Biometric Authentication in M-PaymentsAnalysing and improving end-users’ acceptability

Jakub Porubsky

Information Security, master's level (120 credits)

2020

Luleå University of Technology

Department of Computer Science, Electrical and Space Engineering

Acknowledgement

I would like to thank Dr. Ali Ismail Awad for providing excellent supervision throughout the whole

writing process. The received comments were always helpful and have significantly improved my

work. Seniha Oztemiz Tulgar also deserves my gratitude for peer reviewing this thesis on a monthly

basis. The provided feedback also undoubtedly helped to shape this project into its current form.

Finally, appreciation goes to the anonymous examiner who has reviewed and marked this thesis.

i

Abstract

Traditional authentication methods like Personal Identification Number (PIN) are getting obsolete and

insecure for electronic-payments while mobile-payments are becoming more and more popular.

Biometrics such as fingerprint and face recognition authentication methods seem to be a solution to this

security issue as they are becoming a regular and integrated part of an average smartphone end-users

purchase. However, for mobile-payments to be authenticated by biometrics, end-users acceptability of

both technologies must be high. In this research, fingerprint and face recognition authentication

methods are being tested with end-users and their current acceptability level is being determined based

on interviews which are conducted upon finishing each testing scenario. The interview is using 39

questions which are determining previous usage of the technologies, their likeability, positives,

negatives, and feelings about various features biometrics provide such as ease-of-use, stress-free

method of payment, security, and many others. Additionally, one more authentication method is tested,

namely two factor authentication consisting of one biometric method (fingerprint) and one traditional

method (PIN) of authentication. The main goal for testing this method is to find out whether

implementing (as currently it is not available) such technology into mobile-payments would be

beneficial and how it scored in user-acceptance next to fingerprint and face recognition authentication

methods. Once the user-acceptance level is determined the main reasons for it are presented. Last but

not least, suggestions for improvements in this domain are presented so that biometrics are even more

accepted by end-users who are performing mobile-payments on their smartphones.

ii

Table of Contents

CHAPTER 1..............................................................................................................................................1Introduction................................................................................................................................................1

1.1 Problem Description........................................................................................................................11.2 Purpose and Objectives...................................................................................................................21.3 Research Questions.........................................................................................................................31.4 Scope and Limitations.....................................................................................................................31.5 Significance of Study......................................................................................................................41.6 Organisation of Thesis.....................................................................................................................5

CHAPTER 2..............................................................................................................................................6Background................................................................................................................................................6

2.1 Biometric Technology.....................................................................................................................62.2 Need for Biometrics in M-Payments...............................................................................................72.3 User-acceptance Frameworks..........................................................................................................8

CHAPTER 3............................................................................................................................................10Literature Review.....................................................................................................................................10

3.1 Methodology.................................................................................................................................103.2 Mobile Payments (m-payments)...................................................................................................12

3.2.1 Current State of the Art.........................................................................................................123.2.2 Challenges..............................................................................................................................133.2.3 Influences...............................................................................................................................15

3.3 User Acceptance in M-Payments..................................................................................................163.4 Research Gap Analysis..................................................................................................................19

CHAPTER 4............................................................................................................................................22Research Methodology.............................................................................................................................22

4.1 Data Collection..............................................................................................................................224.1.1 Interviews Methodology........................................................................................................234.1.2 Population and Sample..........................................................................................................234.1.3 Interview Protocol.................................................................................................................24

4.2 Data Analysis.................................................................................................................................264.3 Research Process...........................................................................................................................29

CHAPTER 5............................................................................................................................................32Statistical Analysis...................................................................................................................................32

5.1 Participants....................................................................................................................................325.2 Usage of M-Payments...................................................................................................................355.3 Usage of Biometrics in Smartphone..............................................................................................365.4 Fingerprint Authentication............................................................................................................365.5 Face Recognition Authentication..................................................................................................405.6 Two Factor Authentication............................................................................................................445.7 Other Biometric Authentication Method.......................................................................................475.8 Traditional vs Biometric Authentication.......................................................................................48

iii

CHAPTER 6............................................................................................................................................49Reflection and Discussion........................................................................................................................49

6.1 Current Usage of M-Payments and Biometrics.............................................................................496.2 Fingerprint Authentication............................................................................................................506.3 Face Recognition...........................................................................................................................516.4 Two Factor Authentication............................................................................................................536.5 Gender, Age, and Education Differences......................................................................................546.6 Experience with M-Payments and Biometrics..............................................................................566.7 Other Biometric Authentication Method.......................................................................................566.8 Traditional vs Biometric Authentication.......................................................................................576.9 Relation to Current Covid-19 Pandemic.......................................................................................57

CHAPTER 7............................................................................................................................................58Results......................................................................................................................................................58

7.1 Findings versus Literature.............................................................................................................587.2 Research Questions Answered......................................................................................................62

7.2.1 Current User-Acceptance Level (Q1)....................................................................................627.2.2 Reasons for Current User-Acceptance Level (Q2)................................................................627.2.3 Suggested Improvements (Q3)..............................................................................................63

CHAPTER 8............................................................................................................................................66Conclusions and Future Research............................................................................................................66

8.1 Conclusion.....................................................................................................................................668.2 Future Work...................................................................................................................................67

References................................................................................................................................................69

iv

List of Tables

Table 1: Brocke et al. (2009) taxonomy applied to this thesis.................................................................11Table 2: Biometric Authentication usage.................................................................................................16Table 3: Biometric Authentication user requirements..............................................................................17Table 4: Qualitative vs Quantitative approach (Landrum & Garza 2015, Chronéer 2019, Ståhlbröst 2019)........................................................................................................................................................26Table 5: Occupation.................................................................................................................................35Table 6: Fingerprint – Gender..................................................................................................................38Table 7: Fingerprint – Age.......................................................................................................................38Table 8: Fingerprint – Education..............................................................................................................39Table 9: Fingerprint – Usage of M-Payments..........................................................................................39Table 10: Fingerprint – Usage..................................................................................................................40Table 11: Face Recognition – Gender......................................................................................................42Table 12: Face Recognition – Age...........................................................................................................42Table 13: Face Recognition – Education.................................................................................................43Table 14: Face Recognition – Usage of M-Payments..............................................................................43Table 15: Face Recognition – Usage........................................................................................................44Table 16: Two Factor – Age.....................................................................................................................46Table 17: Two Factor – Education...........................................................................................................47Table 18: Findings versus Literature........................................................................................................58

v

List of Figures

Figure 1: Operating System (OS)............................................................................................................32 Figure 2: Gender.....................................................................................................................................32 Figure 3: Age...........................................................................................................................................33 Figure 4: Finished Education..................................................................................................................34 Figure 5: Usage of M-Payments.............................................................................................................35 Figure 6: Usage of Biometrics in Smartphone........................................................................................36 Figure 7: Likeability of fingerprint authentication..................................................................................37 Figure 8: Likeability of face recognition authentication.........................................................................40 Figure 9: Likeability of two factor authentication..................................................................................45 Figure 10: Other biometrics for m-payments..........................................................................................47 Figure 11: Traditional versus Biometric authentication..........................................................................48

vi

List of Abbreviations

M-Payments Mobile-Payments

E-Payments Electronic-Payments

M-Commerce Mobile-Commerce

E-Commerce Electronic-Commerce

LTU Luleå Tekniska Universitet (Luleå University of Technology)

PIN Personal Identification Number

OTP One Time Password (e.g. received via SMS on phone)

TRA Theory of Reasoned Action

TPB Theory of Planned Behaviour

TAM Technology Acceptance Model

UTAUT Unified Theory of Acceptance and Use of Technology

IEEE Institute of Electrical and Electronics Engineering

POS terminal Point Of Sale terminal

NFC Near-Field Communication

2FA Two Factor Authentication (e.g. fingerprint and PIN)

vs versus

DNA Deoxyribonucleic Acid – also used for unique authentication of people (e.g. on crime scenes by police)

vii

CHAPTER 1

Introduction

1.1 Problem Description

The biometric authentication is most likely going to substitute the traditional method in order to

improve the security of user authentication when performing m-payments. While for traditional

authentication methods, namely something user knows (e.g. password or PIN) and something user has

(e.g. token or smart card), the framework was pretty straightforward, it is not so clear for biometric

authentication. This is because both traditional methods had to contain some characters (i.e. letters,

numbers, symbols, or combination) for authentication while biometrics has samples which can be of

many types. To provide a few examples: fingerprint scan, voice recognition samples, iris scan, palm

scan, face recognition scan, etc. The samples are then compared to already stored value and

authentication is based on match rate based on calibration (e.g. at least 90% must match to confirm

authentication) as opposed to 100% similarity which was required for the traditional approach. At the

time of writing fingerprint authentication with facial recognition are the most used biometric

authentication methods but as Awad & Baba (2011, p.122) state “fingerprint is the dominant trait

between different biometrics like iris, retina, and face”. Still, fingerprint and face recognition are both

mostly used because of these sensors (i.e. fingerprint scanner and high quality camera) being widely

deployed into smartphones. The developers of biometric authentication methods are even creating some

completely new ones – for example: tongue scan (Sivakumar et al., 2018), heartbeat profile (“beat-ID”)

(Paiva et al., 2017), keystroke profile (“keyboard keystroke dynamics”) (Eude & Chang, 2018), or

pulse-response profile (Martinovic et al., 2017). Hence, there are multiple ways through which m-

payments could be authenticated and determining the most suitable one could be considered crucial.

Now, for an authentication method to be successful there are many influences which are affecting the

deployment. Some of the most important ones are: time it takes to perform the payment, ergonomics

(e.g. location of fingerprint scanner), user-acceptance (i.e. enjoyment), usefulness, and security

(Blanco-Gonzalo et al. 2019, Liebana-Cabanillas et al. 2018, Ogbanufe & Kim 2018, Trappey et al.

2016, Marinkovic & Kalinic 2017, Rad et al. 2017). Therefore, determining the current user-acceptance

as well as suggesting methods to improve it could be very useful because it can be considered as the

most important influence for particular method to be successful. In other words, if users will not like a

1

method (for any type of a reason) they will not use it even if it is most secure, extremely fast, with

excellent ergonomics. Now if this negative user perception would become a reality it could introduce a

relatively high security risk because traditional authentication methods are getting less and less secure

due to several reasons. The main reason would be that end-users need more and more accounts to work

with on a daily basis (Buckley & Nurse, 2019) meaning they are likely to create simple passwords that

are easier to remember. But reasons worth mentioning include constant increase of computing power

which could crack even stronger passwords using all available combinations within reasonable time in

the near future as well as high chance of users storing passwords on an insecure place(s) (physical and/

or electronical) as e.g. password managers are paid services that not every user wants to pay for and

very secure password like “fT5h*m9k_p2G” is very hard to remember. Therefore, traditional methods

could increase the chances of malicious users breaching individuals’ personal accounts and as a result

create financial and/or other types of direct impact. As was mentioned above, biometric authentication

seems to be a solution to this emerging challenge.

1.2 Purpose and Objectives

This study is attempting to assess the current acceptability-level of end-users who are performing m-

payments using biometric authentication. The purpose is therefore to acknowledge the current situation

from reality by means of performing actual testing scenarios with end-users who are then going to be

interviewed. The sample of end-users is aiming at being of high diversity (i.e. various age groups, sex,

education, etc.) and of high number so that data is relevant. Using the gathered data, the user-

acceptability can be determined and better understood for further purposes. Within this study, these will

then further be used to suggest possible strategies to improve the end-user’s acceptability and therefore

see which authentication method or combination of methods (i.e. two factor authentication) are ideal.

Hence, the objectives of this study are as follows:

a) Make a study of the actual user-acceptance among users when performing m-payments by

means of biometric authentication.

b) Identify the most common reasons of why the current user-acceptance is as it is.

c) Suggest improvements that can be performed to improve end-users’ acceptability.

2

1.3 Research Questions

The following ordered list lays out the research questions which this study is attempting to research in

order to achieve the aforementioned objectives:

Q1.: What is the current acceptability level of biometrics in m-payments?

Q2.: What are the common reasons behind the current acceptability level?

Q3.: What are the possible strategies to improve end-users’ acceptability?

1.4 Scope and Limitations

This project has its particular focus and this section attempts to explain it. Firstly, the smartphones

which were part of the interviews have not used all the possible alternatives. The used ones had either

iOS or Android operating system (while there are some others on the market) and biometric

authentication selected for the testing scenarios omitted at least iris scan which is quite spread among

Android phones. Selecting these alternatives has simple reasoning – at the time of writing these choices

for operating system (Statcounter 2020a, O’dea 2020, Netmarketshare 2020) and biometric

authentication methods (Kelly 2019, German & Barber 2017, NCSC 2020) were the most popular ones.

Secondly, all other smart devices capable of performing m-payments were not part of the research (e.g.

smartwatches or tablets). In 2018 global shipments of wearables (i.e. smartwatches) were around 125

million of units (Ranger, 2018), tablets around 173 millions (Barbaschow, 2019), while smartphones

were in a significant lead with 1404 million (Barbaschow, 2019) shipments. Hence, it can be said that

smartphones are the most popular smart devices (Statcounter 2020b, Statista 2019) and therefore

currently have the highest impact towards usage of m-payments. Therefore, choosing them for this

research seemed like the most adequate option.

Thirdly, the interviewees were all inhabitants of Bratislava (the capital of Slovakia) with almost all of

them having a full-time job. Central Europe (i.e. Bratislava) was the actual physical place for

conducting the research and fact that only few people from the asked respondents were not full-time

employed is how the research ended up. Nevertheless, this was not considered as a problem because

people with regular income are more likely purchasing smartphone capable of performing m-payments.

Fourthly, as the time for performing the interviews was limited (actually only 14 days were allocated

for it) and only 1 person was conducting them, the final number of participants is not extremely

extensive (52 end-users). However, for the purposes and scope of this project it is considered as

3

sufficient. In case the results are or will be required to be more precise there could be more human

resources (i.e. interviewers) and/or time allocated to this research and therefore conclude in much

higher number of participants with more relevant outcomes.

