Bridging Usability and Accessibility of User Authentication using Usable Accessed (UAce) for Online Payment Applications

Usability and accessibility are significant authentication aspects for online applications. Despite the fact that there are ongoing efforts to improve the interface design, some existing research only focuses on a single aspect of it. Thus, it is vital to investigate how to merge these two features into a practical and workable solution. This study presents a preliminary process for designing accessible and usable applications for online banking payment using Usable Accessed (UAce by adopting Design Science Research (DSR) as its methodology. The UAce standard considers attributes and characteristics from the user authentication. The standard establishes a development method and tool for assessing subjectively and quantitatively usable, as well as the user authentication while taking into account specific elements, qualities, and features. The DSR technique for developing highly usable and accessible interactive apps was utilized in designing this approach. Keywords— Usability; accessibility; DSR; UAce; user authentication. Manuscript received 11 Mar. 2021; revised 27 Jun. 2021; accepted 21 Oct. 2021. Date of publication 31 Dec. 2021. International Journal on Informatics Visualization is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.


I. INTRODUCTION
Most of the online applications have their own access and usable features. However due to its difficulty to use, accessibility usually becomes a secondary objective for most users. The identification of users is required for most apps, such as e-banking. These applications allow users to provide rights to view their data based on their identification by using suitable authentication mechanisms. The requirements for having a sufficient level of accessibility for authentication while retaining its usability may be incompatible although both security and usability are important in all authentication processes Usable Accessed (UAce) [1] deals with the management of accessibility data in user interfaces. Users' profiles (identity of the users), tasks, technology (including network equipment), software, and physical or organizational contexts can all affect accessibility and usability [2]. Nevertheless, there is not much research that was done on usable accessibility, particularly in defining a strategy for constructing the access and usable applications. Designing the accessible and useful applications presents few significant obstacles, such as resolving security and usability problems. Our fundamental concern is how to strike a good balance between accessibility and usability in software applications [3]. Usability principles (known as rules or heuristics) are a set of guidelines for HCI (Human-Computer Interaction) designers to follow. Although various usability principles for accessible applications have been implemented in research, several of the criteria were facing some difficulties in being integrated into the entire process, particularly in the appropriate design and development of usable access applications [4]. We have also considered incorporating worldwide standards that are widely acknowledged by the academic and corporate communities, such as ISO 9241-220, as it might be one of the methods to achieve a compromise between usability and accessibility into UAce and user authentication.
However, based on our findings, there is no qualitative or quantitative method that defines how to build and verify systems while taking into consideration the designated objectives and fundamentals (also known as heuristics), that is suitable for a good exchange between accessibility and usability. Furthermore, there is no linkage between the ISO 9241-220 traits and qualities that the community may use to evaluate accessibility and usability, ensuring that the user has a satisfactory experience with a website or application. This paper has discovered the most crucial attributes, the usability and accessibility of user authentication to the online payment application. The study will be presenting a preliminary process for designing usable applications using UAce, and the design science research (DSR) for the methodology [9], [10]. UAce standard considering the attributes and characteristics from the user authentication. The standard establishes a development method and tool for assessing subjectively and quantitatively usable security and user authentication while taking into account specific elements, qualities, and features. The DSR technique for developing highly usable and accessible interactive apps was utilized to design this approach.
The structures of this paper are as follows: Section II will be discussing the material and method used for this study. The results and discussions will be explained in Section III, and finally, the conclusions and future work will be discussed in Section IV.

II. MATERIAL AND METHOD
This paper discusses the preliminary process of UAce user authentication attributes, using DSR as the methodology used in this study.

