Information Security Awareness Analysis on Digital Bank Customer Using Analytic Hierarchy Process: Case Study at XYZ Application from Bank ABC

Kemas Khaidar Ali Indrakusuma*  -  Faculty of Computer Science, Universitas Indonesia, Indonesia
Achmad Nizar Hidayanto  -  Faculty of Computer Science, Universitas Indonesia, Indonesia

(*) Corresponding Author
DOI: 10.21580/wjit.2023.5.2.17334

Digital banking is an innovation from banks to deal with the high demand of the retail customer. This study aims to analyse and measure the level of information security awareness of the customers of XYZ as one of the digital banks in Indonesia and provide recommendations for steps that need to be taken to reduce fraud cases caused by customer negligence. Focus areas that included in this research are the adaptation and extension of the HAIS-Q framework and becoming a new theoretical framework to measure information security awareness for end-user. The measurement is carried out by distributing questionnaires with five Likert scales to 385 respondents and then processed using the Analytic Hierarchy Process (AHP) method which involves eight experts measuring the weight of several identified focus areas and then classified using the Kruger scale. The information security awareness measurement has a result of 81,9770 which indicates that the information security awareness of XYZ users has a good level. The results of data processing show that there are two focus areas and ten focus sub-area that is still not in the good category. In addition, several recommendations are given to XYZ so that the focus areas and sub-areas that are not categorized as good can be improved to make sure the information security awareness of XYZ users becomes better.

Keywords: Analytic Hierarchy Process, Digital Bank, Information Security Awareness