Lastly, all the interviews were done via the Internet using video conferencing even though these were

originally planned to be conducted physically face to face. This is because of Covid-19 pandemic

(Boseley 2020, BBC News 2020b, DW 2020, Gumbrecht & Howard 2020) which forced many

countries (including Slovakia) to basically stop human contact to the greatest extent possible. Vast

majority of people who were not working under critical infrastructure of the country were moved to

100% home office or stopped going to work temporarily. Additionally, all kinds of public places were

closed and people were highly advised to stay at home as much as possible (i.e. to leave home only to

buy food, drugs, or cosmetics). Nevertheless, this was used to the advantage because number of

participants would have likely been significantly smaller for face to face meetings within the given

time and human resources to perform the interviews.

1.5 Significance of Study

The significance of this study is to outline the acceptance of users regarding usage of biometric

authentication when performing m-payments. This helps determining what is the current satisfaction of

using biometric form of authentication among end-users. Hence, can be used for various purposes such

as: deciding whether such payment method should be implemented and supported (in e.g. a brick and

mortar store) or for improving the smart devices which are capturing biometric samples.

The outcome of this thesis is also concerning the common reasons behind the current acceptability

level which means that these can be analysed in a greater detail and used to better understand important

factors affecting usage of this authentication method on smartphones. Hence, to improve products as

well as all other aspects that end-users consider important (e.g. could be security or training for usage).

Nevertheless, this study will also suggest possible strategies how end-users’ acceptability level can be

improved. Therefore, if desired, readers do not have to analyse the findings mentioned above but may

focus on the last section which presents the actual strategies.

Finally, this research can serve as a reference material for further research. As the research topic is ever

evolving and the outcomes presented here may not be actual in the future it can help to lay out the

situation detected in 2020 in Central Europe. Alternatively, it can be used for comparison to a similar

research conducted in a different geographical location or practically in any other way particular

researcher(s) decides to use it for.

4

1.6 Organisation of Thesis

Chapter 2 – Provides a background information to introduce biometric technology, its need in m-

payments domain, and user-acceptance frameworks which exist for measuring user-acceptance.

Chapter 3 – Consists of literature review which was conducted to find out the current state of the art

(current situation, challenges, influences) and user acceptance in m-payments. Additionally, research

gap analysis is present to provide details on what is missing and how this project will help to fix it.

Chapter 4 – Describes detailed insights into how this research was actually conducted. It mentions

details about the data collection (interview methodology, population and sample, interview protocol),

information on what research methodology was used and why, and lays out step-by-step points of the

whole research process.

Chapter 5 – Focuses on providing results of the research without some specific conclusions. It informs

readers about raw data such as who were the participants, usage of biometrics and m-payments, all

results for 3 tested authentication methods, and results for final 2 questions (whether other biometrics is

desired and whether biometrics or traditional authentication method is more secure).

Chapter 6 – Could be considered as chapter which provides in depth reflections and discussions to the

raw data from the previous chapter. In addition, it looks at differences in age, gender, education, and

experience with the technologies. Finally, as in reality the world was at the time of writing experiencing

a pandemic situation, relation of this project to that is presented too.

Chapter 7 – Attempts to to provide accurate results of the whole research and compare them with the

reality. As first, the findings which this project has are directly compared to the current literature. Then,

the research questions are answered.

Chapter 8 – Includes conclusions of the whole project and suggestions for future research that could be

performed in this domain.

5

CHAPTER 2

Background

Background chapter is providing basic information about the topic which is biometrics during

m-payments. Firstly, background about biometrics is given. Secondly, the actual need for biometrics in

m-payments is presented. Lastly, as this thesis attempts to detect user-acceptance of biometrics while

performing m-payments, user-acceptance frameworks are introduced.

2.1 Biometric Technology

Biometrics technology can be defined as “a way of personal identification using the phycological or the

behavioural characteristics” (Awad, 2012, p.524). Moreover, biometrics is already widely known and

implemented technology for authenticating people (Turkmen & Degerli 2015, Blanco-Gonzalo et al.

2019, Paiva et al. 2017, Awad 2012). Actually, Okoh et al. (2017, p.187) state that “ancient people were

aware of the uniqueness of individuals’ fingerprints because of the discovery of fingerprints on ancient

archaeological artefacts”. Nevertheless, its popularity has recently risen largely due to extended

implementation within mobile platforms (Blanco-Gonzalo et al. 2019, Paiva et al. 2017, Zirjawi et al.

2015, Ogbanufe & Kim 2018) as well as need in healthcare (Okoh & Awad, 2015), law enforcement

and other sectors (Paiva et al. 2017, Yang et al. 2019, Ogbanufe & Kim 2018). Especially in health care

it “has proved to be very compelling for the health industry due to the many benefits it affords the

industry” (Okoh & Awad, 2015, p.92). It is an automated method which can authenticate a person using

physiological or behavioural characteristics (e.g. face recognition, fingerprint, skull structure, DNA

matching, handwriting, iris, hand vein, voice) (Turkmen & Degerli 2015, Jadhav et al. 2015, Blanco-

Gonzalo et al. 2019, Martinovic et al. 2017, Zirjawi et al. 2015, Ogbanufe & Kim 2018). Hence, in

comparison to more traditional methods (i.e. something user has – like a token or smart card and

something user knows – like a password or PIN) this method is all about what a user is. The focus on

the authentication process is therefore between a user and a biometric sensor (e.g. fingerprint sensor)

6

which needs to be of high quality in order to provide effective and useful authentication method

(Blanco-Gonzalo et al., 2019). Biometric authentication method has two phases. Firstly, the sample has

to be enrolled into a database and secondly, the verification is performed on-demand where scanned

sample and sample from a database are compared (Malathi & Jeberson 2016, Ogbanufe & Kim 2018).

Banks and other financial institutions are already using or experimenting with various kinds of

biometrics implementations into electronic-payments or other relevant services such as: contactless

payment card with fingerprint sensor, face or voice recognition for authenticating cardholders, or

electronic signatures by finger vein (Turkmen & Degerli, 2015). Additionally, there are many other

alternatives to widely deployed methods (i.e. fingerprint, face, iris, voice) being developed and tested

such as gait recognition, knuckle recognition, forehead recognition, or facial sketches (Blanco-Gonzalo

et al., 2019). It is also worth mentioning that biometrics have their drawbacks too. Their accuracy can

change with environment, ageing of a user, user position, or other influences (Paiva et al. 2017, Zirjawi

et al. 2015). Additionally, they still can be compromised or forged (Paiva et al. 2017, Ogbanufe & Kim

2018) – e.g. a fingerprint can be stolen using a synthetic material (e.g. gelatin) (Paiva et al., 2017).

2.2 Need for Biometrics in M-Payments

There are issues with the traditional authentication methods (e.g. password or PIN) which are being

widely used for electronic authentication at the moment. Some of the main problems are: (1) they are

hard to remember if they are supposed to be difficult to crack; (2) there are increasingly more accounts

with credentials required for an average user; (3) they need to be regularly changed if they are

supposed to remain secure and confidential (as theoretically every password can be cracked the

question always is how much time it will take). The solution to these problems seem to be relatively

easy. There are three types of authentication: something you know (e.g. password or PIN), something

you have (e.g. smart card or token), and something you are (e.g. fingerprint or face). Something user

knows on its own is mostly as secure as the actual password (e.g. “12345678” can be cracked in

seconds while “fT5h*m9k_p2G” could take years to crack but is much harder to remember). To

improve this method an alternative is used, namely something user possesses. Usually this is something

like a smart card which proves user’s identity. But this can be lost or stolen relatively easily and hence

on its own is also not a very secure method. Even stronger method being used is so called two factor

7

authentication which means that both factors are used – something user knows and has (e.g. password

with smart card). Though this method is not exactly user-friendly and is rather used in areas where

higher authentication level is required (e.g. server room or remote access to a bank account). The third

method is something the user is (also known as biometric authentication) which can be considered as

the most secure out of these because it cannot be forgotten, lost, and often not even stolen (e.g.

fingerprint). Awad & Baba (2012, p.129) believe that “biometric authentication compensates some

weaknesses of token- and knowledge-based authentication”. Hence, it could be considered as an

improvement. Nevertheless, this method also possesses some drawbacks too (e.g. cannot be changed

when compromised – e.g. fingerprint scan picture) and therefore the most usable one (i.e. most secure

and user-friendly) needs to be selected and deployed widely.

Biometric authentication is becoming part of our daily lives. This phenomenon has several reasons and

some of them are: (1) biometric sensors (e.g. fingerprint scan or high-quality camera) are being widely

implemented into daily objects (e.g. smartphone or laptop) and are compatible with more and more

software inside these smart devices (Buckley & Nurse 2019, Ogbanufe & Kim 2018); (2) furthermore,

these devices are becoming cheaper and of higher quality, hence more available to general public

throughout the world (Marinkovic & Kalinic 2017, Zirjawi et al. 2015); (3) users need to have many

accounts on the Internet (as we are more and more reliable on this medium) for communication with

various institutions (e.g. banks, government, electricity provider, telecommunication provider, etc.) and

therefore have to manage many passwords that we can forget (Buckley & Nurse, 2019); (4) increasing

number of users paying with a smartphone instead of a credit/debit card (Liébana-Cabanillas et al.

2018, Okpara & Bekaroo 2017). Hence, it can be seen that biometric authentication is becoming very

popular and widely used on a daily basis. Therefore, to be able to grasp the actual user acceptance a

particular method for its collection had to be selected.

2.3 User-acceptance Frameworks

There are multiple ways in which user acceptance can be measured. The common goal is to determine

whether users actually find the technology useful and easy to use, meaning they will actually use it on a

daily basis. However, for a more detailed analysis, some matrix or framework is needed. A number of

methods for this purpose exist such as:

8

• Theory of Reasoned Action (TRA) (Jayusman & Setyohadi 2017, Tao et al. 2019,

Alrawashdeh et al. 2019, Kencebay 2019, Hong et al. 2018, Adnan et al. 2018),

• Theory of Planned Behaviour (TPB) (Jayusman & Setyohadi 2017, Tao et al. 2019,

Alrawashdeh et al. 2019, Hong et al. 2018),

• Technology Acceptance Model (TAM) (Jayusman & Setyohadi 2017, Tao et al. 2019, Huang

2020, Alrawashdeh et al. 2019, Kencebay 2019, Hong et al. 2018, Adnan et al. 2018), or

• Unified Theory of Acceptance and Use of Technology (UTAUT) (Huang 2020, Alrawashdeh

et al. 2019, Nugroho et al. 2018, Kencebay 2019, Adnan et al. 2018).

While TPB and TRA are focused more on psychological aspects of humans, TAM works with external

factors that are more closely reflecting practical implications in technology design and implementation

(Tao et al., 2019). Moreover, TAM consists of robust tools which allow understanding user perception,

namely perceived ease of use (PE), perceived usefulness (PU), attitude (A), and behavioural intention

(BI). These are considered as core TAM parts (Huang, 2020). Additionally, TAM is considered as the

most widely used model for technology acceptance (Tao et al. 2019, Hong et al. 2018) which usually

accounts for approximately 30-50% of IT acceptance (Tao et al., 2019).

Nevertheless, UTAUT is considered as the modern theory (Alrawashdeh et al. 2019, Nugroho et al.

2018, Kencebay 2019). It was developed based on multiple theories including TAM, TRA, and TPB

mentioned above (ibid) and therefore could be considered as a successor of these (Hong et al., 2018). It

groups similar constructs which were present in other theories under social influence, performance

expectancy, effort expectancy, and facilitating conditions (ibid). It also added a set of moderators which

could affect relationships between just mentioned constructs. These are: voluntary, experience, gender,

and age (Alrawashdeh et al. 2019, Nugroho et al. 2018). The model could be regarded as a tool for

assessing adoption of new technologies and predicting the level of system acceptance among end-users

(Nugroho et al., 2018). It is considered to be explaining up to 70% of users’ intention to use particular

new system (ibid). Additionally, UTAUT has been commonly applied in IT systems like mobile

banking (Adnan et al., 2018), hence can be considered as an appropriate method for this study.

9

CHAPTER 3

Literature Review

The general topic which this thesis focuses on is biometric authentication. To specify it a little further

the research is focusing on biometric authentication when performing mobile payments (also known as

m-payments) which have recently boomed worldwide and fingerprint authentication of payments is

being already conducted in many countries around the world. However, there are also many

alternatives (e.g. gait, iris scan, facial recognition, etc.) that are being considered for m-payments and

some of them are possibly even more secure and more convenient for use. To better explain the

biometric identifiers, they are biologically unique data that are able to identify a person. In other words

the “sample” must contain some data (e.g. fingerprint scan) which are unique to a person. At first the

sample is provided to application which will use it as authentication in the future (just like setting up a

password). Then, when the person wants to authenticate to the application, his finger (which has its

scan stored in the application’s database) will be compared to scan provided at the time of

authentication. Ideally, only a person “owning” the finger is therefore able to authenticate as a

legitimate user. Other popular biometric authentication methods include: voice recognition; face

recognition, iris recognition (unique part of an eye); and palm vein. Nevertheless, at the time of writing,

fingerprint scans are the most used method of biometric authentication for m-payments.

3.1 Methodology

Data for the purposes of this thesis were collected by means of interviews which were conducted

throughout the main part of this study. Nevertheless, it was not the only source of information as much

relevant knowledge was gathered using existing research and literature. Such sources were accessed

through Luleå University of Technology’s library which provides access to multiple respected

databases of journals, articles, and studies (e.g. Elsevier, IEEE, Springer, EBSCOhost) as well as

Google’s database known as “Google Scholar” which provides access to multiple reliable papers

relevant to this study.

10

There are a few usable and widely known frameworks for conducting a literature review but the one

presented by Brocke et al. (2009) has been found as the most reasonable because it presents logical

workflow when performing a literature review that could be applied to this thesis. As a first step (1) the

scope needed to be determined – “biometrics in m-payments”; then (2) conceptualisation of the topic

took place – “analysing and improving end-users’ acceptability”; continuing with (3) literature research

and gathering materials that seem relevant for the selected topic. Once a large pool of material was

gathered (4) it was needed to analyse and synthesise gathered material in a greater detail to determine

sub-topics that are to be discussed and which material belongs to which sub-topic. Upon reaching more

than 30 journals and conference papers only truly relevant ones were selected based on gist reading.

These were then divided into two major topics, namely mobile payments and user acceptance in m-

payments. Finally, (5) agenda needed to be written to have a plan on how to move forward. The actual

process was to read, in a greater detail, selected papers and write both sections mentioned in step 4

separately based on findings in each paper. It is worth mentioning that Brocke et al. (2009) are

suggesting to focus only on few most relevant sources to ensure the value to the community as too

many journals can be confusing. However, the main topic selected (biometric authentication in m-

payments) is quite general and hence could benefit from having a wider grasp. Therefore more sources

are presented in this thesis’ literature review. Additionally, the taxonomy provided by Brocke et al.

