New technologies in E-Banking Data collected in an evaluation of web-based electronic banking in Denmark Draft of May 7, 2006 Niels Jørgensen Roskilde University, Denmark email: nielsj@ruc.dk 1
Table of Contents Preface...3 Introduction...4 How to read the tables...4 PC and mobile phones...4 Registration...6 Initialization...7 Danske Bank: digital signature...7 Danske Bank: ActivCard...9 Danske Bank: Additional initialization of SMS, WAP, and 3G...10 Summary of initialization...11 Every day log on...13 Digital signature...13 ActivCard...14 SMS...15 WAP...15 3G...15 Account listing...17 Digital signature and ActivCard...17 SMS...17 WAP...18 3G...18 Money transfer...20 Digital signature...20 ActivCard...21 SMS (n/a)...22 WAP...22 3G...23 Log off...25 Digital signature...25 ActivCard...26 SMS...26 WAP...26 3G...27 Summary of tasks...28 Recommendations...29 2
Preface This report contains data collected in an evaluation Danish web-based electronic banking systems. The report supplements an academic paper submitted for publication. The data was collected in April, 2006. 3
Introduction The evaluation comprised four tasks that a user of an e-banking (web-based electronic banking) system must or is like to carry out: installation, log on, log off, and money transfer. The remainder of this introduction explains how to read the tables in which the evaluation results are presented, and describes the configuration of the PC and the two mobile phones used for the evaluation. How to read the tables The walk-throughs are documented in tables of four or five columns. The columns are as follows: 1. column shows the number of the current page to reveal if any pages are revisited. For brewity, we record the display of a window displaying a standard browser message using the abbreviations "Security alert",... These three types of messages are described below in the section Browser messages. (Distinguish between browser and other displays). 2. column holds the information offered by the system. Text shown in italics is the original text in Danish as offered by the system. If an English term is not followed by an italized (ie. Danish) term, the system has offered the English term. 3. column describes the correct user-action on the current page. 4. column holds the heuristic evaluation (HE) comments. The comments are based on a set of 12 heuristics presented below in the section Heuristics. PC and mobile phones. The PC used for the evaluation was running Windows XP and the browser Internet Explorer 6.0. The user account was granted administrator privileges. The PC browser's privacy level was set to Medium and the security level to Custom. The advanced security settings are shown below in Illustration 4. The PC was configured to meet the software requirements stated by Danske Bank, for both authentication methods (signature file and PC-based ActivCard). (When logged on, one can run a program that checks the PC, and this program reported OK on all required items.) This included that the browser was Java-enabled (for this the browser used Sun s J2SE Runtime Environment 5.0). It also includeddefining the URL of the e-bank as a trusted site (https://*.danskebank.dk); this is laid down in instructions for the signature file method, and in the test we used this configuration for both methods. The UMTS phone used was a Nokia 6680. The WAP and SMS part of the mobile test was carried out with a Nokia 7650 using a GSM GPRS (ie. generation 2.5 ) connection. The 7650 supports WAP version 1.2.1. The display is 176 x 208 pixels on both phones. 4
Illustration 1 The advanced browser security settings. 5
Registration Problems: The agreement concerning one of our accounts listed a wrong account number. 6
Initialization The initialization task in each e-bank is described in a separate section containing the subsections Intent, Steps and actions, Examples, and Additional comments. The subsection "Steps and actions" contains the core data in the form of a table. These four subsections will reappear in subsequent chapters as well, to describe the other tasks. Moreover, since initialization is the largest and most time consuming task (when using digital signature), initialization is described also by means of two additional paragraphs: The paragraph Preconditions and available Instructions lists the items and information provided by the bank in order to make the installation possible. This is information such as pin code and initial password. The paragraph Information vs. instruction comments on the level of information, whether it be in the form of instructions or thorough information. The overall structure of the subsections describing the initialization sequences is thus: Intent, Preconditions and available Instructions, Steps and actions, Examples, Information vs. instruction and Additional comments. Danske Bank: digital signature To initialize Danske Netbank (date). Preconditions and available Instructions: Before the installation Danske bank provides the user with: 1. a letter including a 4 digit pin code, 2. a letter including a 6 character agreement number. The letter with the agreement number says the number is to be used at first logon, along with the pin code, which the letter says will sent separately. This suggests that at initialization, the user should attempt to logon (as done in the test, and shown below in the table). However, there is no instruction about how to initialize. The online help, possible also the pamphlet, recommends setting the security level to low, which we did not follow; rather we set it to medium, as described above.] Before logging on as recorded in the table below, the browser was configured according to the requirements of Danske Bank. The steps involved in this are not recorded in the table, although for most users, the configuration will be done as part of initialization. This is because the instructions for browser configuration can only be found online and by attempting to logon, which causes an error message to be displayed with a link to a page with configuration instructions. The online instructions shows a browser security message and requires the user to press OK, but the actual browser messages (as described below) are different from the one in the instructions. 