Type of paper:
Subject or discipline:
Information Systems with a Technology Management cognate
I have to write a thesis where the main objective is to:Successful
capstones will follow an objective research methodology to collect
or generate data that informs the analysis and design of a new
computing system related to the primary domains identified by the
Association for Computing Machinery (ACM): cloud architecture
and/or computing, cybersecurity systems, databases and/or data
analytics systems, enterprise architecture, information systems,
integrated systems, internet of things systems, networks,
platform systems, software development, user interfaces,
virtual systems, and/or web and mobile applications.
The thesis is broken down into three parts explained in
the attachments below. The first part is due in to weeks,
second part two weeks after the due date of the first part,
and the final part is due three weeks afters the second part.
Investigating How User Behavior Compromises the Security of Banking Systems
Table of Contents
Investigating How User Behavior Compromises the Security of Banking Systems
The banking sector has revolutionized courtesy of digitization and the introduction of social collaborations (Alimolaei, 2015). Hence, this change has improved business operations, operations, user training and information sharing. Similarly, technological advancements such as the internet have increased opportunities for businesses like banks to reach their customers using new channels. As a result, small-sized operations turn to corporate-sized transactions done instantly through web and mobile applications (Airehrour, Nair & Madanian, 2018). Thus, this development explains the global widespread dependency on electronic banking systems. In addition, this trend is facilitated by the convenience, safety and security of these applications. Sadly, the ease of using banking systems has introduced vulnerabilities that affect businesses and the industry as a whole. Therefore, cybercriminals take advantage of this upheaval to compromise banking systems. A study by Price Waterhouse Coopers confirmed that the susceptibility of financial institutions to cyber threats stands at 93% (Alimolaei, 2015).
In the banking sector, technology is applied to enhance customer satisfaction and the efficiency of transactions. In this case, it facilitates business-to-business and business-to-consumer operational models (Airehrour, Nair & Madanian, 2018). Therefore, system intrusion by malicious parties compromises system security and transaction efficiency. In particular, intrusion can be done by anyone with and without their knowledge. As a result, cyber-attackers target system users by establishing their trust to gain information that will help them break systems. This problem is a huge risk for financial systems because it leads to loss of assets and money (Airehrour, Nair & Madanian, 2018). On the contrary, banks avoid bad publicity because it results in loss of business. Therefore, the key challenge in ensuring cybersecurity for banking applications is handling system users. Nevertheless, financial institutions strive to handle market pressures, ensure business needs and modernize their operations.
The volume of information transmitted and stored by banking systems is valuable and hence attracts the attention of cyber attackers (Althobaiti & Mayhew, 2014). In that regard, system administrators and software developers of financial systems work hand in hand to prevent possible intrusions. For instance, data breaches threaten system because they become accessible by unauthorized personnel, which necessitates better system security (Airehrour, Nair & Madanian, 2018). Financial businesses vary in terms of size and hence experience different degrees of losses. Fortunately, the advancement of technology has improved online transactions where third-party service providers such as SWIFT collaborate with financial institutions to facilitate money transfer via web applications (Airehrour, Nair & Madanian, 2018). Nevertheless, even with the investment in a good infrastructure, it is imperative to consider cybersecurity vulnerabilities introduced by user behavior. In this case, the complexity of online financial systems requires the application of proper practices to mitigate cyber threats such as denial of service.
Notably, the implementation of security in financial systems depends of the proper classification of possible vulnerabilities and the methods of attacks. In particular, this classification should consider external and intrinsic factors (Airehrour, Nair & Madanian, 2018). For example, the relationship between financial service providers and users should be considered. More so, the classification should consider the responsibility of every party in ensuring the security of banking systems from the strongest to the weakest link. Else, the inability to factor in the vulnerability of user behavior will compromise communication, security models and technologies integrated in financial applications. In addition, this problem is complicated by the fact that attackers are motivated by the need to access clients’ data, money and testing their abilities to penetrate banking systems. Therefore, the element of user behavior requires due attention to increase the consciousness to the possibility of system attacks at any moment.
Background of the Research
The banking industry relies heavily on information technology to obtain, process and provide information to the relevant end-users (Chatzipoulidis & Mavridis, 2010). Therefore, banks not only process client information but also provide a means for customers to differentiate services and products. As a result, these financial institutions have to continuously update and innovate solutions to maintain their service demand and understand consumer needs. In this case, it is imperative for banks to ensure that their online systems are reliable, convenient, secure and expedient the required services (Chatzipoulidis & Mavridis, 2010). Therefore, banks are motivated by the need to expand their customer base in different markets as part of extending their geographical and service coverage. However, some banks consider the utilization of online applications as a suitable approach to offering banking services through the internet. Since the internet introduction in 1969, it has evolved from an academic to a communication channel. Recent studies shows that the internet’s popularity has increased following its potential in electronic commerce.
Businesses such banks access various opportunities and threats from the internet. However, the internet is almost becoming the primary distribution and delivery channel for customer-based applications operating through electronic commerce platforms (Dzomira, 2016; Suping & Yizheng, 2010). On the other hand, the rapid spread of the internet promotes the banking cyberspace, which offers online services. For example, in the United States, banks provide internet services like Security First National Bank (Chavali & Kumar, 2018). Hence, this development shows how the internet is leveraged as a competitive advantage to revolutionize how banks deliver services, operate and compete with other financial institutions. In that regard, electronic banking has become a critical driver of modern economies. Nevertheless, despite the potential of the internet in growing banks, it poses cyber risks to customers (Dzomira, 2016). In addition, with the growth of online banking, physical banks premises are disappearing because the internet provides on-demand and convenient services unlike in traditional banking where customers queue to access services.
Significantly, the growth of the internet has promoted most banks to change their information technology strategies to remain competitive. On the other hand, customers expect better services, flexibility and convenience from their banks (Fuqing & Guohong, 2011). More so, these demands should be provided in easy to use online systems with management tools unlike in traditional banking. Fortunately, the extensive infrastructure of public networks allows banks to extend services to their customers (Fuqing & Guohong, 2011; Tassabehji & Kamala, 2009). Nevertheless, despite the ability of financial institutions in creating online systems to benefit their customers, the main challenge in operating banking applications is dealing with the threat of end-user security behaviour. However, this teething problem can be addressed to maintain the convenience of online banking services. Otherwise, the importance of internet banking will recede without the implementation of strategies to increase the competitiveness of banks.
Cybersecurity experts classify user behavior as a human-based form of social engineering, which may involve a combination of single or multiple-staged attacks (Althobaiti & Mayhew, 2014). However, in the context of financial systems, social engineering occurs as a single attack because it results from one incident. Research by Althobaiti & Mayhew (2014) determined that cyber attackers exploit end-user behavior because the internet creates the opportunity to communicate, and hence coarse unsuspecting users to provide significant information to hackers. Similarly, reckless behaviors such as violating password policies and sharing system credentials increases the possibility of attacks (Airehrour, Nair & Madanian, 2018). In addition, banks should implement policies to bridge the gap between the safe transfer of information and reducing the probability of cyberattacks escalates this problem to avoid the possibility of failure.
