ANALYSIS OF RESPONDENTS’ OPINIONS AND ATTITUDES TOWARD THE SECURITY OF PAYMENT SYSTEMS

The number of financial and cyber-attacks is increasing. The latter trend in financial and cyber security incidents is global and, as such it is being monitored globally. Cyber and financial statistical data and the growing number of certified information management systems show the practical importance of data security at the international level. The decisions to solve the data security problems are based on the technical point of view, protection motivation theory, and security standards. By analysing the security of payment system, this article aspires to aid in the development of secure systems. Its aim is to contribute to the knowledge and comprehension of the behaviour of payment systems users with special focus on the aspect of their security. The article analyses the opinions and attitudes of respondents toward the questions dealing with the security of payment systems and their behaviour when using payment cards. The analysis is carried out from the aspect of gender, age and education of respondents by using multidimensional statistical methods, namely factor analysis and analysis of dispersion.


Introduction
The question of effective economic security management has serious implications in the field of banking and other financial institutions in EU. It cannot be rationally resolved at the application level without forming a conceptual framework based on research and methodology. As a separate part of management supervision, the management of the economic security system should not prevent financial institutions from fulfilling their key functions and features. This can be possibly reached by integrating the process of ensuring the economic security into the mechanisms of general management of these institutions.
An average EU citizen believes that in "seeking to strengthen the European Union, the priority should be given primarily to the fight against crime". According to many researchers, the majority of EU population is of the opinion that the most important public security problems are those of violent crimes, corruption, juvenile delinquency, and property crimes. It is their opinion that the police should pay utmost attention to the investigation of grave crimes, patrols in public places, and immediate response to received reports on crime. This indicates that the fight against crime has to get priority in ensuring public security (Eurostat database 2012).
Many leaders and decision makers in public and private organisations are realising that in addition to being a driver for innovation, productivity and growth, the digital environment also introduces uncertainties that can jeopardise economic and social prosperity. Digital security incidents can have far-reaching economic consequences for organisations, as for example in terms of disruption of operations, direct financial losses, and lawsuits, as well as in terms of loss of trust among their customers, employees, shareholders and partners. Although cases are still exceptional, while reflecting on the increasing reliance of industrial facilities, transportation systems and hospitals on ICT, one should also consider the possibility that digital security incidents can cause physical damage as well as human fatalities.
Finally, individuals are increasingly aware that there can be a downside to the many benefits they derive from the use of the digital environment. When their personal data are publicly disclosed or fall into the hands of unauthorised persons, these individuals face privacy breaches and potential physical, material and moral damage. They can be victims of financial fraud in relation to identity theft when their personal data or digital credentials are stolen from their own devices, compromised companies, or institutional information systems.

Theoretical background
The emergence of big data and cloud computing services, growth in Internet speed and importance of wired and wireless data transfer, increasing possibilities of hardware and software, increase in human communication functions being taken over by smart phones, and other emerging functions suggest that the significance of information technologies in our lives is growing (Štitilis et al. 2016;Štitilis et al. 2017;Fuschi, Tvaronavičienė 2014;Tvaronavičienė et al. 2016;Tvaronavičienė 2018;Limba, Šidlauskas 2018;Skvarciany et al. 2018;Okoro, Ekwueme, 2018;Korauš, et al. 2019a;Korauš et al. 2019b;Šišulák 2017). In today's technically advanced world, autonomous systems are rapidly gaining in popularity. The security risk is preferably assessed by means of quantitative systematic risk assessment methods, such as RM/RA CRAMM (Mullerova 2016, Mamojka, Mullerova 2016;Hajdu et al., 2014;Kordik and Kurilovská 2018) in combination with crime forecast maps (Mullerova, Mamojka 2017). In many cases of shoulder-surfing attack, the attackers rely on their ability to observe and remember the details they have observed (Tari et al. 2006;Máté, Kiss, 2017;Roth and Richter 2006;Mura, Vlacseková 2018;Vlacseková, Mura 2017). Cybernetic security issues, which are often perceived as synonymous with the safety of critical infrastructure (Dobrovič et al., 2017).
The increase in the number of sophisticated incidents results from many factors (Jančíková, Pasztorová 2018;Jančíková, Veselovská 2018). One of them is that the migration of criminal activities online has professionalised the attacks and increased the overall level of threat to digital security. From the occasional isolated robber to wellorganised transnational groups, criminals have been demonstrating considerable technical innovation skills to commit financial, information and identity theft and blackmail individuals, businesses and governments (Aven, 2012;Ashford, 2013;Feshner, 2014).
Other factors include terrorists and their supporters who in conjunction with physical attacks, have also extended their actions to the digital environment by multiplying attacks on Internet sites. Although few cases have been extensively documented, industrial digital espionage has been mentioned as being on the rise (Jackson, 2014).

