1,865
views
0
recommends
+1 Recommend
1 collections
    0
    shares

      Studying business & IT? Drive your professional career forwards with BCS books - for a 20% discount click here: shop.bcs.org

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Development of Usable Security Heuristics for Fintech

      Published
      proceedings-article
      , ,
      34th British HCI Conference (HCI2021)
      Post-pandemic HCI – Living Digitally
      20th - 21st July 2021
      Usable Security, Fintech, Heuristics, Cybersecurity, Usability
      Bookmark

            Abstract

            Investments in cybersecurity over the years have led to the availability of strong technical countermeasures and innovations that are being increasingly leveraged to strengthen the security posture of financial services systems. The effort to improve the security posture of the human element of financial services systems has not matched the effort in developing technical countermeasures, thereby undoing the gains of the later. One area where such problem exist is in Fintech where emphasis is placed on developing innovative and secured technical financial models aimed at making financial services more accessible through the mobile phone. These Fintech solutions however have shortcomings in securing the human element. This study seeks to address this problem through the development of heuristics that can be applied in the evaluation or design of Usable Security in Fintech. This study developed twelve (12) initial Usable Security heuristics which were validated through expert review. The heuristics were developed through an iterative approach that comprises a survey of Fintech users, semi-structured interviews of Fintech solution providers and thematic analysis of relevant literature. The findings of the study show that application of the developed heuristic provides for Usable Security.

            Content

            Author and article information

            Contributors
            Conference
            July 2021
            July 2021
            : 121-132
            Affiliations
            [0001]Bournemouth University

            Poole, Dorset, UK
            Article
            10.14236/ewic/HCI2021.12
            e6050018-2d91-486c-b053-6a29f742bfb4
            © Ambore et al. Published by BCS Learning & Development Ltd. Proceedings of the BCS 34th British HCI Conference 2021, UK

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            34th British HCI Conference
            HCI2021
            34
            London, UK
            20th - 21st July 2021
            Electronic Workshops in Computing (eWiC)
            Post-pandemic HCI – Living Digitally
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/HCI2021.12
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Fintech,Heuristics,Usable Security,Usability,Cybersecurity

            REFERENCES

            1. and (2010). Principal component analysis. Wiley interdisciplinary reviews: computational statistics, 2(4), pp.433-459.

            2. (2019, December). An Overview of Indonesian Fintech Application. In The First International Conference on Communication, Information Technology and Youth Study (ICITYS2019), Bayview Hotel Melaka, Melaka (Malacca), Malaysia.

            3. , , & (2017). A model for evaluating the security and usability of e-banking platforms. Computing, 99(5), 519-535.

            4. , , , and , (2018), The Global Findex Database 2017: Measuring Financial Inclusion and the Fintech Revolution. Washington, DC: World Bank. doi:10.1596/978-1-4648-1259-0. License: Creative Commons Attribution CC BY 3.0 IGO.

            5. Android, (2018). Android user interface development beginners guide, 2018. http://index-of.es/Android/Android.User.Interface.Development.Beginner.Guide.pdf. (Retrieved 22nd March 2021)

            6. Apple, (2018). Human Interface guidelines. https://developer.apple.com/ios/human-interface-guidelines/overview/themes/, (Retrieved 22nd March 2021)

            7. , , , , , & (2017). Balancing security and usability in encrypted email. IEEE Internet Computing, 21(3), 30-38.

            8. (2021). Techmonitor, Covid-19 has increased cybersecurity risk to the fintech ecosystem, https://techmonitor.ai/technology/cybersecurity/cybersecurity-risk-fintech-ecosystem (Retrieved 26th April, 2021)

            9. (1996). others,“SUS-A quick and dirty usability scale,” Usability Eval. Ind, 189, 4-7.

            10. , & (2014). Better together: Usability and Security go hand in hand. IEEE Security & Privacy, 12(6), 89-93.

            11. Enhancing Financial Innovation and Access (EFInA), (2020) FinTech Landscape and Impact Assessment Study

            12. , , , & (2018). A first look at the usability of bitcoin key management. arXiv preprint arXiv:1802.04351.

            13. , & (2017, September). Design as code: Facilitating collaboration between Usability and Security engineers using cairis. In 2017 IEEE 25th International Requirements Engineering Conference Workshops (REW) (pp. 76-82). IEEE.

            14. , , & (2009). Usability and Security patterns. In 2009 Second International Conferences on Advances in Computer-Human Interactions (pp. 301-305). IEEE.

            15. , & (2019). Heuristics and models for evaluating the usability of security measures. In Proceedings of Mensch und Computer 2019 (pp. 275-285).

            16. , , , (2017). Definition: Digital Trust. Gartner research Published: 24 May 2017 ID: G00329409.