Therefore, financial institutions have the responsibility of detecting and mitigating attacks in spite of user negligence. As a result, this issue results from the inability of financial institutions to close the gap between the behavioral responses of users and the expectations of banks (Alimolaei, 2015). As a result, the ease of accessing user credential by attackers leads to impersonation where they can manipulate or access unauthorized information. Hence, this problem demonstrates the vulnerability of user behavior and their need to show responsibility towards system security (Althobaiti & Mayhew, 2014). Similarly, there are research gaps in how user behavior affects electronic banking. More so, there is limited research on how security awareness is a vital ingredient in changing end-user behaviors. In that regard, this thesis will investigate how to address the problem of user behavior as a cybersecurity threat.
This study seeks to answer the following questions to address the problem of user behavior as it affects banking systems;
a. To investigate how security awareness influences user behavior that creates cyber risks to online banking applications.
b. To determine how the health of online financial services can be improved
Security Behavior of System Users
The idea of security awareness for the users of banking systems arises from the advancements of internet technologies (D’Alessandro & Leone, 2011). In particular, the entire process entails the introduction of users to computers to understand the increasing reliability and complexity of information technology and applications used to perform different tasks. In this case, the objective is diversifying the perspectives of banking systems users, to raise their awareness about cyber threats and increase their acceptance to such applications (D’Alessandro & Leone, 2011). In that regard, various researchers have highlighted the criticality of security awareness as an integral part of improving user behavior when accessing online services. More so, this topic has acquired academic attention because it leads towards the development of suitable theories used to increase the campaigns on security awareness. One of the solutions suggested is the implementation of security awareness policies by organisations to establish a culture where end-users are cautious about their online behavior. In organisations and businesses with online systems, this solution is helpful in increasing staff compliance to acceptable online behaviors.
Notably, the researchers interested in this study topic have focused on end-user security awareness of employees while others focused on the awareness of end-users when using particular devices such as smartphones to access internet services (Farzianpour et al., 2014; Harel et al., 2018; Jerald, 2017). However, the focal points of most of the researchers is the role of the end-users in banking information systems. In the case of internet banking, the end-users are the customers authorized to access services like checking mini statements through their smartphones or home computers. Interestingly, the major discrepancy in most of the studies is that the current security awareness knowledge is not only applied in internet banking scenarios (Farzianpour et al., 2014). Similarly, another observation from the works of different researchers is that inconsistencies exist in their findings and they list their results instead of examining them. In addition, rather than focusing on security awareness and understanding the issue, concrete recommendations are made which limits the effectiveness of online banking applications. Hence, there is need to process sufficient information on the issue of customers’ awareness of online banking security.
Research gaps exist concerning the behaviors of computer users and how it impacts security practices. However, some studies on security behaviors and motivational antecedents affecting the relationships between situational factors and end-user behaviors have been done (ILIE, 2013; Khurana, 2019; Jaksic & Marinc, 2017). Similarly, related research concerning users in their home environment instead of computer use within workplaces. For example, such studies include the review of factors promoting the intentions of home end-users to implement security practices using planned behavior theory. In that regard, the lack of adequate studies on end-user behaviors has led to the focus on theories to determine decision-making and risk factors under uncertainty conditions (Jaksic & Marinc, 2017). Therefore, in this light, a research was done to develop a safety climate model, which includes supervisory and management practices to positively impact employee perceptions. The motivation behind this research is that the inability of workers to actualize security practices compromises the security of information systems.
Security risks are defined as adverse events that result to loss of confidentiality, disruption of system integrity, denial of services and violation of policies (ILIE, 2013). In that regard, the adoption of security practices by financial institutions and end-users promotes protective behavior that prevents security incidences (Kumar Choubey & Agarwal, 2015). Similarly, a line can be established between preventive and protective behaviors to improve the health of banking systems. In particular, such conduct is characterized by reduced incidences from reckless user behaviour. Different scholars using different models have reviewed such user behaviors to determine their safety and security when using online banking applications.
General Deterrence and Protection Motivation Theories
In electronic banking, threat likelihood and severity can be explained using two theories; general deterrence and protection motivation (Fuqing & Guohong, 2011). Firstly, general deterrence theory examines end-user security behaviors in organisations where the compliance to security policies is required. This model is rooted in criminology and was developed to help institutions such as banks to deter the possibility of undesirable information system events such as hacking and denial of services. Studies by Fuqing & Guohong (2011) determined that a significant factor influencing proper user behavior is sanction certainty. Therefore, the security of an information system is considered effective when organisations address issues such as computer abuse, deterrents and rival explanations (Gupta Rao & Upadhyaya, 2006). These factors are relevant when accounting for the degree of user behaviour that either promotes or deteriorates the security of banking systems. Therefore, financial institutions can take relevant measures such as end-user training to improve cybersecurity.
Secondly, protection motivation theory examines the ability of system users to protect themselves from threats. In particular, this model complements the expected-value concept in providing a complete understanding of fear effects towards change (Fuqing & Guohong, 2011; Jerald, 2017). When using banking applications, fear appeal concerns the communication threats to individuals concerning one’s well-being (Fuqing & Guohong, 2011). Earlier works on this theory focused on mediated psychology, stress reactions and cognitive appraisal of end-users towards a certain stimulus. In this case, two processes occur; coping and threat appraisal (Jerald, 2017). It was determined that a fear appeal develops from intrapersonal and environmental information, which is influenced by factors such as the possibility of a threat and the severity of the perceived security event. As a result, fear arousal manifests as a perceived threat that includes intrinsic and extrinsic threats Fuqing & Guohong, 2011. Initially, protection motivation theory focused on the effect of response efficacy, vulnerability and severity on retention. The reasoning behind this focus was that these components influence the security adaptive responses of information system users.
Notably, researchers established that a fear appeal connotes the existence of threat severity without the probability of occurrence (Kumar & Agarwal, 2015; Chatzipoulidis & Mavridis, 2010). Hence, in such an instance, a countermeasure is unnecessary despite the levels of system confidence. On the other hand, a severe threat exists when the probability of security events is high and end-users do not see the need for countermeasures (Chatzipoulidis & Mavridis, 2010). Sadly, while this interaction is reasonable, it lacks adequate empirical support. However, the revised protection motivation theory argues that an additional relationship between vulnerability and severity is critical in the comprehension of self and response efficacy (Chatzipoulidis & Mavridis, 2010). Similarly, in the new approach, it was observed that second-order interactions are required between the two efficacy processes. Sadly, these interactions lacks due empirical support. Nevertheless, various studies with inconsistent and different findings have reviewed the issues of self and response efficacy (Drennan, Sullivan & Previte, 2008). For example, some of the observable differences in study findings include vulnerability and self-efficacy. Therefore, the general observation is that the interactions within the protection motivation theory depend on the research context like threat topic and sample size.