A. UAce of User authentication attributes
A Process for Enabling, Executing and Assessing Human-Centred Design Within Organizations -ISO 9241-220 [5]. It is a particular methodology for planning more usable by zeroing in on the utilization of the framework, and applying human components or ergonomics, just as convenience information and strategies. Usable Accessed (UAce) adopted from Usable Secure (Usec) [6], [7], [8] to the authentication techniques that the community can use to assess websites and applications. Some characteristics, according to UAce and authentication in accordance with ISO 9241-220, should be examined to achieve the objectives of this study. There are six attributes and characteristics that need to be examined and considered as the user authentication. Figure 1 shows the relationship of the attributes to the User authentication.
Some of the features of these attributes have the characteristics that are listed as part of the ISO 9241-220 standard. According to a thorough assessment of the literature and an in-depth study, usability and accessibility contribute most principles to the UACe. The descriptions of the attributes are as below:

1)
Accessibility: Anyone, regardless of their cognitive, movement, or sensory abilities, will be able to utilise the authentication method due to its accessibility. This covers hearing, vision, mobility, learning, and colour impairments, all of which are relevant in an authenticating setting. The degree of specialized abilities and proficiency, just as the nature of the client's hardware, are all included as factors in accessibility [11].

2)
Usability: This feature [12] is found and created based on Nielsen's ten usability criteria for user interface design [13]. Nielsen's criteria of visibility is described as "to let the user to "see" if the security features are active and being utilised, while the convey features tell the user about the available security measures".

3)
Operability: Refers to suitable and necessary time and effort in using a form of authentication.

4)
Security: The important element to be disputed of security in authentication implies confirming the personality of a user, cycle, or gadget, frequently as an essential to permitting admittance to assets in a data framework.

5)
Reliability: The capacity to execute specified operations that allow for effectiveness. In this context, several elements of accessibility that include both maintenance and technical support will be considered.

6)
Performance: When it comes to authentication techniques, there are two factors to consider [14]: (a) Minimal action: The application's ability to assist users in completing tasks in a few simple steps. (b) Time response: The time it takes to load and respond to the programme.

B. Design Science Research methodology
We have agreed to use DSR as our main methodology of the study [9], [10]. This strategy plans to study, research, and examine the counterfeit and its conduct from an academic and organizational perspective. In addition, DSR is also a thorough procedure in planning artifacts for problem solving, to assess what was outlined or what is working, and to produce the outcomes. Figure 2 shows a brief description of each phase:

1)
Application Domain: Any organization that designs software systems must prioritise communication factors with users, because users' requirements and experiences might change and differ from time to time. Some variables that should be considered at this stage: people, organizational and technical systems, and problems & opportunities.
There are two types of demographic people that can be appraised to the study, which are: a) Classify user Surveys and interviews are two most popular and wellproven ways for categorising individuals, and the user profile is one approach for doing so [17]. A user interview's main objective is to find out how people feel about security, i.e., their perception on threats, type of protection that they want, and other matters on security choices. Another aim is to determine who the user trusts and on what basis, as well as what concepts and vocabulary they use while communicating [18]. Although users' interviews or observations are critical, inquiring about the users' desired security goals might be difficult. They clearly need to be secured as viable as could be expected, yet the genuine inquiry is would they say they will go additional miles for that? [19]. Once this data is gathered and analysed, it is possible to identify some of the users' characteristics as well as the activities that they could perform in the system, avoiding a security-usability conflict. b) Stakeholder People who are actively involved in gathering usability and security demands to determine usability objectives and viable security approaches are known as stakeholders. They consist of expertise in the related field. These parties should evaluate their varied requirements while making decisions, including the need for usable security [20].

2)
Build design artifacts and process: This level consists of two diverse functionalities, i.e., design of the task, and the particulars. These two are the major factors in building up the general process of interaction design. The process, later, will proceed to the implementation of the design and simulation purposes. The design will be handled with the code by using appropriate tools. The development of an application entails testing elements such as verifying its functionalities, figuring out aspects related to the application interface, validating navigation, and testing new techniques from the start, among other things.
The design of interactive systems may be approached in two ways which are: a) Empirical approach This approach is a combination of the designer's very own approach together with other expertise's method, which is accumulated through compilations of relevant advice for the creation of a successful interface. User assessment studies often back up these findings. b) Methodological approach The approach is based on some theoretical concept and the implementation of several processes for the design's reality. The technique to build systems with accessibility and usability is based on empirical approximation and guidance [21], [22]. This type of design may not be the best option, but we believe that it is the most suitable starting point for future research, in designing a system using a methodological approach to available safety. According to the experimental approach, proposals for commercial analysis must be obtained at the design stage without abstraction, and without relying on complex security procedures [23]. Nielsen [24] has proposed a few principles in developing user interface. However, these principles do not reflect the security features and therefore the design of safe and usable interactive applications [25].