1 Pp System information/actions User actions Breakdowns or small problems * Load URL www.danskebank.dk in webbrowser * Move mouse to button Log on 7
Several menu buttons including Log on 1 Scroll menu unfold several links including Danske Netbank 2 Security warning: The current web page is trying to open a site in your Trusted sites list. Do you want to allow this? Current site: nentbank.danskebank.dk. Trusted site: www.danskebank.dk. Warning: allowing this can expose your computer to risk. * Click on Danske Netbank 3 Browser message: Security alert * Click on button OK. 4 Title: Logon til Danske Netbank. (Logon til Danske Netbank). Text: Please wait. We are checking of the most recent version of.. (Vent venligst. Vi kontrollerer om den nyeste version af..) 5.. (Log-on til Danske Netbank) Left-hand side menu contains link:.. (Første gang du logger på) 6 Title:.. (Første gang du logger på) 7 8 Text:.. (Du har ikke tidligere været logget på.. Du skal bruge det tildelte bruger-id, der står på [reference to letter]) Title of embedded window:.. (Opret bruger-id) Field:.. (Bruger-id) Field:.. (Engangs-pinkode) Field:.. (Ny personlig kode) Field:.. (Gentag personlig kode) Button:... (OK) Button:.. (Annuller) * Yes But I don t understand the meaning!!! (The window remains for about 10 seconds, then it disappears) * Click first log-on. * Fill in of fields User-ID, * One-time Pin Code, * Personal code, * repeat personal code. Fetching.. (Henter oplysninger..) (remains for about 10 seconds, then disappears) Title:.. (Sikkerhedskopier bruger-id) 3Text:.. (Dit bruger-id er nu oprettet. Vi anbefaler at du. altid har en opdateret sikkerhedskopi) 4Embedded window:.. (Ønsker du en sikkerhedskopi af. dit bruger-id? Bruger-ID: (showing actual user-id)) 5Field: OK (OK). Field: Cancel (annuller) (the page from the first site has a program or html data which tries to access the second site?) (Yes, and the first site is http, while the other is https.) Apparently, during this time, an ActiveX component is installed: C:\Windows\Downloaded Program Files\e- SafeKey * OK Apparently this is the signature file. It seems to be saved in a new directory: C:\Documents and Settings\All Users\Application Data\e-SafeKey 9 Pop-up window with a file browser and with the title Save a copy of the User ID ( Sikkerhedskopier bruger-id ) 6Main menu displayed.. * Enter chosen file path Examples: Information vs. instruction: The information level is at an instructional level. Additional usability comments: 1. No examples are available to the user. 2. The system offers no way for the user to exit but to log out of the entire system or use the backtracking possibilities provided by the browser. 8
3. Help is very limited. The system does provide some extent of advice regarding the creation of strong passwords. It may, however, not be sufficient. I am not sure I agree to 1-3 4. The signature file is referred to as the user-id, ie. the same name used for the 6-digit logon identification string. Also, if the password associated with the user-id (signature file) is lost, and one needs to initiate re-installation by asking for a new pin-code etc., this pin-code is described as a means of reopening te user-id : To reopen your user ID, you should order a new one-time pin code ( For at genåbne dit bruger-id, skal du bestille en ny engangspinkode. ). Danske Bank: ActivCard To initialize Danske Netbank s ActivCard solution (20.4.2006). Preconditions and available Instructions: Before the installation Danske bank provides the user with: 1. a letter containing a six character user ID and instructions. 2. a letter including an ActivCard and an initial PIN code (1234). The instructional letter describes initialization and daily use. The letter s description of initialization is part of a description of how to use the e-bank for det first time, so the instructions start by showing how to have the browser load the webpages of the e-bank, and then initialize the card. The pamphlet is 2 pages long and could have been abbreviated if initialization and logon were separated, because now, logon is described twice (initial logon and subsequent logon). On the other hand, it is possible that the user finds it natural to do as the pamphlet, ie., to begin by loading the e-bank webpage and start logging on, and only then consider the authentication and initialization means do to so. In any case, for the purpuse of analyzing initialization, we have extracted the steps concerned with initialization only. Step System information/actions User actions Breakdowns or small problems 1 ActivCard display is empty * Pres On 2 Display says: enter PIN * Enter pre-defined PIN: 1234 3 Display says: New PIN * Enter new PIN and * press ON 4 Display says: Verify * Re-enter new PIN and * press ON 5 Display says: OK Problem category Examples: Information vs. instruction: The information in the pamphlet is instructional. There are instructions for all steps in the table above. Thus, when the display in, eg. step 2, shows Enter PIN, this is consistent with the pamphlet s instructions, which the user may perceive as a confirmation that he or she is on the right path. (The pamphlet gives more detail than the dispaly, and tells the user to press also the ON 9
