Campus Access Only
All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.
Date of Award
Dissertation - NSU Access Only
Doctor of Philosophy in Information Systems (DISS)
Graduate School of Computer and Information Sciences
Maxine S Cohen
Eric S. Ackerman
As the popularity of online banking Websites has increased, the security of these sites has become increasingly critical as attacks against these sites are on the rise. However, the design decisions made during construction of the sites could make usability more difficult, where the user has difficulty making good security decisions. This study analyzed 6 design flaws of this nature: (a) a break in the chain of trust, (b) providing a secure login method on an unsecure page, (c) providing bank contact information or security advice on an unsecure page, (d) having policies that are insufficient for userids and passwords, (e) generating e-mails containing sensitive information that are sent in an unsecure manner, and (f) the multi-factor authentication solution consisting of the presentation of an image in combination with the userid and password. Each of these flaws can lead to security and usability issues. Analysis of 80 banking sites was performed to determine the frequency of the flaws. The sampling of banking institutions was determined from banking institution lists available from the Federal Deposit Insurance Corporation (FDIC). Banking institutions were selected from 5 bank charter classes. The banking sites were downloaded for static analysis. The analysis was performed through a combination of automated programs and manual review. The results found instances of all 6 design flaws. The most prevalent issue found was insufficient policies for userids and passwords. The second most prevalent design flaw was the break in the chain of trust. The design flaw with the smallest number of occurrences was emailing sensitive information in an unsecure manner. The banking charter class of the banking institution did not appear to have a relationship to the frequency of the flaws. However, it appears that banking institutions with a smaller asset size have a higher frequency of the flaws than those with a larger asset size. It is recommended that banking institutions address these design flaws to improve usability for their customers while improving security.
Stephanie Gurlen. 2013. Security Design Flaws that Affect Usability in Online Banking. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (169)