Upload File

improving usability & security on e-commerce sites · the project aims to explore and improve...

  • Home
  • Documents
  • Improving Usability & Security on E-Commerce Sites · The project aims to explore and improve the current conflict between usability and security on E-Commerce sites by providing
1
1) My Project The project aims to explore and improve the current conflict between usability and security on E- Commerce sites by providing research based advice, in the form of wireframes and an example website to showcase this. Why E-Commerce? “87% of UK consumers have brought at least one product online in the last 12 months and is expected to increase.” (Kitonyi, 2017). More Businesses aim to use E-Commerce model approaches to widen their audience, adding to the ever-increasing above statistic; stressing for a better user experience. “E-commerce sites are failing to present security measures in a user-friendly way” (Muncaster, 2009). Technology Acceptance Model (TAM), (Davis, Bagozzi & Warshaw, 1989) TAM is an Information System theory that models how users come to accept new technology. This model suggests that when users are given new technology it must be: Perceived Useful (PU) “the degree to which a person believes that using a particular system would enhance his or her job performance” (Davis, 1989). Perceived Ease of Use "the degree to which a person believes that using a particular system would be free from effort“ (Davis, 1989). Should the user perceive either of the above in a negative manner, they will reject the technology. Figure 1 - Methods for Data Collection 1) Critical Review 2) Self Evaluation 3) Survey 4) Think Aloud 1) Critical Review: Used to gain an understanding of previous research for analysis and evaluation, using structured Critical Review guidelines “originally developed by the McMaster University Occupational Therapy Evidence-Based Practice Research Group and revised by Letts et al., 2007” (Letts, Wilkin, Law, Stewart, , Bosch, & Westmorland, 2007). 2) Self-Evaluation: To analyse what features current E-Commerce sites have. The guidelines that the tend to follow and the traits that they share. 3) Survey with potential E-Commerce Users: Used to gain an understanding of how users feel about current security trends online and to see what they want. 4) Think Aloud: “In a thinking aloud test, you ask test participants to use the system while continuously thinking out loud that is, simply verbalising their thoughts as they move through the user interface.(Nielsen, 2012). Used to gain an understanding of potential issues that users may have with the site overall. Figure 3 Data Collection Survey Graph Objectives Independently analyse current E-commerce usability and security platforms through Critical Reviews and Self-Evaluation. Carry out a survey to understand users’ views on current security methods and how they feel they affect usability, for example, their preferred method of logging in. Create a series of wireframes for potential E-Commerce designs aiming to measurably improve usability/security and test this with a Think Aloud. 2) Background Background There has been a dramatic rise of the Internet over the years to the point it has become a critical point in our lives. An example of this is through the use of E-Commerce websites. Naturally, the use of online transactions has met the need for online security in order to protect users’ sensitive information online through the use of passwords and other means of protection, “but with the increase of security methods also leads to the risk of the platform becoming less usable.” (Schneier, 2004). Critical Review points “It’s a well-known fact that user behaviour plays a part in many security failures, and it has become common to refer to users as the ‘weakest link’ in the security chain. However, blaming the user will not lead to more effective security.” (Sasse, Brostoff, Weirrich, 2001). The limits of human memory are a vital factor in usable security. Passwords as an example can be forgettable and are often written down by users leading to a critical weakness in security. How Figure 2 Addresses the Issue Security Phase 1 logs the user onto a preview of their account using their Email ID and is sent an SMS message to their mobile containing the pin for them to login past phase 2. (Preferable method as shown from survey results). Usability Simple to use and clear layout, offers feedback if needed through question mark icons (Nielsen, 1995). 3) Address the Issue Figure 2 Login Phase 2 4) Progression Done Gantt Chart To Do Collect Research of Usability /Online Security Literature Self-Evaluation of Current E- Commerce Systems Survey Preparation Design Wireframes Analyse Survey Results Introduction Draft Create Website to Adhere to Wireframes Add Security Features From Survey Analysis Test Website Perform Think Aloud Tests Finish Report Kitonyi, N. (2018) UK Online Shopping and E-Commerce Statistics for 2017. Retrieved on 31/01/18 from: https://www.gurufocus.com/news/492058/uk-online-shopping-and- ecommerce-statistics-for-2017 Davis, F. Bagozzi, R. Warshaw, P. (1989) User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, VOL 35, 8, Page: 982-1003 Davis, F. Bagozzi, R. Warshaw, P. (1989) User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, VOL 35, 8, Page: 982-1003 Davis, F. Bagozzi, R. Warshaw, P. (1989) User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, VOL 35, 8, Page: 982-1003 Letts, L., Wilkins, S., Law, M., Stewart, D., Bosch, J., & Westmorland, M. (2007) Guidelines for Critical Review Form: Qualitative Studies (Version 2.0) Retrieved on 2 nd December from: https://students.keele.ac.uk/bbcswebdav/pid-1364112-dt-content-rid- 3026934_1/courses/CSC-30016-2017- SEM1-A/Guidelines-for-Critical- Review-Form-Qualitative-Studies.pdf Nielsen, J. (2012) Thinking Aloud: The #1 Usability Tool. Retrieved on 31/01/18 from: https://www.nngroup.com/articles/thinking-aloud-the- 1-usability-tool/ Cranor, L. Garfinkel, S. (2005) Security and Usability. (1st ed.) O'Reilly Media. ISBN-10: 0596008279 Sasse, M. Brostoff, S. Weirich, D. (2001) Transforming the ‘weakest link’ — a human/computer interaction approach to usable and effective security. BT Technology Journal. VOL 19, 3. Nielsen, J. (1995) 10 Usability Heuristics for User Interface Design. Retrieved on 31/01/18 from: https://www.nngroup.com/articles/ten- usability-heuristics/ Davis, F. Bagozzi, R. Warshaw, P. (1989) User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, VOL 35, 8, Page: 982-1003 Schneier, B. (2018) Balancing Security and Usability in Authentication - Schneier on Security. Retrieved on 31/01/18 from: https://www.schneier.com/blog/archives/2009/02/balancing_secur.ht ml Sasse, M. Brostoff, S. Weirich, D. (2001) Transforming the ‘weakest link’ — a human/computer interaction approach to usable and effective security. BT Technology Journal. VOL 19, 3. Improving Usability & Security on E-Commerce Sites Luke Sloane-Bulger (15010247) Supervisor Adam Stanton References Percentages of participants who stated: Passwords: 32% Pins:40% Biometrics: 16% Other: 12% Figure 2 Login Phase 1