The general protection and protection motivation theories are widely used in information system research. Researchers argue that the susceptibility and severity of threats influences the self-efficacy and response efficacy of end-users. In particular, the greater the magnitude of perceived threat, the lesser the responses to implement countermeasures. Therefore, the behavioral intention of users of banking systems can be determined by how their perceptions change.
Perceived Risk in Online Banking
Studies on the perceived risk of consumer behavior focus on the end-users perception of the potential cyberspace risks and the uncertainty of purchasing products or services. Therefore, the perceived level of risk is a factor that influences purchase decisions of consumers (Drennan, Sullivan & Previte, 2008; Farzianpour et al, 2014). Similarly, the introduction of new technologies exposes the users of online banking services to both risks and benefits where the consumers are compelled to adopt technological advancements by weighing the perceived benefits. In that regard, electronic banking is not exempted from this change but the adoption of technology reduces the consumer-perceived risk. Nguyen & Nguyen (2017) identified perceived risk as a significant factor in the implementation of online banking systems. In particular, it is defined as the probable loss when pursuing the desired outcomes of electronic services (Farzianpour et al, 2014). Therefore, the degree of perceived risk is proportional to uncertainty levels. In that light, most researchers determined the end-user perceived risk is a multi-dimensional construct that varies according to the nature of products and services.
Previous studies by (Lafraxo et al., 2018; Ojeniyi et al., 2015) explored the dimensions of perceived risk that include private, financial, performance, social and time risks. In particular, performance risk entails the losses incurred in electronic services. As a result, customers of banking services worry about issues such as server breakdown when accessing online services. A system failure results in expected losses and therefore reduces the numbers of customers willing to use online banking (Lafraxo et al., 2018). On the other hand, social risk addresses the loss in status resulting from the adoption of a service or product. Hence, it is highly-likely that one’s social position is influenced by how they perceive internet banking services. Nguyen & Nguyen (2017) found that social risk negatively affects consumer attitudes towards internet banking. Financial risk leads to monetary losses and bank customers may resist online services following the fear of losing their money. Similarly, the fear losing their personal information because of privacy risk.
Cybersecurity Threats Caused By User Behavior in Electronic Banking
The steady growth in online banking has changed how consumers interact with their banks (Bradshaw, 2015). Most of the end-users use either their smartphones or computers to access their preferred banking services. User authentication and other security combinations such as passwords remains useful in the identification and authentication of users in online banking. Unfortunately, computer users are a security risk because their password practices directly affect the degree of system security (Bradshaw, 2015). In this case, the poor management of passwords increases the susceptibility of users to potential misuse and abuse. Similarly, complex banking systems can be compromised when users fail to use secure passwords (Bradshaw, 2015). Nevertheless, despite the password challenge in identifying users in electronic banking, this technique remains as one of the widely used authentication method. Recent authentication technologies such as One-Time-Pin and biometrics are used to improve security in electronic banking (Chen, Ebrahim & Taboada, 2013). Sadly, the application of these technologies is inconsistent.
In online banking, non-standard user behavior creates a weak link in banking systems. Despite the use of passwords and other authentication methods, security practices are avoided or neglected by computer users. Studies determined that the implementation of a sophisticated authentication plan is necessary in creating a fail-safe despite the probability of limited security knowledge by end-users (Harel et al., 2018; Khurana, 2019; Bradshaw, 2015). Therefore, it is imperative that banks differentiate the degree of application and knowledge amongst customers because it is a security concern. Mbelli & Dwolatzky (2016) reviewed different security features implemented by different banks. They range from simple passwords to complex structures such as One-Time-Pins. In this case, the researcher determined that the dilemma of banks is that increasing security layers results in system complexity and hence customers shy away from internet banking (Mbelli & Dwolatzky, 2018). Similarly, spreading security features makes the process of security testing difficult which inconveniences the customers using electronic banking.
The following are the probable cybersecurity attacks in electronic banking that result from user behavior;
Firstly, phishing involves tactics used by cyber criminals to make their victims disclose personal and organisational information. In the case of financial institutions, cyber attackers fetch information by sending phishing emails to unsuspecting end-users that appear as legitimate (Pitera, 2017). Notably, this problem occurs because system users are unable to identify spoofing websites because they lack security education. Similarly, as long as banking systems work properly, no one cares to check for security loopholes and educating users about potential attacks (Mirza Abdullah, Ahmed & M.Ameen, 2018). As a result, the protection of online banking systems is becoming a daunting task in the age of mobile applications. Researchers have uncovered that cyber attackers use complex techniques such as DNS redirection to hijack data during online transmission (Khurana, 2019; Ahmed & M.Ameen, 2018). More so, phishing continues to be a serious issue in social media, computer and mobile applications. A report by the Anti-Fraud Command Centre indicates that phishing activities cause losses amounting to $4.5 billion (Mirza Abdullah, Ahmed & M.Ameen, 2018).
Secondly, denial-of-service attacks are common to banking applications. Cyber attackers who use network resources for their gain leave system users unable to access resources initiate these attacks. The design of denial-of service may affect other affiliated systems hence causing a distributed attack (Mirza, Ahmed & M.Ameen, 2018). As a result, banks may have trouble in accessing complementary services from third parties. Notably, these attacks affect the critical infrastructure of financial institutions where a single attack can cause significant losses (Ahmed & M.Ameen, 2018). In that light, banks are obligated to take their system security with utmost seriousness to ensure sustainable growth. Researchers suggest the implementation of additional security layers to minimize the possibility of cyber threats (Mirza, Ahmed & M.Ameen, 2018; Rizov, 2018). The need for protection also follows the fact that cybercriminals automate online fraud using spyware. Hence, without proper end-user behaviors, banking systems become vulnerable to hacking activities and hence compromise the quality of their services.
Thirdly, local and hybrid attacks are common in electronic banking. In particular, local attacks are specific to a user’s computer. These attacks occur when a customer access their bank’s website and it becomes spoofed (Lemley & Miller, 2014). One such attack is surfing when an attacker observes the personal information of an online banking user. Hence, they can get valuable information like the personal identification number used to authorize transactions. On the other hand, hybrid attacks can be local and remote (Ahmed & M.Ameen, 2018). Therefore, they are more powerful than local attacks (Lemley & Miller, 2014). For example, a cyber-criminal can launch a Trojan, which infects multiple machines in a network. The same attack can affect a user’s home computer when they access their bank’s website without proper security measures. During such incidences, the Trojan replaces browser information such as bookmarks with fake ones. Studies by Rizov (2018) show that financial institutions have to deploy sophisticated security approaches to make it difficult for cyber attackers to manipulate end-users.