            17. , (2021). Financial Times, Pandemic accelerates growth in cybercrime. https://www.ft.com/content/49b81b4e-367a-4be1-b7d6166230abc398?desktop=true&segmentId=d8d3e364-5197-20eb-17cf-2437841d178a#myft:notification:instant-email:content (Retrieved 29th April, 2021)

            18. , & (2016). Towards the Usability Evaluation of Security APIs. In HAISA (pp. 252-265).

            19. , & (2016). Developers are not the enemy!: The need for usable security apis. IEEE Security & Privacy, 14(5), 40-46.

            20. , , , & (2016). Applied decision making with fast-and-frugal heuristics. Journal of Applied Research in Memory and Cognition, 5(2), 215-231.

            21. , , & (2013). Usability of mobile applications: literature review and rationale for a new usability model. Journal of Interaction Science, 1(1), 1-16.

            22. (2021). Monzo, Revolut and more - the rise of UK fintechs, https://www.fintechmagazine.com/venture-capital/monzo-revolut-and-more-rise-uk-fintechs (retrieved 8th May, 2021)

            23. (2015). User-centric IT security-how to design usable security mechanisms. arXiv preprint arXiv:1506.07167.

            24. (2015). Towards enhanced usability of it security mechanisms-how to design usable it security mechanisms using the example of email encryption. arXiv preprint arXiv:1506.06987.

            25. , , , , & (2012). Evaluating a methodology to establish usability heuristics. In 2012 31st International Conference of the Chilean Computer Science Society (pp. 51-59). IEEE.

            26. , , & (2010, February). Security and usability: Analysis and evaluation. In 2010 International Conference on Availability, Reliability and Security (pp. 275-282). IEEE.

            27. , , & (2015). Usability and Security perceptions of implicit authentication: convenient, secure, sometimes annoying. In Eleventh Symposium On Usable Privacy and Security ({SOUPS} 2015) (pp. 225-239).

            28. , (2019), Cybersecurity and Fintech at a Crossroads, ISACA Journal / Issues / 2019 / Volume 1

            29. , , , , , ,and (2016). Usability and Security of text passwords on mobile devices. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (pp. 527-539).

            30. (1992). Finding usability problems through heuristic evaluation. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp. 373-380).

            31. , , & (2004). Using card sorting technique to classify requirements change. In Proceedings. 12th IEEE International Requirements Engineering Conference, 2004. (pp. 240-248). IEEE.

            32. , , , & (2011). Guidelines for usable cybersecurity: Past and present. In 2011 third international workshop on cyberspace safety and security (CSS) (pp. 21-26). IEEE.

            33. OWASP Mobile Top 10, (2016) https://owasp.org/www-project-mobile-top-10/ (Retrieved 7th May, 2021 )

            34. , , & (2014). From weakest link to security hero: Transforming staff security behavior. Journal of Homeland Security and Emergency Management, 11(4), 489-510.

            35. , & (2017). How to develop usability heuristics: A systematic literature review. Computer standards & interfaces, 53, 89-122.

            36. , , , & (2016). A set of heuristics for usable security and user authentication. In Proceedings of the XVII International Conference on Human Computer Interaction (pp. 1-8).

            37. , and (2017). Fintech as financial innovation–The possibilities and problems of implementation.

            38. , , & (2001). Transforming the ‘weakest link’—a human/computer interaction approach to usable and effective security. BT technology journal, 19(3), 122-131.

            39. , , & (2016). Development of two novel face-recognition CAPTCHAs: a security and usability study. Computers & Security, 60, 95-116.

            40. , , & (2001). QUIM: a framework for quantifying usability metrics in software quality models. In Proceedings Second Asia-Pacific Conference on Quality Software (pp. 311-318). IEEE.

            41. , (2018), Banks warn of new mobile malware, 232 banking apps in danger. https://timesofindia.indiatimes.com/business/india-business/banks-warn-of-new-mobile-malware/articleshow/62436145.cms. (Retrieved May 12, 2018).

            42. , , & (2011). Usability testing methodology: Effectiveness of heuristic evaluation in E-government website development. In 2011 Fifth Asia Modelling Symposium (pp. 68-72). IEEE.

            43. Usabilitest, (2018). https://www.usabilitest.com/. (Retrieved 31st August 2018)

            44. , , & (2011). Pairing devices for social interactions: a comparative usability evaluation. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 2315-2324).

            45. , , , & (2009). The weakest link: A psychological perspective on why users make poor security decisions. In Social and Human elements of information security: Emerging Trends and countermeasures (pp. 43-60). IGI Global.

            46. , & (2019). Why Johnny can’t develop a secure application? A usability analysis of Java Secure Socket Extension API. Computers & Security, 80, 54-73.

            47. , , & (2012). A usable security heuristic evaluation for the online health social networking paradigm. International Journal of Human-Computer Interaction, 28(10), 678-694.

            48. , & (1996). User-centered security. In Proceedings of the 1996 workshop on New security paradigms (pp. 27-33).

            Comments

            Comment on this article