Material and methods
The present article aims to contribute to the knowledge and comprehension of the behaviour of payment card users with special focus on the aspect of their security. The article analyses the opinions and attitudes of respondents toward the questions dealing with the security of payment systems and their behaviour when using payment cards. The analysis is carried out from the aspect of gender, age and education of respondents by using multidimensional statistical methods, namely factor analysis and analysis of dispersion. The research as well as the selection of representative sample were carried out as follows:  Time horizon of the survey: 20.02.2018 -20.07.2018  Representative sample: 1,012 respondents  Number of questionnaires issued: 4,700  Number of (completed) questionnaires collected: 3,288 The representative sample containing 1,012 respondents was selected by random number generator from fully completed questionnaires (3,288) in such a way that it would represent the population of Slovakia over 18 years of age from the aspect of their education, size of municipality, and region they live in, and occupation.

Results
The analysis of the behaviour of respondents when making a payment and their opinions on their security was based on answers to questions as follows:  Q1 -Do you carry your payment card PIN code along with your payment card?  Q2 -Have you ever changed your payment card PIN code?  Q3 -Have you altered your payment card PIN code in a way that it would encode your date of birth?  Q4 -Do you consider ATMs located at banks' premises safer for withdrawing your cash?

ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES
ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2019 Volume 6 Number 4 (June) http://doi.org/10.9770/jesi.2019.6.4(31)  Q5 -Do you have trust in the security of payment systems?  Q6 -Do personal data represent information that needs to be most importantly protected?  Q7 -Do you rely on the security measures of your bank in payment cards?  Q8 -Are you sure that your bank takes proper care of your money?  Q9 -Do you have any experience with a hacking attack or bank fraud?  Q10 -Do you think that security measures taken to protect payment card data are continuously getting better?  Q12 -How confident are you in the security of payment systems?  Q13 -Do you think that the payment system carries elements of high security risks?  Q18 -Does the enhanced security of new payment methods outweigh the cost of their implementation?  Q19 -Does the enhanced customer convenience of new payment methods outweigh the cost of their implementation?  Q20 -Why is it more challenging to secure payment card information?  Q22 -How confident are you that customers can protect themselves when their personal information is lost or stolen?
The reliability of the research tool was judged by using the Cronbach's alfa coefficient. Its value was 0.81694. Based on the latter value, it is possible to state that it is not necessary to increase the value by removing any of variables. As the Cronbach alfa exceeds the value of 0.7, we can state that the research tool is reliable, and we can safely process the data.
The method is foremostly aimed at simplifying the description of group with mutual linear dependent signs, i.e. decomposing the source data matrix into structural and noise matrices. Each of main components represents a linear combination of original signs. Main components are ordered in line with their importance, i.e. with the decreasing dispersion (Tab. 1). This implies that a major portion of information on variability of original data is concentrated in the first main component and just as much information is concentrated in the last main component. The table of original values in source data matrix (Tab 1) shows that the concentrations of first, second, third, fourth, fifth, sixths and seventh main components are 12.32169 %, 7.84521 %, 7.51302 %, 7.05182 %, 6.68356 %, 6.5887 %, and 6.37555 % of variability of the original data, respectively. These seven main components, whose own number is larger than 1 concentrate within themselves 54.3795 % of variability of original data of the researched set. The diagram of the dispersion measures ( The appropriate use of factor analysis is tested by Kaiser-Mayer-Olkin statistics and Bartlett's test of sphericity. KMO statistics represents an index which serves for comparing the size of experimental correlation coefficients against the size of partial correlation coefficients. When the sum of squares of partial correlation coefficients between all pairs of signs is small in comparison to the sum of squares of pair correlation coefficients, the measure of KMO statistics approaches the value of 1. Low values of KMO statistics indicate that the factor analysis of original signs would not be a good approach because the correlation between the pairs of signs cannot be explained by means of the rest of signs. In accord with the value of Keiser-Mayer-Olkin statistics (0.642) and definition by Kaiser, it is possible to state that based on the used research tool, the measure of correlation is good and the choice of factor analysis for security of payment system is justified. Bartlett's test of sphericity represents a statistical test of correlation between original signs. It tests the null statistic hypothesis H0, namely whether "the correlation between the signs does not exist" , i.e. whether the correlation matrix is a unit matrix. The achieved level of significance of Bartlett's