(2009) helps to better focus on the planned approach and therefore can be found filled out according to

this thesis needs in the following table.

Table 1: Brocke et al. (2009) taxonomy applied to this thesis

Focus (Existing) Research outcomes + Theories (i.e. what is the current situation and how could the future look like)

Goal Investigate the challenges and solutions of using biometrics in electronic payments in the near future. Analyse and identify gaps in existing research regarding the selected topic.

Organisation Conceptual + Methodological

Perspective Neutral representation

Audience Specialized scholars

Coverage Exhaustive

11

In order to provide a summary of what actually was performed throughout the process of writing the

literature review for this thesis the following list presents the performed steps respectively:

• Planning

◦ Determining the scope (i.e. the main topic)

◦ Conceptualisation of the topic

• Gathering material from high-quality sources

• Analysing and synthesizing gathered material

• Writing a literature review

3.2 Mobile Payments (m-payments)

This section consists of multiple parts as it is quite extensive. Firstly, as an introduction, the current

situation in m-payments domain is provided. Secondly, the major challenges that m-payments have,

when it comes to biometric authentication, are provided. Thirdly, as there are many factors influencing

end-users’ willingness to use m-payments and biometric authentication, the final section discusses these

influences in a greater detail.

3.2.1 Current State of the Art

As technology trends are significantly influencing the future of the user interaction with biometrics

(Blanco-Gonzalo et al., 2019) it is worth researching further how users are coping with these trends in

their smart environments (e.g. smartphones). This is so that problems with current methods can be

identified and possibly better alternative(s) detected. Blanco-Gonzalo et al. (2019) also emphasise that

more and more people are using biometric applications daily as old authentication methods like PIN or

password are slowly becoming unpopular due to security issues and are likely going to be substituted

with biometric authentication in the relatively near future. Additionally, more and more mobile devices,

by design, are being sold with built-in high quality biometric sensors and therefore are becoming

cheaper and more accessible to the general public.

12

Liebana-Cabanillas et al. (2018) have discussed “Mobility Report” (done by Ericsson in 2016) which

shows that 7300 million mobile line subscriptions have existed at the end of 2015. At the time, it was

almost the same amount as the world’s population. Hence, today it is possible to estimate that there are

more mobile phones than there are people in the world and currently it is also possible to pay with

tablet, laptop, or smartwatches using biometrics. Nevertheless, not every mobile phone is a

“smartphone” so this statistic is not showing an actual number of devices capable of conducting m-

payments. It should rather prove that the number of users that are having a device capable of

performing m-payment is growing. For example Liebana-Cabanillas et al. (2018) mention that NFC

(Near Field Communication) technology, which is by means of radio waves allowing in-person

transactions using smartphones to be conducted, is estimated to reach 490 million by the end of 2021.

Ogbanufe & Kim (2018) believe that electronic payment solutions (e.g. Samsung pay or Apple pay) are

the key financial technology applications. In 2016 the web transactions have climbed by 12% (growth

of 4.6 billion transactions) and this sphere is expected to grow more (Ogbanufe & Kim, 2018). Hence,

it can be seen that the focus has recently targeted the adoption of mobile devices into the process (e.g.

smartphones, smartwatches, or tablets). For Ogbanufe & Kim (2018) the most important m-payments’

topic is security. Basically the experts in this field seem to agree that, to improve the security,

traditional authentication methods (i.e. PIN and chip based credit card) are being substituted by

biometrics which seems to be a better alternative.

3.2.2 Challenges

Blanco-Gonzalo et al. (2019) believe that creating algorithm that would be suitable for all kinds of

smartphones [considering size, shape, operating system, capturing sensors (e.g. camera or fingerprint

sensor)] is a major challenge that needs to be addressed. Weather conditions can also affect biometric

scans’ results as e.g. northern countries have on average much different conditions than southern

countries. But at the end of the day, from end-users’ perspective, these challenges are considered to be

the crucial ones according to Blanco-Gonzalo et al. (2019): (1) the actual time that users need to spend

on authentication (the longer the worse), (2) ergonomics of the device and/or scanner (i.e. the physical

size or need for additional external hardware), and (3) user acceptance (which will be discussed in

greater detail later).

13

Continuous authentication is also a viable topic and quite possibly a challenge too as such method

would constantly check for the authenticity of a user and therefore improve the security by a large

margin (Blanco-Gonzalo et al., 2019). As smartphones have multiple sensors, creating a so-called

behavioural profile is possible and can be used for continuous authentication. Authors further

emphasise that such method needs to be unobtrusive as users’ experience can quickly deteriorate if

multiple requests for re-authentication are needed (ibid).

Ogbanufe & Kim (2018) believe that biometric authentication has the following security issues: (1)

whether the data that is used for verification (e.g. fingerprint scan) is indeed coming from a person who

“owns the finger” in real-time (i.e. not as a reproduction by malicious user) and (2) whether the

authentic sample (in this case fingerprint scan) will match the sample stored in the database (i.e. to

achieve high match rate). These issues cover operational as well as legal and regulatory challenges.

Additionally, the protection of a database which has authentic samples stored is also crucial because

fingerprints (unlike passwords) cannot be changed when compromised (Ogbanufe & Kim, 2018).

Hence, the possibility of having two factor authentication could be considered as the most secure and

most appropriate method.

Trappey et al. (2016) were evaluating two major mobile payments providers in Asian area (namely

Alipay and Amazon). The research detected that the goal for performing authentic payments was to

protect merchants and customers from unauthorized access and modification of data. This is perhaps

because the high increase in mobile payments have brought increased risk of fraud activities as there

are many poor quality e-shops which are quickly spreading and customers are not always as cautious as

they should be. Moreover, a related media report showed that 55% of customers are worried about

transaction security and lack awareness of their consumer rights. These are quite significant challenges

which are affecting end-users’ acceptance and need further attention. Finally, it is interesting to state

that both researched major mobile providers have approached this situation differently. Alipay

(enterprise #1) decided to use biometric authentication to identify individuals while Amazon (enterprise

#2) opted for using proximity mobile payments and therefore focused on using offline commerce

model (ibid). Hence, it can be seen that an ideal method(s) of authentication is still being detected and

perhaps even multi-factor authentication is an option (whether that is one biometric and one non-

biometric factor or both biometric factors).

14

3.2.3 Influences

According to Liebana-Cabanillas et al. (2018) the major influences, based on their research in Spain,

for using m-payments are: perceived usefulness; perceived ease of use; subjective norms of the already

mentioned influences; mobility; personal innovativeness; and perceived security. It is worth noting that

perceived security and perceived usefulness were the most important ones in their research. Hence, it

can be said that focusing on end-users’ knowledge about the advanced security mechanisms used and

focusing on end-users’ experience when using the devices for m-payments are crucial for this method

of payment to be considered successful.

Ogbanufe & Kim (2018) mention that trust is also considered as an important factor as their findings

show that individuals who are using biometrics for a payment on an online store do trust it more than

those who use credit/debit card (with or without PIN). Hence, implementing such method of

authentication could increase e-shops sales and therefore they are likely to implement and start using it.

However, the research in this sphere is quite narrow and further insights to this topic are required for

finding more precise data (Ogbanufe & Kim, 2018).

Okpara & Bekaroo (2017) have looked at mobile wallets (known as m-wallets) which are also part of

mobile commerce that are slowly substituting traditional credit/debit cards and can be used for m-

payments. Their research focused on using cameras for fingerprint authentication as solid fingerprint

scanners are still not widely deployed on smartphones due to their financial cost. This shows that price

is also one of the important factors which affects end-users’ choice of purchasing smartphones (and

therefore device capable or not capable of various biometric authentication methods) along with a need

on the market for cheaper alternatives. Hence, they are suggesting a hopefully improved (or at least

more convenient and low cost) alternative version of existing biometric authentication method that

could be widely used. Nevertheless, based on the results of the tests they have conducted, it seems that

only around 65% of respondents would use “Cam-Wallet” again. Quite huge number (~34%) also

found the method difficult to use overall. Therefore, in comparison to fingerprint scanner, these results

show that this method of authentication is not good enough for the end-users to accept it.

15

3.3 User Acceptance in M-Payments

Rad et al. (2017) have investigated existing (particularly 330) articles regarding IT adoption to identify

existing research gaps and prospective areas for others which can be used for future research. The

reviewed articles were published between 2006 and 2015 (ibid). Majority of reviewed research was

about adoption of mobile technology, therefore it can be seen that smartphones have been trendy topic

for quite some time now (ibid). In order to better grasp the actual usage of biometric authentication a

summary table of multiple authors’ findings is present below.

Table 2: Biometric Authentication usage

Buckley & Nurse(2019)

• A Techpinion study was discussed which shows that 89% of Apple users with a device capable of doing Touch ID are actually using it.

• A company named Deloitte revealed that 79% of all users (using any mobile device including iPhone) in the UK are using fingerprint scanner.

• Additionally, some UK banks (namely Barclays & HSBC) are actively using voice recognition for personal telephone banking customers.

Blanco-Gonzalo(2019) – USA

research in 2012

• A usability evaluation within system usability scale (SuS) was carried out. Users were evaluating the following modalities: face, voice, and gesture as well as password authentication using mobile device. Perhaps not surprisingly, passwords were considered as the most user-friendly method with 78%, followed by gestures (77%), and face recognition (75%).

Blanco-Gonzalo(2019) – USA

research in 2015

• A survey which had 589 respondents investigated the feeling before and after the usage of three fingerprint sensors which were part of a smartphone.◦ The most important result was that ergonomics is very important when

it comes to user acceptance.◦ Moreover, perhaps due to the complexity of such method of

authentication, responses showed distrust in using biometrics for high security tasks (e.g. banking transactions).

Blanco-Gonzalo(2019) – SouthKorea research

in 2015

• A research was looking into the reason why users do or do not use Android’s Face Unlock and Apple’s Touch ID (selected as the most popular unlock methods using biometrics at the time of conducting the survey). All 3 types of users (active users, former users, non-users) were part of the pool of 383 respondents and the results showed that the usabi-lity has bigger influence on users in comparison to privacy and security.

The results visible in the table above show quite a few interesting findings. Buckley & Nurse

(2019) seem to be showing that fingerprint scanning is widely accepted authentication method.

16

Blanco-Gonzalo (2019) have taken a look into multiple researches which were focused on user accep-

tance of biometric authentication. Firstly, the USA research from 2012 shows that even though the

results are very tight it is visible that users still like passwords the most. Secondly, the USA research

from 2015 emphasised the importance of ergonomics and has pointed out to the importance of end-

users’ perception for high security tasks. Finally, the South Korea research from 2015 highlights that

users are likely to use method that is perhaps not as secure but easy to use – e.g. fingerprint scanning.

Buckley & Nurse (2019) have also conducted their own survey (282 participants) which shows that

users believe that situations in which they encounter with a bank is one of the fields which requires the

highest security measures. Additionally, fingerprint authentication was perceived as the most secure

authentication (out of 10 presented). The authors also point out that fingerprint authentication, which is

used in smartphones, could be relatively easily compromised. Hence, the need for informing the

general public about alternative (possibly more secure) biometric authentication methods. Finally,

perhaps the most alarming finding from their survey was that 83% of respondents believe that

biometric authentication methods are as secure as passwords. Biometric authentication is supposed to

improve authentication of individuals yet majority of them consider it at around the same level as

traditional methods. There certainly is some space for improvement in this area.

In order to improve users’ acceptance of biometric authentication and, as a result, improve security of

their accounts user requirements have to be thoroughly analysed and improved based on the findings.

The following table summarizes user requirements which have been collected:

Table 3: Biometric Authentication user requirements

Zirjawi et al.(2015) – focuson finding user

requirements forIRIS

authenticationon smartphones

(139respondents)

• Stress the importance of data protection on smartphones (whether that is health information, personal identifiers, or financial data). They further state that biometric authentication (most frequently fingerprints and IRIS scans) are being nowadays used for this protection.

• The biggest challenges that authors saw were: (1) various environments (as mobile phones can be used anywhere), (2) difficult to hold smartphone steady (resulting in low-quality scans), and (3) rear cameras are by design better than front cameras which do not present visual feedback.

• Respondents consider data security and personal privacy on smartphones as very important.

• Users do not trust face and ear recognition techniques.• From criticality perspective, fingerprints seem most critical.• Restrictions such as “taking off the glasses”, “moving the smartphone”, and

“moving the eye” were considered as acceptable obstructions while “move to get a perfect light” could be seen as unacceptable.

17

Marinkovic &Kalinic (2017)

– focus onsignificant

driversdetermining

user satisfactionin mobile

commerce (224respondents)

• M-Commerce is one of the fastest growing businesses nowadays and it consists of approximately 35% of all e-commerce transactions worldwide (the world leaders are: Japan, UK, and South Korea respectively).

• P erceived usefulness and perceived enjoyment (i.e. the actual user experience and convenience) are having the highest impact on customer satisfaction.

• Mobility and customization were also considered as very important though itis worth saying that trust was weakened with increase in customization.

• The major identified barrier for faster deployment was lack of consumer-perceived privacy and security.

Rad et al.(2017) – focus

on investigationof 330 articles

(publishedbetween 2006

and 2015)regarding IT

adoption

• Majority of reviewed research was about adoption of mobile technology, meaning it can be seen that smartphones have been a trendy topic for quite some time now.

• Two key factors (out of 26) which were evaluated the most are: perceived usefulness and perceived ease of use.

• On the third place (with almost half of articles in comparison to the second place) was attitude followed by trust.

• It is worth noting that, when considering only findings relevant to this thesis,perceived risk was on the 8th place; security was 16th, perceived cost was 20th, and privacy was on the last (26th) place.

The user requirements which Zirjawi et al. (2015) have gathered are mostly mentioning the actual use.

They detected challenges that developers must fulfil for end-users to be willing to use IRIS scan for

authentication. Moreover, they present obstructions which are acceptable as well as ones that users are

not willing to cope with, hence could be determinant of whether they will or will not use the

technology. Additionally, there are biometric authentication methods that users simply do not trust.