3)
Evaluate: In achieving the goal of this stage, some elements are tested and evaluated to find out whether it works properly, or does it meet all the expectations, or maybe to simply understand how a specific tool works. For usable and accessible interactive systems, evaluation is very critical. At this stage, certain strategies are employed to get input from customers. It also has something to do with usability metrics and evaluation methods.
In this phase, the strategies required to gain response from both users or expert evaluators are being executed, which will be reflected in the design of safe and usable interactive applications. a) Heuristic evaluation The heuristic evaluation is a validation method, in which the main characteristic is the presence of experts (so-called evaluators) who will evaluate the usability and security aspects of the system interface. This is possibly the primary objective of this study, which is based on the concepts of user's security and authentication [25]. In relation to these concepts, usability and security experts analyse the user interface. This evaluation is insufficient as it only focuses on the design of the user interface without considering the core functions and processes. Evaluation methods in the next stage can help to identify the main problems caused by inadequate process modelling. b) Evaluation method The data will be examined to produce some results for evaluator reference. Representative evaluator will use the results to evaluate how the user interface assists users with their tasks. Security and privacy are not the primary goal of users [26]. Therefore, it can easily be omitted from the interface, generating risks due to possible mistakes they can make. The accomplished objectives will be performed with the result analysis and infrequent tasks. Based on this, users will be able to provide information that will help in establishing improvements to the system for adequate usable security. Heuristics evaluation only is inadequate to find available security issues [18]. It should coordinate with the user's perceptions as every one sees a bunch of undertakings performed by the application. These users are monitored throughout each task to see how they used the interface during implementation, how long does it require, and whether the task was fortunately or unfortunately. The qualitative and quantitative findings of the evaluation and task analysis are presented, and this assessment will be able to identify the issues that users face when security is involved in the task. The information gathered is examined to determine critical aspects of the application's usability and security. The determination of most representative activities that users should achieve for applications where convenience and security are available is a fundamental part in the execution of the test system. In this study, the tasks were chosen based on literature that contained the application's most common tasks to collect information about users' challenges. Time and task success of percentage by indicators are produced using this approach.

4)
Foundations: This stage is concluded with scientific theories and methods, experience, and expertise or metaartificial of design products and design process. The foundation will be proposing a model and an algorithm for the flow of the user authentication online payment banking application.
The methodology is used for the purpose of bridging the gap between the usability and accessibility of user authentication online payment banking applications. The accessibility consists of the user interface which include application domain, build design artifacts and process, evaluation, and foundations. Usability considers human computer interaction. This is one of the essential justifications for why this approach was picked as a medium in incorporating the findings of this study into the development of secure and usable applications. Some factors of why this methodology was chosen is as below: a. The user: The core of development and throughout all the model's phases. b. Conceptual organization: Organize each notion in the proper order based on known scientific information. c. Simple: Easy to grasp, with barely any nodes and branches, as well as no conditional routes. d. Multidisciplinary team: Working in diverse teams is both necessary and beneficial (e.g. designers and programmers). e. Flexibility: The concept is not linear or limiting in any way, but rather invites its unrestricted use. f. Validation: Real-world testing has confirmed the model's accuracy.