button.) The pamphlet does not explain, eg., that each ActivCard is unique (in the sense that ActivCards have keys and so compute different codes). Additional usability comments: 1. The pamphlet gives examples of poor choices of pin code (xxxx and 4567). 2. A criticism is that the two letters (see above) tend to view the user ID as the known secret (and the ActivCard as the possessed secret). Thus, the first letters instructs the user not to keep the user ID with the ActivCard. [Argue that actually the PIN code is the known secret; ie., the user is instructed not to use a trivial PIN code; by convention, PIN codes are secret, while user Ids are not. Also, when logging on using UMTS, the user ID is not used at all!]. This section should also define some standard sequences: generation of 6 and 8 character codes. Danske Bank: Additional initialization of SMS, WAP, and 3G There is no additional initialization for these three access methods. All three methods (as deployed by Danske Bank) require that the user already has e-bank with one of the above two basic methods, signature file and ActivCard. The user must register for the three additional access methods, and sign an additional agreement. The SMS solution uses an SMS receiver number and a service code. Both are fixed and displayed to the user when loggen on the to basic, PC-based e-bank. The WAP solution uses a service code (same as for the SMS solution). The 3G solution requires an independent method for authentication, either by ActivCard or by a token called a code card (which was not included in the test). If the user s PC-bank uses ActivCard already, there is not further initialization. If the user s PC-bank uses digital signature, the ActivCard must be initialized, following the exact same steps as shown above. Of course, to use any of the three mobile phone based access methods, the user must activate the phone s SMS software, WAP browser, or 3g-based web-browser, but we choose to consider such initial steps as standard steps for the user, and do not see them as part of initialization. 10
Summary of initialization The table below summarizes the number of steps, codes, and concepts involved in initialization. Row 1: steps A user step is an action users must perform to provide input to the system, by filling in a field, clicking a link, or pressing a button whether by using the mouse or pressing a button on a mobile phone. On one page the user may for instance be required to fill in 3 fields and clicking OK, thus resulting in a total of 4 user actions. Details: It is considered only a single step, if typing data (such as a code) must by convention be followed by a signalling of termination, such as press-enter og press-(mobile phone s button). (Explain that on the ActivCard, sometimes a code must be followed by press-on, and sometimes not, therefore press-on is counted as a separate step.) Row 2: codes Codes are character string the user must provide for identification or authentication, for example an account number of password. 1. Initial ID (used to ID the user during initial log on), 2. permanent ID (used to ID the user during any later log ons), 3. initial password (used verify user identity), 4. permanent password (used to access the key in later log ons) and 5. other (input provided by the user for other or unknown reasons). The input written in (parenthesis) in row 3 are optional for the user to remember and the notation (x2) indicates that the user has to type in the secret twice. With regard to the secrets to remember we have chosen to count the social security number ( CPR-nummer ), in spite it is a code which most Danes remembers alongside their names and as such does not put much load onto the user's memory. Row 3: concepts Concepts are security phrases presented to users online (and in some cases, in written instructions). The concept counts includes browser pop-up messages, such as the following difficult terms, of relevance to row 3:... Concepts also include.. such as agreement and agreement number. 11
Signature file ActivCard 1. Steps 12 (including safety copy, excluding browser configuration) 6 2. Codes Initial ID Six character User ID Six character USER ID Permanent ID (same as initial ID) (same as initial ID) Initial password Four digit PIN code Four digit PIN code Permanent password User-defined character string User-defined PIN code Other Path to copy of signature file Total #codes 4 3 3. Concepts Phrases used as names of codes User ID (Initial and permanent ID) PIN-code (Initial password) Personal code (permanent password) User ID (Initial and permanent ID) PIN-code (Initial password) Personal PIN-code (??) E-safekey (?) Browser messages Secure connection (Securiy alert) Secure connection (Securiy alert) Other security-related phrases Agreement (referred to, contains User ID) Signature file??? Permission to run ActiveX? Total #concepts 8 (or more) 8 (or more) Agreement (referred to, contains User ID) Accept code,.. (and the challenge? Also, there are both 6 and 8 character codes) Permission to run Java?? 12
