RSA Security has announced the findings of 12 months of ongoing usability testing and research including focus groups and online surveys - conducted by the RSA Security Usability Lab and User Experience Design Team in conjunction with the RSA Security Consumer Research Team into the best ways of helping consumers adopt security technology when banking and trading online.
After compiling data from a series of tests and in-depth research, the RSA Security User Experience Design Team and Consumer Research Team concluded the following:
- Consumers value better security, but financial institutions need to provide it with a minimum level of perceived distraction
- Consistency of process increases the perception of ease-of-use and reduces the perceived distraction in performing security measures online
- It is important to consistently reassure users as to the security of their online information without needlessly alarming them
- While users do not want to be bothered unnecessarily by security measures, they are prepared to willingly provide extra verification information when they understand why it is being requested
- When it comes to security provided by their financial institutions, 70 per cent of consumers were extremely or very interested in behind-the-scenes security measures such as risk-based authentication (RBA). RBA matches the appropriate level of required security to the level of risk for an online activity or transaction
- 81 per cent of consumers claimed they would be more comfortable banking online if such a security solution was implemented (32 per cent said much more comfortable)
- Additionally, 87 per cent of online bankers expressed an interest in site-to-user authentication, with one in five saying they were extremely interested and over half saying they were extremely or very interested. Site-to-user authentication displays a personal image to users upon login to demonstrate the authenticity of the site
- Over half of consumers expressed a desire to have both site-to-user and risk-based authentication instituted by their financial institution.
Choosing the Right Security for Different Users
In its recent series of concept testing, RSA Security affirmed that consumers are interested in and willing to adopt a range of security products and services. Different technologies are appropriate to users individual needs, preferences and lifestyles and at different times.
At one end of the spectrum are consumers who trust that their financial institutions are taking all the measures necessary to protect their data and, for this group, risk-based (or behind-the-scenes) authentication is ample.
Another segment of consumers demonstrates a clear preference for more tangible security security that they can see and hold onto. These users aspire to feel in control of their online experience and they find comfort and empowerment in security with which they can interact. In fact, research has shown that the latter segment is willing to conduct more transactions online when they feel this control. The type of authentication appropriate for this group is something they can physically hold, such as a one-time password device.
[The most interesting part of this exercise is that RSA demonstrates and understanding of the often overlooked fact that usability is integral to security. Usability considerations need to be incorporated in any software design projects at an early stage, and needs to be illuminated and regarded in the light of information security. --Ed].
Related links: (Open in a new window.)
www.rsasecurity.com/
View printable version (opens in new window)
Back