I Don’t Use Apple Pay Because It’s Less Secure : Perception of...
Transcript of I Don’t Use Apple Pay Because It’s Less Secure : Perception of...
IDon’tUseApplePayBecauseIt’sLessSecure...:PerceptionofSecurityandUsabilityinMobileTap-and-Pay
JunHoHuh,SaurabhVerma,Swathi SriVRayala,RakeshB.Bobba,KonstantinBeznosov,andHyoungshick Kim
ApplePay
• InOctober2014,ApplelaunchediPhone6andApplePay
• Marketingpitchwas:tap-and-paywithiPhonesinstoresisfaster andmoresecure
• ApplePayquicklybecamethebiggesttap-and-paymobilepaymentsystemintheUS
• Accountingfor$2outofevery$3processedthroughcontactlesspayment
2
3
AndroidPay
• GooglelaunchedtheirownmobilepaymentsolutioncalledAndroidPayaroundSeptember2015
• AlsoclaimingthatAndroidPayismoreconvenientandsecurethanswipe-and-paywithtraditionalcreditcards
4
Researchquestions
• Howpopulararethetwotechnologies?
• Whydopeopleuseornotusethem?Howimportantaresecurityandusabilityfactorsinaffectingpeople’sdecisions?
• Whatarespecificusabilityandsecurityconcerns?
• Arethereanysecurityorusabilitymisconceptions?
5
Firststudy:in-personinterviews
• Conductedsemi-structuredinterviewstoidentifyhypotheses
• ConductedontwodifferentparticipantpoolswithintheUS:• 21participantsfromauniversity• 15participantsthroughonlineadvertisements(e.g.,Craiglist)
• Conductedbytworesearcherstogethertoensureallquestionswereaskedconsistently
• Averagetimetakenwas35minutes• Separatelyperformedthematicanalysisofeachinterview,independentlycreatinglistofthemes(“codes”)
6
Interviewquestions
• Usage: weaskedabouttheirfamiliaritywithApple(Android)Pay,andwhethertheyuseittopayinstores
• Whyuseornotuse• Askedwhytheyuse,notuse,orstoppedusingApple(Android)Pay
• Askedhowtheyfeelaboutsecurityandusability
• Familiaritywithsecurity: askedwhethertheyunderstand• HowApple(Android)Payprotecttheirtap-and-paytransactionprivacyandsecurity
• Howitprotectscarddetails• Howitensuresonlytheycanpaywiththeirphone
7
ApplePayresults
• Aftermergingthecodesfrombothgroups,thethreedominantfactorsforusing ApplePaywere
• More secure (12)• Faster (11)• More convenient (12)
Hypothesis1:usabilityisamoreimportantfactorthansecurityforusingApplePay
8
“It’smoreconvenient..ratherthantakingmywallet,findingmycard,andswipingit..”(P7)
“..youhaveto..authorize[itsuse]withthethumbprint.Sothatmakes[ApplePay]very
secure.”(P13)
9
ApplePayresults
• Fornotusing ApplePaythedominantfactorswere• Not many stores support it (6)• Less secure (6)
Hypothesis2:securityisamoreimportantfactorthanusabilityfornotusingApplePay
10
“ItisnotobviouswhereyoucanandcannotuseApplePay”(P1)
“IfmyPINiscompromised,IcanresetittoanotherPIN.Butmybiometricinformationcannotbe
reset..”(P14)
11
AndroidPayresults• Forusing AndroidPaythedominantfactorswere
• More convenient (4)
• More private (4)
• For not using Android Pay,• Not many stores support it (6)• Less secure (5)• Less convenient (5)
Hypothesis3:thereisnostatisticallysignificantdifferencebetweentheimportanceofusabilityandsecurityfactorswhenitcomesto
usingornotusingAndroidPay
12
Secondstudy:onlinesurvey• Alarge-scaleonlinesurveywasconductedtoaddresslimitationsofthefirststudy,andtesthypotheses
• Designedbasedonthecodesidentifiedinthefirststudy,followingthesamestructure
• RecruitedparticipantthroughAmazonMechanicalTurkbetweenMarchandApril2016
• LimitedtoUSparticipants• ParticipateonlyiftheyhavesomefamiliaritywithApple(Android)Pay,andownsaphonethatsupportsit
13
Validatingresponses• Participantswereaskedtosubmittwophotos
14
• Excluded responses from those who- Didn’t provide photos- Didn’t follow instructions- Provided photos that do not match their claimed model- Provided photos of devices that do not support Apple (Android) Pay
Adoptionrates
15
Option ApplePay AndroidPayNo,Ihaveneverusedit 189(54%) 330(64%)Yes,Iuseit 124(36%) 100(21%)Iwasusingitinthepastbutstoppedusingit
36(10%) 81(15%)
Reasonsfornotusing ApplePay
16
Reasonsfornotusing AndroidPay
17
Reasonsforusing ApplePay
18
Reasonsforusing AndroidPay
19
SecurityknowledgeandApplePayadoptionrate
20
UsingPearson’scorrelation,wefoundapositivecorrelation(ρ =0.19,p<0.0001)
SecurityknowledgeandAndroidPayadoptionrate
21
Wefoundapositivecorrelation(ρ =0.20,p<0.0001)
Perceptionofsecurity• Tothenonuserswhochoseless secure asthetopconcern,weasked
• Whydoyoufeelit’slesssecure?• IfyoulearnthatusingApple(Android)Payismoresecure,wouldyouthenuseittopayinstores?
• ForApplePay,10outof12 saidyestothesecondquestion.ForAndroidPay,8outof14 saidyes.
• Tothefirstquestion,• Insecure storage of card information wasmostfrequentlymentioned(13outof26)
• Butonly2outofthat13correctlyansweredthequestionaboutcardprotectionmechanisms
• Stealing phone and making purchases wasalsopopular(7outof26)
22
Overcomingsecuritymisconceptions• Insecure storage of card information
• Educatingnonusersaboutthecardinformationprotectiontechnologiescouldhelpthemovercomethissecuritymisconception
• Stealing phone and making purchases
• Learning about authentication mechanisms and lost/stolen phone features (that allows one to quickly disable mobile tap-and-pay remotely)
• Help nonusers realize that using stolen phones to make purchases is harder than physically using stolen cards
23
Conclusions• Mobiletap-and-payadoptionrateisactuallyquitelow!!
• Securitywasthetopconcernformanynonusers• Commonsecuritymisconceptionwasthatthecardinformationarenot
securelystored,andstealingphoneandmakingpurchasesiseasy
• Wefoundapositivecorrelationbetweenthesecurityknowledgelevelsandthelikelihoodofusingmobiletap-and-pay
• Furtherinvestigationisneededtostudythecausalrelations• Manynonusersmentionedthatiftheylearnmobiletap-and-payismore
secure,theywoulduseit
• AppleandGooglecouldpotentiallyimproveadoptionratesbyeducatingpeopleaboutthesecurityprotections,andaddressingtheirsecuritymisconceptions
24