Lastly, repudiation attacks occur when systems are unable to log and track user actions therefore allowing malicious activities. The genesis of this problem stems from the ability of attackers to forge authentication of specified action (Mbelli & Dwolatzky, 2016). As a result, they can alter the authoring information to allow malicious activities in banking systems. In that regard, the inability of users to use standard security procedures allows cyber attackers to log into systems using the unauthorized access (Mbelli & Dwolatzky, 2016). Similarly, social engineering is a concern in online banking because it allows attackers to persuade authorized users to comply with particular requests concerning computer-based entities (Mbelli & Dwolatzky, 2016). Hence, this problem is rampant in the case where system users are not cautious about the authenticity of information from unspecified sources. As a result, social engineering manifests as a form of deception targeting the human aspect of computer security.
Solutions to Cyber Threats Caused by User Behavior in Electronic Banking
In light of the cyber issues discussed above, various solutions can be used to protect users in internet banking. Firstly, end-users have to protect their online identities. Therefore, that means users have to stop sharing information with anyone who befriends them online (Khurana, 2019). In so doing, it becomes possible to avoid social engineering, which is one of the techniques used by attackers to gather useful information. Similarly, users of internet banking are obligated to use strong passwords while following their organisational policies (Khurana, 2019). The goal in this case is creating passwords that are difficult to crack. In addition, when using electronic banking it is imperative that system users choose a unique password (Khurana, 2019). The reason is that using one password for multiple websites increases the chances of cyber breaches. Additionally, automatic login features should be avoided in electronic banking because they violate account usage.
Secondly, bank employees and customers have the responsibility of surfing safely as a requirement of standard user behavior. Hence, they have to adopt practices such as using firewalls and anti-virus programs (Mbelli & Dwolatzky, 2016). These measures allow computers and smartphones to detect and deter worms, Trojans and viruses. Similarly, the activation of firewalls prevents unauthorized system access. As a result, online banking risks like financial losses are mitigated. Additionally, the safety of online banking is dependent on the application of anti-spyware software (Mbelli & Dwolatzky, 2016). In particular, these applications allow devices to surf the internet safety by preventing attackers from eavesdropping on user activities. Most importantly, a secure wireless communication is required to create a security perimeter for information system users. For example, banks should adopt secure Wi-Fi passwords and change them according to password policies.
Thirdly, the use of intrusion detection systems is an effective electronic banking strategy use to detect and prevent possible cyber-attacks. More so, these systems help system administrators in banks to comprehend the nature of user traffic and determine possible loopholes (Ray-Chaudhuri, 2012; Juariah, 2015). For example, during normal use, a user who forgets their passwords when attempting to use electronic banking is locked out of the system after various login attempts. Therefore, this measure is implemented to prevent unauthorized users from accessing electronic banking services (Ray-Chaudhuri, 2012). Similarly, intrusion detection systems can security logs to flag suspicious activities. Hence, in case malicious activities are identified, then the intrusion detection system take immediate action such as locking the affected user accounts (Salam, 2019). In addition, it becomes easy to audit banking systems because a log file is available. Therefore, all inappropriate interaction can be seen and security strategies for internet banking developed.
Fourthly, the use of biometrics is one of the solutions that improves traditional user authentication and transaction efficiency. Presently, biometrics technology is applied as an integral part of e-banking user authorization technique (Butler & Butler, 2015). Hence, user identify is verified upon the confirmation of characteristics such as fingerprints. The suitability of biometrics is the ability to identify users based on physiological and physical characteristics (Mbelli & Dwolatzky, 2016). For instance, during account enrollment, biometric sensors capture parameters used for user verification. Fortunately, the uniqueness of fingerprints makes it difficult for hackers to bypass (Butler & Butler, 2015). Therefore, even when user behavior is below the acceptable levels, the use of biometrics makes it difficult for cyber criminals to access unauthorized online banking accounts. Similarly, once customers are enrolled into their bank’s systems, they do not need to change their fingerprints from time to time (Kumar & Agarwal, 2015). These parameters are more secure when compared to traditional techniques such as passwords.
Lastly, new research focuses on the implementation of artificial intelligence (AI) in electronic banking. In particular, this technology is a significant step in the transformation and digitization of businesses like banks (Jaksic & Marinc, 2017). Therefore, due to the potential of artificial intelligence, investors are willing to be part of this change. Currently, the integration of artificial intelligence in banking applications is modest. However, real-time tests are being conducted in fraud detection and prevention (Jaksic & Marinc, 2017). For instance, some banks have deployed robot advisors and chatbots. The choice of using artificial intelligence in electronic banking stems from the need to follow regulatory measures concerning data privacy and other concerns that might prevent proper functioning of online banking applications (Butler & Butler, 2015). Notably, the continued exploration of artificial intelligence lies in its ability to automate user routines. Therefore, with this technology developers can design dynamic authentication to improve the traditional user verification procedures.
The suitability of artificial intelligence lies in the ability of computer programs to learn and use acquired knowledge without human involvement (Yazhou, 2011). Such systems observe and analyze autonomous information to make appropriate actions. Hence, in the context of electronic banking systems, AI applications will improve the accuracy and performance of banks. This capability is realized through the increased processing capacity of digital information by AI applications. Fuqing & Guohong (2011) estimate that by 2025, big data will be the epicenter of decision-making. Significantly, the applicability of AI electronic banking follows the need to conduct real-time authentication to prevent fraud (Butler & Butler, 2015). Recently, banking fraud using credit card has been a problem for banks to deal with. In addition, in the digital age, cybercrime has increased courtesy of the development in internet technologies (Fuqing Zhu, & Guohong, 2011). In that regard, the plausibility of AI algorithms will allow banking systems to verify online transactions by ensuring that fraudsters do not exploit users.
As banks continue finding solutions to dealing with improper user behavior, which increase the susceptibility of banking systems to cyber-attacks, AI stands as the much-needed solution to this issue (Yazhou, 2011). Currently, financial tools like robot advisors are being tested to allow customers to improve their banking decisions. The same tools can be modified to inform end-users about the need for proper user behavior (Butler & Butler, 2015). That can be accomplished by offering users with information bits on how to conduct themselves online to avoid compromising the security of electronic banking (Yazhou, 2011). Nevertheless, while AI has a lot of potential, it faces implementation challenges from laws such as the General Data Protection Regulation (Jaksic & Marinc, 2017). In particular, preventative clauses detailing the automation of decision making in information systems makes this process expensive for businesses to manage. However, AI has the potential to shape user behavior because application can learn proper practices for users of electronic banking. Thus, they will be reminded to comply with standard security practices to minimize cyber threats.
Literature Review Findings and Research Gaps
The results of the literature review demonstrate that limited studies have been conducted on the impact of user behavior in electronic banking. Most of the research addresses security risks and solutions. However, the available information is supports the need for user education as part of reducing their vulnerability to cyber-attacks when using electronic banking. Significantly, El Maliki & Seigneur (2014) realized that one issue affecting the implementation of security in online banking lies in organisational cultures where people react during incidences only. Therefore, customers will only complain in case of an attack but will be reluctant to enforce security policies during normal system use (El Maliki & Seigneur, 2014; Yang & Padmanabhan, 2010). In that case, considering the advancements of internet technologies, the human element of electronic banking makes it difficult to improve security standards. The result is that trust levels in online banking reduce and customers switch from bank to bank (Yang & Padmanabhan, 2010). Thus, banks continue losing business and clients are unsatisfied about their online banking experiences.