Marinkovic & Kalinic (2017) agree with Zirjawi et al. (2015) that the actual use is very important. In

other words they state that perceived usefulness and perceived enjoyment have the highest impact on

customer satisfaction. The authors also present suggestions for solving identified barriers. They suggest

to provide consumers with sufficient information about privacy protection, technology security, or

charging policies. Basically recommendations on how to use the technology safely and why it is safe

are needed. As to the customer privacy protection, unauthorised intrusions are unacceptable and need to

be avoided to the greatest extent possible. Hence, the recommendations are to use encryption and

modern authentication methods like fingerprint scanning. Once multiple security measures are

implemented consumers could be informed about it by means of various e-commerce trustmarks. And

finally, feedbacks from customers need to be taken, reviewed, and systems improved based on that

continuously so that end-users consider systems as secure and private and will be happy about using

them in their daily lives.

18

The findings presented by Rad et al. (2017) are showing the evolution of requirements that users have.

Quite surprisingly privacy was not investigated much in the past but in the last few years it seems that

this domain is more relevant to the end-users. Security would likely be also positioned higher but it is

interesting that perceived usefulness and perceived ease of use seem to be still the most relevant fields

for users (regarding IT technology) in the past decades. Hence, they also agree with what Zirjawi et al.

(2015) and Marinkovic & Kalinic (2017) have found out.

3.4 Research Gap Analysis

It seems that m-payments traditional authentication methods are becoming obsolete and insecure.

Biometric authentication appears to be the solution to this challenge. Multiple authors agree that

biometric authentication is most likely an improvement to passwords, PINs, tokens or other “something

user knows & has” methods which are widely used today (Hemphill & Longstreet 2016, Adegboye

2015, Ogbanufe & Kim 2018, Malathi & Jeberson 2016, Trappey et al. 2016, Liebana-Cabanillas et al.

2018). Smartphones can be nowadays used when paying at POS-terminal and there are also solutions

which use smartphones to verify online transactions. Liebana-Cabanillas et al. (2018), Ogbanufe &

Kim (2018), and Blanco-Gonzalo et al. (2019) agree that the usage of smartphones’ m-payments will

steadily grow. Hence, the aforementioned predictions have solid foundation to become reality.

User-acceptance is one of the most important domains which determines whether a particular

solution becomes widely used or not. This is because if users do not like the solution enough they will

most likely opt for alternatives. Reviewed articles agree that security and ease of use (including

high match rate, ergonomics, time required) are the most important factors that end-users

require (Blanco-Gonzalo et al. 2019, Ogbanufe & Kim 2018, Liebana-Cabanillas et al. 2018,

Alqudah 2018, Szopinski 2016). Fingerprint authentication is, at the time of writing, one of the most

used biometric authentication method in m-payments. However, the research which has been conducted

in this field presents that the users are quite confused about this authentication method. This is because

they do not know how it works (Buckley & Nurse 2019, Blanco-Gonzalo et al. 2019), it can be fooled

by malicious users (i.e. not the most secure biometric authentication method) (Buckley & Nurse 2019,

Martinovic et al. 2017), and a significant portion of users believe it is as secure as passwords (Buckley

& Nurse, 2019).

19

On the basis of the above literature review, there are some gaps which deserve more attention and

further research would be beneficial. These are: (1) what is the current acceptability level of biometrics

in m-payments?; (2) what are the reasons behind the current acceptability level?; (3) what can be done

to improve end-users’ awareness of biometric authentication methods (how they work, why they are

secure)?; (4) can two-factor authentication (as an alternative to existing biometric authentication

methods) with one factor being biometric be widely used (i.e. do users accept it as secure and easy to

use) for m-payments? These questions have been thoroughly considered and discussed to find thesis

research questions which would be most beneficial for the general public as well as academic audience.

Hence, section “1.2 Purpose and Objectives” above presents the main goals of the thesis followed by

section “1.3 Research Questions” which lays out the research questions in a greater detail.

The gaps identified above can be meaningfully used for this thesis because the way in which this

research was conducted is unique and adds value to the state of the art. To discuss the added value in a

greater detail, following the same order of questions as in the previous paragraph, here are the reasons

elaborated: (1) The current acceptability level using UTAUT framework has not been found to be

conducted before and there are also likeability questions as well as some additional ones (which add to

the uniqueness of the research too) to gather a lot of details by which the acceptability level could be

gathered in depth. (2) The statements just mentioned also helped gathering reasons for the current

acceptability level and because of the way questions were raised the outcomes can be considered

unique too. Additionally, as there were multiple authentication methods evaluated, the reasons for each

authentication method are presented and most interesting differences are given in detail too. Such

detailed comparison was not seen in the reviewed articles. (3) Once the reasons behind current

acceptability level were determined these could then be used to detect ways in which user-acceptability

could be improved. As this research took all gathered data into consideration majority of the answers to

this question are new to the state of the art and therefore could bring much value for future of

biometrics in m-payments. Finally, (4) none of the reviewed articles have performed a test where

fingerprint authentication would be combined with PIN to make 2FA for m-payments. Hence, answer

to this question could also bring much value because such method could be considered useful for end-

users and hence be implemented in the future to increase number of end-users using biometrics for m-

payments. The reasons why this method would be beneficial as well as answers to other research

questions are presented in the results chapter (section “7.2 Research Questions Answered”).

20

Answers to the research questions which were risen in the literature review and are also the main goal

of this research, are adding some more value to the current state of the art. Therefore the following

unordered list discusses these:

• Firstly, a rather simple addition, it provides another new and up-to-date (as it was conducted in

2020) research which looks into already researched topics such as: whether people believe

biometrics is more secure than traditional methods of authentication, what are the most

important factors to start using biometric for m-payments, what is the actual user-acceptance,

what is the actual usage, perceived security, perceived ease of use and many others but this

research looks at them from a little different perspective. In other words as it took place in

Central Europe (which is not very usual geographical location for finding out public’s opinion)

it gives insights on people from this particular area. For some researched areas (e.g. whether

people believe biometrics is more secure than traditional methods of authentication) the

difference between current state of the art and results of this research was quite significant.

• Secondly, direct comparisons in all researched areas between fingerprint and face recognition

authentication methods are present. The researched articles have not provided such a direct

comparison and therefore did not provide much data into why actually fingerprint

authentication is much more popular. Moreover, some comparisons with one possibly new

method of authentication are given too.

• Thirdly, largely due to the pandemic situation which was happening in the world at the time of

writing, one section (“6.9 Relation to Current Covid-19 Pandemic”) is solely focused on the

relation of m-payments with possible issues that could come with illnesses being spread with

human contact. As human race did not go through similar event for a relatively long period of

time (roughly more than 50-60 years) it forced humanity to start considering various areas of

life from a new and/or different perspective (e.g. contactless m-payments).

21

CHAPTER 4

Research Methodology

In order to provide relevant reasons for current acceptability level and suggestions for improvements of

biometric authentication in m-payments, a thorough investigation of user-acceptance needed to be

carried out both systematically as well as scientifically. In other words one must have conducted a

research. This thesis focuses on understanding the perception of users when conducting m-payments

using biometric authentication on their smartphones. Hence, a selection of appropriate research

methodology for data analysis had to be chosen so that research is performed in a scientifically

approved way and results are academically relevant. This had been performed in a way where multiple

methodologies, namely qualitative, quantitative, design science, and case study, were reviewed and the

ideal one, for the purposes of this thesis, was selected. The most important data of this selection are

given here. Specifically, qualitative approach was chosen because its features such as generalizable to a

situation, being exploratory and inductive, attempting to interpret the behaviour, and ending with

hypothesis & theory are all features of this thesis too. Hence, following this approach was perhaps

more a necessity rather than a choice. Nevertheless, some aspects of quantitative analysis like numeric

data were used too. As a result analysis of current acceptability level could have been performed.

Suggestions for improving end-users’ acceptability are then presented based on these findings. In

summary, this chapter will present details about how the data was collected, what data analysis method

was used with reasons for that choice, and what activities did the whole research process have.

4.1 Data Collection

The main method of gathering the data was through interviews which were carried out upon

performing testing scenarios where end-users’ have simulated conducting an m-payment. The

following sections discuss more details regarding the interviews.

22

4.1.1 Interviews Methodology

The interviews are one of the most crucial parts of this research as it is the method which gathers the

actual data that is used for understanding the current situation and suggesting improvements. As has

been mentioned above, before each interview’s section (e.g. fingerprint authentication) a testing

scenario was conducted so that an interviewee could test the technology which will be subject of the

actual dialogue. In case respondent was using some of the two biometric methods being researched

testing scenarios could have been skipped. The interviews that were gathered for purposes of this thesis

used a basic questionnaire (Appendix A) as a layout for topics that needed to be covered. This had to be

done for two reasons: (1) so that the flow of conversation is smooth and all important topics are

covered and (2) to gather qualitative data for user experience (i.e. user acceptability) of the already

performed testing scenarios. The design of a questionnaire was conducted in a manner which will

measure satisfaction of users’ using particular biometric authentication methods when performing

m-payments – hence using qualitative data which captures enjoyment by means of a rating scale [e.g.

from 1 (least satisfied) until 5 (most satisfied)]. As for the actual process of performing the interviews,

it was performed using the following steps:

• Planning

◦ Selecting particular testing scenarios (e.g. fingerprint authenticated m-payment)

◦ Preparing relevant and objective questions for capturing user-acceptability of performed

testing scenarios

• Collecting the data (i.e. performing the interviews)

• Analysing the data

• Discussing the findings

4.1.2 Population and Sample

The participants chosen were selected solely based on their physical and social groups. In other words,

as the technology which is designed to serve almost whole population (“almost” because e.g.

fingerprint scanning cannot be used by people who do not have fingers or live in an area without POS

terminals accepting m-payments) and does not require extensive knowledge in any specific field (e.g.

IT or biometrics) the goal was to have mixed interviewees. Meaning various: age groups, gender,

finished education, employment, experience with smartphones, and experience with m-payments have

been asked to participate.

23

An invitation for participation was either sent via a text message (e.g. SMS, WhatsApp, Facebook

Messenger) or by a phone call. If desired by the interviewee, structure of the interview (i.e.

questionnaire) was sent to the potential respondents to help them determine willingness to become a

participant. Upon positive feedback a conversation to agree for meeting’s date and time was performed.

In total, there were 55 people invited for the participation and 52 of them agreed to the interview.

All 52 interviews were done in 14 days spanning from 3rd April until 16th April 2020. Interview times

ranged from 12 minutes to 70 minutes and their average was 30.2 minutes. It is also worth mentioning

that the duration of the interview varies between 12 to 70 minutes as some respondents (e.g. the ones

using biometrics in smartphone for a long time) had very brief answers while others (e.g. the ones who

have never used biometric authentication) had some (or many) questions and also testing scenarios had

to be performed. Please refer to “Appendix B” for the detailed interview schedule.

4.1.3 Interview Protocol

An interview protocol uses both open-ended questions as well as questions which are based on a scale

that represents how an interviewee agrees to a statement – i.e. “1” which means “strongly disagree”

upwards until “5” which means “strongly agree”. Please refer to “Appendix A” for the full interview

protocol. The protocol had 39 questions which allowed to understand end-users’ feelings about various

kinds of biometric authentication methods. The protocol had been developed in a way for each

interviewee to need to answer every question.

The first section asks about interviewee background, followed by section which goes through

researched three biometric authentication methods of m-payment (namely fingerprint authentication,

facial recognition, and two factor authentication consisting of fingerprint authentication with PIN) and

attempts to gather end-users’ feelings about them. Additionally, it is worth mentioning that questions

using “strongly agree – strongly disagree” scale are present to follow UTAUT framework (introduced

in section “2.3 User-acceptance Frameworks” above). In other words, these questions were aiming to

understand end-users’: social influence, performance expectancy, effort expectancy, and facilitating

conditions. Finally, the last part is designed to find out some final comments and perception regarding

biometric authentication in m-payments.

24

This method of data collection was used to address the first two research questions (i.e. Q1 & Q2) and

also to gain required input for being able to answer the third research question (i.e. Q3). Moreover, to

improve the chances of achieving these objectives each interview began with explaining reasons behind

this research. This allowed setting the tone and importance of the interview and most likely led to more

thoughts from the respondents when answering the questions as well as appreciation of their

involvement. Finally, the structure of the interview was presented and option to ask questions freely

during the interview was mentioned.

All interviews were done virtually (i.e. via the Internet using video conference) one-on-one with both

participants being in a calm environment where focus to the discussions could have been achieved

without external influences. All 3 testing scenarios were also conducted via the Internet and they were

performed as follows. In case person did not pay using m-payment before the way how it works was

explained to him/her in detail. In case person already used fingerprint authentication and face

recognition during an m-payment there was no need for testing scenario and this parts were skipped. In

case one of the two or both were not used by the respondent before, the one(s) not used before

was(were) tested. The test was mostly performed in a way where respondents configured particular

authentication method on his/her own smartphone and simulated an m-payment (imagining paying at

POS terminal in a physical shop). For the remaining few who did not want to do it on their smartphone,

the author of the thesis previewed its usage on Android device Xiaomi Redmi Note 8 Pro via the

camera (so that respondent could see). All respondents stated that they had experience with two factor

authentication (as it is used in Internet banking in most likely all banks in Slovakia – password and

OTP via SMS), therefore only asking them to imagine paying at POS terminal in a physical shop using

fingerprint (which they tested for sure by now) and PIN (used by all of respondents by means of credit

or debit card) was performed. Users were informed that both finger and PIN needed to be inserted on a

smartphone (not on POS terminal).

Additionally, as interviews were chosen instead of a questionnaire, it allowed better understanding and

appreciation of instant feedback presented by end-users upon finishing the testing scenarios. These

were performed based on the protocol’s flow meaning fingerprint authentication scenario was

conducted upon which all questions relevant to this method of payment were asked before moving to

facial recognition testing scenario and two factor authentication.

25

4.2 Data Analysis

Following qualitative approach is believed to be the ideal way to determine the current acceptability

level of biometrics in m-payments. Nevertheless, a thorough justification of this selection has not been

mentioned yet. Therefore the following paragraphs will discuss it and other research methods in a

greater detail so that the appreciation of the selection can be grasped better. It has been decided that a

comparison table will layout the differences between qualitative and quantitative analysis in the most

effective way, hence the table below is attempting to allow readers better appreciate the chosen method

and its differences with quantitative analysis. It is worth noting that not all existing differences are

listed in the table but a selection of the ones that are most relevant to the selected topic of this thesis are

presented. Additionally, later in this section, justifications on why this research did not follow design

science research or case study research methodologies are given too.

