USABILITY

Usability

Usability

Introduction

This paper describes an experiment to investigate customer perceptions of usability, convenience and security in two-factor (2-factor) authentication. 2-factor authentication is a security solution requiring the verification of two different modalities of authentication components. Typical components include: knowledge (e.g. passwords), possession (e.g. bankcard) and physical attributes (e.g. fingerprint). 2-factor solutions provide enhanced security by combining more than one authentication type, such that if a customer's password is compromised, the second factor will provide an extra barrier to fraudulent entry (O'Gorman, 2003).

The bank ATM has always made use of 2-factor authentication, via a bankcard (possession) and a secret PIN (knowledge). Other banking channels such as telephone and Internet banking (eBanking) are accessed remotely, without physical presence, using single-factor authentication. The most common factor employed is the password, although often dual passwords are required.

eBanking applications allow access to personal, private financial data through the Internet. Security concerns are important for customers and the Banks alike. Findings from studies in eBanking also have applications in the wider field of transaction security for eCommerce activities. Recent increases in online fraud have encouraged Banks to think about 2-factor solutions for their authentication procedures (Hiltgen et al., 2006). Further moves may extend this concept to other electronic transactions such as online shopping ([Ives et al., 2004] and [Ranger, 2005]). In selecting appropriate security procedures, Banks must research customer attitudes or the result could be a reduction in the use of low-cost eChannels due to usability issues (Knight, 2008).

Literature review

The usability and security of authentication interfaces

The knowledge-based model of authentication has traditionally offered easy, quick and convenient access to computer systems ([Tognazzini, 2005] and [Zviran and Haga, 1999]). However, the relatively low security of password verification has caused fraud problems for the eBanking and eCommerce industry (Sinclair and Smith, 2005). Research has documented the limitations of the single-factor, knowledge-based model of authentication in the era of advanced computing and eCommerce: concerns range from human memory limitations when confronted with multiple authentication environments ([Bishop, 2005], [Morris and Thompson, 1979] and [Sasse and Flechais, 2005]), to the range of information protected by password access - from highly sensitive banking applications to online newspaper access (Ives et al., 2004).

The personal and confidential nature of the financial data held in an eBanking service make the balance between security and usability a main concern. A customer's decision to use eBanking services (Sohail and Shanmugham, 2003) or engage in eCommerce activities (Eastin, 2002) is influenced by these issues. Security and trust are common themes for research, yet few studies have examined both usability and security from the customer perspective.

Convenience, control and efficiency are thought to be the main drivers for customers to bank online ([Jayawardhena and Foley, 2000] and [Sohail and Shanmugham, 2003]; Tan and Teo, 2000). The authentication process has a direct effect on security, the ease of use and convenience of a process. Therefore it is important to investigate the effect of different authentication systems on customer perceptions of an online service. Secure and usable authentication will be an important factor in adoption ...