Notably, the researchers who conducted studies on security awareness of users in electronic banking focused on organisational settings. Therefore, to have a better glimpse of this problem, security awareness studies should advance. The goal is to analyze other aspects influencing user behavior (Aljawarneh, 2016). In particular, the difference in end-user behaviors lies in their organisational roles in (Aljawarneh, 2016; Musa & Redzuan, 2014). For example, employees of banks advance their security awareness unlike customers who are only interested in accessing banking services. Therefore, this discrepancy in security awareness illustrates the need for user education to minimize the possibility of cyber-attacks (Musa & Redzuan, 2016). On the other hand, most of the researchers show inconsistencies in their studies on user behavior. Hence, it is difficult to understand this issue as it affects internet banking (Yang & Padmanabhan, 2010). More so, various recommendations are provided without properly analyzing the issue of user behavior and security awareness in online banking.
Electronic banking comprises various transactions done in diverse environments between information systems and the end-users (El Maliki & Seigneur, 2014). These transactions are prone to attacks such as hacking. Therefore, it is imperative that banks should design effective security models to enhance the safety of online transactions (Gheciu, 2018; Yang & Padmanabhan, 2010). One of the research challenge is that most of the effort focuses on traditional solutions and techniques. According to Gheciu (2018), there is minimal coverage on new technologies and practical solutions to the problem of poor user behavior in electronic banking. Similarly, most of the research recommendations advocate for the banking industry to improve authentication standards and using medium-risk information systems. The objective is to allow end-users to utilize tokens and passwords while easing the security responsibility in internet banking. However, a few researchers remain optimistic about the adoption of superior technologies in online banking to enhance security such as block chain.
In the context of academic research, this study has helped to fill the gap in end-user security behavior in internet banking. Although it has suggested various practical guidelines on how to protect banking customers from cyber-attacks, it has not investigated the effectiveness of these measures. However, this study is purposeful because it has addressed the lack of empirical and theoretical research on standard user behaviors. In that light, this study has explored how the security awareness of users influences their online behaviors when using electronic banking services. More so, how to mitigate cyber threats which reduce the efficiency and convenience of internet banking systems. In truth, moderate success has been realized therefore paving the way for future research on the effect of user behavior on the security of electronic banking. This study has stressed on the importance of security awareness as the foundation of adjusting user behavior when accessing online banking services.
Apart from security awareness, this study established that organisations have the responsibility of initiating security education to create widespread security awareness. In this case, banks deal with both trained and novice users who have different understandings of online system security. Therefore, to bridge the close in security knowledge, banks have to inform their customers on how to behave when using online services (Gheciu, 2018). Hence, the role of banks is not only providing the relevant infrastructure, but also ensuring the security of online transactions as the service provider (Gheciu, 2018; Aljawarneh, 2016). As identified in this research, users shift from bank to bank in search of the convenience and security of their money. In that regard, this discussion delineates towards the need for security awareness programs by banks to retain their customers and prevent cyber incidences. Unfortunately, a research gap exists on security education and most researchers have highlighted the issue as a solution without proper investigation.
Significantly, this study has demonstrated the implication of information security experts to design awareness programs. In this case, the criticality of perceived benefits and susceptibility emphasizes security awareness. Therefore, system users become aware of the probability of cyber threats and hence the need to check their security behavior (Musa, & Redzuan, 2014). Consequently, end-users adopt preventive behaviors, which protect banking systems from exploitation by attackers (Musa, N. M., & Redzuan, 2014; Yang, Y. & Padmanabhan, 2010). However, there is limited research on this topic. Therefore, security awareness programs should concentrate on educating end-users on the likelihood of cyber threats so that they can understand their role in banking systems. Eventually, these users will correct their behaviors because they know that their actions affect information assets. Notably, it is evident that there is a research gap on how banks can design their security awareness campaigns to improve user behavior. A lot of the user knowledge is acquired through experiences, which means user education is required to enforce effective deterrence measures (Yang, Y. & Padmanabhan, 2010).
In internet banking, user behavior is a source of security breaches if remains unchecked. Unfortunately, the issues that financial institutions have to deal with is the increasing numbers of customers and employees using online banking. Therefore, to maintain and increase business, it is inevitable for banks to promote security awareness through user education. This research has explored various studies and identified gaps in the design of user security awareness by banks. In particular, most of the studies focus on security recommendation hence deviating from the issue of improving user security in online banking. Most importantly, this research has suggested various solutions to address user security challenge. These solutions comprise strong passwords, system firewalls, intrusion detection systems, biometrics and integrating artificial intelligence. Nevertheless, security in online banking is a collective responsibility between bank employees and customers.
Airehrour, D., Nair, N. V., & Madanian, S. (2018). Social Engineering Attacks and Countermeasures in the New Zealand Banking System: Advancing a User-Reflective Mitigation Model. Information, 9(5), 110. Doi: 10.3390/info9050110
Alimolaei, S. (2015). An intelligent system for user behavior detection in Internet Banking. 2015 4th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS). doi:10.1109/cfis.2015.7391642
Aljawarneh, S. A. (2016). Emerging Challenges, Security Issues, and Technologies in Online Banking Systems. Online Banking Security Measures and Data Protection, 90-112. doi:10.4018/978-1-5225-0864-9.ch006
Althobaiti, M. M., & Mayhew, P. (2014). Security and usability of authenticating process of online banking: User experience study. 2014 International Carnahan Conference on Security Technology (ICCST). doi:10.1109/ccst.2014.6986978
Bradshaw, S. (2015). Combating Cyber Threats: CSIRTs and Fostering International Cooperation on Cybersecurity. SSRN Electronic Journal. doi:10.2139/ssrn.2700899
Butler, M., & Butler, R. (2015). Investigating the possibility to use differentiated authentication based on risk profiling to secure online banking. Information and Computer Security, 23(4), 421-434. doi:10.1108/ics-11-2014-0074