Table 4: Qualitative vs Quantitative approach(Landrum & Garza 2015, Chronéer 2019, Ståhlbröst 2019)

Concept Qualitative approach Quantitative approach

Core functions Exploratory and Inductive(observation → pattern → hypothesis

→ theory)

Confirmatory and Deductive (theory→ hypothesis → observation →

confirmation)

Type of data Non-numeric Numeric

Generalizable.. ..to a situation or case ..on a broader scale

Answers Why? How? Who? How many? When? Where?

Behaviour Interpretation of behaviour Prediction of behaviour

Hypothesis & theory Ends with hypothesis & theory Begins with hypothesis & theory

Time to conduct Time consuming Efficient

The Table 4 above presents some of the main differences which need to be now applied to the current

study. The following section discusses qualitative data features mentioned in the table above in context

with this project’s research aims and therefore shows why the aforementioned concepts are more

inclined to qualitative approach.

• Core functions

◦ Exploratory – The goal is to understand common reasons for the current acceptability level

of biometrics in m-payments. Meaning, once it is understood an attempt to explain the

reasons follows, based on which possible strategies for improvement will be created.

26

◦ Inductive – The steps are: observe end-users performing m-payments using biometrics, find

patterns that they have in common, perform hypothesis on why the users did what they did,

and provide theory on how end-users’ acceptability could be improved.

• Type of data – Many questions which will be used in interviews will be open ones meaning

each interview could provide different data which will have to be thoroughly analysed to see

common characteristics (i.e. non-numeric). Nevertheless, significant portion of data will be

numeric as e.g. question “How did you like m-payment authenticated by fingerprint on scale 1

(terrible) to 5 (excellent)?” will provide numerical output.

• Generalizable – The research is focusing solely on m-payments by means of smartphone.

Meaning the research is generalizable to a situation or case.

• Answers – What is the current acceptability level? Why? How can it be improved? Who are the

asked users (e.g. age groups, education, sex)?

• Behaviour – This study attempts to interpret the current behaviour in a “tangible” format which

can then be used for prediction of behaviour once possible strategies to improve end-users’

acceptability are implemented.

• Hypothesis & theory – As can be seen in “Core functions” → “Inductive” section above, this

thesis ends with hypothesis & theory.

• Time to conduct – Due to the fact that the main source of data is by means of interviews,

which have majority of questions open ended, the analysis of findings will be time consuming.

As could be seen above, majority of concepts are belonging to “Qualitative approach” column which

is why qualitative approach is used mainly. Nevertheless, as has been explained for some concepts, the

research is not solely qualitative as it has some quantitative features present. Although it might be seen

as confusing or as a negative for a reader who does not have past experience with these approaches, it

is actually quite usual. Landrum & Garza (2015) mention that both research methods have their

limitations which can be considered as strengths when thought of as complementary. Stahlbrost (2019)

agrees stating that research is more complete when using both methods.

Additionally, some other research methodologies deserve to be mentioned and their justification of why

they are not part of this research should be given too. Firstly, design science research methodology is

being used for solving complex issues or for developing ways on how to solve some problem by means

of an artefact (Genemo et al., 2015). In other words determining activities to accomplish the desired

goal (Mingers 2020, Genemo et al. 2015). Mingers (2020) even mentions IT artefact specifically to

solve organizational problems and Cater-Steel et al. (2019) highlights that the innovative artefacts

should extend the boundaries of humans and organisations’ capabilities. None of these features are

sharing the goals of research questions determined for this project. Hence, design science is not used.

27

Secondly, case study research methodology is also often used for a research. The main goal is to

produce an in-depth account of a case (Ylikoski & Zahle, 2019). In other words it focuses on

meaningful characteristics and holistic approach of real-life events (Verleye 2019, Fabregues & Fetters

2019). Additionally, a case study should give more insights into a complex contemporary phenomena

(ibid). However, this research focuses more on few “cases” (three testing scenarios) (i.e. not just one)

and attempts to: understand reasons of likeability, measure various fields in user-acceptance, compares

differences and similarities between the “testing scenarios” (i.e. biometric methods of authentication),

and suggests strategies for improvement. Moreover, it provides one theoretical scenario (two factor

authentication) which is then compared with existing scenarios which is far from case study research

methodology features. Nevertheless, there are some features which apply to this research too like being

question-driven and the case is naturally occurring phenomenon (Ylikoski & Zahle, 2019).

Last but not least, to provide some existing academic research articles which have used this method or

have used a similar approach, the following authors are worth mentioning:

• Liebana-Cabanillas et al. (2018) have attempted to predict the most significant factors

influencing decision to use m-payments. They have used online questionnaires created in

particular methods to assess these data. Hence, apart from performing actual physical tests the

research method is very similar.

• Ogbanufe & Kim (2018) have performed an experiment to determine perceptions and beliefs of

different authentication methods for electronic payments. They have created a simple website

with 3 different types of authentication (each respondent tried all 3 methods) and then

collected individuals’ feelings by means of questionnaires. Hence, this research method is

almost identical.

• Okpara & Bekaroo (2017) have attempted to create a cheaper alternative to fingerprint scanners.

They have created a prototype (named “Cam-Wallet”) which allowed fingerprint authentication

via camera (not scanner). Afterwards they conducted experiments with end-users and collected

their feedback. These authors have designed and implemented an artefact (which in case of this

thesis is substituted with using existing available resources) but except for that their approach is

also a very similar one.

28

4.3 Research Process

The following section provides readers with step-by-step guidelines on how this research was

performed. This part is important as it provides data based on which understanding of the whole

process and conducted activities (their meaning and workflow) can be achieved.

Activity 1: Motivation

The literature review conducted last year in a different module at the LTU on a trendy topic “Future of

biometrics in e-payments – challenges and opportunities” had been the biggest motivation for this

thesis’ topic. The “Future of biometrics in e-payments” literature review brought to the attention the

current state of the art in this domain and pointed out to the current evolution and perhaps even

revolution in which e-payments are. Hence, the first phase (PH-1) of framework presented by Brocke et

al (2009), which at the time of writing was not conducted by intention to follow particular framework

but just as a logical activity to do, has been applied.

Activity 2: Problem Identification

The result of the first phase (PH-1) pointed out to the need for insights on the actual adoption of

biometrics into m-payments which could completely substitute current traditional methods of

authentication (e.g. PIN) for m-payments and perhaps even other e-payment methods. Hence, the

second phase (PH-2) – conceptualisation of the topic – could have been performed. As has been

mentioned multiple times, this shift of authentication method is considered as an improvement of

security and therefore it is important for end-users’ protection to accept it. The problems have been

therefore identified as whether user-acceptance is at a sufficient level, how can it be improved, and a

comparison of most used biometric authentication methods (namely fingerprint authentication and

facial recognition) along with two factor authentication (combining most used traditional method – PIN

– with the currently most used biometrics in m-payments – fingerprint scanning). Selecting the exact

problem and scope finalised the second phase (PH-2).

Activity 3: Literature Review

Upon the determination of the thesis topic and identification of the problem, the first major phases of

the project could begin. Initially, a hunt for academic papers relevant to the selected research topic was

conducted in phase three (PH-3). A large collection (over 30) of such papers was gathered manually

from multiple respected databases of journals, articles, and studies (e.g. Elsevier, IEEE, Springer,

EBSCOhost) as well as Google’s database known as “Google Scholar”. Then, the next phase (PH-4)

29

focused on selecting only the ones which were directly relevant to the research topic. Additionally, the

papers were divided into reasonable sections so that these could be then used as headings and sub-

headings of the to-be-written literature review. Finally, as the last phase (PH-5), a plan (i.e. agenda) was

written down so that the literature review could be written with ease in a step-by-step manner. Once all

this was done the actual writing of the literature review was performed.

Activity 4: Research Methodology and Planning

Determining the research methodology was carried out in a way where both qualitative and quantitative

methodologies were analysed and the more appropriate one selected. For the purposes of this thesis, as

was described in detail in section “4.2 Data Analysis” above, qualitative approach has been chosen.

Finally, as the last activity before performing the actual research, an initial plan of how the major parts

of the thesis will be performed from a calendar perspective were created so that the progress is well

organised and the chances of achieving the determined goals in time are maximised. This plan, which

was part of the thesis proposal, can be found in “Appendix C”. It is worth stating that this plan was not

fully followed as situation was evolving and changing week by week. Nevertheless, progress was

measured against the plan and it was perceived as useful.

Activity 5: Creating testing scenarios and interview layout (questionnaire)

This activity could be considered as one of the crucial ones. It is because the selected testing scenarios

and questions (with the design in which they were asked) is directly affecting the results of this

research. Testing scenarios were chosen based on current popularity and availability of widely

deployed smartphones’ biometric sensors. Fingerprint sensor, being the most widely used method, was

chosen to find out more details on why it is so popular. Secondly, face recognition, being also widely

deployed into smartphones and daily used by users, was chosen as an alternative that users can

comment on. This is so that their differences and reasons behind each usage are detected. Finally, to

propose one new method which is currently not used for m-payments at all is two factor authentication

which can be considered as the most secure out of these three (simply due to the fact that it has an

additional layer of security). All these methods had to be tested with end-users’ so that their opinion

could be captured by means of interviews with questionnaire used as a basic layout of what needed to

be answered. Hence, it had been considered as important to make a research to find the most

appropriate framework which would be followed to ensure that high-quality results are achieved.

UTAUT (Unified Theory of Acceptance and Use of Technology) has been chosen for this research.

Section “2.3 User-acceptance Frameworks” describes reasons of this selection in a greater detail.

30

Activity 6: Performing testing scenarios and interviews

The actual research part of this project was performed based on the selected testing scenarios and

interview layout (questionnaire). The interviewees were selected in a way to cover various kinds of

end-users as was described in section “4.1.2 Population and Sample” above. Interviews were conducted

after performing the testing scenarios (unless end-user already performed particular method of

payment) and was marked in the interview schedule (Appendix B). Interview protocol (described in

section “4.1.3 Interview Protocol” above) was followed as well.

Activity 7: Presenting the statistical analysis

Whole chapter 5 below is attempting to present most relevant findings which came out of the

interviews. As each interview was conducted separately and by the same organiser all the answers and

comments had to be manually processed into common anonymised data so that (selected portion of)

end-users’ perspective could be presented. These findings are given without providing particular

opinions. In other words readers can, if desired, find their own conclusions about the collected data.

Activity 8: Reflecting and discussing the collected data (i.e. findings)

The following chapter 6 is discussing and presenting opinions about data given in the previous chapter.

The difference is that this chapter is attempting to interpret the data into a more readable and specific

form including reflections on findings. Connections are drawn and opinions are introduced too.

Therefore, it could be considered as the second most important chapter of this thesis as it provides data

based on which answers to first two research questions (Q1 & Q2) were conducted. Finally, as the

world was (at the time of writing) in a pandemic state, a relation to the situation around Covid-19 virus

is presented. This section is included because m-payments have benefit that can be used during the

current pandemic as well as in a similar situation in the future.

Activity 9: Proving final results

Chapter 7 could be considered as the most important chapter of the thesis because it provides tangible

research outcomes. Firstly, findings by other researchers are compared with findings of this research.

And secondly, research questions (Q1, Q2, and Q3) are answered in a brief form highlighting the most

important findings.

Activity 10: Providing conclusions and suggesting future research

Finally, the last chapter is providing readers with conclusions that can be given based on this research.

Possibility to perform future research as a form of continuation of this thesis is also an option. Hence,

appropriate personal suggestions on where further research could be beneficial can be found in this

section too.

31

CHAPTER 5

Statistical Analysis

The conducted interviews have presented a lot of data to work with. As is suggested in UTAUT

framework, the interviews need to compare performance expectancy, effort expectancy, social

influence, and facilitating conditions with gender, age, experience, and voluntary use. Nevertheless,

this thesis is discussing also other relevant fields such as, how do people actually like the technology,

whether they use it, what positives and negatives do they see, and whether they would be willing to

conduct biometric authentication along with traditional authentication method to perform a two factor

authentication m-payment. The following sections present statistical analysis of these data.

5.1 Participants

The total number of participants is 52 and all of them are citizens of Bratislava, the Capital of Slovakia

(Central Europe) where the research took place. Their basic information, relevant for this research, can

be seen in the following charts. As first, it can be seen that gender and operating system are well

balanced. It is worth noting that “Other” operating system has 0 respondents but that is not a problem

as iOS and Android are by far the most popular operating systems on smartphones.

32

Figure 1: Operating System (OS) Figure 2: Gender

Secondly, the age of participants was divided into 5 groups as can be seen in the following Figure 3.

The division of age needed to be included as e.g. older people (say above 41) do not use new

technologies very much in comparison with young people (i.e. below 30) who are likely using it

natively. Additionally, the respondents’ answers could then be analysed by age to see which

authentication method is preferred by which age group, what do they like about it, which one they

dislike, why, and many more relevant information. It is also worth mentioning that majority of asked

people are between 31 and 40 years of age. This could be considered acceptable because this group

most probably has the highest potential to perform many m-payments as they are often working full-

time and are using smartphones with biometrics and NFC. It is also group which likely has larger sums

of money saved on their accounts so they are likely to loose significant financial resources in case

malicious users breach their bank account and/or debit/credit card data. On the other hand people of

higher age (41+) have only 9 representatives which is not ideal. For better understanding of this age

group it is recommended to perform more interviews targeted to this age group.

Thirdly, as can be seen in Figure 4 below, the respondents are divided based on their highest finished

education. Even though there are only 3 respondents with currently finished elementary school it is not

considered as a problem because this is the least interesting group (out of the selected). The reason

being is that people within this group are mostly teenagers with not so significant amounts of money on

33

Figure 3: Age

their bank account (that is if they already have a bank account) plus are very likely to soon finish at

least secondary school and therefore be part of that group. Now, for finding out feelings that adults who

have secondary school as the highest finished education, it is needed to ask some more respondents as

15 is not providing sufficient accuracy. Nevertheless, both “Secondary school” and “University” groups

have, for the scope of this study, enough respondents to provide analysis and conclusions.