Every day log on In the sequence we test the every day log on and how the system reacts when the user types in the wrong password. The latter is not directly documented in the tables, but commented upon in the paragraphs Additional usability comments. From this point and on we only test Sydbank's certificate solution since we did not succeed in activating the key card solution. Digital signature To log onto Danske Netbank (20.4.2003). Step/ page 2 System information/actions User actions Breakdowns ( ) or small problems 1 Menu buttons include Log on ( Log på ) 1 Scroll menu reveals buttons including Danske Netbank 3 4 5 Security warning: The current web page is trying to open a site in your Trusted sites list. Do you want to allow this? Current site: nentbank.danskebank.dk. Trusted site: www.danskebank.dk. Warning: allowing this can expose your computer to risk. * Load URL www.danskebank.dk in webbrowser * Click on Log on ( Log på ) * Click on Danske Netbank * Yes But I don t understand the meaning!!! (the page from the first site has a program or html data which tries to access the second site?) (Yes, and the first site is http, while the other is https.) Browser pop-up message: Security alert * Click OK The language is not user friendly and may leave the user worried Title: Log onto Danske Netbank ( Log på Danske Netbank ) Some additional text is shown but the window closes too fast to enable the user to read it. Pop up message: Title: Danske Bank Log on Fields: Agreement number and Password ( Aftalenummer and Kodeord ) Buttons: OK, Cancel and Functions ( OK, Annuller and Funktioner ) 6 View of accounts No user action is required. Window closes automatically in about 1 sec. Check agreement number (presented in a scroll menu) * Fill in password. * Click OK No sense of internal locus of control Poor system feedback. The user has no time to read the content of the page and is left confused Automatic closure of window means lack of internal locus of control User has to remember his password and may additionally have to choose between several agreement numbers in case he has more than one account this increases memory load The label Functions may cause confusion what is the use for this button during log on? Examples: 13
Additional usability comments: 1. Danske Netbank's log on sequence provides no help whatsoever. The button Help ( Hjælp ) is unaccessible from page 4 where a user might want help to perform the correct actions. 2. There seems to be a potential problem with memory load with regard to agreement number: The system remembers agreement numbers and presents them in a scroll menu but a user with many accounts may experience difficulties when trying to remember which account number is attached to which account. 3. No exits are offered. Error messages are very helpful and are concerned with solving the problem rather than just informing that there is a problem. ActivCard To log onto Danske Netbank using ActivCard (21.4.2006). 1 Pp System information/actions User actions Breakdowns ( ) or small problems Menu buttons include Private ( Privat ) 2 New page www.danskebank.dk/privat has left hand side menu with button Danske Netbank * Load URL www.danskebank.dk in webbrowser * Click on Private ( Private ) * Click on Danske Netbank 2 New left menu contains button Log-on ActivCard * Click on Log-on - ActivCard 3 4 2 5 Security warning: The current web page is trying to open a site in your Trusted sites list. Do you want to allow this? Current site: nentbank.danskebank.dk. Trusted site: www.danskebank.dk. Warning: allowing this can expose your computer to risk. Browser pop-up message: Security alert. Title: Log on with ActivCard (Log-on med ActivCard) Fields: User-ID (Bruger-ID), field: Access code (adgangskode), Button: log on (Log på) The usual, annoying (to some) Henter oplysninger (sort out if I want to mention this; it occurs also at account listing and many other places). (Maybe a difference to Mie s test is that the earlier version used a pop-up window for this message?? * Yes But I don t understand the meaning!!! * OK is clicked, checkbox left unchecked. * Type User-ID * ActivCard: press ON * ActivCard: type PIN code * ActivCard: press ON * Read access code from ActivCard and type it into browser field * Press button log on (Show this in a separate table, also.) (the page from the first site has a program or html data which tries to access the second site?) (Yes, and the first site is http, while the other is https.) 14
6 Account overview is shown Additional comments: A comment pertaining to both PC-based solutions: - the account overview page shows (list all featuers etc.) - this is of interest because the 3g solution has the advantage of simplicity. SMS WAP To log on to Danske Netbank using WAP (23.4.2003). The first step is to start the phone s WAP browser and load the URL www.danskebank.dk/wap. Step/ page 1 System information/actions User actions Breakdowns ( ) or small problems WAP banking overview page, containing: Title: Danske Bank. Links (five): Your accounts, Finansial Information, Currency, Contant the bank, Help ( Dine konti, Finansinformationer, Valuta, Kontakt banken, Hjælp ). 2 Account over view page contains Links (three): Account information, Account transfer, Help ( Kontooplysninger, Kontooverførsel, Hjælp ). Comments to logon: * Startwap browser, load URL www.danskebank.dk/link/wap * Select+open Your accounts (say somewhere that select+open is by pressing the same button twice) There is no proper logon, since there is no notion of a session. 3G To log on to Danske Netbank using 3g (20.4.2003). Step/ System information/actions User actions Breakdowns ( ) or small problems 15
