system interactions in online banking;
a.
Use
cases
Figure 1: Use case showing
the interaction the customers, bank tellers, system administrator and the
banking system.
Figure 2: Use case showing
the bank customer and employee interaction with the online banking system
Figure 3: Use case showing
the super administrator and bank users interaction with the banking system
b.
Activity
Diagrams
Figure 4: Activity diagram
demonstrating the customer and bank teller interactions from the time the
customer requests to withdraw money to when they request a loan and its gets
approved.
Figure 5: Activity diagram
showing the processes bank customers go through when using online banking
services
Figure 6: Activity diagram
showing how the banking system differentiates employee permissions and roles.
c.
Class
Diagrams
Figure 8: Class diagram
showing the relationship amongst bank, employee, customer, account and loan
using multiplicities
Figure 9: Class diagram
showing the relationships amongst bank, customers, account, statement and
account type
d.
Sequence
diagrams
Figure 10: The sequence
diagram demonstrates how the customer and bank teller perform different roles
in the banking system
Figure 11: Sequence diagram
demonstrating how the banking system checks user requests such as bank balances
Figure 12: Sequence diagram
showing how the customer, account and account entities relate in the banking
system
Conclusion
The objective of the methodology
section was to identify the most suitable technique of answering the research
question and testing the study outcomes. In that case, the researcher
determined design science research methodology as the most appropriate technique.
In particular, the suitability of this methodology results from its application
of procedures, practices and principles of research. For example, this
methodology defines the study problem, objectives, demonstrates a case and its
evaluation. More so, the researcher has proposed the use of qualitative
research to explore how user security behavior can be improved in online
banking applications. The choice of qualitative data collection methodology
arises from the ability of a researcher to verify the results of a study.
Therefore, they can use appropriate data to test their research question.
References
Aljawarneh, S. A. (2017).
Analysis of Data Validation Techniques for Online Banking Services. Online Banking Security Measures and Data Protection, 127-139. doi:10.4018/978-1-5225-0864-9.ch008
Althobaiti, M. M., &
Mayhew, P. (2014). Security and usability of authenticating process of
online banking: User experience study. 2014
International Carnahan Conference on Security Technology (ICCST). doi:10.1109/ccst.2014.6986978
Bilgin, Y. (2017). Qualitative
Method Versus Quantitative Method in Marketing Research: An Application Example
at Oba Restaurant. Qualitative versus
Quantitative Research. doi:10.5772/67848
Brannen, J. (2017). Combining
qualitative and quantitative approaches: an overview. Mixing Methods: qualitative and quantitative research, 3-37. doi:10.4324/9781315248813-1
Copeland, D. C. (2014).
Quantitative Analysis and Qualitative Case Study Research. Economic Interdependence and War. doi:10.23943/princeton/9780691161587.003.0003
Ditchfield, H., &
Meredith, J. (2018). Collecting Qualitative Data from Facebook: Approaches
and Methods. The SAGE Handbook of
Qualitative Data Collection, 496-510.
doi:10.4135/9781526416070.n32
Drechsler, A. (2012). Design
Science as Design of Social Systems – Implications for Information Systems
Research. Lecture Notes in Computer
Science, 191-205.
doi:10.1007/978-3-642-29863-9_15
Flick, U. (2018). Doing
Qualitative Data Collection – Charting the Routes. The SAGE Handbook of Qualitative Data Collection, 3-16. doi:10.4135/9781526416070.n1
Geerts, G. L. (2011). A
design science research methodology and its application to accounting
information systems research. International
Journal of Accounting Information Systems, 12(2), 142-151.
doi:10.1016/j.accinf.2011.02.004
Hevner, A., &
Chatterjee, S. (2010). Design Science Research in Information
Systems. Integrated Series in
Information Systems, 9-22.
doi:10.1007/978-1-4419-5653-8_2
Maxwell, J. A. (2018). Collecting
Qualitative Data: A Realist Approach. The SAGE
Handbook of Qualitative Data Collection,
19-31. doi:10.4135/9781526416070.n2
Miah, S. J., &
Genemo, H. (2016). A Design Science Research Methodology for Expert
Systems Development. Australasian Journal of
Information Systems, 20.
doi:10.3127/ajis.v20i0.1329
Morgan, D. (2013). Integrating
Qualitative and Quantitative Methods: A Pragmatic Approach. Thousand Oaks,
CA: SAGE Publications.
Nagar, N.,
& Suman, U. (2017). Prevention, Detection, and Recovery of CSRF Attack
in Online Banking System. Online Banking Security Measures and Data
Protection, 172-188. doi:10.4018/978-1-5225-0864-9.ch011
Tassabehji, R., &
Kamala, M. A. (2009). Improving E-Banking Security with Biometrics:
Modelling User Attitudes and Acceptance. 2009 3rd International
Conference on New Technologies, Mobility and Security.
doi:10.1109/ntms.2009.5384806
Watzlawik, M., &
Born, A. (2007). Capturing Identity: Quantitative and Qualitative
Methods. Lanham, MD: University Press of America.
Wieringa, R. J. (2014).
Research Design. Design Science Methodology for Information Systems
and Software Engineering, 121-133. doi:10.1007/978-3-662-43839-8_11