Chatzipoulidis, A., & Mavridis, I. (2010). A Study on User Behavior and Acceptance of Electronic Banking Services. 2010 14th Panhellenic Conference on Informatics. doi:10.1109/pci.2010.33
Chavali, K., & Kumar, A. (2018). Adoption of Mobile Banking and Perceived Risk in GCC. Banks and Bank Systems, 13(1), 72-79. doi:10.21511/bbs.13(1).2018.07
Chen, Z., Ebrahim, A., & Taboada, A. G. (2013). Turnover Threat and CEO Risk-Taking Behavior in the Banking Industry. SSRN Electronic Journal. doi:10.2139/ssrn.2230145
D’Alessandro, R., & Leone, M. (2011). A Mechanism for e-Banking Frauds Prevention and User Privacy Protection. ISSE 2010 Securing Electronic Business Processes, 226-235. doi:10.1007/978-3-8348-9788-6_22
Drennan, J., Sullivan, G. S., & Previte, J. (2008). Privacy, Risk Perception, and Expert Online Behavior. End-User Computing, 1-18. doi:10.4018/978-1-59904-945-8.ch001
Dzomira, S. (2016). Financial consumer protection: internet banking fraud awareness by the banking sector. Banks and Bank Systems, 11(4), 127-134. doi:10.21511/bbs.11(4-1).2016.03
El Maliki, T., & Seigneur, J. (2014). Online Identity and User Management Services. Managing Information Security, 75-118. doi:10.1016/b978-0-12-416688-2.00004-0
Farzianpour, F., Pishdar, M., Shakib, M. M., & Toloun, M. (2014). CONSUMERSâ™ PERCEIVED RISK AND ITS EFFECT ON ADOPTION OF ONLINE BANKING SERVICES. American Journal of Applied Sciences, 11(1), 47-56. doi:10.3844/ajassp.2014.47.56
Fuqing Zhu, & Guohong Li. (2011). Study on security of electronic commerce information system. 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC). doi:10.1109/aimsec.2011.6010713
Gheciu, A. (2018). Normative Dilemmas and Challenges of Security Commercialization. Oxford Scholarship Online. doi:10.1093/oso/9780198813064.003.0006
Gupta, M., Rao, R., & Upadhyaya, S. (2006). Electronic Banking and Information Assurance Issues. Advanced Topics in End User Computing, Volume 4, 16(3). doi:10.4018/9781591404743.ch012
Harel, A., Ben David, T., Kashani, A., Iyer, G., Motonori, A., & Masumi, E. (2018). Mitigating Unknown Cybersecurity Threats in Performance Constrained Electronic Control Units. SAE Technical Paper Series. doi:10.4271/2018-01-0016
ILIE, R. (2013). Online Transactions Security in Internet Banking and e-Commerce. International Journal of Information Security and Cybercrime, 2(1), 9-16. doi:10.19107/ijisc.2013.01.01
Jaksic, M., & Marinc, M. (2017). Relationship Banking and Information Technology: The Role of Artificial Intelligence and Fintech. SSRN Electronic Journal. doi:10.2139/ssrn.3059426
Jerald, M. (2017). Controlling Images: How Awareness of Group Stereotypes Affects Black Women’s Well-Being. doi:10.31234/osf.io/dajc5
Khurana, A. (2019). Digitalization in Banking: Convenience versus Security Threat. SSRN Electronic Journal. doi:10.2139/ssrn.3358058
Kumar Choubey, S., & Agarwal, A. (2015). Improving banking authentication using hybrid cryptographic technique. 2015 International Conference on Computer, Communication and Control (IC4). doi:10.1109/ic4.2015.7375511
Lafraxo, Y., Hadri, F., Amhal, H., & Rossafi, A. (2018). The Effect of Trust, Perceived Risk and Security on the Adoption of Mobile Banking in Morocco. Proceedings of the 20th International Conference on Enterprise Information Systems. doi:10.5220/0006675604970502
Lemley, M. A., & Miller, S. P. (2014). If You Can't Beat 'Em, Join 'Em? How Sitting by Designation Affects Judicial Behavior. SSRN Electronic Journal. doi:10.2139/ssrn.2449349
Mbelli, T. M., & Dwolatzky, B. (2016). Cyber Security, a Threat to Cyber Banking in South Africa: An Approach to Network and Application Security. 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud). doi:10.1109/cscloud.2016
Mirza Abdullah, S., Ahmed, B., & M.Ameen, M. (2018). A New Taxonomy of Mobile Banking Threats, Attacks and User Vulnerabilities. IEC2018 Proceedings Book. doi:10.23918/iec2018.29
Musa, N. M., & Redzuan, F. (2014). Understanding user behavior towards mobile messaging application use in support for banking system. 2014 3rd International Conference on User Science and Engineering (i-USEr). doi:10.1109/iuser.2014.7002715
Nguyen, T. D., & Nguyen, T. C. (2017). The role of perceived risk on intention to use online banking in Vietnam. 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI). doi:10.1109/icacci.2017.8126122
Pitera, M. R. (2017). CONTEMPORARY PROBLEMS AND THREATS OF CYBER SECURITY IN THE SECTOR OF ELECTRONIC BANKING SEVICES. Przegląd Nauk o Obronności, 1(4), 181-191. doi:10.5604/01.3001.0013.0120
Ray-Chaudhuri, R. (2012). How Banking Deregulation Affects Growth: Evidence from a Panel of U.S. States. SSRN Electronic Journal. doi:10.2139/ssrn.2131960
Salam, M. (2019). Inclusion of Perceived Risk with TAM in Measuring Attitude Toward online Banking. European Journal of Business and Management, 11(2). doi:10.7176/ejbm/11-2-08
Yang, Y. & Padmanabhan, B. (2010). Toward user patterns for online security: Observation time and online user identification. Decision Support Systems, 48(4), 548-558. doi:10.1016/j.dss.2009.11.005
Yazhou Xiong. (2011). Research on the Internet banking security based on dynamic password. 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC). doi:10.1109/aimsec.2011.6010871
Investigating How User Behavior Compromises the Security of Banking Systems
Table of Contents
List of Figures
Figure 1: Use case showing the interaction the customers, bank tellers, system administrator and the banking system. 7
Figure 2: Use case showing the bank customer and employee interaction with the online banking system 8
Figure 3: Use case showing the super administrator and bank users interaction with the banking system 9
Figure 4: Activity diagram demonstrating the customer and bank teller interactions from the time the customer requests to withdraw money to when they request a loan and its gets approved. 11
Figure 5: Activity diagram showing the processes bank customers go through when using online banking services. 11
Figure 6: Activity diagram showing how the banking system differentiates employee permissions and roles. 12
Figure 8: Class diagram showing the relationship amongst bank, employee, customer, account and loan using multiplicities. 14
Figure 9: Class diagram showing the relationships amongst bank, customers, account, statement and account type. 14
Figure 10: The sequence diagram demonstrates how the customer and bank teller perform different roles in the banking system.. 15
Figure 11: Sequence diagram demonstrating how the banking system checks user requests such as bank balances. 16
Figure 12: Sequence diagram showing how the customer, account and account entities relate in the banking system.. 17
The quality of any research results from the vigor in the involved activities (Morgan, 2013). In that regard, this section will seek find a methodology to answer the research questions. Research design provides a glue that binds a study together. More so, it provides the structure that shows how other parts of a research relate using samples, treatments and data analysis methods (Morgan, 2013; Watzlawik & Born, 2017). However, the focus of a research methodology is addressing research questions using either qualitative or quantitative methodology. Therefore, a researcher has to take careful consideration in their study design, decisions and details (Watzlawik & Born, 2017). In that light, a qualitative research design was adopted to explore the research questions. In particular, this form of research focuses on the interpretation of previously done research to derive meaningful phenomena.