  1. M. E. Whitman and H. J. Mattord, “Information Security Threats And Attacks,” in Principles of Information Security, Cengage, 2022, pp. 30–33.
  2. F. Hassandoust, M. Subasinghage, and A. C. Johnston, “A neo-institutional perspective on the establishment of information security knowledge sharing practices,” Information & Management, vol. 59, no. 1, p. 103574, 2022.
  3. G. Desolda, L. S. Ferro, A. Marrella, T. Catarci, and M. F. Costabile, “Human factors in phishing attacks: A systematic literature review,” ACM Computing Surveys, vol. 54, no. 8, pp. 1–35, 2021.
  4. S. Das, C. Nippert-Eng, and L. J. Camp, “Evaluating user susceptibility to phishing attacks,” Information & Computer Security, vol. 30, no. 1, pp. 1–18, 2022.
  5. S. Abulhaija, S. Hattab, and A. Qusef, “Cyber Security Awareness, knowledge and behavior in the banking sector in Jordan,” 2022 13th International Conference on Information and Communication Systems (ICICS), 2022.
  6. W. Syafitri, Z. Shukur, U. A. Mokhtar, R. Sulaiman, and M. A. Ibrahim, “Social Engineering Attacks Prevention: A Systematic Literature Review,” IEEE Access, vol. 10, pp. 39325–39343, 2022.
  7. M. M. Ali and N. F. Mohd Zaharon, “Phishing—a cyber fraud: The types, implications and governance,” International Journal of Educational Reform, p. 105678792210829, 2022.
  8. M. S. Mahardika, A. N. Hidayanto, P. A. Paramartha, L. D. Ompusunggu, R. Mahdalina, and F. Affan, “Measurement of employee awareness levels for information security at the center of analysis and information services judicial commission republic of Indonesia,” Advances in Science, Technology and Engineering Systems Journal, vol. 5, no. 3, pp. 501–509, 2020.
  9. M. Hijji and G. Alam, “Cybersecurity awareness and training (CAT) framework for Remote Working Employees,” Sensors, vol. 22, no. 22, p. 8663, 2022.
  10. Bank XYZ, rep., 2021.
  11. Orang Kamar, “XYZ ABC: Jumlah Nasabah, simpanan, Dan Pengaduan - Orangkamar,” Orang Kamar, 12-Jun-2021. [Online]. Available: https://orangkamar.com/statistik-XYZ-ABC/. [Accessed: Mar-2022].
  12. R. Pahlevi and A. Mutia, “Jumlah Pengguna Aktif Bulanan Bank Digital XYZ tertinggi di Indonesia: Databoks,” Pusat Data Ekonomi dan Bisnis Indonesia. Jan-2022. [Online]. Available: https://databoks.katadata.co.id/datapublish/2022/01/18/jumlah-pengguna-aktif-bulanan-bank-digital-XYZ-tertinggi-di-indonesia - :~:text=Pada 2021, jumlah pengguna aktif,mencapai 2,34 juta pengguna. [Accessed: Mar-2022].
  13. C. Annur and M. Ridhoi, “Daftar Kejahatan Siber Yang paling Banyak Dilaporkan Ke Polisi: Databoks,” Pusat Data Ekonomi dan Bisnis Indonesia, Sep-2020. [Online]. Available: https://databoks.katadata.co.id/datapublish/2020/09/08/daftar-kejahatan-siber-yang-paling-banyak-dilaporkan-ke-polisi. [Accessed: Mar-2022].
  14. AppsFlyer, rep., 2021.
  15. V. Chang, L. M. Doan, A. Di Stefano, Z. Sun, and G. Fortino, “Digital Payment Fraud Detection Methods in digital ages and industry 4.0,” Computers and Electrical Engineering, vol. 100, p. 107734, 2022.
  16. S. Ohrimenco, G. Borta, and V. Cernei, “Estimation of the key segments of the Cyber Crime Economics,” 2021 IEEE 8th International Conference on Problems of Infocommunications, Science and Technology (PIC S&T), 2021.
  17. M. A. Abidin, A. Nawawi, and A. S. Salin, “Customer Data Security and theft: A Malaysian organization’s experience,” Information & Computer Security, vol. 27, no. 1, pp. 81–100, 2019.
  18. F. Cerruto, S. Cirillo, D. Desiato, S. M. Gambardella, and G. Polese, “Social network data analysis to highlight privacy threats in sharing data,” Journal of Big Data, vol. 9, no. 1, 2022.
  19. Z. A. Soomro, J. Ahmed, M. H. Shah, and K. Khoumbati, “Investigating identity fraud management practices in e-tail sector: A systematic review,” Journal of Enterprise Information Management, vol. 32, no. 2, pp. 301–324, 2019.
  20. E. K. Ghani, M. M. Ali, M. N. Musa, and A. A. Omonov, “The effect of perceived usefulness, reliability, and COVID-19 pandemic on Digital Banking Effectiveness: Analysis using technology acceptance model,” Sustainability, vol. 14, no. 18, p. 11248, 2022.
  21. P. K. Ozili, “Impact of digital finance on Financial Inclusion and stability,” Borsa Istanbul Review, vol. 18, no. 4, pp. 329–340, 2018.
  22. W. Utami, L. Nugroho, R. Mappanyuki, and V. Yelvionita, “Early warning fraud determinants in banking industries,” Asian Economic and Financial Review, vol. 10, no. 6, pp. 604–627, 2020.
  23. P. Tickner and M. Button, “Deconstructing the origins of Cressey’s fraud triangle,” Journal of Financial Crime, vol. 28, no. 3, pp. 722–731, 2021.
  24. H. Ozcelik, “An analysis of fraudulent financial reporting using the Fraud Diamond Theory Perspective: An empirical study on the manufacturing sector companies listed on the borsa istanbul,” Contemporary Studies in Economic and Financial Analysis, pp. 131–153, 2020.
  25. H. A. Kruger and W. D. Kearney, “A prototype for Assessing Information Security Awareness,” Computers & Security, vol. 25, no. 4, pp. 289–296, 2006.
  26. Y. Salem, M. Moreb, and K. S. Rabayah, “Evaluation of Information Security Awareness among Palestinian learners,” 2021 International Conference on Information Technology (ICIT), 2021.
  27. A. McIlWraith, Information security and employee behaviour: How to reduce risk through employee education, training and Awareness. London ; New York: Routledge, 2022.
  28. R. Prakoso, Y. Ruldeviyani, K. F. Arisya, and A. L. Fadhilah, “Measurement of Information Security Awareness Level: A case study of online transportation users,” 2020 3rd International Seminar on Research of Information Technology and Intelligent Systems (ISRITI), 2020.
  29. A. Solomon, M. Michaelshvili, R. Bitton, B. Shapira, L. Rokach, R. Puzis, and A. Shabtai, “Contextual security awareness: A context-based approach for assessing the security awareness of users,” Knowledge-Based Systems, vol. 246, p. 108709, 2022.