page 1 Mobile/3g banking overview page, containing: Link: Log-on (log-on) Link: Finanse (Finans) Link: Market news (Markedsnyt) Link: Currencies (Valuta) Link: Contact (Kontakt) Link: Help (Hjælp) Link: Links (Links) 2 Log-on page includes: 3 Field: CPR-number (CPR-nummer) List of radio-buttons: ActivCard (pre-selected) One-time codes (not selected) (engangskoder) Field: Accept code (accept code) Button: Log-on (log-on) Log on is successful, and user sees the main menu (which is the starting and ending point for all subsequent actions) * Start webbrowser, load URL www.danskebank.dk/link/ 3gmobilbank * Select+open Logon (say somewhere that select+open is by pressing the same button twice) * Enter CPR number (and scroll on) * ActivCard: type PIN code * ActivCard: press ON * Read access code from ActivCard and type it into browser field * Press button log on Comments to logon: 1. The terminology is different from from the bank displays during PC-based ActivCard logon, which uses the phrase access code (rather than accept code). Maybe at this point show a tree representing navigation: Mobile main page - Logon page -- Main menu (starting + ending point) --- Account menu ---- Account overview ----- Account listing 16
Account listing Perhaps define goals as viewing details of the last transaction. Digital signature and ActivCard To generate account listing on Danske Netbank using digitial signatura (23.4) and (PC-based) ActivCard (21.4.2003). Account listing in these two cases is identical, becauses it involves no authentification. Note that this table has better names than previous, similar ones. Step/ page System information/actions User actions Breakdowns ( ) or small problems 1 When logged on, the main menu displays a number of links, inlucding: 2 3 Link: Overview (Oversigter) Link: Payment (Betalinger) The main page displays a listing of the user s account(s), showing account name (clickable), balance, and date of last transaction Account transactions page displays an overview of transactions. Each transaction has a clickable link to a page with more information about the link Transaction page displays amount, date, and other details of transaction. There is also a link to the main menu:.. (Danske Netbank) 1 User is back at main menu * Click account name * Click link associated with most recent transaction displayed * Click main menu link. SMS Step/ page System information/actions User actions Breakdowns ( ) or small problems 1 The user should open the phone s SMS program. Send 2 After a few seconds, a SMS message arrives in response, displaying: The account s balance and the three most recent transactions, each listed with date, transaction type, and amount. * account or cpr-number * service code * to a given SMS number. 17
(I actually have two accounts, and for each of these, the above is shown). Comments to account listing: WAP To generate account listing Danske Netbank using WAP (23.4.2003). The first step is to start the phone s WAP browser and load the URL www.danskebank.dk/wap. A pop-up window is shown with the question: A server connection is required. Create server connection? ( Der kræves en server forbindelse. Opret forbindelse? ) - to which I answer yes. All subsequent tasks can be carried out without seeing this window again, if they are carried out fast enough; however, the connection may time out, and then the connection must be reastablished. Step/ page System information/actions User actions Breakdowns ( ) or small problems 1 Account over view page contains Links (three): Account information, Account transfer, Help ( Kontooplysninger, Kontooverførsel, Hjælp ). 2 Title: Account information ( Kontooplysninger ). Fields: Account nr. CPR-nr., Service code ( Account nr. CPR-nr., Servicekode ). Links: Show balance and transactions, Cancel ( Vis saldo og posteringer, Annuller ). 3 Title: [Account name] Text shows account number, balance, available balance ( Kontonr., saldo, disp. ), followed by a listing of the 10 most recent transactions. For each transaction, a data, transaction type, and amount is shown. It is not possible to get details about the transactions. * Select and open Account Information * Type and enter CPR nr. Scroll to next field. * Type and enter service code. Scroll to appropriate link. * Select and open Show balance and transactions. * Click back. 2 Account information page reappears. * Click back. 1. Account overview information page reappears. Comments to account listing: To steps more than with signature or ActivCard, because user is not logged on (so identification is required), and navigation is in two steps because there is no direct link back to the main account menu. 3G To generate account listing on Danske Netbank using 3g (20.4.2003). 18
Note that this table has better names than previous, similar ones. Step/ page System information/actions User actions Breakdowns ( ) or small problems 1 When logged on, main menu discplays: Link: Account (Konto) Link:.. (Depot) Link: Finanse (Finans) Link: Foreign currency (Valuta) Link: Logoff (Logoff) 2 Account menu displays: Link: Account listing (Kontooversigt) Link: Account transfer (Kontooverførsel) Link: Transfer to giro (Indbetalingskort) Link: Main menu (Hovedmenu) 3 Title: Account overview (Kontooverblik) For each account (on cpr number), there is a link, account number, balance (Saldo), and available balance (til disp). 4 Title Account transactions There is a navigational line (< 1 2 >). This is followed by a list of transactions, where each has a link (shown with the name/text of the transaction), date, amount, and status. At the bottom, the navigation line appears again, and there are links Kontooverblik and Hovedmenu. 5 Transaction page shows details, such as amount, data, date of rent assignment, reference number, account number of other party, etc. (Scroll to Account) * Select+open account link * Select+open listing link * Click link of appropriate account * Click link to most recent transaction. * Click back (Tilbage) on phones keyboard. 4 (same as instance of 4 described above) * Press Main menu 1 (same as instance of 1 described above) Comments: Two more than by signature file and ActivCard. This is because the user has to choose among accounts, and backwards navigation is step-by-step. 19