Upload: others

Post on 14-Jul-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Improving Usability & Security on E-Commerce Sites · The project aims to explore and improve the current conflict between usability and security on E-Commerce sites by providing

1) My Project The project aims to explore and improve the current conflict between usability and security on E-Commerce sites by providing research based advice, in the form of wireframes and an example website to showcase this. Why E-Commerce? •“87% of UK consumers have brought at least one product online in the last 12 months and is expected to increase.” (Kitonyi, 2017). •More Businesses aim to use E-Commerce model approaches to widen their audience, adding to the ever-increasing above statistic; stressing for a better user experience. •“E-commerce sites are failing to present security measures in a user-friendly way” (Muncaster, 2009). Technology Acceptance Model (TAM), (Davis, Bagozzi & Warshaw, 1989) •TAM is an Information System theory that models how users come to accept new technology. This model suggests that when users are given new technology it must be:

•Perceived Useful (PU) – “the degree to which a person believes that using a particular system would enhance his or her job performance” (Davis, 1989). •Perceived Ease of Use – "the degree to which a person believes that using a particular system would be free from effort“ (Davis, 1989).

•Should the user perceive either of the above in a negative manner, they will reject the technology. Figure 1 - Methods for Data Collection

1) Critical Review

2) Self Evaluation

3) Survey 4) Think Aloud

1) Critical Review: Used to gain an understanding of previous research for analysis and

evaluation, using structured Critical Review guidelines “originally developed by the McMaster University Occupational Therapy Evidence-Based Practice Research Group and revised by Letts et al., 2007” (Letts, Wilkin, Law, Stewart, , Bosch, & Westmorland, 2007).

2) Self-Evaluation: To analyse what features current E-Commerce sites have. The guidelines that the tend to follow and the traits that they share.