This section will use the design research methodology to explore how user security behavior affects electronic banking. In information systems, design science as a discipline helps in the development of meaningful artifacts in the exploration of research questions (Wieringa, 2014). More so, this methodology incorporates procedures, principles and practices needed to conduct a research to meet its objectives (Miah & Genemo, 2016). In particular, it follows steps such as issue identification, objectives definition towards a solution, design and development, evaluation, demonstration and communication. The suitability of design science methodology is that it offers a systematic method of designing a solution and acquiring knowledge (Wieringa, 2014; Hevner & Chatterjee, 2010). In addition, it emphasizes on testing and communicating methods when investigating research questions. Therefore, design science methodology is suitable in the exploration of the study topic; user security behavior in online banking systems.
The objective of this phase is developing a design research methodology to find a solution to the problem of user security vulnerability in electronic banking. More so, the study intends to use qualitative data collection method to find suitable data to satisfy the research questions and find solutions. In particular, the choice of this method stems from the fact that the researcher can verify the authenticity of data used to produce favorable outputs (Bilgin, 2017). The quality of a research is based on a researcher’s ability to verify the quality of results. In addition, the researcher will create a plan for analyzing data. In design research science methodology, researcher do not have to necessarily follow a certain plan during data analysis (Bilgin, 2017). However, a plan is necessary to guide them through their data analysis process.
Research Design and Methodology
Organizations such as banks depend of sensible user security behavior in all the operational tasks (Aljawarneh, 2017). Therefore, despite the implementation of security standards and policies, it is difficult for security documentation to spell out how customers and banking staff should act in different situations (Aljawarneh, 2017; Tassabehji & Kamala, 2009). Similarly, banks cannot control their staff and customers’ behavior by compelling them to adopt sensible behaviors whether small. More so, this challenge manifests even when transactions are validated and end-users are careful when accessing electronic banking systems (Aljawarneh, 2017). Hence, a bank becomes susceptible to cyber-attacks because of end-user decisions (Aljawarneh, 2017). On the other hand, recent studies by the Information Security Culture (ISC) indicate that about 80% of information security hazards result from the implementation of poor solutions (Nagar & Suman, 2017). Hence, the development of user-focused security applications can improve the safety of banking systems.
User security behavior in banking is influenced by employees hear, practice daily, common sense decisions, personal standards and end-user’s sense of obligation (Althobaiti & Mayhew, 2014). In most organizations, system security does not follow strict guidelines. Hence, employees embrace such principles and values in their daily interactions with banking systems (Aljawarneh, 2017). Similarly, new employees adopt the security cultures they find in their workplaces (Althobaiti & Mayhew, 2014). As a result, it becomes difficult to erode substandard user-security behavior in banking environments where employees have little concern for their actions. In addition, banking employees make most of the decisions when using online information systems (Aljawarneh, 2017). Therefore, they have the responsibility of making sensible security decisions. Such responsibility builds a personal history that either determines whether their behaviors is acceptable or unacceptable (Aljawarneh, 2017). Additionally, the other security challenge in electronic banking lies in whether end-user conduct that compromise security.
The challenge of electronic banking is that cyber threats the threat actors create different techniques of gathering critical and confidential information (Nagar & Suman, 2017). Hackers are interested in stealing the identity of unsuspecting employees to manipulate their way through banking systems. Therefore, researchers focus on the levels of security awareness in organizations such as banks (Nagar & Suman, 2017). Similarly, the difference in user roles when interacting with online banking applications is a security concern. For example, employees are users within banks while customers are users in electronic banking operating from their homes (Althobaiti & Mayhew, 2014). In this case, the difference in security awareness is that challenge that banks deal with when looking for ways to counter the resultant cybersecurity threats. In that regard, this study proposes an improved electronic banking system to overcome the challenge of user security in banking information systems.
Defining Objectives for a Solution
The entire objective of this paper is developing a methodology for design science research as applied in information systems. In particular, design a security proof system to address the challenge of end-user vulnerabilities in electronic banking. Therefore, this study will build on existing research while following the research questions;
a. To investigate how security awareness influences user behavior that creates cyber risks to online banking applications.
b. To determine how the health of online financial services can be improved
The purpose of this process in design science is creating a roadmap for other researchers who want to explore the issue of end-user security vulnerability in electronic banking to develop their design mechanisms. In addition, design research as applied in this study will create an understanding of the empirical elements of information system research using acceptable processes (Drechsler, 2012).
Building on Existing Studies
The process of developing a design research methodology involves the integration of different principles in conducting research. In particular, applicable research includes design studies where different processes are referenced (Geerts, 2011). The reference to completed studies focuses on the access to rich ideas that can be applied to address the study problem and accomplish the objectives of design research. Therefore, design research methodology will provide suitable descriptions when analyzing the research context (Miah & Genemo, 2016). The research design methodology will therefore borrow concepts applied in internet banking by connecting the design plan with the involved process. In information systems, design research is suitable for creating intelligent systems (Miah & Genemo, 201). In this case, the study intends to find a solution to electronic banking by developing a system that is immune to the vulnerabilities of user security. Hence, research design methodology will serve as the process in creating a solution to the study problem.
Design and Development
In this study, a consensus building approach will be used to determine the appropriate elements of designing a design research methodology. The objective is creating an acceptable framework for conducting research (Geerts, 2011). More so, the demonstration of design research methodology will be realized using a case study (Geerts, 2011). In this case, the purpose of such a demonstration is analyzing user security awareness to determine how it affects internet banking applications. In that regard, the study will borrow from the Chengdu case study where a survey and semi-structured interviews were used to investigate the impact of user security awareness in banking applications.
After the review of a case study, the researcher will determine whether a new or improved system is needed to address the challenge of user security behavior in internet banking. At this point in the development of a research science methodology, researchers focus on the outputs of a study to test their research questions and hypothesis (Geerts, 2011). However, in this case, the researcher will investigate the Chengdu study to determine how to improve user security awareness in electronic banking.
The results of the case study used have to be refined and verified for accuracy. According to Hevner & Chatterjee (2010), the accuracy of the results of a research science methodology are based on the development of a comprehensive checklist. In that case, the researcher will thoroughly assess the results of the study to improve the accuracy of the outcomes. The objective is paving the way for the development of an improved information system (Hevner & Chatterjee, 2010). Hence, as design research methodology requires, the researcher will have the chance to contribute towards new research.
Data Analysis Plan
The researcher will follow the following plan when conducting qualitative research to answer the research questions;
a. Aims – in this case, they will be guided by the initially specified research questions to test them and develop outcomes. The objective of this step is distinguishing the difference between qualitative data and ideas.
b. Data source – since the researcher will use qualitative data, they will specify the study population, data collection method used in the reference study and technique of data analysis.
c. Planned tables – an important role of the researcher when conducting their research is outlining the relevant tables to complement the explanation of study results. Therefore, the display of tables will focus on discussions to refine the research.