Finally, Table 5 below presents respondents’ occupation. Basically, it was attempted to cover all

possibilities when it comes to employment so that the most accurate data is captured. It can be seen that

almost all people are within “Employed Full-Time” group which is also considered satisfactory as this

is again group of people who are likely performing m-payments the most and also should have largest

sums of money on their bank accounts. Nevertheless, future focus could be given also to students with

or without a job as they might have some sources (e.g. parents) for monthly income. Moreover,

creating secure habits that they can use also when fully employed could be considered important too.

34

Figure 4: Finished Education

5.2 Usage of M-Payments

This research, as can be seen in Figure 5 below, has shown that half of the respondents are performing

m-payments regularly. Almost 8% of them are using it only sometimes and over 42% have never used

it. This outcome shows us that the public is roughly divided into two halves. One half corresponds of

active users that are using it regularly and second half with users that are using it only sometimes, have

only tried it without feeling to use it more actively, or have never used it before.

35

Table 5: Occupation

Figure 5: Usage of M-Payments

5.3 Usage of Biometrics in Smartphone

The biometrics are enlisting much higher popularity than m-payments with more than 71% active

users. Almost 6% are not using it regularly or have tried it but did not feel like using it again. Finally,

remaining roughly 23% are people who have tried it more than 12 months ago and did not get back to it

or have never used it.

5.4 Fingerprint Authentication

Fingerprint authentication is the most favourite one out of the 3 tested authentication methods with

more than 67% respondents liking it much (4) or very much (5). Something over 21% feels neutral (3)

about it and only almost 12% do not like it so much (2) or do not like it at all (1).

36

Figure 6: Usage of Biometrics in Smartphone

The biggest motivators for people to start using fingerprint authentication in general (not just for m-

payments) are: their own interest (almost 35%), their phone which suggested this option during initial

setup (almost 33%), and their friend/partner (little over 7%). Additionally, over 15% stated that they

have never used this authentication method before.

As for the positives and negatives – respondents could have mentioned multiple answers for both

options. After analysis it can be seen that, for positives, 57% respondents mentioned speed, almost

27% mentioned security, 21% liked simplicity, and 19% found no need to remember PIN as positives.

On the other hand, for the negatives, 23% feel that it is not secure enough, 21% do not like that dirty or

otherwise damaged fingers (e.g. cut) cause problems, and 15% consider gloves to be problem (as

authentication does not work with them). However, it is worth mentioning that 15% of respondents

mentioned that they do not see any (none) negatives for this authentication method.

Majority of end-users also consider fingerprint authenticated m-payments as: faster than traditional

authentication (67% strongly agree and 13% agree), very secure (34% strongly agree and 34% agree),

improving e-payments domain (67% strongly agree and 15% agree), easy-to-use (73% strongly agree

and 21% agree), stress free method of payment (50% strongly agree and 23% agree), and feel that vast

majority of retailers accept this method of payment (50% strongly agree and 13% agree). On the other

hand, it is worth mentioning that only 32% (13% strongly agree and 19% agree) state that their friends

37

Figure 7: Likeability of fingerprint authentication

and peers are using this method of payment. Additionally, almost 64% respondents have no one who

would encourage them to use it (either now or before they started using it) and 19% have only few

people who are encouraging them to start using it.

Considering gender, age, education, and usage of both biometrics and m-payments have brought some

interesting outcomes too. When it comes to gender the biggest differences were seen in:

Table 6: Fingerprint – Gender

Selected values Men (29) Women (23)

Overall likeability 5 (very much) &4 (much)

76%(+19%)

57%(lowest)

Faster than traditionalauthentication

5 (strongly agree) &4 (agree)

93%(+28%)

65%(lowest)

Age difference has shown bigger differences and it is recorded on more evaluation fields:

Table 7: Fingerprint – Age

Selected values Young (0-30)(18)

Medium (31-40)(25)

Old (41+) (9)

Overall likeability 5 (very much) &4 (much)

50%(lowest)

72%(+22%)

78%(+28%)

Faster than traditio-nal authentication

5 (strongly agree) &4 (agree)

61%(lowest)

80%(+19%)

78%(+17%)

Considering it as improvement ofe-payments domain

5 (strongly agree) &4 (agree)

67%(lowest)

80%(+13%)

89%(+22%)

Stress free method of payments

5 (strongly agree) &4 (agree)

50%(lowest)

76%(+26%)

78%(+28%)

Finished education has highlighted solely one major difference:

38

Table 8: Fingerprint – Education

Selected values Elementary &Secondary school (18)

University (34)

Stress free method of payment

5 (strongly agree) &4 (agree)

94%(+32%)

62%(lowest)

Usage of m-payments has many differences and therefore can be considered as a major influence:

Table 9: Fingerprint – Usage of M-Payments

Selected values Last 30 or 90 days (30) Never (22)

Overall likeability 5 (very much) &4 (much)

77%(+22.5%)

54.5%(lowest)

Faster than traditionalauthentication

5 (strongly agree) &4 (agree)

90%(+22%)

68%(lowest)

Consider it very secure 5 (strongly agree) &4 (agree)

80%(+25%)

55%(lowest)

Considering it as improvement ofe-payments domain

5 (strongly agree) &4 (agree)

93%(+25%)

68%(lowest)

Stress free method of payment

5 (strongly agree) &4 (agree)

80%(+16%)

64%(lowest)

Friend and peers are using this method

1 (strongly disagree) &2 (disagree)

27%(-46%)

73%(highest)

Friend and peers are/were encouraging me to use this method

1 (strongly disagree) &2 (disagree)

73%(-22%)

95%(highest)

Feel that vast majorityof retailers are accepting this method of payment

5 (strongly agree) &4 (agree)

70%(+15%)

55%(lowest)

Previous or active usage of fingerprint authentication (experience) has also proven some

relevant differences:

39

Table 10: Fingerprint – Usage

Selected values Have used it before (43) Never used it before (9)

Overall likeability 5 (very much) &4 (much)

74.5%(+41.5%)

33%(lowest)

Faster than traditionalauthentication

5 (strongly agree) &4 (agree)

86%(+42%)

44%(lowest)

Consider it very secure 5 (strongly agree) &4 (agree)

77%(+33%)

44%(lowest)

Friend and peers are using this method

1 (strongly disagree) &2 (disagree)

39.5%(-27.5%)

67%(highest)

5.5 Face Recognition Authentication

Face recognition is having approximately the same likeability as two factor authentication. Values “like

it very much” (5) and “much” (4) were selected by only approximately 34.5% of respondents. Quite

surprisingly, little over 42% of people do not like it at all (1) or not so much (2). Hence, it looks like

end-users are more reluctant when it comes to using this method of authentication.

40

Figure 8: Likeability of face recognition authentication

The biggest motivators for people to start using face recognition authentication in general (not just for

m-payments) are: their own interest (little over 21%) and their phone which suggested this option

during initial setup (almost 7%). Nevertheless, as oppose to fingerprint authentication, vast majority

(over 67%) have never used face recognition.

As for the positives and negatives – where, yet again, respondents could have mentioned multiple

answers for both options, the outcomes are as follows: for positives people like the most that it is fast

(over 36%) out of which almost 7% consider it faster than fingerprint, then they like security (little over

22%) out of which 11% consider it more secure than fingerprint, and simplicity (almost 7%) with no

need to remember PIN (almost 6%) were the last ones which were over 5%. The following ones were

below 5%: comfortable, touchless, and no need to have wallet/purse. However, almost 20% stated there

is no positive. As to the negatives: respondents firstly dislike the most that it does not work with

obstructions on face (e.g. sunglasses) (over 17%), secondly they feel it is insecure (almost 16%), and

thirdly little over 14% of end-users simply do not like it (i.e. they feel uncomfortable using it).

Violation of privacy with 12.5% and slowness with little over 6% were the last ones above 5%. Below

were: it is worse than fingerprint, inability to recognize authentic user, not so comfortable, and useless.

Nevertheless, it is worth stating that almost 22% stated that there is no drawback.

Majority of end-users also consider m-payments performed with face recognition as: faster than

traditional (almost 56% strongly agree and little over 17% agree), very secure (almost 35% strongly

agree and little over 23% agree), improving e-payments domain (48% strongly agree and little over

19% agree), easy-to-use (almost 63.5% strongly agree and little over 19% agree), stress free method of

payment (25% strongly agree and almost 28% agree), and feel that vast majority of retailers accept this

method of payment (over 40% strongly agree and over 15% agree). Nevertheless, almost 60% do not

know anyone (friends and peers) who are using this method of payment and almost 10% know only

few. Additionally, huge number of end-users (almost 79%) state that nobody is or was encouraging

them to use this method.

Finally, an analysis of results when considering gender, age, education, and usage of both biometrics

and m-payments have brought many valuable results. Starting with gender, the biggest differences

were acknowledged in:

41

Table 11: Face Recognition – Gender

Selected values Men (29) Women (23)

Easy to use 5 (strongly agree) &4 (agree)

93%(+23.5%)

69.5%(lowest)

Stress free method of payment

5 (strongly agree) &4 (agree)

62%(+18.5%)

43.5%(lowest)

Age has again shown many differences between respondents (the table below has some rows where

only 1 value is with green background because the medium value is very close to the lowest value):

Table 12: Face Recognition – Age

Selected values Young (0-30)(18)

Medium (31-40)(25)

Old (41+)(9)

Overall likeability 5 (very much) &4 (much)

50%(+28%)

28%(+6%)

22%(lowest)

Faster than traditional authentication

5 (strongly agree)& 4 (agree)

61%(lowest)

80%(+19%)

78%(+17%)

Considering it as improvement ofe-payments domain

5 (strongly agree)& 4 (agree)

67%(+7%)

60%(lowest)

89%(+29%)

Stress free method of payment

5 (strongly agree)& 4 (agree)

50%(+2%)

48%(lowest)

78%(+30%)

Friends and peers areusing this method

5 (strongly agree)& 4 (agree)

28%(+28%)

8%(+8%)

0%(lowest)

Finished education has shown some medium as well as major differences:

42

Table 13: Face Recognition – Education

Selected values Elementary &Secondary school (18)

University (34)

Overall likeability 5 (very much) &4 (much)

44%(+15%)

29%(lowest)

Considering it as improvement ofe-payments domain

5 (strongly agree) &4 (agree)

78%(+16%)

62%(lowest)

Easy to use 5 (strongly agree) &4 (agree)

94%(+17.5%)

76.5%(lowest)

Stress free method of payment

5 (strongly agree) &4 (agree)

72%(+28%)

44%(lowest)

Feel that vast majorityof retailers are accepting this method of payment

5 (strongly agree) &4 (agree)

67%(+17%)

50%(lowest)

Usage of m-payments mostly showed some medium differences:

Table 14: Face Recognition – Usage of M-Payments

Selected values Last 30 or 90 days (30) Never (22)

Overall likeability 5 (very much) &4 (much)

40%(+13%)

27%(lowest)

Faster than traditionalauthentication

5 (strongly agree) &4 (agree)

80%(+16%)

64%(lowest)

Easy to use 5 (strongly agree) &4 (agree)

90%(+17%)

73%(lowest)

Feel that vast majorityof retailers are accepting this method of payment

5 (strongly agree) &4 (agree)

63%(+17.5%)

45.5%(lowest)

43

Previous or active usage of face recognition (experience) has brought to light quite a few

relevant differences:

Table 15: Face Recognition – Usage

Selected values Have used it before (18) Never used it before(34)

Overall likeability 5 (very much) &4 (much)

72%(+57%)

15%(lowest)

Faster than traditionalauthentication

5 (strongly agree) &4 (agree)

83%(+15%)

68%(lowest)

Considering it as improvement ofe-payments domain

5 (strongly agree) &4 (agree)

78%(+16%)

62%(lowest)

Easy to use 5 (strongly agree) &4 (agree)

94%(+17.5%)

76.5%(lowest)

Friend and peers are using this method

1 (strongly disagree) &2 (disagree)

50%(-29%)

79%(highest)

Friend and peers are/were encouraging me to use this method

1 (strongly disagree) &2 (disagree)

72%(-22%)

94%(highest)

Feel that vast majorityof retailers are accepting this method of payment

5 (strongly agree) &4 (agree)

83%(+42%)

41%(lowest)

5.6 Two Factor Authentication

Two factor authentication, using fingerprint and PIN, is the only one (out of the 3 tested methods)

which is currently not available for m-payments (at least in Slovakia). Only 36.5% like it very much (5)

or much (4). On the other hand, 40.4% do not like it at all (1) or not so much (2). Hence, it appears that

the public is not ready to accept this method of payment. Moreover, almost 13.5% mentioned (during

the interview) that they can imagine this method being used only for payments consisting of larger

sums of money – similarly as with debit card where (in Slovakia at least) at the time of writing for

touchless payments above 50 euros PIN is required (below 50 euros it is possible to pay without PIN).

44

The biggest and basically the only positive respondents identified is that it is very secure (over 90%).

Hence, end-users already consider it as more secure than other tested biometrics when it comes to

m-payments. It might be also worth stating that only almost 6% have stated that there is no benefit. On

the other hand, there were quite a few negatives mentioned with vast majority (over 49%) complaining

about it being slow. More than 19% mentioned that it is not needed (i.e. useless), and the following are

each with less that 5% respondents: need to remember PIN, possible technical issues, not secure

enough, complicated, stressful. Only 7.5% stated that there is no drawback.

Majority of end-users also consider tested two factor authentication m-payments as: very secure (90.4%

strongly agree) and they would (in case it became implemented into m-payments) consider it as

improving e-payments domain (34.6% strongly agree and 30.8% agree). On the other hand, they are

not entirely considering it easy to use (only 26.9% strongly agree that it is easy to use and 21.2% agree)

and they are not really feeling it would be stress free method of payments (28.8% are neutral, 26.9%

agree, and only 17.3% strongly agree it would be stress free method of payment).

45

Figure 9: Likeability of two factor authentication

Finally, considering gender, age, and education also have brought some relevant outcomes. It is worth

mentioning that previous usage of 2FA was not explored because, at the time of writing, majority 2FA

usage on smartphones consist of two traditional authentication methods (not one biometric and other

traditional). Additionally, instead of using all 8 statements (where number between 1 – “strongly

disagree” and 5 – “strongly agree” were being selected) regarding feelings about particular method

of payments only 4 were acceptable in 2FA because the following statements have been considered

as not usable here:

• I consider fingerprint authentication faster (i.e. more efficient) than traditional authentication

(e.g. PIN, password).

◦ Reasoning: Credit and debit cards have only one factor authentication (PIN) so 2FA with

one factor being PIN cannot be faster.