Money transfer This task concerns transferring money between accounts in two different banks. We perform this task without previously participating in any kind of introduction/demo if such is present. Digital signature To transfer money from an account in Danske Bank to an account in another bank (31.7.2003). Pp System information/actions User actions Breakdowns ( ) or small problems 1 Title: View of accounts ( Kontooversigt ) 13 links including Payments ( Betalinger ) 2 Title: Payments ( Betalinger ) 9 links including Transfer ( Kontooverførsel ) 3 Title: Transfer ( Kontooverførsel ) Fields: Choose account (scroll), Text to extract, Amount (including currency scroll menu), Date ( Vælg konto, Tekst på kontoudskrift, Beløb, Dato ) Check box: Forward receipt ( Tilsend kvittering ) Menu link: Transfer on behalf of ( Overføres på vegne af ) Fields: Choose recipient (scroll), Or fill in account number, Text on recipient's extract ( Vælg modtager, Eller indtast kontonummer, Tekst på modtagers kontoudskrift ) Check box and field: Save as recipient ( Gem som fast beløbsmodtager ) Menu link: Message ( Meddelelse ) Radiobuttons: Authorize payment now (prechecked). Put in outbox and authorize later ( Godkend betaling nu, Læg i udbakke til senere godkendelse ). Buttons: OK and Clear ( OK and Ryd felter ) 4 Text: Getting information. Please wait... ( Henter oplysninger vent venligst... ) * Click Payments * Click Transfer Fill in fields Radiobuttons not altered * Click OK No user action is needed. The window closes automatically in ½ a sec. 3 Window 3 reappears. No user action needed. The following pop-up message pops up automatically in ½ a sec. 3 Pop-up message: Digital signature ( Elektronisk underskrift ) Text: (excerpt) Do you accept the following? ( Vil du acceptere følgende? ) Field user ID shows the correct user ID. Field: Personal code ( Personlig kode ) Buttons: OK and Cancel ( OK and Annuller ) 4 Text: Getting information. Please wait... ( Henter oplysninger vent venligst... ) User ID is already provided and can in fact not be alterned. * Fill in password (ie. personlig kode ) * Click OK No user action is needed. The window closes automatically in ½ a sec. 5 Title: Confirmation ( Bekræftelse ) * Click on main menu (Danske Netbank) The scroll menu concerning currency is in conflict with simple and natural dialogue. There is no need for it since only one currency can be chosen Error prevention could be improved. The field Amount holds for instance room for as much as 20 characters (both letters and digits) The labels and titles of the fields could be clarified (Hum) Poor feeling of internal locus of control Poor feeling of internal locus of control The phrase Digital signature ( Elektronisk underskrift ) has not been used before The user has to remember a password which increases load on mental memory (hum) After this point there is no easy reversal of actions (hum) Poor feeling of internal locus of control 20
Text (excerpts): The transfer will be made on the date you have chosen.. Do you now want to.. ( Overførslen gennemføres den dato, du har valgt... Vil du nu.. ) 1 Main menu reappears Examples: Additional usability comments: 1. In order to get proof that this task has indeed been accomplished the user has to enter View of accounts after the sequence. This is poor system feedback. ActivCard To transfer money from an account in Danske Bank to an account in another bank (31.7.2003), using ActivCard. At one point, I could not get past page 2. This was when https://www.danskebank.dk was listed as a trusted site. The problem disappeared when the site was removed. At other times, both before and after the trusted server problem, I could not get past page 3, which kept reappearing when OK was pressed. This problem disappeared when the browser was Javaenabled. Pp System information/actions User actions Breakdowns ( ) or small problems 1 Title: View of accounts ( Kontooversigt ) 13 links including Payments ( Betalinger ) 2 Title: Payments ( Betalinger ) 9 links including Transfer ( Kontooverførsel ) 3 Title: Transfer ( Kontooverførsel ) Fields: Choose account (scroll), Text to extract, Amount (including currency scroll menu), Date ( Vælg konto, Tekst på kontoudskrift, Beløb, Dato ) Check box: Forward receipt ( Tilsend kvittering ) Menu link: Transfer on behalf of ( Overføres på vegne af ) Fields: Choose recipient (scroll), Or fill in account number, Text on recipient's extract ( Vælg modtager, Eller indtast kontonummer, Tekst på modtagers kontoudskrift ) Check box and field: Save as recipient ( Gem som fast beløbsmodtager ) Menu link: Message ( Meddelelse ) Radiobuttons: Authorize payment now (prechecked). Put in outbox and authorize later ( Godkend betaling nu, Læg i udbakke til senere godkendelse ). Buttons: OK and Clear ( OK and Ryd felter ) Pop-up menu, security warning.. concerning applet esecure, appears in te middle of the above. * Click Payments * Click Transfer Fill in fields Radiobuttons not altered * Click OK [* Click run. This should be moved to The scroll menu concerning currency is in conflict with simple and natural dialogue. There is no need for it since only one currency can be chosen Error prevention could be improved. The field Amount holds for instance room for as much as 20 characters (both letters and digits) The labels and titles of the fields could be clarified (Hum) 21