Data Collection Methodology
Data collection is a process that involves seeking answers to answer the research problem, test hypothesis and test the research questions (Maxwell, 2018). It is categorized to primary and secondary methods. The former refers to facts and figures while the latter entails data from publications such as books and journals (Maxwell, 2018; Flick, 2018). However, this study will use qualitative method as a primary data collection technique. In particular, it is an exploratory research technique used to gain an understanding about motivations, reasons and opinions about a research topic (Maxwell, 2018). Therefore, it provides insight into a research problem and helps in the development of ideas. However, the comprehensives of qualitative research is based on the vastness of the semi-structured and unstructured techniques used in data collection (Flick, 2018). In this study, the choice of qualitative research stems from the fact that the researcher can evaluate the subject content with greater attention to develop measurable outcomes.
Significantly, the application of qualitative research will provide the researcher with a fluid technique of analyzing trends in data collection, questioning and reporting information (Copeland, 2014). Hence, if the available data is insufficient, they can seek an alternative direction. More so, this technique appreciates human experiences and instinctual observations. In addition, the data gathered produced has predictive quality which can be verified by the researcher (Copeland, 2014). This ability stems from the fact that the researcher can draw perspectives about the research from the real world (Flick, 2018). Thus, they can isolate data complexities and present meaningful results to answer the research questions. However, to realize success in using qualitative data collection, a researcher has to address various challenges. They have to analyze data rigidity, assess data value and overcome difficult decisions to prevent repetition of results.
In light of the design research methodology discussion, this will review user and system interactions in online banking applications. The objective is to gain an understanding of how vulnerabilities arise due to user security behavior. Banks invest in information systems but using recent technologies is an advantage for these institutions. In electronic banking, security starts from the users as it advances to the administrators and critical infrastructure. Therefore, this section will demonstrate how different actors using different access rights using unified modeling language diagrams. In particular, use cases, activity diagrams, timeline and sequence diagrams are provided. The following diagrams demonstrate user and system interactions in online banking;
a. Use cases
Figure 1: Use case showing the interaction the customers, bank tellers, system administrator and the banking system.
Figure 2: Use case showing the bank customer and employee interaction with the online banking system
Figure 3: Use case showing the super administrator and bank users interaction with the banking system
b. Activity Diagrams
Figure 4: Activity diagram demonstrating the customer and bank teller interactions from the time the customer requests to withdraw money to when they request a loan and its gets approved.
Figure 5: Activity diagram showing the processes bank customers go through when using online banking services
Figure 6: Activity diagram showing how the banking system differentiates employee permissions and roles.
c. Class Diagrams
Figure 7: The class diagram provides a static representation of online banking applications
Figure 8: Class diagram showing the relationship amongst bank, employee, customer, account and loan using multiplicities
Figure 9: Class diagram showing the relationships amongst bank, customers, account, statement and account type
d. Sequence diagrams
Figure 10: The sequence diagram demonstrates how the customer and bank teller perform different roles in the banking system
Figure 11: Sequence diagram demonstrating how the banking system checks user requests such as bank balances
Figure 12: Sequence diagram showing how the customer, account and account entities relate in the banking system
The objective of the methodology section was to identify the most suitable technique of answering the research question and testing the study outcomes. In that case, the researcher determined design science research methodology as the most appropriate technique. In particular, the suitability of this methodology results from its application of procedures, practices and principles of research. For example, this methodology defines the study problem, objectives, demonstrates a case and its evaluation. More so, the researcher has proposed the use of qualitative research to explore how user security behavior can be improved in online banking applications. The choice of qualitative data collection methodology arises from the ability of a researcher to verify the results of a study. Therefore, they can use appropriate data to test their research question.
Aljawarneh, S. A. (2017). Analysis of Data Validation Techniques for Online Banking Services. Online Banking Security Measures and Data Protection, 127-139. doi:10.4018/978-1-5225-0864-9.ch008
Althobaiti, M. M., & Mayhew, P. (2014). Security and usability of authenticating process of online banking: User experience study. 2014 International Carnahan Conference on Security Technology (ICCST). doi:10.1109/ccst.2014.6986978
Bilgin, Y. (2017). Qualitative Method Versus Quantitative Method in Marketing Research: An Application Example at Oba Restaurant. Qualitative versus Quantitative Research. doi:10.5772/67848
Brannen, J. (2017). Combining qualitative and quantitative approaches: an overview. Mixing Methods: qualitative and quantitative research, 3-37. doi:10.4324/9781315248813-1
Copeland, D. C. (2014). Quantitative Analysis and Qualitative Case Study Research. Economic Interdependence and War. doi:10.23943/princeton/9780691161587.003.0003
Ditchfield, H., & Meredith, J. (2018). Collecting Qualitative Data from Facebook: Approaches and Methods. The SAGE Handbook of Qualitative Data Collection, 496-510. doi:10.4135/9781526416070.n32
Drechsler, A. (2012). Design Science as Design of Social Systems – Implications for Information Systems Research. Lecture Notes in Computer Science, 191-205. doi:10.1007/978-3-642-29863-9_15
Flick, U. (2018). Doing Qualitative Data Collection – Charting the Routes. The SAGE Handbook of Qualitative Data Collection, 3-16. doi:10.4135/9781526416070.n1
Geerts, G. L. (2011). A design science research methodology and its application to accounting information systems research. International Journal of Accounting Information Systems, 12(2), 142-151. doi:10.1016/j.accinf.2011.02.004
Hevner, A., & Chatterjee, S. (2010). Design Science Research in Information Systems. Integrated Series in Information Systems, 9-22. doi:10.1007/978-1-4419-5653-8_2
Maxwell, J. A. (2018). Collecting Qualitative Data: A Realist Approach. The SAGE Handbook of Qualitative Data Collection, 19-31. doi:10.4135/9781526416070.n2
Miah, S. J., & Genemo, H. (2016). A Design Science Research Methodology for Expert Systems Development. Australasian Journal of Information Systems, 20. doi:10.3127/ajis.v20i0.1329
Morgan, D. (2013). Integrating Qualitative and Quantitative Methods: A Pragmatic Approach. Thousand Oaks, CA: SAGE Publications.
Nagar, N., & Suman, U. (2017). Prevention, Detection, and Recovery of CSRF Attack in Online Banking System. Online Banking Security Measures and Data Protection, 172-188. doi:10.4018/978-1-5225-0864-9.ch011
Tassabehji, R., & Kamala, M. A. (2009). Improving E-Banking Security with Biometrics: Modelling User Attitudes and Acceptance. 2009 3rd International Conference on New Technologies, Mobility and Security. doi:10.1109/ntms.2009.5384806
Watzlawik, M., & Born, A. (2007). Capturing Identity: Quantitative and Qualitative Methods. Lanham, MD: University Press of America.
Wieringa, R. J. (2014). Research Design. Design Science Methodology for Information Systems and Software Engineering, 121-133. doi:10.1007/978-3-662-43839-8_11