3) Survey with potential E-Commerce Users: Used to gain an understanding of how users feel about current security trends online and to see what they want.

4) Think Aloud: “In a thinking aloud test, you ask test participants to use the system while continuously thinking out loud — that is, simply verbalising their thoughts as they move through the user interface.” (Nielsen, 2012). Used to gain an understanding of potential issues that users may have with the site overall.

Figure 3 – Data Collection Survey Graph

Objectives • Independently analyse current E-commerce usability and security platforms

through Critical Reviews and Self-Evaluation. • Carry out a survey to understand users’ views on current security methods and

how they feel they affect usability, for example, their preferred method of logging in.

• Create a series of wireframes for potential E-Commerce designs aiming to measurably improve usability/security and test this with a Think Aloud.

2) Background

Background There has been a dramatic rise of the Internet over the years to the point it has become a critical point in our lives. An example of this is through the use of E-Commerce websites. Naturally, the use of online transactions has met the need for online security in order to protect users’ sensitive information online through the use of passwords and other means of protection, “but with the increase of security methods also leads to the risk of the platform becoming less usable.” (Schneier, 2004). Critical Review points “It’s a well-known fact that user behaviour plays a part in many security failures, and it has become

common to refer to users as the ‘weakest link’ in the security chain. However, blaming the user will not lead to more effective security.” (Sasse, Brostoff, Weirrich, 2001).

The limits of human memory are a vital factor in usable security. Passwords as an example can be forgettable and are often written down by users leading to a critical weakness in security.

How Figure 2 Addresses the Issue Security – Phase 1 logs the user onto a preview of their account using their Email ID and is sent an SMS message to their mobile containing the pin for them to login past phase 2. (Preferable method as shown from survey results). Usability – Simple to use and clear layout, offers feedback if needed through question mark icons (Nielsen, 1995).

3) Address the Issue

Figure 2 – Login Phase 2

4) Progression Done Gantt Chart To Do

• Collect Research of Usability /Online Security Literature •Self-Evaluation of Current E-Commerce Systems •Survey Preparation •Design Wireframes •Analyse Survey Results •Introduction Draft

•Create Website to Adhere to Wireframes •Add Security Features From Survey Analysis •Test Website •Perform Think Aloud Tests •Finish Report

•Kitonyi, N. (2018) UK Online Shopping and E-Commerce Statistics for 2017. Retrieved on 31/01/18 from: https://www.gurufocus.com/news/492058/uk-online-shopping-and-ecommerce-statistics-for-2017 •Davis, F. Bagozzi, R. Warshaw, P. (1989) User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, VOL 35, 8, Page: 982-1003

•Davis, F. Bagozzi, R. Warshaw, P. (1989) User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, VOL 35, 8, Page: 982-1003 •Davis, F. Bagozzi, R. Warshaw, P. (1989) User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, VOL 35, 8, Page: 982-1003

•Letts, L., Wilkins, S., Law, M., Stewart, D., Bosch, J., & Westmorland, M. (2007) Guidelines for Critical Review Form: Qualitative Studies (Version 2.0) Retrieved on 2 nd December from: https://students.keele.ac.uk/bbcswebdav/pid-1364112-dt-content-rid-3026934_1/courses/CSC-30016-2017- SEM1-A/Guidelines-for-Critical-Review-Form-Qualitative-Studies.pdf •Nielsen, J. (2012) Thinking Aloud: The #1 Usability Tool. Retrieved on 31/01/18 from: https://www.nngroup.com/articles/thinking-aloud-the-1-usability-tool/

•Cranor, L. Garfinkel, S. (2005) Security and Usability. (1st ed.) O'Reilly Media. ISBN-10: 0596008279 •Sasse, M. Brostoff, S. Weirich, D. (2001) Transforming the ‘weakest link’ — a human/computer interaction approach to usable and effective security. BT Technology Journal. VOL 19, 3. •Nielsen, J. (1995) 10 Usability Heuristics for User Interface Design. Retrieved on 31/01/18 from: https://www.nngroup.com/articles/ten-usability-heuristics/

•Davis, F. Bagozzi, R. Warshaw, P. (1989) User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, VOL 35, 8, Page: 982-1003 •Schneier, B. (2018) Balancing Security and Usability in Authentication - Schneier on Security. Retrieved on 31/01/18 from: https://www.schneier.com/blog/archives/2009/02/balancing_secur.html •Sasse, M. Brostoff, S. Weirich, D. (2001) Transforming the ‘weakest link’ — a human/computer interaction approach to usable and effective security. BT Technology Journal. VOL 19, 3.