  30. A. Wiley, A. McCormac, and D. Calic, “More than the individual: Examining the relationship between culture and information security awareness,” Computers & Security, vol. 88, p. 101640, 2020.
  31. M. R. Asadabadi, E. Chang, and M. Saberi, “Are MCDM methods useful? A critical review of Analytic Hierarchy Process (AHP) and Analytic Network Process (ANP),” Cogent Engineering, vol. 6, no. 1, 2019.
  32. Y. Liu, C. M. Eckert, and C. Earl, “A review of Fuzzy AHP methods for decision-making with subjective judgements,” Expert Systems with Applications, vol. 161, p. 113738, 2020.
  33. I. J. Orji, S. Kusi-Sarpong, S. Huang, and D. Vazquez-Brust, “Evaluating the factors that influence blockchain adoption in the freight logistics industry,” Transportation Research Part E: Logistics and Transportation Review, vol. 141, p. 102025, 2020.
  34. C. Okoli and K. Schabram, “A guide to conducting a systematic literature review of Information Systems Research,” SSRN Electronic Journal, 2010.
  35. D. Ifenthaler and J. Y.-K. Yau, “Utilising learning analytics to support study success in Higher Education: A systematic review,” Educational Technology Research and Development, vol. 68, no. 4, pp. 1961–1990, 2020.
  36. K. Firsty Arisya, Y. Ruldeviyani, R. Prakoso, and A. Lailatul Fadhilah, “Measurement of Information Security Awareness Level: A case study of mobile banking (M-banking) users,” 2020 Fifth International Conference on Informatics and Computing (ICIC), 2020.
  37. A. Fariz, Program Studi Magister Teknologi Informasi Fasilkom UI, publication, 2020.
  38. M. Akbar, Program Studi Magister Teknologi Informasi Fasilkom UI, publication, 2021.
  39. G. Volkmar, P. M. Fischer, and S. Reinecke, “Artificial Intelligence and machine learning: Exploring drivers, barriers, and future developments in Marketing Management,” Journal of Business Research, vol. 149, pp. 599–614, 2022.
  40. J. Suárez-Álvarez, I. Pedrosa, L. M. Lozano, E. García-Cueto, M. Cuesta, and J. Muñiz, “Using reversed items in Likert scales: A questionable practice,” Psicothema, vol. 30, no. 2, pp. 149–158, 2018.
  41. V. Matveev, N. O. Eduardivna, N. Stefanova, S. Khrypko, A. Ishchuk, O. Ishchuk, and T. Bondar, “Cybercrime in the Economic Space: Psychological Motivation and Semantic-Terminological Specifics,” IJCSNS International Journal of Computer Science and Network Security, vol. 21, no. 11, pp. 135–142, 2021.
  42. P. Wang, “Analysis of Computer Virus Defense Strategy Based on Network Security,” Academic Journal of Computing & Information Science, vol. 5, no. 14, 2022.
  43. N. J. Kelley, A. L. Hurley-Wallace, K. L. Warner, and Y. Hanoch, “Analytical reasoning reduces internet fraud susceptibility,” Computers in Human Behavior, vol. 142, p. 107648, 2023.
  44. M. S. Jalali, M. Bruckes, D. Westmattelmann, and G. Schewe, “Why employees (still) click on Phishing links: An investigation in hospitals,” Journal of Medical Internet Research, vol. 22, no. 1, 2020.
  45. F. Jáñez-Martino, R. Alaiz-Rodríguez, V. González-Castro, E. Fidalgo, and E. Alegre, “A review of Spam Email Detection: Analysis of spammer strategies and the Dataset Shift Problem,” Artificial Intelligence Review, vol. 56, no. 2, pp. 1145–1173, 2022.
  46. S. Mishra and D. Soni, “SMISHING detector: A security model to detect smishing through SMS content analysis and URL behavior analysis,” Future Generation Computer Systems, vol. 108, pp. 803–815, 2020.
  47. S. Baki and R. M. Verma, “Sixteen Years of Phishing User Studies: What have we learned?,” IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 2, pp. 1200–1212, 2023.
  48. A.-S. T. Olanrewaju, M. A. Hossain, N. Whiteside, and P. Mercieca, “Social Media and Entrepreneurship Research: A literature review,” International Journal of Information Management, vol. 50, pp. 90–110, 2020.
  49. G. Beigi and H. Liu, “A survey on privacy in Social Media,” ACM/IMS Transactions on Data Science, vol. 1, no. 1, pp. 1–38, 2020.
  50. H. Murray and D. Malone, “Choosing wordlists for password guessing: An adaptive multi-armed bandit approach,” Foundations and Practice of Security, pp. 393–413, 2022.
  51. M. Yıldırım and I. Mackie, “Encouraging users to improve password security and memorability,” International Journal of Information Security, vol. 18, no. 6, pp. 741–759, 2019.
  52. D. Gao, H. Lin, Z. Li, F. Qian, Q. A. Chen, Z. Qian, W. Liu, L. Gong, and Y. Liu, “A nationwide census on WIFI Security threats,” Proceedings of the 27th Annual International Conference on Mobile Computing and Networking, 2021.
  53. P. Sinha, A. kumar Rai, and B. Bhushan, “Information security threats and attacks with conceivable counteraction,” 2019 2nd International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT), 2019.
  54. S. Ezennaya-Gomez, E. Blumenthal, M. Eckardt, J. Krebs, C. Kuo, J. Porbeck, E. Toplu, S. Kiltz, and J. Dittmann, “Revisiting online privacy and security mechanisms applied in the in-app payment realm from the consumers’ perspective,” Proceedings of the 17th International Conference on Availability, Reliability and Security, 2022.
  55. K. Guers, M. M. Chowdhury, and N. Rifat, “Card skimming: A cybercrime by hackers,” 2022 IEEE International Conference on Electro Information Technology (eIT), pp. 575–579, 2022.

Open Access Copyright (c) 2024 Walisongo Journal of Information Technology
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Walisongo Journal of Information Technology
Published by Department Information Technology
Faculty of Science and Technology UIN Walisongo Semarang

Jl Prof. Dr. Hamka Kampus III Ngaliyan Semarang 50185
Phone: 024-76433366
Website: https://fst.walisongo.ac.id/
Email: ti@walisongo.ac.id

ISSN 2715-0143 (media online)
ISSN 2714-9048 (media cetak)

 

ISSN: 2714-9048 (Print)
ISSN: 2715-0143 (Online)
DOI : 10.21580/wjit

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Get a feed by atom here, RRS2 here and OAI Links here

View My Stats
apps