(But only the first time; at subsequent payments, the console line in the bottom shows that the applet is running.) 4 Text: Getting information. Please wait... ( Henter oplysninger vent venligst... ) 3 Window 3 reappears in the background 3 Pop-up message: Confirmation ( Bekræftelse ) Text: (excerpt) Do you accept the following? ( Vil du acceptere følgende? ). Transaction details are given. The user ID is displayed. A 6 digit control code is shown ( Kontrolkode ). Field: Accept code ( Acceptkode ). Buttons: OK, Cancel,? ( OK, Annuller,? ). 4 Text: Getting information. Please wait... ( Henter oplysninger vent venligst... ) somewhere else?] No user action is needed. The window closes automatically in ½ a sec. *ActivCard: press ON *ActivCard: type PIN code * ActivCard: type control code * ActivCard: press ON Read accept code from ActivCard. * Type accept code into browser field. * Click OK browser button No user action is needed. The window closes automatically in ½ a sec. 3 Window 3 reappears No user action is needed, but the window remains for about 10 seconds. 5 Title: Confirmation ( Bekræftelse ) Text (excerpts): The transfer will be made on the date you have chosen.. Do you now want to.. ( Overførslen gennemføres den dato, du har valgt... Vil du nu.. ) 1 Main menu reappears * Click on main menu (Danske Netbank) Poor feeling of internal locus of control Poor feeling of internal locus of control One might think that the transaction has failed, because of the long time passing, and because there is, as before, an OK button that one could press to re-do the transaction SMS (n/a) WAP To conduct money transfer with Danske Netbank using WAP (23.4.2003). Step/ page System information/actions User actions Breakdowns ( ) or small problems 1 Account over view page contains: Title: Your accounts ( Dine konti ). Links (three): Account information, Account transfer, Help ( Kontooplysninger, Kontooverførsel, Hjælp ). 2 Title: Account transfer ( Kontooverførsel ). Fields: Amount, From account nr., To account nr., Service code. ( Beløb, Fra kontonummer, Til kontonummer, Servicekode ). * Select and open Account Transfer Type and enter data into the four fields. Scroll * Type and enter service code. Note: No currency (neither alternatives, nor simply DKK) and no data shown. Also no available pre-defined accounts etc. 22
Links: Transfer amount, Cancel ( Overfør beløb, Annuller ). The page assigns the name Overview ( Oversigt ) to the phone s back (right most) navigation button. Scroll * Select and open Transfer Amount. 3 Title: Account transfer ( Kontooverførsel ). Text (excerpt): The amount.. DKK has been transferred from account.. to account.. ( Beløbet.. DKK er overført fra konto.. til konto.. ). Links: New account transfer, Your accounts, Danske Bank. 1 Account overview page reappears.. Comments to money transfer: * Click and open Your accounts. (Maybe call it double click?) Note: transfer is only among account holder s own accounts. 3G To conduct money transfer on Danske Netbank using 3g (20.4.2003). Step/ page System information/actions User actions Breakdowns ( ) or small problems 1 When logged on, main menu discplays: Link: Account (Konto) Link:.. (Depot) Link: Finanse (Finans) Link: Foreign currency (Valuta) Link: Logoff (Logoff) 2 Account menu displays: Link: Account listing (Kontooversigt) Link: Transfer to account (Kontooversigt) Link: Transfer to giro (Indbetalingskort) Link: Main menu (Hovedmenu) 3 Account transfer page. Section from (fra) contains: Pull-down menu select, account (Vælg konto), field: tekst (tekst), field: Amount (beløb), field: date (dato), checkbox receipt (kvittering). Section to (til) contains: field: select recipient [ie. name)] (vælg modtager), field: or write account number (eller skriv kontonummer), button: OK, link: cancel (annuller). 4 Transfer confirmation page shows transfer data, and: field: accept code (acceptkode) button: ok (Scroll to Account) * Select+open account link * Select+open account transfer link Fill in payment details. * Select and press OK. Use ActivCard to generate accept code: *ActivCard: press ON *ActivCard: type PIN code * ActivCard: type control code Unclear what the two text messages are for (a text message to go to the recipient? A name used as a shorthand in later transfers to the same recipient?). Apparently, the first text is for the sender s account listing, the second text is shown to the recipient. 23
* ActivCard: press ON Read accept code from ActivCard. * Type accept code into browser field. 2 User is back at the usual account menu. Title: Account (konto). 1 User is back at main menu. * select and open OK. * Select main menu (hovedmenu) Comments: Method of authentication at transaction completion is different from PC-based use of ActivCard. There, the user is given a challenge to type on the ActivCard display. 24