• My friends and peers are using 2FA authentication.

• My friends and peers are encouraging me to use 2FA authentication.

• I feel that vast majority of retailers are accepting this method of payment.

◦ Reasoning: All 3 above are not applicable because this method currently cannot be

configured for m-payments.

When it comes to gender there was no major, or at least medium-sized difference in feelings relevant

mentioning in this section. On the other hand age has brought few interesting findings:

Table 16: Two Factor – Age

Selected values Young (0-30)(18)

Medium (31-40)(25)

Old (41+)(9)

Overall likeability 5 (very much) &4 (much)

33%(+11%)

44%(+22%)

22%(lowest)

Easy to use 1 (strongly disagree)& 2 (disagree)

17%(-15%)

32%(highest)

22%(-10%)

Stress free method of payment

5 (strongly agree) &4 (agree)

50%(+17%)

44%(+11%)

33%(lowest)

Education is yet again proving different perception of some measured feelings:

46

Table 17: Two Factor – Education

Selected values Elementary &Secondary school (18)

University (34)

Overall likeability 5 (very much) &4 (much)

22%(lowest)

44%(+22%)

Considering it as improvement ofe-payments domain

5 (strongly agree) &4 (agree)

56%(lowest)

71%(+15%)

Easy to use 5 (strongly agree) &4 (agree)

28%(lowest)

59%(+31%)

5.7 Other Biometric Authentication Method

The research has also asked respondents whether they would like other biometric authentication

methods to be available for m-payments. Respondents were able to provide multiple alternatives. The

chart below clearly shows that more than 76% do not ask for additional alternatives (none) or that they

are unaware of other biometrics. Additionally, few (3.6%) answers stated that fingerprint is ideal. Two

factor authentication, IRIS, and DNA (not specified how it would work) had 5.5% each and some

respondents mentioned voice recognition.

47

Figure 10: Other biometrics for m-payments

5.8 Traditional vs Biometric Authentication

Lastly, the research aimed at determining whether people actually feel that biometrics, which has been

widely deployed, is a more secure alternative. Respondents were asked to select which authentication

method (or neither) do they consider more secure and the chart below clearly states that vast majority

(75%) believe biometrics is more secure than traditional methods. Additionally, there are over 15% of

people who feel that they are relatively same in terms of security. Only almost 10% consider traditional

authentication as more secure.

48

Figure 11: Traditional versus Biometric authentication

CHAPTER 6

Reflection and Discussion

This chapter discusses the data provided in the previous chapter in more detail. In other words it is

providing reflections and what the detected data mean and what the most interesting outcomes of this

research are. Firstly, the current usage of m-payments and biometrics is discussed. Secondly, each of

the tested authentication methods is presented. Thirdly, the respondents are divided into groups based

on their sex, age, education, and experience with m-payments and biometrics. Fourthly, other

biometrics as well as the comparison between traditional and biometric authentication methods are

discussed. Finally, relation to the current Covid-19 pandemic is given.

6.1 Current Usage of M-Payments and Biometrics

This research has shown that vast majority of end-users (over 71%) are not against biometrics in their

mobile phones and are already actively using them. However, the m-payments in general are not so

popular. Only about half of respondents are actively paying with their mobile phone. Moreover, m-

payments have much bigger (over 42%) portion of end-users, in comparison to biometrics (almost

17.5%), who had never used it before. Hence, it looks like people are afraid or do not see enough

positives to start using it.

The analysis of biggest motivators to start using biometrics in smartphones as well as benefits and

negatives of using (or testing to use) them could bring more light into the end-user acceptance of both

biometrics and m-payments. The major motivators are own interest (almost 35% for fingerprint and

little over 21% for face recognition) and initial setup of smartphone where such option was suggested

(almost 33% for fingerprint but not even full 7% for face recognition). It is also worth mentioning that

while only something over 15% of respondents have never used fingerprint authentication before, for

face recognition it is more than 67%. As to the positives and negatives:

• Users find speed (57% for fingerprint and over 36% for face recognition) and security (almost

27% and little over 22% respectively) as the major benefits.

49

• On the other hand major negatives that both methods have in common are: not secure enough

(i.e. insecure) (23% for fingerprint and almost 16% for face recognition) and possible

obstruction (21% do not like that fingerprint sensor has problems with dirty or otherwise

damaged (e.g. cut) fingers while over 17% do not like that face recognition has problems with

sunglasses or other obstructions on face). Moreover, 15% consider gloves as problem with

fingerprint authentication and little over 14% simply do not like using face recognition as it is

something like “against their nature”.

Also interesting to note is that only almost 19% for fingerprint authentication and not even full 6% for

face recognition find no need to remember PIN as benefit. Hence, it can be seen that majority of

people do not believe this is one of the key improvements when it comes to performing

biometric-authenticated m-payments.

As can be seen from the analysis above:

• Biometrics are very popular on smartphones

but only about half of smartphone users are

performing m-payments.

• When it comes to m-payments people mostly

like biometric authentication because it is fast.

• High portion of users also see them as secure

but slightly smaller number of users believe

they are insecure.

• Only about one fifth of users see no

need to remember PIN as benefit.

• People most often start using them

because of their own interest or because

their smartphone suggested this option

during the initial setup.

6.2 Fingerprint Authentication

The report’s outcomes show that fingerprint authentication is very popular. Two out of every three

respondents liked it very much or much. The biggest positive respondents mentioned was that it is fast

(57%) and the biggest motivators for using it were their own interest (35%) as well as their phone

suggesting this option during the initial setup (almost 33%). These data show that people really like the

seamless experience that comes with fingerprint authentication and they start using it mostly because of

their own interest in the technology. But more importantly, a lot of users start using it because it is

suggested by their phone during the first boot. This points out to an assumption that in if adding a debit/

credit card was also asked for during the initial boot, there would be much more users using it.

50

On the other hand thebiggest negative which relatively significant portion of users (23%) mentioned

was that it is not secure enough. Now the number is not as high but still, some improvements in terms

of the actual security features or sharing more information with end-users on why it is very secure (per-

haps also during the initial boot of the phone) could improve end-users’ perception by a large margin.

The best results captured in the measured statements seen by almost all (94%) respondents were with

easy-to-use field. This means that respondents feel that this method of authentication is a seamless

experience and perhaps no further improvements in this area are currently needed. Additionally, vast

majority of users also feel that it is improving e-payments domain (82%) and that it is faster than

traditional authentication methods (80%). Therefore, it looks like people see it as a faster improvement

to the existing and widely used traditional methods of authentication in e-payments. Still relatively

large amount of respondents (73%) consider this method of payment as stress-free which points out

that users are quite happy with using this method of payment but there is still some room for

improvement. Security, being one of the fields that could be considered very important when it comes

to payments in general, has not scored extremely well (68%) meaning that majority of end-users do feel

it is secure but still quite large number of users do not feel the same. In order for users to be completely

adjusted to using mobile for their payments everywhere they go a strong believe needs to be put into

their feeling that vast majority of retailers are accepting this method of payment. However, only slight

majority (63%) believe so. Hence, a large room for improvement can be seen here. Finally, last fields

that were evaluated were friends and peers usage of this authentication method and their active

encouragement towards respondents to start using it (now or before they started using it). Some people

(32%) feel that their friends and peers are using it but vast majority know only few users or none. Only

minimal number of users (4%) claim that some of their friends and peers are or were encouraging them

to start using fingerprint authentication. Therefore, it looks like social connections have very little

influence on whether people start using fingerprint authentication on their smartphones.

6.3 Face Recognition

The report’s outcomes show that face recognition as a method of authentication is not very popular.

Only one out of every three respondents liked it very much or much. The fact that it is fast was also the

biggest positive respondents mentioned though with much smaller percentage (over 36%) and the

biggest motivators to start using this method were the same but again with much smaller percentage –

their own interest (little over 21%) and initial phone setup (almost 7%). From this perspective it could

51

be said that face recognition is used and liked for the same reasons as fingerprint authentication but has

much smaller satisfied audience. Moreover, it is worth mentioning that approximately two out of every

three respondents asked have never used face recognition before – meaning it has the initial barrier,

where users are deciding whether to start using it or not, quite extensive. On the other hand, the biggest

negatives are almost identically split between: problems with obstructions on a face (e.g. sunglasses)

(over 17%), feelings that it is insecure (almost 16%), and feelings of being uncomfortable using this

method (over 14%). These data show that negatives are quite spread among multiple fields and hence

there is not one major that would stand out which could be a positive sign. Nevertheless, the biggest

problem seems to be rather with the fact that vast majority of users are not tempted by this method

enough to even try it. Hence, focusing on motivators could be considered a more rational way to

improve end-users’ perception of this authentication method.

As to the best results captured in the measured statements, the order of the top 3 fields is identical to

the previously reviewed authentication method. Firstly, vast majority (82,5%) of respondents feel that it

is easy-to-use – meaning none or perhaps only minor changes are needed here. Secondly, still large

number of users (73%) feel that it is a faster method of payment than traditional ones. Thirdly, majority

of end-users (67%) believe that it is improving e-payments domain. Hence, also for face recognition,

majority of users see it is a faster improvement in comparison to the previous widely used methods of

authentication. Security has received quite frustrating feedback. Slight majority (58%) feel that face

recognition is very secure and this means that there is quite large room for improvement in terms of

users’ perception at least. The next in line is acceptability of this method of payment in shops. Perhaps

surprisingly, only a little over half of respondents (55%) feel that vast majority of retailers do accept

face recognition. This is quite odd as both fingerprint and face recognition should have the same

numbers here because m-payments “do not care” what authentication method is being used (it does not

even have to be biometrics). Similarly, almost the same percentage of users (53%) consider this method

of payment as stress-free. Hence, both of these areas do require more attention as major improvements

seem to be desired here. Last two fields are also the ones as in the previously discussed method of

authentication. Significant minority (14%) of users feel that their friends and peers are using face

recognition and only very few (4%) respondents stated that they were encouraged by their friends and

peers to start using it (now or before they started using it). Therefore, the same outcome is visible for

face recognition – social connections have very little influence on whether people start using face

recognition on their smartphones.

52

6.4 Two Factor Authentication

This method of authentication is the only theoretical one, meaning currently it is not possible to even be

configured on a smartphone for m-payments. The results are not very surprising in stating that this

method is not very popular with approximately 36,5% respondents liking it very much or much.

However, it is quite surprising that this amount is 4,5% bigger than with face recognition by which one

could say that it could be more popular than face recognition. It is also worth mentioning that 13,5%

people mentioned during the interview that they would accept and use this method of payment only if it

was used for larger payments (e.g. above 50 Euros) as entering this for every single payment (e.g. 1

Euro) seemed too obstructive and reason for not using it at all. The only positive which majority of

users mentioned was that it is very secure (over 90%) which means that this method has quite big

potential for end-users who were considering other previously evaluated authentication methods (on

their own – one factor) as insecure or not secure enough. On the other hand, the fact that it is slow was

mentioned by almost half of respondents (over 49%) and some even consider it useless (more than

19%). Hence, in case this method is going to be implemented it perhaps should be emphasised that it is

much more secure, even though it takes longer to be performed, as this is what end-users expect and

feel about this method. The fact that it is optional could ease users who believe it is useless.

Nevertheless, currently the configured biometric authentication on smartphones is used for both

unlocking the phone and m-payments – i.e. it cannot be set differently for these two activities. And it is

very hard to imagine some users would accept 2FA for m-payments as well as unlocking the phone.

This applies also because the interview question was explained as 2FA only for m-payments (not

unlocking the phone at the same time). Meaning, for this method to be considered useful it most likely

needs to be divided from unlocking and used only for m-payments.

As to the best results captured in the measured statements, this method had only 4 fields and 1 of them

was already discussed as the biggest positive (end-users consider it as very secure). The remaining 3

fields show that: majority of users (over 65%) would consider it as improvement of e-payments, only

slight minority of users (48%) consider it as easy-to-use, and even smaller minority (little over 44%)

consider it as stress free method of payment. These data show that the actual usage is not very seamless

in comparison to the previously reviewed authentication methods but perhaps 2FA is not even designed

to be and these results could be considered as good. Perhaps both easy-to-use and stress free method of

payment could be improved with 2FA consisting of both layers being biometrical (as oppose to the

tested method – fingerprint and PIN). Ideally, end-users would be able to choose which two methods

are the most ideal for them but perhaps such implementation (along with dividing authentication of

unlocking with m-payments) is very costly for developers.

53

6.5 Gender, Age, and Education Differences

This section considers gender (male and female), age (young, medium aged, and older), and education

(with or without university degree) differences and highlights facts that stand out. The data is presented

as has been given by respondents, meaning some groups have more data than others, some have fewer,

and some have none.

Fingerprint authentication

• W omen :

◦ like it significantly less than men,

◦ much fewer women also consider it as faster than traditional authentication method.

• It is mostly disliked by young people (0-30 years) for multiple reasons. Significantly smaller

number of these users:

◦ like it much or very much (overall likeability),

◦ consider it faster than traditional authentication methods,

◦ consider it as improvement of e-payments domain, and

◦ consider it as stress-free method of payment.

• Respondents with university education consider it

◦ much less “stress-free method of payment” comparing to users without university.

Face recognition

• Women :

◦ consider it significantly less easy-to-use method of payment,

◦ much fewer women also consider it as stress free method of payment.

• Older people (41 or more years):

◦ dislike this method the most,

◦ do not know anyone who uses this method of payment.

• Smallest percentage of medium aged people (31-40 years) believe this method is:

◦ an improvement of e-payments domain,

◦ stress free.

• Smallest percentage of young people (0-30 years):

◦ consider it as faster than traditional method of payment.

54

• People with university education (when compared to users without university):

◦ do not like this method so much,

◦ do not consider it as improvement of e-payments domain as much,

◦ do not consider it as easy-to-use so much,

◦ do not consider it as stress free method of payment,

◦ have smaller belief that vast majority of retailers accept this method of payment.

Two factor authentication

• Older people (41 or more years):

◦ dislike this method the most,

◦ consider it as stress-free method of payment the least.

• Largest percentage of M edium aged people (31-40 years):

◦ believe this method is not easy-to-use.

• People with out university education (when compared to users with university):

◦ do not like this method much,

◦ would not consider it so much as an improvement of e-payments domain,

◦ do not consider it as easy-to-use by a large margin.

