An application of DEMATEL for transaction authentication in online banking

,


Introduction
Security is one of the main challenges in the use of information technology in banks, which is increasing day by day (Broutsou & Fitsilis, 2012). Security negligence can bring irreparable damage to the country's banking network and poses a serious challenge to this area. One of the security domains that is widely used in e-banking is authentication technology (Blount et al., 2004). Many banking operations, such as financial and monetary transactions, account opening, transaction logging, etc., must be performed by authorized people such as bank account holders or their lawyers, or authorized by authorized users and employees (Chumpitaz Caceres & Paparoidamis, 2007). The identity of the requesting bank operation is one of the most important security issues in the field of electronic banking. Today, the banking system is confronted with the authentication of its Internet users and it is difficult to ensure that the user him/herself has used the internet bank, even the OTPs could not solve this problem because by accessing this device any one can use it without the owner's awareness (Al-Qeisi et al., 2014). In other words, authentication plays an important role for the success of the organizations. Transactions in the digital world are exponentially growing (Bai et al., 2008). Sending and receiving messages, buying and selling goods, transferring money, buying and renting cars, booking flights and hotels are examples of these transactions (Aren et al., 2013). Today, companies have moved most of their own processes, such as marketing, advertising and customer management to the digital world. To do all of these transactions, we often have to create dozens of usernames and passwords that are very difficult to memorize and maintain (Al-Maghrabi et al., 2011).
However, there is still no need to ensure the security of transactions, and there are dozens of different news streams about scams every day due to caches in browsers, unsafe passwords, fake SMS, and so on. Note that today the tools needed to commit cybercrime are commercialized, and even ordinary people can make heavy blows to security systems by using hacking tools that are abundantly available (Ali & Daly, 2010). One of the most attractive areas for hackers is financial systems. What hackers are looking for is the money users carry under uncertain environment. The methods used by hackers are increasingly evolving (Tang & Wu, 2008). Traditional attacks like the Mount Ice Mountain are a small part of the types of attacks available. Bank customers need to change their banking structures and their perceived risks. Security is one of the main challenges in the use of information technology in banks, which is increasing day by day. Security negligence can bring irreparable damage to the country's banking network and poses a serious challenge to this area. One of the security domains that is widely used in ebanking is authentication technology.
Banking operations, such as financial and monetary transactions, account opening, transaction logging, etc., must be performed by authorized customers such as bank account holders or their lawyers, or authorized by authorized users and employees (Feng et al., 2012). The identity of the requested bank operations is one of the most important security issues in the field of electronic banking (Lee et al., 2013). One of the issues of authentication in the Internet bank is associated with the authentication of its Internet users and it is difficult to ensure that the user him/herself has used the internet bank. Even (OTP) cannot solve this problem, because access to this device can be used without the owner of the device. Today, the dynamics and security of a system are measured by authentication, and in reality, a system where authentication is not available is a system of insecurity. This study aims to evaluate and verify the authentication methods for online banking in Parsian Bank, an Iranian private bank.

