{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T17:46:02Z","timestamp":1778175962147,"version":"3.51.4"},"reference-count":34,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T00:00:00Z","timestamp":1444608000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,10,12]]},"abstract":"Purpose<\/jats:title>\u2013 The purpose of this paper was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk profile. Online security remains a challenge to ensure safe transacting on the Internet. User authentication, a human-centric process, is regarded as the basis of computer security and hence secure access to online banking services. The increased use of technology to enforce additional actions has the ability to improve the quality of authentication and hence online security, but often at the expense of usability. The objective of this study was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk profile.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>\u2013 A web-based survey was designed to determine online consumers\u2019 competence resecure online behaviour, and this was used to quantify the online behaviour as more or less secure. The browsers used by consumers as well as their demographical data were correlated with the security profile of respondents to test for any significant variance in practice that could inform differentiated authentication.<\/jats:p><\/jats:sec>Findings<\/jats:title>\u2013 A statistical difference between behaviours based on some of the dependant variables was evident from the analysis. Based on the results, a case could be made to have different authentication methods for online banking customers based on both their browser selected (before individual identification) as well as demographical data (after identification) to ensure a safer online environment.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>\u2013 The research can be used by the financial services sector to improve online security, where required, without necessarily reducing usability for more \u201csecurity inclined\u201d customers.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-11-2014-0074","type":"journal-article","created":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T19:42:32Z","timestamp":1444678952000},"page":"421-434","source":"Crossref","is-referenced-by-count":4,"title":["Investigating the possibility to use differentiated authentication based on risk profiling to secure online banking"],"prefix":"10.1108","volume":"23","author":[{"given":"Martin","family":"Butler","sequence":"first","affiliation":[]},{"given":"Rika","family":"Butler","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020122020123616600_b1","doi-asserted-by":"crossref","unstructured":"Anderson, C.L. and R. Agarwal, R. (2010), \u201cPractising safe computing: a multimethod empirical examination of home computer user security behavioral intentions\u201d, MIS Quarterly , Vol. 34 No. 3, pp. 613-643.","DOI":"10.2307\/25750694"},{"key":"key2020122020123616600_b2","doi-asserted-by":"crossref","unstructured":"Brostoff, S. and Sasse, M.A. (2002), \u201cSafe and sound: a safety-critical approach to security\u201d, Proceedings of the New Security Paradigm Workshop 2001 , available at: http:\/\/hornbeam.cs.ucl.ac.uk\/hcs\/people\/documents\/Angela%20Publications\/unsorted\/p41-brostoff.pdf (accessed 10 April 2014).","DOI":"10.1145\/508171.508178"},{"key":"key2020122020123616600_b3","doi-asserted-by":"crossref","unstructured":"Campbell, J. , Kleeman, D. and Ma, W. (2007), \u201cThe good and not so good of enforcing passwords composition rules\u201d, Information Systems Security , Vol. 16 No. 1, pp. 2-8.","DOI":"10.1080\/10658980601051375"},{"key":"key2020122020123616600_b4","unstructured":"Chiasson, S. and Biddle, R. (2007), \u201cIssues in user authentication\u201d, CHI Workshop: Security User Studies: Methodology and Best Practices, 28 April-3 May, San Jose, CA."