Towards Understanding ATM Security A Field Study of

  • Slides: 14
Download presentation
Towards Understanding ATM Security – A Field Study of Real World ATM Use Yan

Towards Understanding ATM Security – A Field Study of Real World ATM Use Yan Qiang, 2011 -06 -15

Conference & Authors • SOUP ’ 10 • University of Munich, Germany – Alexander

Conference & Authors • SOUP ’ 10 • University of Munich, Germany – Alexander De Luca – Heinrich Hussmann • University of Lugano, Switzerland – Marc Langheinrich

Outline • Gap between laboratory experiment and field test • Field test methodology •

Outline • Gap between laboratory experiment and field test • Field test methodology • Findings & Implications – Interaction time – Distraction – Input error – Queuing behavior – Observable security measures • Conclusion

Gap between laboratory experiment and field test • Usability test is important in designing

Gap between laboratory experiment and field test • Usability test is important in designing a “better” authentication systems. – Evaluated by controlled laboratory experiments • More memorable • Faster/less error rate – Positive feedback from interview/questionnaire • The narrow definition of “better” is insufficient. – Traditional arguments could be biased. • Questionnaire/Interview is inducing. – Real situations are affected by more factors.

Field test methodology • Two field observations – Six locations in two cities (Munich,

Field test methodology • Two field observations – Six locations in two cities (Munich, Delft) – Choose ATMs that allows unobtrusively observation • visible from public outdoor seating areas – 360 valid observations (199 male, 161 female) for interaction time and observable security measures • One public interview – 25 full interview (all questions answered) for attitudes towards security concern and queuing.

Interaction time • PIN entry takes only 4% during 1 -minute ATM interaction on

Interaction time • PIN entry takes only 4% during 1 -minute ATM interaction on average. – It is questionable to ask the user to spend much more time on security task (just a minor task).

Distraction • Distraction are not unusual. – Talk with the companies (e. g. family,

Distraction • Distraction are not unusual. – Talk with the companies (e. g. family, friend) – Look after a baby pram/pet/shopping bag – Sometimes hindered so that only one hand can be used

Input error • Input errors are rare, but. . . – More than twice

Input error • Input errors are rare, but. . . – More than twice the average time of a session without a failed authentication (even not significant). – In a observation, a user failed when shielding the PIN entry. After her first attempt failed, she gave up shielding and the was able to type PIN correctly. • cannot see the keyboard after shielding – In 4 observations, the users forgot the PIN. After their first failed attempt, they pull out a notebook or a piece of paper from their purses (where they kept their ATM cards). • Memory factor is still significant, considering that a user may hold many ATM/membership cards.

Queuing behavior • Big queues did not occur during observation. – 251/360: No one

Queuing behavior • Big queues did not occur during observation. – 251/360: No one queuing – 1/360: four people in a queue (max length) • Why not queue? – 11/25: queue only when they urgently need cash – Acceptable queue length <= 3 – Go to another ATM nearby – 1 user said “she would not queue if there are strange people nearby”. • Queue length will increase with authentication time, which raise more concerns about queuing.

Observable security measures • Big gap between observation and interview – About 2/3 users

Observable security measures • Big gap between observation and interview – About 2/3 users did NOT observably secure their input in any obvious way. – Surprisingly, 19/25 participants stated that they would actually take security precautions.

False senses of security • More than 50% were not afraid of the risk

False senses of security • More than 50% were not afraid of the risk of PIN theft. – One of them even mentioned “the bank puts up cameras, so I am safe". – “I would hide my PIN entry with my body. ” – “I usually tried to choose an ATM inside a building, or always choose the same ATM as a security measure. ” – “If there was no one in sight, I would not hide the input. ” • Unaware of hardware-based attacks.

Social compatibility • Social factors may lead insecure behaviors – Hiding behavior may be

Social compatibility • Social factors may lead insecure behaviors – Hiding behavior may be misinterpreted as mistrust. – 9/25: not hide input while in company – “I would not protect it since I trust my friends. ” *Only one user that was watched by her companions applied security measures.

Why do people behave so different in field tests? • People attempt to behave

Why do people behave so different in field tests? • People attempt to behave “correctly” while they are being watched. – Interview/questionnaire – laboratory experiments • People usually perform “worse” than they claimed to be. – 89% of the participants stated that they would use security measures, while only 34% are really observed to do so.

Implications for usability test • Usability is the most important concern. More common influence

Implications for usability test • Usability is the most important concern. More common influence factors should be considered – Time pressure – Distraction level – Hindered condition – Social norm • Without considering these factors, – The usability and security results would both be overestimated.