Security Design Flaws That Affect Usability in Online Banking

Autor/in	Gurlen, Stephanie
Titel	Security Design Flaws That Affect Usability in Online Banking
Quelle	(2013), (107 Seiten) PDF als Volltext Verfügbarkeit Ph.D. Dissertation, Nova Southeastern University
Sprache	englisch
Dokumenttyp	gedruckt; online; Monographie
ISBN	978-1-2679-5377-3
Schlagwörter	Hochschulschrift; Dissertation; Banking; Information Security; Online Systems; Electronic Mail; Computer Security; Web Sites; Sampling; Decision Making; Evaluation Methods; Usability + Suchen Sie Ihr Suchwort? Thesis; Dissertations; Academic thesis; Bankgeschäft; Online; Elektronischer Briefkasten; Computervirus; Computersicherheit; Web-Design; Decision-making; Entscheidungsfindung
Abstract	As the popularity of online banking Websites has increased, the security of these sites has become increasingly critical as attacks against these sites are on the rise. However, the design decisions made during construction of the sites could make usability more difficult, where the user has difficulty making good security decisions. This study analyzed 6 design flaws of this nature: (a) a break in the chain of trust, (b) providing a secure login method on an unsecure page, (c) providing bank contact information or security advice on an unsecure page, (d) having policies that are insufficient for userids and passwords, (e) generating e-mails containing sensitive information that are sent in an unsecure manner, and (f) the multi-factor authentication solution consisting of the presentation of an image in combination with the userid and password. Each of these flaws can lead to security and usability issues. Analysis of 80 banking sites was performed to determine the frequency of the flaws. The sampling of banking institutions was determined from banking institution lists available from the Federal Deposit Insurance Corporation (FDIC). Banking institutions were selected from 5 bank charter classes. The banking sites were downloaded for static analysis. The analysis was performed through a combination of automated programs and manual review. The results found instances of all 6 design flaws. The most prevalent issue found was insufficient policies for userids and passwords. The second most prevalent design flaw was the break in the chain of trust. The design flaw with the smallest number of occurrences was emailing sensitive information in an unsecure manner. The banking charter class of the banking institution did not appear to have a relationship to the frequency of the flaws. However, it appears that banking institutions with a smaller asset size have a higher frequency of the flaws than those with a larger asset size. It is recommended that banking institutions address these design flaws to improve usability for their customers while improving security. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.] (As Provided).
Anmerkungen	ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site: http://www.proquest.com/en-US/products/dissertations/individuals.shtml
Erfasst von	ERIC (Education Resources Information Center), Washington, DC
Update	2020/1/01