Search results
1 – 10 of 871The purpose of this paper was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk…
Abstract
Purpose
The purpose of this paper was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk profile. Online security remains a challenge to ensure safe transacting on the Internet. User authentication, a human-centric process, is regarded as the basis of computer security and hence secure access to online banking services. The increased use of technology to enforce additional actions has the ability to improve the quality of authentication and hence online security, but often at the expense of usability. The objective of this study was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk profile.
Design/methodology/approach
A web-based survey was designed to determine online consumers’ competence resecure online behaviour, and this was used to quantify the online behaviour as more or less secure. The browsers used by consumers as well as their demographical data were correlated with the security profile of respondents to test for any significant variance in practice that could inform differentiated authentication.
Findings
A statistical difference between behaviours based on some of the dependant variables was evident from the analysis. Based on the results, a case could be made to have different authentication methods for online banking customers based on both their browser selected (before individual identification) as well as demographical data (after identification) to ensure a safer online environment.
Originality/value
The research can be used by the financial services sector to improve online security, where required, without necessarily reducing usability for more “security inclined” customers.
Details
Keywords
Óscar Cánovas, Antonio F. Gómez‐Skarmeta, Gabriel López and Manuel Sánchez
This paper seeks to present an overview and some preliminary results of the DAMe project. The main goal of this project was to define a unified authentication and authorisation…
Abstract
Purpose
This paper seeks to present an overview and some preliminary results of the DAMe project. The main goal of this project was to define a unified authentication and authorisation system for federated services hosted in the eduroam network.
Design/methodology/approach
This paper presents the main initiatives and technologies related to the DAMe project and some first designs that show how the main goals are already being achieved.
Findings
At present, there are several activities of DAMe in progress, such as the design and implementation of a multiplatform PEAP supplicant, the middleware for managing the SSO tokens and the design of new common services for eduGAIN.
Originality/value
This paper is based on results from the DAMe project and the knowledge of the authors and will be of interest to those in the same field.
Details
Keywords
Thanos Papaioannou, Aggeliki Tsohou and Maria Karyda
This paper aims to identify the data elements that social network sites (SNS) users consider important for shaping their digital identity and explore how users’ privacy concerns…
Abstract
Purpose
This paper aims to identify the data elements that social network sites (SNS) users consider important for shaping their digital identity and explore how users’ privacy concerns, self-esteem and the chosen SNS shape this process.
Design/methodology/approach
This study conducted an online survey with the participation of 759 individuals, to examine the influence of privacy concerns, self-esteem and the chosen SNS platform, on the shaping of the digital identity, through a classification of identity elements that users disclose when using a SNS, the Rosenberg self-esteem scale and relevant constructs from the literature.
Findings
Findings reveal that users consider the name, gender, picture, interests and job as most important elements for shaping their digital identity. They also demonstrate that privacy concerns do not seem to affect the amount of information users choose to publish when shaping their digital identity. Specific characteristics of SNS platforms are found to affect the way that users shape their digital identity and their privacy behavior. Finally, self-esteem was found to affect privacy concerns and digital identity formation.
Research limitations/implications
To avoid a lengthy questionnaire and the risk of low participation, the respondents answered the questions for one SNS of their choice instead of answering the full questionnaire for each SNS that they use. The survey included the most popular SNSs at the time of the survey in terms of popularity.
Practical implications
The results contribute to the theory by furthering our knowledge on the elements that shape digital identity and by providing evidence with regard to the role of privacy and self-esteem within social networking. In practice, they can be useful for SNS providers, as well as for entities that design security and privacy awareness campaigns.
Originality/value
This paper identifies novel factors that influence digital identity formation, including the specific SNS used with its particular characteristics in combination with privacy concerns and self-esteem of the user.
Details
Keywords
Gajendra Liyanaarachchi, Sameer Deshpande and Scott Weaven
This paper advocates for banks to understand customers' online privacy concerns, use those insights to segment consumers and design tailored sales strategies to build a mutual…
Abstract
Purpose
This paper advocates for banks to understand customers' online privacy concerns, use those insights to segment consumers and design tailored sales strategies to build a mutual relationship through a social exchange that produces a competitive advantage.
Design/methodology/approach
A qualitative study involving 30 in-depth interviews with Australian and Asian millennials residing in Australia was conducted using a grounded theory approach to explore privacy concerns of online banking and determine the efficacy of their banks' existing sales strategy and practice.
Findings
The study revealed differences in customer perceptions of trust, confidence, responsibility and exchange. Adopting a power-dependency paradigm within a social exchange theoretical framework and power distance belief of national culture theory, the authors identified four consumer segments: exemplar, empiric, elevator and exponent. The authors propose a tailored consumer-centered sales strategy of communication, control, consolidation and collaboration.
Originality/value
The paper contributes to the research in services marketing, sales strategy and banking in three ways: first, the authors demonstrate the importance of the social exchange theory and national culture as a premise to develop a competitive advantage; second, the authors propose an innovative set of consumer segments in regards to online privacy concerns; and, third, the authors introduce four sales strategies tailored to each of the four segments.