Improving Usability & Security on E-Commerce Sites

Luke Sloane-Bulger (15010247) – Supervisor Adam Stanton

References

Percentages of participants who stated: Passwords: 32% Pins:40% Biometrics: 16% Other: 12%

Figure 2 – Login Phase 1

WEB USABILITY OF AARONG, E-COMMERCE

EVALUASI USABILITY WEBSITE E-COMMERCE

Panel--Usability of Security Administration vs. Usability …cups.cs.cmu.edu/soups/2005/2005slides/secure-admin-panel.pdf · Usability of Security Administration vs. Usability of

Security and Usability Engineering with Particular ... · Security and Usability Engineering with Particular Attention to Electronic Mail ... we conducted a quantitative analysis

Coherence Rest Security and Usability Improvements

Usable Security - Computer Security Lecture 17Psychology and Usability Usability Background Research in Usability and Security Usable Authentication Password Authentication Challenge

Internship Report on Web Usability of Aarong E-Commerce

DUAL-METHOD USABILITY EVALUATION OF E-COMMERCE …uir.unisa.ac.za/bitstream/handle/10500/5300/dissertation_moczarny... · DUAL-METHOD USABILITY EVALUATION OF E-COMMERCE WEBSITES:

Internship Report on Web Usability of Aarong E-Commerce · Internship report on web usability of Aarong e-commerce 2016 . L. ... Conclusion ... Internship report on web usability

Security And Usability

01. Course Overview; Introduction to Usable Security & Privacy · Usable security research bridges security and usability Security Usability/HCI Usable Security Humans are a secondary

Usable Security - Computer Security Lecture · Security and Usability: A Tradeoff? Does increased security decrease usability? É A 20-character password doesn’t seem very usable

Outline Why Psychology? Usable Security Human versus Computer Security and Usability ... · 2011-03-17 · Psychology and Usability Usability Background Research in Usability and

Usability and Accessibility Evaluation of Pakistan's E-commerce Sites

Usability for e-commerce

Usability for e-commerce - part II

IMPROVING THE SECURITY AND USABILITY OF CLOUD SERVICES ...vinodg/students/samanzarandioon_phdt… · Improving the security and usability of cloud services with user-centric security

Od usability do e-Commerce - WUD na Pradze

E-commerce and Usability

E banking security-05-security-and-usability

Usability and security in future voting systems

Improving Usability & Security on E-Commerce Sites Luke Sloane … · 2019-06-08 · Improving Usability & Security on E-Commerce Sites Luke Sloane-Bulger PROGRAMME (BSc in Computer

Usability Basics - For E-commerce sites (Feb 2012 Internal Presentation)

Usability and Security - vurore.nl

Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Commerce Data Usability Project

Bournemouth University - Security through Usability: …...1 Security through Usability: a user-centered approach for balanced security policy requirements Shamal Faily, Ivan Flechais´

Usability and Security of Personal Firewalls

AUTOMATICALLY IDENTIFYING USABILITY PROBLEMS IN E-COMMERCE

Improving the Usability of e-Commerce Applications Using Business Processes

Security seminar topics - ut · Security seminar topics 2010 Aleksei Gorny . Usability of security. Overview Bad security/usability balancing choices prevail in software design. Blame

M-Commerce Usability - jestem.mobijestem.mobi/wp-content/uploads/2013/07/mcommerce-usability... · M-Commerce Usability Exploring the mobile shopping experience Publication date March

Usability and Security. Overview Limits of Usability for Security 10 basic principles (Ka-Ping-Yee) Psychological foundations Key Management Bad Usability

Usability w e commerce

Referat Orbit-iEX2008 Usability-Fallenbei RichInternet ...Usability-Fallenbei RichInternet Applications Referat Orbit-iEX2008 H U 2 RIA und Usability Anna Leiterin E-Commerce Unsere