Investigating the possibility to use differentiated authentication based on risk profiling to secure online banking

Butler, Martin; Butler, Rika

doi:10.1108/ics-11-2014-0074

Cited by 4 publications

(5 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Something the user possesses: This category refers to the authentication process using objects, such as a device or token, to prove the user's identity. The token may be a dedicated item that is used for authenticating (e.g., a USB key), or it may be a digital certificate on a mobile device (Al-Ameen et al, 2016;Butler and Butler, 2015). • Something the user is: Biometrics are physical or behavioral characteristics of the user that are used to prove their identity.…”

Section: Overview Of User Authenticationmentioning

confidence: 99%

“…Modern smartphones carry several means of authentication, such as fingerprint scanners, cameras for face recognition, and input for memory-based methods (Cho et al, 2020), as well as mobile connectivity for out-ofband authentication (Butler and Butler, 2015). As MFA requires extra effort from the user and could cause discontent, methods have been developed to reduce the effort in low-risk interactions.…”

Section: User Authentication Todaymentioning

confidence: 99%

“…More robust authentication is then only required in high-risk situations. (Bonneau et al, 2015;Butler and Butler, 2015. ) One way of reducing the constant authentication requests when using multiple services is the single-sign-on (SSO).…”

Section: User Authentication Todaymentioning

confidence: 99%

See 2 more Smart Citations

Visions of the Future: What Could Happen to User Authentication?

Paananen,

Woods

2024

eccws

View full text Add to dashboard Cite

The most prevalent information system security feature for the user is the authentication process. Passwords have been the primary authentication method for decades due to their simplicity for both the user and the system provider. However, over recent years, the digitalization of services has increased the number of credentials each user must manage, making traditional password authentication problematic for the user. Strong candidates for easier and more secure authentication methods are emerging (e.g., FIDO alliance, Single-sign-on, biometrics). Still, a single method has yet to dominate the market due to the rapid changes in technology, costs of implementation, trust in these methods, and the vast number of users and digital services. Due to the varied reasons that affect the adoption of these methods, it is unclear what kinds of authentication methods will be the forerunners in the future. This study aims to envision the future of user authentication and security features emerging from the interaction of different factors. We present a qualitative interview study, which examines six experts from the fields of authentication, cybersecurity, and emerging technologies. A hermeneutic mode of analysis is used to form scenarios of the future based on the observations of different experts. The results reflect an understanding of how users and their interactions with security features, such as authentication, may change over the following decade and beyond and how security professionals intend to incorporate this knowledge into future security systems. The results shed light on the influence of society, developing technology, and the need for user- and future-proof security in the coming years. This study will have several implications, as it will contribute to forming a coherent picture of the different elements that shape the future and give an idea of how to prepare for what is coming. Furthermore, it will provide an understanding of how choices with technology today lead to different futures.

show abstract

Section: Overview Of User Authenticationmentioning

confidence: 99%

Section: User Authentication Todaymentioning

confidence: 99%

See 1 more Smart Citation

Visions of the Future: What Could Happen to User Authentication?

Paananen,

Woods

2024

eccws

View full text Add to dashboard Cite

show abstract

“…Effective sales tactics are vital in building successful online strategies by encouraging interactions to enhance confidentiality and trust and generate a competitive advantage in the banking industry (Jaramillo and Marshall, 2004). The concept of online privacy and personal attitudes toward risk can be used as segmentation criteria by a bank to profile consumers and develop a sales strategy recognizing the privacy concerns (Butler and Butler, 2015). With the advancement of e-banking (Sekhon et al, 2010), bank managers should convince consumers of the availability of similar services online as offline environment, encouraging the use of online banking with assurance and confidence regarding confidentiality, privacy and security (Chong et al, 2010).…”

Section: Privacy Online Banking and Sales Strategymentioning

confidence: 99%

Online banking and privacy: redesigning sales strategy through social exchange

Liyanaarachchi

Deshpande

Weaven

2021

IJBM

View full text Add to dashboard Cite

PurposeThis paper advocates for banks to understand customers' online privacy concerns, use those insights to segment consumers and design tailored sales strategies to build a mutual relationship through a social exchange that produces a competitive advantage.Design/methodology/approachA qualitative study involving 30 in-depth interviews with Australian and Asian millennials residing in Australia was conducted using a grounded theory approach to explore privacy concerns of online banking and determine the efficacy of their banks' existing sales strategy and practice.FindingsThe study revealed differences in customer perceptions of trust, confidence, responsibility and exchange. Adopting a power-dependency paradigm within a social exchange theoretical framework and power distance belief of national culture theory, the authors identified four consumer segments: exemplar, empiric, elevator and exponent. The authors propose a tailored consumer-centered sales strategy of communication, control, consolidation and collaboration.Originality/valueThe paper contributes to the research in services marketing, sales strategy and banking in three ways: first, the authors demonstrate the importance of the social exchange theory and national culture as a premise to develop a competitive advantage; second, the authors propose an innovative set of consumer segments in regards to online privacy concerns; and, third, the authors introduce four sales strategies tailored to each of the four segments.

show abstract

“…Risk-based authentication approaches based on basic communication information [49], such as the source-destination IP addresses, or frequency of transactions, performed by a user on her devices to determine risk, are easily exploitable. According to Traore [50], such systems could be exploited by polling or cloning users' devices.…”

Section: Risk-based Authentication Schemesmentioning

confidence: 99%

Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme

Buriro

Gupta

Yautsiukhin

et al. 2021

J Sign Process Syst

View full text Add to dashboard Cite

The paper presents a risk-driven behavioral biometric-based user authentication scheme for smartphones. Our scheme delivers one-shot-cum-continuous authentication, thus not only authenticates users at the start of application sign-in process but also, throughout the entire active user session. The scheme leverages the widely used PIN/password-based authentication technology by giving flexibility to users to enter any random 8-digit alphanumeric text, instead of pre-configured PIN/Passwords. Internally, the scheme exploits two behavioral biometric traits, i.e., touch-timing-differences of the entered strokes and the hand-movement gesture recorded during the random text entry, to authenticate users. Moreover, throughout the entire user session, the scheme continuously authenticates the user by computing the risk-score every time the user initiates a sensitive activity. If the risk-score is higher than the predefined threshold, the current user session terminates. Afterward, the scheme requests the user to re-authenticate. Thus, our scheme serves three main objectives: Firstly, it offers users the flexibility to enter a 8 − digit random alphanumeric text as their secret enhancing the usability of PIN/password-based schemes. Secondly, it strengthens the security of PIN/passwordbased schemes as verification decision is not binary and mimicking the invisible touchtimings and hand-movements simultaneously, could be extremely difficult. Lastly, the scheme does not require any dedicated device (e.g., a smart token for OTP generation) for 2-factor authentication. The results obtained on 11, 400 user-samples (collected by 3 days in-the-wild testing) and user-experience responses (received from the Software Usability Scale 3 survey) of 95 testers demonstrate our scheme as an accurate and acceptable user authentication scheme.

show abstract

Investigating the possibility to use differentiated authentication based on risk profiling to secure online banking

Cited by 4 publications

References 23 publications

Visions of the Future: What Could Happen to User Authentication?

Visions of the Future: What Could Happen to User Authentication?

Online banking and privacy: redesigning sales strategy through social exchange

Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme

Contact Info

Product

Resources

About