Details
Keywords
This chapter focuses on the authentication of wilderness and the mechanisms of power and agency through which the wilderness has come to assume its patina of authenticity, often…
Abstract
This chapter focuses on the authentication of wilderness and the mechanisms of power and agency through which the wilderness has come to assume its patina of authenticity, often associated with masculinity, challenge, self-(re)creation, pristine landscapes, and, perhaps above all, authenticity. Rather than examining the concept of authenticity, this chapter focuses on its process; using notions of “hot” and “cool” authentication, it attends to the ways individuals and groups navigate social terrain through discourse and performance to construct authenticity in wilderness landscapes. It examines the various mechanisms through which authenticity in wilderness is constructed, measured, and assessed, attending to the “hot” and “cool” authentication of the American wilderness.
Details
Keywords
Mahdi Nasrullah Al-Ameen, S.M. Taiabul Haque and Matthew Wright
Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords…
Abstract
Purpose
Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user’s accounts being accessed. Physical tokens such as RSA’s SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication.
Design/methodology/approach
The authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users’ autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication.
Findings
In a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme.
Originality/value
The results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows.
Details
Keywords
Sajaad Ahmed Lone and Ajaz Hussain Mir
Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy…
Abstract
Purpose
Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy is a must for many of today’s applications. Authentication schemes based on knowledge and tokens, although widely used, lead to most security breaches. While providing various advantages, biometrics are also subject to security threats. Using multiple factors together for authentication provides more certainty about a user’s identity; thus, leading to a more reliable, effective and more difficult for an adversary to intrude. This study aims to propose a novel, secure and highly stable multi-factor one-time password (OTP) authentication solution for mobile environments, which uses all three authentication factors for user authentication.
Design/methodology/approach
The proposed authentication scheme is implemented as a challenge-response authentication where three factors (username, device number and fingerprint) are used as a secret key between the client and the server. The current scheme adopts application-based authentication and guarantees data confidentiality and improved security because of the integration of biometrics with other factors and each time new challenge value by the server to client for OTP generation.
Findings
The proposed authentication scheme is implemented on real android-based mobile devices, tested on real users; experimental results show that the proposed authentication scheme attains improved performance. Furthermore, usability evaluation proves that proposed authentication is effective, efficient and convenient for users in mobile environments.
Originality/value
The proposed authentication scheme can be adapted as an effective authentication scheme to accessing critical information using android smartphones.
Details
Keywords
To examine the system of electronic library service licences and authentication in the UK, and highlight its hybrid local – national approach.
Abstract
Purpose
To examine the system of electronic library service licences and authentication in the UK, and highlight its hybrid local – national approach.
Design/methodology/approach
A narrative account of our national negotiating and network security practice, combined with brief illustrations of alternative practices elsewhere in the world.
Findings
That the UK system may be nearing the end of its lifespan, given the level of resourcing available to UK HE.
Research limitations/implications
The relationship between educational funding levels and national licensing practice and authentication systems needs to be explored in some depth by timely, focussed research – research that should show full awareness of other international models.
Practical implications
New directions in model licences and authentication practice in the UK may be very resource‐intensive to pursue at grass‐roots institutional level. The practical difficulties should be scrutinised very carefully before our time‐honoured system is given a new lease of life.
Originality/value
The paper challenges the view that the UK information system is broadly as well positioned as it could be in terms of licence and digital library security/authentication systems. We in the UK should take a humble look at other international models and learn lessons from them.
Details
Keywords
Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and…
Abstract
Purpose
Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study.
Design/methodology/approach
This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures.
Findings
The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived.
Originality/value
Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.
Details
Keywords
This paper aims to describe the design and business characteristics of the system pertaining to efficient and viable public services, the technical perspective and also usage…
Abstract
Purpose
This paper aims to describe the design and business characteristics of the system pertaining to efficient and viable public services, the technical perspective and also usage results from the productive prototype. When the academic library of our institution turned to consider cost-effective solutions that would combine management and accounting for both printing and photocopying, it was realized that there are no open-source or enterprise platforms that can support such characteristics. Instead of relying on commercial solutions, the construction of a service was planned by means of integrating community-based projects and developing any missing components.
Design/methodology/approach
The implementation of the system was based on the identification of appropriate open-source modules and on the development of ones that do not exist but are necessary to realize business procedures for credit reception, control and billing. Thus, the system integrates software for the management of printers and print tasks, for accounting for printing tasks, for user catalogues, for authentication modules and for the control of low level I/O operations. The aforementioned systems were integrated along with the following new modules that were developed to create a complete service.
Findings
Our prototype has been operating at our University since May 2011. The system was installed at four sites in reading rooms of the library. Three of them are located in different departments within the University campus, while the fourth is located in the last reading room that has not yet moved within the campus. In two years, more than 28,000 pages were printed and charged. The steady rise in the number of served requests leads us to the conclusion that the system can cope with the heavy use of photocopying machines.
Originality/value
The prototype described in this paper is a complete productive platform that is capable to accept money or credit over the counter or by using money receivers and provide billing and management for printing and photocopying. The system does not depend on any vendor technology, offers control, monitoring, receipts and reports and because it relies on open source can minimize the total costs of ownership. Scrutiny of the bibliography and market did not find any systems that could meet the aforementioned characteristics.
Details