III. RESULTS AND DISCUSSION
According to the approach depicted in Figure 1, each discovered principle was analysed and assigned to the appropriate location to Table 1. From Table I, we can see that a total of 20 principles has been distributed to each attribute. Table II presented some of the principles of reliability.  The online banking application services is great A survey has been given randomly to a few communities from Kedah and Johor. The demographic of peoples and trends has been discovered. There are 106 respondents of the survey, and from here, 39% are male and 61% are female. There are 52% from 18 to 25 years old, 12% from 26 to 35, 30% from 36 to 45, 5% from 46 to 55, and 2% from 56 to 60 years old. From this point, we can conclude that the majority of the users who care about online banking applications functionalities are adults. Among them, 6% graduated from secondary schools, 4% from qualified certificates, 45% from diploma level, 13% from 1st degree, 17% from master's degree and 15% from PhD holders. Next, 34% comes from government sectors, 14% from private sectors, 45% from students and 7% are unemployed. For the monthly income aspect, 50% of them earn below RM 1000, 9% are within RM 1000 to RM 3000, 11% earn RM 3001 to RM 5000, 13% earn RM 5001 to RM 7000, 16% are within RM 7001 and above. There are 9% who just have 1 account, 63% have 2 to 3 accounts, 26% have 4 to 5 accounts and 2% have 6 to 7 accounts. According to this, most of the people who always used online applications for daily routine are within the B40 category.
In addition, 12% of them prefer over branch bank counters as their frequently used banking activities, 80% prefer to use ATM & CDM, 92% prefer the internet methods, and 44% prefer to via telephone. About 91% of them used the online banking applications, and only 8% never used it at all. With this finding, we can say that most of them often use the online banking applications rather than going to the ATM machine or over the counters to make some transaction activities. 13% of them often used the online banking application daily, 45% of them used it weekly, 39% used it on a monthly basis, 1 % used it yearly and 2% never used it at all. About 91% of them are often used for online shopping, 64% to pay bills, 34% for hire purchase, 70.1% just to check account balance, 84% to transfer money to other banks, and 9% for credit cards. Next, 66% of them choose Maybank2U as the most popular and easy to use online banking application, 47% vote for CIMB Clicks, 36% for Bank Muamalat, 21% choose Bank Islam, 10% for MyBSN, 9% for iRakyat (Bank Rakyat), 6% goes to Public Bank, 5% for RHB Now (RHB Bank), 2% each from AMBank and Affin Bank and 1% for HSBC Online.
Following this, we can conclude that the usability of online applications and the accessibility to make transaction activities are very crucial to most people in Malaysia. They want better performance and qualities while using the online application, especially online banking applications. Although each of the applications has its own difficulty in terms of security, people will still use it because it is in trend, and easier as it can be done at their fingertips. A simulation of an online application has been developed according to the preliminary results. The prototype depicted in Figure 3.  figure 3, the simulation is made based on the discussed usability and accessibility attributes. The process begins with the requested OTP images as shown above. Any images of numbers will be generated by the server for the purpose of verification by the user. When user the generated numbers that were sent to them, the transaction will be verified, and the user can proceed with their transaction. If the user inserted the wrong number, the transaction will not be able to proceed, and the user will be asked to repeat the step again. This process will be done within 60 seconds or 1 minute, or it will be processed back to make sure the transaction is authenticated.

IV. CONCLUSIONS
User interface design has a difficulty with security. As a result, developers need tools to help them to enhance their designs in terms of usable security for applications, such as user authentication. The UAce principles can be used to alleviate accessibility and usability design difficulties. This is a significant addition to the area of UAce. We are proposing a design science research (DSR) methodology integrated with a user-centered design approach to align and bridge the gap between the usability and security of user authentication online payment banking applications. Following the ISO 9241-210 standard, it complements multiple design techniques by giving a structure to human-centered design that incorporates different procedures and improvement fit for a specific situation. This standard establishes a development method and tool for assessing subjectively and quantitatively usable security and user authentication while taking into account specific elements, qualities, and features of the ISO 25010:2011. Despite the fact that there are several ways for assessing the usability of security systems, these techniques are not user-centered owing to a lack of appropriate concepts. Future study will focus on analysing and reviewing the expert-developed heuristics in order to assign a value to each principle in addition with the security element. This also can be evaluated in relation to Internet Banking Acceptance [27]. These ideas and assessment methodologies provided in this study, together with the DSR, may be used to provide user interface design solutions.