The proposed study
This paper evaluates different authentication methods for online banking in Parsian Bank, which is one of the most private banks in Iran. The study designs a questionnaire and distributes it among some expert to find cause and effect based on a multi-criteria decision making named Decision Making Trial And Evaluation Laboratory (DEMATEL) (Fontela & Gabus, 1976). This technique has been extensively applied in different areas of research (Lu et al., 2013;Dinçer & Yüksel, 2018). Geers (2011), for instance provided some strategic cyber security based on evaluating nation-state cyber attack mitigation strategies with DEMATEL.
In this research, interviews, questionnaires and library method were used to collect data. Accordingly, 2 questionnaires have been used in this research. The questionnaire number 1 was distributed among 8 experts to identify the customer satisfaction and profitability indicators related to the evaluation and selection of transactions authentication for online banking based on Delphi method.
The questionnaire consists of three sections, containing questions about the personal details of respondents, the length of their presence in the banking industry, and the type of service they provide, and the second part is associated with questions related to the subject matter of the research. The third part of the questionnaire is designed in such a way that it is possible to measure the relationship between the indicators of customer satisfaction and various bank profitability with the authentication of transactions for online banking and their impacts on the evaluation and selection of the schemes. This section of the questionnaire was based on Likert's standard in five adjusted options, designed and pre-distributed before it was distributed to ensure the correct understanding of the questions by the respondents and the elimination of possible doubts. The tool was tested through pre-test.
The second questionnaire is associated with pair comparisons and determines the severity of relationships between customer satisfaction indices and bank profitability related to the evaluation and selection of transaction authentication for online banking. Moreover, the desired satisfaction and profitability indices (the results of the first questionnaire and interviews) were presented to experts in the form of a paired comparison questionnaire (open questionnaire), and they presented the severity of their relationships with each other in a numerical format according to DEMATEL technique. To collect the information on related financial indicators and affecting the evaluation and verification of authentication methods in modern banking, there were approximately 50 managers and experts whose field of activities was in management. Out of the 50 research community, eight experts were selected, two top managers and six senior experts, as a statistical sample of the research. Fig. 1 demonstrates personal characteristics of the participants.

Gender
Educational background Years of experience

Fig. 1. Personal characteristics of the participants
In this survey, Likert scale is used for collecting the measurements where 1 represents "Very low" and 5 denotes "very high". Validity and reliability of the questionnaire were measured based on the experts' feedback and Cronbach Alpha was calculated as 0.86. Table 1 demonstrates the summary of the questions were asked from the experts.

Table 1
The summary of factors authenticating transactions for online banking at Parsian Bank Row Description Symbol 1 Password authentication A 2 Authentication with digital signature B 3 Authentication with a bank card C 4 Authentication using a token (Token) D 5 Authentication with single-use passwords E 6 Biometric authentication F 7 Authentication with 25-pin cards G 8 Authentication with fingerprint and smart card H 9 Authentication with bank card and password I 10 Use of mobile systems in authentication methods J 11 Authentication with digital signatures and passwords K 12 Biometric authentication and disposable codes L >10 18% 3--5 6--10 < 10 Since there is no choice for the prioritization and, on the other hand, these factors are correlated and their relationships are often nonlinear, therefore, among the methods and techniques of group decision making, DEMATEL technique is the most appropriate method for prioritizing. Fig. 2 and Table 2 show the results of the pairwise comparisons.  Table 2 The results of the case and effect  Table 3 shows the results of ranking of the items using the implementation of DEMATEL technique.

Table 3
The results of the causes Moreover, Table 4 shows the results of the effects, Table 4 The results of the effects   Finally, Fig. 4 shows the results of the cause and effects associated with online authentication. In summary, we determine 4 factors as causes and 8 effective factors summarized in Table 5 as follows, According to the results, we can conclude that the use of mobile systems in authentication methods has the most influence on other factors. After that, fingerprint and smart card authentication, authentication with bank cards and passwords, authentication with digital signatures and passwords are in the next lower priorities.

Conclusion
In this paper, we have presented an empirical investigation to determine the cause and effect factors in online banking system. The survey has designed some questionnaires in Likert scale and distributed among experts who were enrolled in management levels of a private Iranian bank. The results have been analyzed using DEMATEL technique and determined four causative factors including "Use of mobile systems in authentication methods", "Authentication with fingerprint and smart card", "Authentication with bank card and password" and "Authentication with digital signatures and passwords". The study has also determined eight effective factors influenced on online banking such as "Authentication with a bank card", "Biometric authentication and disposable codes", "Authentication with digital signature" and "Password authentication". Considering the location of the research area and its statistical community, it is noted that the results are related to the Parsian Bank's credit department and may be different in other banks and credit institutions of the country as well as internationally. Therefore, the results of this study could be cautiously considered for other banks. Moreover, the authentication technique is growing rapidly and new methods and techniques will be introduced in future. Therefore, this study needs to be updated in future.