Log off Digital signature To log off Danske Netbank and attempt a quick re-log on (6.6.2003). Pp System information/actions User actions Breakdowns ( ) or small problems 1 Title: View of account ( Kontooversigt ) Menu buttons include Log off ( Log af ) 2 Text: Getting information... ( Henter oplysninger... ) Additional text is displayed but the window closes to fast to enable the user to read it. * Click on Log off No user action required. Window closes automatically in about 1 sec. Poor system feedback Leaves the user without any sense of internal locus of control Action cannot be reversed 2 Browser pop-up message: Security alert * Click yes. The language is not user friendly and may leave the user worried 3 Text: You have succeeded in logging off Danske Netbank ( Du er nu logget af Danske Netbank ) Examples: Link: Log onto Danske Netbank once more ( Log på Danske Netbank igen ) (After clicking Log onto Danske Netbank once more an ordinary log on session follows. For details see table above) No sense of internal locus of control Illustration 2 Screen dump of page 3. Danske bank provides status message from the system ( You are logged off Danske Netbank ) as well as the opportunity to log on quickly again. 25
ActivCard To logoff Danske Netbank using (PC-based) ActivCard (21.4.2003). Note that this table has better names than previous, similar ones. Step/ page System information/actions User actions Breakdowns ( ) or small problems 1 When logged on, main menu/page discplays a number of links, inlucding: Link: Overview (Oversigter) Link: Payment (Betalinger) Also the header of the page contains a link: log-off (log-off) 2 Text: Getting information... ( Henter oplysninger... ) Additional text is displayed but the window closes to fast to enable the user to read it. * Click logoff link 2 Browser message: Security alert * Click yes. 3 Text: You have succeeded in logging off Danske Netbank ( Du er nu logget af Danske Netbank ) Link: Log onto Danske Netbank once more ( Log på Danske Netbank igen ) No user action required. Window closes automatically in about 1 sec. (After clicking Log onto Danske Netbank once more an ordinary log on session follows, however this is for signature based e-banking!!) Poor system feedback Leaves the user without any sense of internal locus of control Action cannot be reversed (hum, in the next step the user is aided in getting back quickly, although it does not work for ActivCard) OBS!! user is required to download software etc. related to checking security of signature file solution. SMS WAP To logoff Danske Netbank using WAP (23.4.2003). Step/ page System information/actions User actions Breakdowns ( ) or small problems 1 Account over view page contains: Title: Your accounts ( Dine konti ). Links (three): Account information, Account transfer, Help ( Kontooplysninger, Kontooverførsel, Hjælp ). 2 The browser displays the selected URL * Press button Select ( Valg ), choose Go to URL-adress ( Gå til URL-adresse ), * type a URL. There is no proper logoff, since there is no session to be logged into. However, the user may wish to get back to the top page of Danske Bank. This page could be listed as a fourth link on the overview page. 26
Comments to log off: 3G To logof of Danske Netbank using 3g (20.4.2003). Step/ page System information/actions User actions Breakdowns ( ) or small problems 1 When logged on, main menu discplays: Link: Account (Konto) Link:.. (Depot) Link: Finanse (Finans) Link: Foreign currency (Valuta) Link: Logoff (Logoff) User is at mobile menu (page 1 on table in 3g logon) Scroll to Account logoff link. * Select+open logoff link Additional comments: User is (as indicated in table) back at main menu, from where re-logon is easy. Since main menu includes a logon-link, it is obvious that the use has been logged of. No extra explanation, such as you are logging off etc. Fast re-logon failed. Logoff using 3g is in fewer steps than signature file and ActivCard, because there is no browser security altert. 27
Summary of tasks The following table gives an overview of the tasks in the test, in terms of the number of steps in each task. A step is as defined in the section Summary of initialization. Technology for user authentication Initialization Logon Account listing Money transfer Signature file 12 7 3 6 + payment details ActivCard (PC) 6 12 3 10 + payment details Log off SMS 0 N/a 3 N/a N/a WAP 0 2 6 4 + payment details 3G (ActivCard) 6 (Or 0 if ActivCard is basic method) (among own accounts) 7 6 10 + payment details 2 2 1 1 28
Recommendations Consider to: 1. Use 3g method of logon on all systems, ie. using cpr nr. rather than user ID. (Note however that using the user ID makes registration more secure, because it is a secret (albeit only temporary) which is independent from the ActivCard / signature-file-initial-code. Also, in the 3g solution it is only used after the user has generated a new, known secret (ie. it must be ordered from inside the e-bank), so the simplified 3g logon does not have the risk that the current registration would have if it used the same simplified approach. Solutions include given the user the ActivCard / signaturefile in person in the bank. 2. Clarify instructional pamphlet for ActivCard: describe card initialization separately, so that a single set of logon instructions will suffice. 3. Use same language for ActivCard (now, PC-based ActivCard refers to access code, whereas 3gbased ActivCard refers to accept code). 4. Use the simplified graphical user interface of the 3g solution also on the ordinary PC-based e- bank, perhaps only optionally. 5. At ActivCard logoff, avoid directing the user to re-logon as if s/he uses digital signature. 29