},{"key":"key2020122020123616600_b5","doi-asserted-by":"crossref","unstructured":"Choubey, J. and Choubey, B. (2013), \u201cSecure user authentication in Internet Banking: a qualitative survey\u201d, International Journal of Innovation, Management and Technology , Vol. 4 No. 2, pp. 198-203.","DOI":"10.7763\/IJIMT.2013.V4.391"},{"key":"key2020122020123616600_b6","doi-asserted-by":"crossref","unstructured":"Ciampa, M. , Mark, R. and Enamait, J. (2013), \u201cA comparison of user preferences for browser password managers\u201d, Journal of Applied Security Research , Vol. 8 No. 4, pp. 455-466.","DOI":"10.1080\/19361610.2013.825751"},{"key":"key2020122020123616600_b7","doi-asserted-by":"crossref","unstructured":"Conklin, A. , Dietrich, G. and Walz, D. (2004), \u201cPassword-based authentication: a system perspective\u201d, Proceedings of the 37th Annual Hawaii International Conference on System Sciences, IEEE Computer Society Washington, DC, pp. 1-10.","DOI":"10.1109\/HICSS.2004.1265412"},{"key":"key2020122020123616600_b8","doi-asserted-by":"crossref","unstructured":"Durkin, M. (2004), \u201cIn search of the internet-banking customer \u2013 exploring the use of decision styles\u201d, The International Journal of Bank Marketing , Vol. 22 No. 7, pp. 484-503.","DOI":"10.1108\/02652320410567917"},{"key":"key2020122020123616600_b9","unstructured":"Feig, N. (2007), \u201cAuthentication goes mobile: banks look to out-of-band authentication as customers seek enhanced online banking security\u201d, Bank Systems + Technology , Vol. 23, p. 23."},{"key":"key2020122020123616600_b10","doi-asserted-by":"crossref","unstructured":"Furnell, S.M. (2005), \u201cAuthenticating ourselves: will we ever escape the password?\u201d, Network Security , Vol. 2005 No. 3, pp. 8-13.","DOI":"10.1016\/S1353-4858(05)00212-6"},{"key":"key2020122020123616600_b11","doi-asserted-by":"crossref","unstructured":"Furnell, S.M. (2007), \u201cAn assessment of website password practices\u201d, Computers and Security , Vol. 26 Nos 7\/8, pp. 445-451.","DOI":"10.1016\/j.cose.2007.09.001"},{"key":"key2020122020123616600_b12","doi-asserted-by":"crossref","unstructured":"Furnell, S.M. , Bryant, P. and Phippen, A.D. (2007), \u201cAssessing the security perceptions of personal Internet users\u201d, Computers and Security , Vol. 26 No. 5, pp. 410-417.","DOI":"10.1016\/j.cose.2007.03.001"},{"key":"key2020122020123616600_b13","doi-asserted-by":"crossref","unstructured":"Gaur, M.S. , Patel, D. and Saini, A. (2013), \u201cInsecurities within browser: issues and challenges\u201d, in Proceedings of the 6th International Conference on Security of Information and Networks (SIN \u201813 ), ACM , New York, NY , pp. 458-458.","DOI":"10.1145\/2523514.2523588"},{"key":"key2020122020123616600_b14","unstructured":"Gehringer, E.F. (2002), \u201cChoosing passwords: security and human factors\u201d, Technology and Society , pp. 369-373."},{"key":"key2020122020123616600_b15","unstructured":"Hunton, J.E. , Bryant, S.M. and Bagranoff, N.A. (2004), Core Concepts of Information Technology Auditing , John Wiley & Sons, Inc., Hoboken, NJ."},{"key":"key2020122020123616600_b16","doi-asserted-by":"crossref","unstructured":"Kaman, S. , Swetha, K. , Akram, S. and Varaprasad, G. (2013), \u201cRemote user authentication using a voice authentication system\u201d, Information Security Journal: A Global Perspective , Vol. 22 No. 3, pp. 117-125.","DOI":"10.1080\/19393555.2013.801539"},{"key":"key2020122020123616600_b17","doi-asserted-by":"crossref","unstructured":"McCloy, R.A. , Campbell, J.P. and Cudeck, R. (1994), \u201cA confirmatory test of a model of performance determinants\u201d, Journal of Applied Psychology , Vol. 79 No. 4, pp. 493-505.","DOI":"10.1037\/0021-9010.79.4.493"},{"key":"key2020122020123616600_b18","unstructured":"Moscato, D.R. and Altschuller, S. (2012), \u201cInternational perceptions of online banking security concerns\u201d, Communications of the IIMA , Vol. 12 No. 3, pp. 51-64."},{"key":"key2020122020123616600_b19","unstructured":"Notoatmodjo, G. and Thomborson, C. (2009), \u201cPasswords and Perceptions\u201d, Proceedings of the Australasian Information Security Conference (AISC2009), Wellington, New Zealand, Conferences in Research and Practice in Information Technology, Vol. 98, pp. 71-78."},{"key":"key2020122020123616600_b20","doi-asserted-by":"crossref","unstructured":"Pfleeger, S.L. and D. D. Caputo, D.D. (2012), \u201cLeveraging behavioral science to mitigate cyber security risk\u201d, Computers & Security , Vol. 31 No. 4, pp. 597-611.","DOI":"10.1016\/j.cose.2011.12.010"},{"key":"key2020122020123616600_b21","doi-asserted-by":"crossref","unstructured":"Pisani, P.H. and Lorena, A.C. (2013), \u201cA systematic review on keystroke dynamics\u201d, Journal of the Brazilian Computer Society , Vol. 19 No. 4, pp. 573-587.","DOI":"10.1007\/s13173-013-0117-7"},{"key":"key2020122020123616600_b22","unstructured":"Ravi, V. , Carr, M. and Sagar, N.V. (2006), \u201cProfiling of internet banking users in India using intelligent techniques\u201d, Journal of Services Research , Vol. 6 No. 2, pp. 61-73."