test of sphericity p= 0.000 is lower than the level of significance chosen by us (α = 5 %). Thus, we can reject the null hypothesis that the realisation of the selected correlation matrix with 16 considered variables is a unit matrix. Hence, to start off, we can state that the factor analysis is appropriate for the data dealing with security of payment system. The first step to the interpretation of results of factor analysis is to analyse the factor matrix (Tab. 3) which serves for gaining the initial number of factors. The factor matrix contains factor loading for each sign, while in each factor, it represents the best linear combination of original signs while including the highest possible number of variability of signs. The first factor is always the most important because it represents the best linear relation found in original signs. The second factor represents the second best linear relation of original data, however it is restricted by a condition that it has to be orthogonal to the first factor. The factor loading explains the role of each original sign in defining the common factor. It is, in fact, a correlation coefficient between every original sign and factor. The Table 3 makes it obvious that the first factor significantly correlates with components of research tool, namely with Q1 (Do you carry the payment card PIN code along with your payment card?), Q2 (Have you ever changed your payment card PIN code?), and Q3 (Have you altered your payment card PIN code in a way that it would encode your date of birth?). The values of factor loading reach the values of 60.7027 % and 66.7834 at components Q1 and Q3, respectively. The positive sign of factor loading reflects the indirect proportion, i.e. the evaluation of responses decreases on Likert scale with an increase in the number of respondents. Thus, in frame of the scale value, the responses stating "certainly not" or "no" are chosen. The factor loading of Q2 component of the research tool reaches the value of -70.2289. As it implies further from the analysis of Table 3 Table 3, it further implies that the variability values of 42.3737 % and 30.9031 % of Q5 and Q12 components, respectively, are explained by third mutual factor.
The fourth mutual factor correlates with components Q9 ("Do you have any experience with a hacking attack or bank fraud?") and Q22 ("How confident are you that customers can protect themselves when their personal information is lost or stolen?") with values of factor loading of 58.0158 % at Q9 component and 3.0203 % at Q22 component, which represents the values of 33.6583 % and 53.3196 % of variability of these components explained by the fourth mutual factor. The fifth mutual factor correlates with components Q19 ("Does the enhanced customer convenience of new payment methods outweigh the cost of implementation?") and Q20 ("Why is it more challenging to secure payment card information?") with factor loading values of -59.284 % and 80.4773 %, which represent the variability values explained by fifth mutual factor, namely those of 35.1457% and 64.766 % of Q19 and Q20 components, respectively. The sixth mutual factor correlates with components Q7 ("Do you rely on the security measures of your bank in payment cards?" and Q8 ("Are you sure that the bank takes proper care of your money?"). The factor loading values are -59.284 % and -65.422 % for Q7 and Q8 components of research tool, respectively. Both components yield a negative degree of correlation. The last, seventh extracted factor correlates with Q6 component ("Do personal data represent information that needs to be most importantly protected?") with factor loading value of 78.3608 % which represents a variability of 61.4041 % of this component explained by seventh mutual factor. Aside from defining the basic mutual correlations, we have at the same time tested the practical significance of factors.
Based on the facts mentioned above, the factors of the main research objective, defined as a restriction of main identifiers of the security of payment systems and secure behaviour of respondents, can be postulated as follows:  Factor 1 -PIN code  Factor 2 -Awareness of security risks,  Factor 3 -Knowledge of security elements,  Factor 4 -Personal experience with fraud,  Factor 5 -Enhancement of security of payment systems,
The factor analysis focuses foremostly on parameters of the factor model. It may require estimations of mutual factors, which is referred to as factor score. The values of mutual factors in n selected observed objects or observations are not only a useful tool for diagnosing the data, but possibly also an important entry into further analyses. The factor score is not an estimation of parameters in common sense because it involves estimations of values of non-observed quantities. The estimations of factor score for a given object can be imagined as its coordinates in R-dimensional space. Graphical representation of the relations between individual components of research tool and extracted factors 1 and 2 are shown in Figure 6. The latter figure makes it obvious that Q1 and Q3 components correlate positively with Factor 1, while the Q2 component correlates negatively with the latter factor. Q4, Q13 and Q18 components strongly and positively correlate with Factor 2 while their relation to Factor 1 is moving in a narrow interval from -0.1 to +0.1. In a particular manner, Q10 component also correlates with Factor 1, however the value of factor loading in relation to Factor 1 is lower than 0.5.

ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES
ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2019 Volume 6 Number 4 (June) http://doi.org/10.9770/jesi.2019.6.4(31) Figure 6. Graph of dependencies of the components of research tool on factors 1 and 2 Source: Own study The graph of factor score for individual extracted factors is shown in Figure 7. For better illustration and transparency, always the first ten respondents of selected groups are depicted. The Figure 7 depicts the factor score for the first ten respondents. It shows that at Factor 1 (defined as PIN code and observed to be correlating with Q1, Q2 and Q3 of the questionnaire), we see a positive perception in both women and men at 31-40 years of age, which means that the latter respondents attach importance to the rules for using the PIN code. A similar trend in Factor 1 can be seen also in men and women over 60 years of age, however this age category yields higher absolute values of the factor score. As to Factor 2 (defined as awareness of security risks), men and women at age of 31-40 years respond similarly on both poles, even though in both groups particular extreme values can be found. In the category over 60 years of age, the respondents of both genders are leaning towards positive values of the factor score. The presented analyses enable us to reason that the responses relating to the security of payment systems differ in the categories of 31-40 years of age and over 60 years of age, however an obviously similar trend in the distribution of factor score can be seen when comparing men and women. This means that the opinion about the security of payment systems is not influenced by gender.

Conclusions
It is of importance to state that a conclusion laid out in greater detail would require the questionnaire to be further analysed while the conclusions implying from age differences as well as gender similarities in respondents' opinions about the security of payment systems would have to be further statistically tested.
The professionalisation of threat sources has led to increased sophistication of offensive technical tools, some of which are automated and deployed on a large scale for maximum impact, while others are carefully tailored to specific valuable targets and to evade detection and attribution. Malicious codes are used to stealthily penetrate information systems, monitor them and then extract confidential data such as trade or political secrets over extensive periods of time (called Advanced Persistent Threat, "APT"). Botnets comprising thousands to millions of infected computers and devices can be rented to perform denial of service attacks in order to blackmail their owner or to express discontent. Social engineering techniques are also very common, for example through emails that look legitimate but enable the attacker to steal credentials or penetrate the user's system ("phishing").
Financial public and private sector organisations are progressively recognising the scale of the challenge and adjusting their practices. In particular, an increasing number of top senior executives in large financial firms understand that a purely technical approach is insufficient to manage digital security risk. However, many public and private organisations, and in particular small and medium enterprises (SMEs), are not yet ready to manage digital security risk from an economic perspective and still consider this issue as mainly technical. Finally, the increasing number of massive data breaches exposing personal data and leading in some cases to financial fraud and identity theft raises concerns among individuals who are often left on their own, without the means, knowledge and skills to effectively manage this risk.