An experimental Investigation of the Usability of Transaction Authorization in online Bank Security Systems
An experimental Investigation of the Usability of Transaction Authorization in online Bank Security Systems
Admin on Sun Jun 07, 2009 9:08 pm
39. AlZomai M. AlFayyadh B. Josang A. McCullagh A., 2007, An experimental Investigation of the Usability of Transaction Authorization in online Bank Security Systems, Wollongong, Australian Computer Society.
a. These methods allow the authentication process at the transaction level by involving the user more in the security system having higher confirming every transaction.
b. User authentication alone is insufficient given the vulnerability of the standard client terminal and the relatively high risk of online bank transactions.
c. These principles distinguish between two types of user involvement with security applications.
i. A security action is when users are required to produce information and security tokens, or to trigger some security relevant mechanism.
ii. A security conclusion is when users observe and assess some security relevant evidence in order to derive the security state of systems.
d. Usability principles related to security actions and security conclusions are described below:
i. Security Action Usability Principles
1. The users must understand which security actions are required of them.
2. The users must have sufficient knowledge and the practical ability to make the correct security action.
3. The mental and physical load of a security action must be tolerable
4. The mental and physical load of making repeated security actions for any practical number of transactions must be tolerable.
ii. Security Conclusion Usability Principles
1. The user must understand the security conclusion that is required for making an informed decision. This means that users must understand what is required of them to support a secure transaction.
2. The system must provide the user with sufficient information for deriving the security conclusion. This means that it must be logically possible to derive the security conclusion from the information provided.
3. The mental load of deriving the security conclusion must be tolerable.
4. The mental load of deriving security conclusions for any practical number of service access instances must be tolerable
e. The security problem caused by the failure to notice that transaction details have been altered has more to do with usability than with technical security
a. These methods allow the authentication process at the transaction level by involving the user more in the security system having higher confirming every transaction.
b. User authentication alone is insufficient given the vulnerability of the standard client terminal and the relatively high risk of online bank transactions.
c. These principles distinguish between two types of user involvement with security applications.
i. A security action is when users are required to produce information and security tokens, or to trigger some security relevant mechanism.
ii. A security conclusion is when users observe and assess some security relevant evidence in order to derive the security state of systems.
d. Usability principles related to security actions and security conclusions are described below:
i. Security Action Usability Principles
1. The users must understand which security actions are required of them.
2. The users must have sufficient knowledge and the practical ability to make the correct security action.
3. The mental and physical load of a security action must be tolerable
4. The mental and physical load of making repeated security actions for any practical number of transactions must be tolerable.
ii. Security Conclusion Usability Principles
1. The user must understand the security conclusion that is required for making an informed decision. This means that users must understand what is required of them to support a secure transaction.
2. The system must provide the user with sufficient information for deriving the security conclusion. This means that it must be logically possible to derive the security conclusion from the information provided.
3. The mental load of deriving the security conclusion must be tolerable.
4. The mental load of deriving security conclusions for any practical number of service access instances must be tolerable
e. The security problem caused by the failure to notice that transaction details have been altered has more to do with usability than with technical security
Admin- Admin
- Posts: 68
Join date: 2008-12-14
Age: 41
Location: Dundee UK 
Permissions of this forum:
You cannot reply to topics in this forum
» Aligning Usability and Security: A Usability Study of Polaris
» Security and usability: the case of the user authentication methods
» Evaluation of Tolimac: a secure library management system for controlling access to, and payment for
» An experimental Investigation of the Usability of Transaction Authorization in online Bank Security Systems
» Creating a Worldwide community Security structure using Individually Maintained Home Computers
» When trust defies common security sense
» The psychology of everyday things
» Comparing customer trust in virtual salespersons with customer trust in human salespersons