},{"key":"key2020122020123616600_b23","unstructured":"Rice, P. (2012), \u201cCivil liability theories for insufficient security authentication in online banking\u201d, DePaul Business & Commercial Law Journal , Vol. 10 No. 3, pp. 439-460."},{"key":"key2020122020123616600_b24","unstructured":"Riley, S. (2006), \u201cPassword security: what users know and what they actually do\u201d, Usability News , Vol. 8 No. 1, available at: http:\/\/psychology.wichita.edu\/surl\/usabilitynews\/81\/Passwords.asp (accessed 19 March 2013)."},{"key":"key2020122020123616600_b25","doi-asserted-by":"crossref","unstructured":"Tam, L. , Glassman, M. and Vandenwauver, M. (2010), \u201cThe psychology of password management: a tradeoff between security and convenience\u201d, Behaviour and Information Technology , Vol. 29 No. 3, pp. 233-244.","DOI":"10.1080\/01449290903121386"},{"key":"key2020122020123616600_b26","doi-asserted-by":"crossref","unstructured":"Tassabehji, R. and Kamala, M.A. (2012), \u201cEvaluating biometrics for online banking: the case for usability\u201d, International Journal of Information Management , Vol. 32 No. 5, pp. 489-494.","DOI":"10.1016\/j.ijinfomgt.2012.07.001"},{"key":"key2020122020123616600_b27","doi-asserted-by":"crossref","unstructured":"Traore, I. , Woungang, I. , Obaidat, M.S. , Nakkabi, Y. and Lai, I. (2014), \u201cOnline risk-based authentication using behavioural biometrics\u201d, Journal of Multimedia Tools and Applications , Springer, pp. 575-602.","DOI":"10.1007\/s11042-013-1518-5"},{"key":"key2020122020123616600_b28","unstructured":"Usman, A.K. and Shah, M.H. (2013), \u201cStrengthening e-banking security using keystroke dynamics\u201d, Journal of Internet Banking and Commerce , Vol. 18 No. 3, pp. 1-11."},{"key":"key2020122020123616600_b29","doi-asserted-by":"crossref","unstructured":"Wahlberg, T. , Paakkola, P. , Wieser, C. , Laakso, M. and Roning, J. (2013), \u201cKepler \u2013 raising browser security awareness\u201d, Software Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE Sixth International Conference on, 18-22 March, pp. 435-440.","DOI":"10.1109\/ICSTW.2013.56"},{"key":"key2020122020123616600_b30","doi-asserted-by":"crossref","unstructured":"Weber, J.E. , Guster, D. , Safanov, P. and Schmidt, M.B. (2008), \u201cWeak password security: an empirical study\u201d, Information Security Journal: A Global Perspective , Vol. 17 No. 1, pp. 45-54.","DOI":"10.1080\/10658980701824432"},{"key":"key2020122020123616600_b31","doi-asserted-by":"crossref","unstructured":"Wessels, P.L. and Steenkamp, L. (2007), \u201cAssessment of current practices in creating and using passwords as a control mechanism for information access\u201d, South African Journal of Information Management , Vol. 9 No. 2.","DOI":"10.4102\/sajim.v9i2.27"},{"key":"key2020122020123616600_b32","unstructured":"Wolfe, D. (2011), \u201cBank sharpens authentication\u201d, American Banker , Vol. 10 No. 22."},{"key":"key2020122020123616600_b33","doi-asserted-by":"crossref","unstructured":"Yan, J. , Blackwell, A. , Anderson, R. and Grant, A. (2004), \u201cPassword memorability and security: empirical results\u201d, Security and Privacy, IEEE , Vol. 2 No. 5, pp. 25-31.","DOI":"10.1109\/MSP.2004.81"},{"key":"key2020122020123616600_b34","doi-asserted-by":"crossref","unstructured":"Yap, K.B. , Wong, D.H. , Loh, C. and Bak, R. (2010), \u201cOffline and online banking \u2013 where to draw the line when building trust in e-banking?\u201d, International Journal of Bank Marketing , Vol. 28 No. 1, pp. 27-46.","DOI":"10.1108\/02652321011013571"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-11-2014-0074","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-11-2014-0074\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-11-2014-0074\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:17Z","timestamp":1753406597000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/4\/421-434\/113612"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,10,12]]},"references-count":34,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2015,10,12]]}},"alternative-id":["10.1108\/ICS-11-2014-0074"],"URL":"https:\/\/doi.org\/10.1108\/ics-11-2014-0074","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2015,10,12]]}}}