A model for evaluating the security and usability of e-banking platforms

Convenience and the ability to perform advanced transactions encourage banks clients to use e-banking systems. As security and usability are two growing concerns for e-banking users, banks have invested heavily in improving their web portals security and user experience and trust in them. Despite considerable efforts to evaluate particular security and usability features in e-banking systems, a dedicated security and usability evaluation model that can be used as a guide in the development of e-banking assets remains much less explored. To build a comprehensive security and usability evaluation framework, we first extract security and usability evaluation metrics from the conducted literature review and then include several other evaluation metrics that were not previously identified in the literature. We then propose a structured inspection model for thoroughly evaluating the usability and security of internal and external e-banking assets. We argue that the proposed e-banking security and usability evaluation frameworks in the literature in addition to the existing standards of security best practices (e.g., NIST and ISO) are by no means comprehensive and lack some essential and key evaluation metrics that are of particular interest to e-banking portals. In order to demonstrate the inadequacy of existing models, we use the proposed framework to evaluate five major banks. The evaluation reveals several shortcomings in identifying both missing or incorrectly implemented security and privacy features. Our goal is to encourage other researchers to build upon our work.