Useable Authentication Mechanisms for Secure Online Banking in Saudi Arabia

Authors

  • Ali Alzahrani   Department Computer Science, Islamic University of Madinah, Madinah, Saudi Arabia

Keywords:

Password Authentication, One-Time Password (OTP), Two-factor Authentication

Abstract

Two-factor identity authentication offers the most effective login security, and online and mobile banking users now use multi-factor identity authentication as the simplest and most innovative login security measure available for guaranteeing the privacy and safety of personal data. This system allows banks to recognize a client, while simultaneously verifying for the client whether he/she has accessed the correct bank’s website or application prior to password entry. All internet and mobile banking authentication techniques may be categorized as preventing two common types of attack: offline credential theft and online channel-breaking attacks. It has therefore been recommended by security experts worldwide that a multi-factor authentication method be used for Internet and mobile banking authentication to ensure the safety of users’ confidential data without undermining the ease of secure and simple authentication. Multi-factor internet and mobile banking authentication seems, therefore, to offer a solution through which the trade-off between safety and usability may be successfully negotiated. This study’s primary objective is to propose various practical technological security mechanisms that will enable online banking customers in Saudi Arabia to select their preferred method of signing into online banking websites that are reliant on one-time password (OTP) techniques. The study included a survey aimed at ascertaining the various techniques used and which of these techniques were preferred. The experiment replicated an actual online banking setting utilizing the proposed methods; subsequently, the usability and safety of three different techniques for generating and communicating OTPs were assessed (SMS, e-mail, and soft and hard tokens).

References

  1. N. Bevan, "International standards for HCI and usability," International Journal of Human-Computer Studies, vol. 55, pp. 533-552, 2001.
  2. T. Jokela, N. Iivari, J. Matero and M. Karukka, "The standard of user-centered design and the standard definition of usability: Analyzing ISO 13407 against ISO 9241-11," in Proceedings of the Latin American Conference on Human-Computer Interaction, 2003, pp. 53-60.
  3. M. Y. Ivory and M. A. Hearst, "The state of the art in automating usability evaluation of user interfaces," ACM Computing Surveys (CSUR), vol. 33, pp. 470-516, 2001.
  4. J. M. Carroll, "Human–Computer Interaction," Encyclopedia of Cognitive Science, pp. 24-32, 2009.
  5. Y. Rogers, H. Sharp and J. Preece, Interaction Design: Beyond Human-Computer Interaction. John Wiley & Sons, 2011.
  6. J. Preece, Y. Rogers, H. Sharp, D. Benyon, S. Holland and T. Carey, Human-Computer Interaction. Addison-Wesley Longman Ltd., 1994.
  7. A. Dix, Human-Computer Interaction (Pp. 1327-1331). Springer US: Springer, 2009.
  8. J. Lazar, J. H. Feng and H. Hochheiser, Research Methods in Human-Computer Interaction. John Wiley & Sons, 2010.
  9. S. B. Shneiderman and C. Plaisant, Designing the user interface 4th edition, Pearson Addison Wesley, USA, 2005.
  10. J. Heer and B. Shneiderman, "Interactive dynamics for visual analysis," Queue, vol. 10, pp. 30, 2012.
  11. J. Lazar, J. H. Feng and H. Hochheiser, Research Methods in Human-Computer Interaction. John Wiley & Sons, 2010.
  12. Z. Obrenovic and D. Starcevic, "Modeling multimodal human-computer interaction," Computer, vol. 37, pp. 65-72, 2004.
  13. A. Bangor, K. Joseph, M. Sweeney-Dillon, G. Stettler and J. Pratt, "Using the SUS to help demonstrate usability’s value to business goals," in Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 2013, pp. 202-205.
  14. W. Hwang and G. Salvendy, "Number of people required for usability evaluation: the 10±2 rule," Commune ACM, vol. 53, pp. 130-133, 2010.
  15. U Census Bureau, QUARTERLY RETAIL E-COMMERCE SALES.
  16. Hyde, D. (2012). "Hackers crack new online banking security putting 25 m people at risk," Available from: http://www.thisismoney.co.uk/money/ saving/article2096060/Hackerscracknew-online. Available online. Accessed on 13/03/2018].
  17. Nodder, C. "Users and trust: A Microsoft case study," in L, Cranor, S., Garfinkel, Eds. Security and Usability. O’Reilly; 2005, pp. 589–606
  18. Whitten, A., and Tygar, J.D. "Why Johnny can’t encrypt: A usability evaluation of PGP 5.0," in Proceedings of the 8th USENIX Security Symposium, 99, McGraw- Hill, 1999
  19. Computing Research Association. "Four Grand Challenged in Trustworthy Computing", Final report of CRA Conference on Grand Challenged in Information Security and Assurance, Airlie House, Warrenton, Virginia, November 16 – 19, 2003
  20. Piazzalunga, U., Savaneschi, P., and Coffetti, P. (The usability of security devices. In: L, Cranor, S., Garfinkel, editors. Security and Usability. O’Reilly; 2005, pp. 221–42
  21. S. Kiljan, "Exploring, Expanding and Evaluating Usable Security in Online Banking", Open Universiteit, 2017.
  22. A. Hiltgen, T. Kramp, and T. Weigold, "Secure internet banking authentication," IEEE Security and Privacy, vol. 4, no. 2, pp. 21–29, 2006.
  23. C. S. Weir, G. Douglas, T. Richardson, and M. Jack, "Usable security: User preferences for authentication methods in e-banking and the effects of experience," Interacting with Computers, vol. 22, no. 3, pp. 153 – 164, 2010. http://www.ijimt.org/papers/391-D0493.pdf]

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2018-09-30

Issue

Volume 3, Issue 7, September-October-2018

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Ali Alzahrani , " Useable Authentication Mechanisms for Secure Online Banking in Saudi Arabia , IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 3, Issue 7, pp.79-89, September-October-2018.