Online security remains a challenge to ensure safe transacting on the internet. User authentication, a human-centric process, is regarded as the basis of computer security and hence secure access to online banking services. The increased use of technology to enforce additional actions has the ability to improve the quality of authentication and hence online security, but often at the expense of usability. The objective of this study was to determine if there are factors that could be used to create different authentication requirements for different users. That is, could internet banking users, for example, be directed to different authentication regimes after classifying their potential safety profile based on the browser that they are using? A web-based survey was designed to determine online consumers perceptions of their skills and competence in respect of passwords creation and management practices, and capture demographical data as well as choices in browsers used. After using a construct for password performance, derived from previous research on the same dataset, the browser used was compared with use of poor password practices. Based on the results a case could be made to have different authentication methods for consumers based on their browser selected to ensure a safer online environment.
The phenomenal growth of online banking has transformed the way in which consumers interact with their financial services provider. The majority of clients interaction with their service providers occurs online via their preferred browser and is increasingly moving towards mobile platforms. User authentication remains a foundation for computer security (Conklin, Dietrich and Walz, 2004:1) and passwords, in combination with other measures, remains critical to identify and authenticate online banking users.
Computer users remain a weak link in online security since user password practices has a direct effect on the level of security of a system (Gehringer, 2002:369). Not selecting and managing passwords with care may make those passwords more susceptible to potential abuse and misuse (Furnell, 2005:10). Accordingly, even the most sophisticated security systems are compromised if users do not select and manage their passwords properly (Tam, Glassman and Vandenwauver, 2010:233). Despite problems relating to password security remaining conspicuously unsolved, passwords as a means to identify users, whether in isolation or combination, remains the most common method of authentication (Furnell, 2005:9 and 11).
Newer technology supported authentication systems like biometrics and One-timePin are becoming popular (Tam et al. 2010:233) and do contribute to a safer online environment. However, the use of these technologies is uniformly applied to all users. That is, the attributes of users are not used to create differentiated authentication. All users, irrespective of any additional knowledge that may be known, or inferred at the point of authentication, are treated equally when verified.
2. Online banking
As the user of online banking increases security issues relating to confidentiality, integrity, and privacy have become a progressively greater concern to both banks and customers. Banks recognise the benefits, like increased efficiency and customer convenience, of this new medium. Despite this growing ubiquity of online banking services, security and privacy concerns and fears are still foremost in the minds of users and are indeed well founded.
Almost inevitably, this exponential growth in internet banking has been paralleled with an equally swift and altogether more disturbing rise in sector fraud. With the amount of money at stake, today's so-called cyber criminals have greater resources and enhanced technological capability to conduct online fraud. As banking transactions have moved from physical bank locations with vaults protecting their clients assets to the online world, so have the criminals (Rice, 2012:441).
User authentication, including those for online banking services, employs something a user knows, a user has, or something the user does (refer Table 1). With the increasingly diverse risks in online environments, user authentication methods are also becoming more diversified, and in online banking more often than not it is based on a combination of two or more of such factors.
3. The technological contributions
It is well documented that traditional personal identification methods, like passwords, suffer from a number of drawbacks and are unable to satisfy the security requirement of the highly inter-connected information society. As a result a number of different technologies have been developed and implemented in online authentication.