The data summarised above do present quite a few interesting outcomes. Firstly, men are more inclined

to using biometrics and consider these as: faster than traditional authentication, easier to use, and stress

free method of payment. Secondly, the age difference.

• Young people (0-30 years) like fingerprint authentication much less than other age groups for

quite a few reasons. But they feel most comfortable with face recognition (when compared to

other age groups).

• Medium aged people (31-40 years) have the most remarks towards face recognition and are

group which is inclined to start using 2FA the most (when compared to other age groups). But it

is worth stating that they like fingerprint authentication the most out of the 3 tested methods.

• And older people (41 or more years) have face recognition and 2FA as the least favourite

(equally) while liking fingerprint authentication the most out of all age groups.

Thirdly, education, where fingerprint authentication did not encounter some major differences, except

for considering it as “stress free method of payment”. Here, much fewer university educated people

stated agree or strongly agree (when compared to respondents without university degree). However,

face recognition (for number of reasons) is much more preferred by people without university

education whereas 2FA is much more preferred by university educated people.

55

6.6 Experience with M-Payments and Biometrics

This section discusses previous experience and its influence towards feelings end-users have with

particular authentication method. Fingerprint authentication did not provide any major surprise.

People who performed m-payments in the last 30 or 90 days (meaning are using it regularly or

sometimes) have much better feelings about it in almost all evaluated fields (except for easy-to-use

where the values are almost identical). Also they know more people who are using it and have or had

more people encouraging them to use it. Similarly, when considering previous usage of fingerprint

authentication (have used it before versus never used it before), respondents who used it before like it

much more, feel its faster than traditional authentication method, and consider it very secure.

Moreover, they also know much more people using this method. Other fields had minor differences.

Face recognition is a similar story. People who performed m-payments in the last 30 or 90 days

(meaning are using it regularly or sometimes) have much better feelings about it when it comes to

likeability, belief it is faster than traditional authentication methods, ease-of-use, and feeling that vast

majority of retailers are accepting this method. People with experience also know more people using it

and have or had more friends and peers encouraging them to start using it. Also, for the people who

used face recognition before, almost all values are much higher except for “very secure” and “stress

free” where the difference was smaller but still in favour of people with previous experience.

Two factor authentication is not having any data for this section because it is currently impossible

(when using official Google Pay and Apple Pay applications) to configure m-payment to be

authenticated using both fingerprint authentication along with PIN.

6.7 Other Biometric Authentication Method

This research has shown that approximately four fifths of people do not need any other biometric

authentication for m-payments. Some of them even mentioned that fingerprint authentication is ideal

and nothing else is needed. There were also some mentioning that they would like IRIS, DNA, voice

recognition, or perhaps 2FA (both biometrics) to be added. Nevertheless, it can be seen that end-users

are satisfied with the current availabilities and do not feel like new ones are needed at this point.

56

6.8 Traditional vs Biometric Authentication

Finally, the very last question of each interview was to determine which authentication method is more

secure – traditional, biometric, or neither (i.e. both are with relatively same level of security). This

question was asked to ensure biometrics is considered as improvement for end-users when it comes to

m-payments. The results clearly show that was majority of end-users believe biometrics is more secure.

Hence, it could be said that end-users accept this method of authentication as an improvement to

security of their m-payments.

6.9 Relation to Current Covid-19 Pandemic

The situation with Covid-19 virus (also known as “coronavirus”) (BBC News 2020a, Newey &

Gulland 2020, LaMotte 2020, UNDP 2020, Boseley et al. 2020, ECDC 2020) has become so global

with such a severe impact that on 11th March 2020 World Health Organisation (WHO) has declared it as

pandemic (Boseley 2020, BBC News 2020b, DW 2020, Gumbrecht & Howard 2020). Before this date

as well as moving onwards, nations throughout the whole world have released many recommendations

and/or compulsory instructions to minimise chances of the virus spreading. As the virus spreads with

human contact, contactless payments have become very popular (Kelly 2020, Young 2020, Rooks

2020, Sekiguchi 2020, Visontay 2020). This includes debit and credit card payments as well as m-

payments. However, the major benefit of m-payments, when compared to contactless payments with a

card, is that even higher sums of money can be paid touch free. This is because larger sums of money

(approximately above 50 Euros, depending on country) need to be authenticated also by PIN on a POS-

terminal while m-payments have whole authentication process performed on personal smartphone

which does not need to directly touch the POS-terminal (Kelly 2020, Young 2020, Bycer 2020). This

benefit could, also in the future, be considered as very practical whether that is for possibly another

global (or perhaps even local) pandemic or simply for something like a flu season. Hence, contactless

m-payments could spread among people much faster because it, in certain times, does noticeably

improve public health which many end-users could consider very important.

57

CHAPTER 7

Results

This chapter provides the final sections which outline the main outcomes this research provides. Hence,

firstly, comparisons with current literature show what has been confirmed and what is different. And

secondly, the depicted research questions are directly answered.

7.1 Findings versus Literature

This section compares literature review findings with results of this research. The table below shows

findings that were compared and a brief comparison statement. However, there are three important

notes to be mentioned. Firstly, not all literature findings could be compared as this research was not

performed to compare all the existing results. Hence, some literature review findings (that cannot be

compared) are skipped. Secondly, some findings could have been directly compared (e.g. biometrics is

more secure than traditional authentication methods) while others could not (e.g. continuous

authentication needs to be unobtrusive). The ones that could are using “almost identical”, “practically

identical”, or “very different” values for comparison. The ones that could not were compared to the

greatest extent possible using values “similar” and “very similar”. Thirdly, there is a comparison

worth mentioning but cannot be directly compared. Value “unknown” is used for such situation.

Table 18: Findings versus Literature

Outcomes ofLiterature Review

Similar or IdenticalResult(s) of This Research

Comparison

People are starting to use biometricsbecause it is more secure than

traditional authentication methods(Blanco-Gonzalo, 2019).

Last question of the interview clearlyshows that vast majority of

respondents believeit is more secure.

Almost identicaloutcomes.

58

Outcomes ofLiterature Review

(continued)

Similar or IdenticalResult(s) of This Research

(continued)

Comparison(continued)

For Ogbanufe & Kim (2018) themost important m-payments’

topic is security.

Based on multiple results, it can beseen that most important topic, fromend-users’ perspective, is speed (at

least for fingerprint and facerecognition). Security is the second

most mentioned positive/topic.

Very differentoutcomes.

From end-users’ perspective, thesechallenges are considered to be thecrucial ones according to Blanco-

Gonzalo et al. (2019):(1) the actual time that users need tospend on authentication (the longer

the worse),(2) ergonomics of the device and/or

scanner (i.e. the physical size or needfor additional external hardware), and

(3) user acceptance.

(1) Speed (as mentionedin the previous row),

(2) Actually ergonomics were notmentioned by end-users’ at all (but

perhaps respondents did not considerthis and took it for granted),

(3) The ideal way to see that this istrue, is with face recognition and 2FA

– many people simply do not likethese methods and will be very hard

to convince them to start using it(even if 2FA is very secure and face

recognition is very fast).

(1) Almost identicaloutcomes.

(2) Unknown as thiswas not directly tested.

(3) Practicallyidentical outcomes.

Authors further emphasise that suchmethod (i.e. continuous

authentication) needs to beunobtrusive as users’ experience

can quickly deteriorate ifmultiple requests for

re-authentication are needed(Blanco-Gonzalo et al., 2019).

Even though with different testedauthentication methods – speed is themost important factor for end-users

during authentication (57%respondents for fingerprint and over36% for face recognition mentioned

speed as a positive – for bothauthentication methods this was the

biggest positive).

Similar results butfrom different type ofauthentication. Still, itis important that speedis crucial for success

with end-users.

P erceived security and perceivedusefulness were the most importantinfluences in research by Liebana-

Cabanillas et al. (2018).

S peed (related to usefulness) andsecurity were the most important

positives – meaning these could beconsidered as major influences.

Similar results.

A Techpinion study was discussedwhich shows that 89% of Apple userswith a device capable of doing Touch

ID are actually using it(Buckley & Nurse, 2019).

In this research 96% of Apple usersare actively (within last 30 days)using fingerprint (Touch ID) or

face recognition (Face ID) –i.e. biometrics.

Very similar results.

59

Outcomes ofLiterature Review

(continued)

Similar or IdenticalResult(s) of This Research

(continued)

Comparison(continued)

A company named Deloitte revealedthat 79% of all users (using any

mobile device including iPhone) inthe UK are using fingerprint scanner

(Buckley & Nurse, 2019).

Almost 83% of respondents haveused fingerprint scanner before and

over 71% have used it (or facerecognition) within last 30 days.

Very similar results.

Moreover, perhaps due to thecomplexity of such method of

authentication, responses showeddistrust in using biometrics for high

security tasks (e.g.banking transactions)

(Blanco-Gonzalo, 2019).

Even though over 71% respondentsare using biometrics on smartphone,

only 50% are performing m-paymentswith the device. Hence, about half ofpeople are not using biometrics form-payments. Though reasons vary.

Similar results butlooked at from differentperspective. Still, both

outcomes show thatpeople have distrust for

using biometrics forbanking transactions.

U sability has bigger influence onusers in comparison to privacy andsecurity (Blanco-Gonzalo, 2019).

The biggest positive, by a largemargin, respondents mentioned wasspeed (which is related to usability).

Practically identicaloutcomes.

83% of respondents believe thatbiometrics authentication methods are

as secure as passwords (Buckley &Nurse, 2019).

Only slightly over 15% ofrespondents believe traditional is

approximately as secure as biometricauthentication. Moreover, 75%

believe biometrics is more secure.

Very differentoutcomes.

Respondents consider(1) data security and(2) personal privacy

on smartphones as veryimportant (Zirjawi et al., 2015).

(1) Security was the second biggestpositive for fingerprint and the

biggest positive for face recognitionmentioned by respondents.

(2) Relatively small number ofrespondents (12.5%) mentioned

privacy as negative for facerecognition while fingerprint

had only 2% of users withthis problem.

(1) Practicallyidentical outcomes.

(2) Very differentoutcomes.

Users do not trust face recognitiontechnique (Zirjawi et al., 2015).

Even though 58% respondents doconsider face recognition very secure

a lot of them do not or are unsure.Additionally, 14% mentioned that

they feel uncomfortable using it. Andover 42% did not like using it so

much or did not like it at all.

Similar results but“trust” as such was notdirectly measured in

this research.

60

Outcomes ofLiterature Review

(continued)

Similar or IdenticalResult(s) of This Research

(continued)

Comparison(continued)

(1) Perceived usefulness and(2) perceived enjoyment (i.e. the

actual user experience andconvenience) are having the highest

impact on customer satisfaction(Marinkovic & Kalinic 2017,

Rad et al. 2017).

(1) Speed (related to usefulness) wasthe most repeated positive – meaning

this could be considered asa major influence.

(2) When considering fingerprint (asthe most favourite biometrics), 67%

liked using it much or very much andover 71% of respondents are usingbiometrics actively. When adding

35% people who liked facerecognition much or very much it ispossible to see that the percentage oflikeability (i.e. enjoyment) is similar

to percentage of active users (i.e.have used in “last 30 days”).

(1) Similar results.

(2) Very similarresults.

The major identified barrier forfaster deployment was lack of

consumer-perceived(1) privacy and

(2) security(Marinkovic & Kalinic, 2017).

(1) Relatively small number ofrespondents (12.5%) mentioned

privacy as negative for facerecognition while fingerprint had

only 2% of users with this problem.(2) Almost 16% believe face

recognition is insecure (secondbiggest problem) and 23% feelfingerprint sensor is not secure

enough (biggest problem).

(1) Very differentoutcomes.

(2) Practicallyidentical outcomes.

Two key factors (out of 26) whichwere evaluated the most are:(1) perceived usefulness and

(2) perceived ease of use(Marinkovic & Kalinic, 2017).

(1) Speed (related to usefulness) wasthe most repeated positive – meaning

this could be considered asa major influence.

(2) As users believe it is very fast itcould mean that it is also easy-to-use.Especially when 94% of respondents

for fingerprint and 82.5% for facerecognition do consider particular

authentication method as easy-to-use.

(1) Similar results.

(2) Very similarresults.

61

7.2 Research Questions Answered

This research has focused on answering the determined research question and sub-questions. The

following sections highlight the main outcomes of the research and therefore attempt to answer all

research questions mentioned in section “1.3 Research Questions”.

7.2.1 Current User-Acceptance Level (Q1)

To put it simply, user-acceptability level of biometrics in m-payments is high . For users who are

actively performing m-payments (i.e. have performed m-payment within last 30 days), meaning 50% of

all respondents, over 73% of them are regularly (i.e. have authenticated using biometrics on

smartphone within last 30 days) using biometrics also.

To put it into perspective, approximately 3 out of every 4 users who are performing m-payments

regularly are using biometrics for their authentication. Therefore, it could be said that users are

already happily using biometrics to authenticate their m-payments.

The, not so bright finding, is that a large portion of users (50%) are not using m-payments

regularly for various reasons. Hence, the acceptability level of biometrics in m-payments is not so

much a barrier as is starting performing m-payments.

7.2.2 Reasons for Current User-Acceptance Level (Q2)

Fingerprint authentication is quite popular (67% respondents like it much or very much) because of

the following reasons (which were mentioned by respondents in an open question asking about

positives of using this method of payment):

✔ speed (57%)

✔ security (27%)

✔ simplicity (21%)

✔ no need to remember PIN (19%)

62

Additionally, to provide more details, respondents feel that this method is:

✔ faster than traditional

authentication methods (80%)

✔ very secure (68%)

✔ improving e-payments domain (82%)

✔ easy-to-use (94%)

✔ stress-free (73%)

The aforementioned data clearly show that end-users focus on usability and consider this method as an

improvement of e-payments domain largely because it is easy-to-use, stress-free, and faster than

traditional authentication methods. It is also worth mentioning that current acceptability level of

biometrics in smartphones is high mainly because of fingerprint authentication which is much more

popular when compared to face recognition.

Face recognition authentication is not so popular (almost 35% respondents like it much or very

much). Nevertheless, in case people liked it, it was for the following reasons (which were also

mentioned by respondents in an open question asking about positives of using this method of payment):

✔ speed (36%)

✔ security (22%)

✔ simplicity (7%)

✔ no need to remember PIN (6%)

Additionally, to provide more details (as was done before), respondents feel that this method is:

✔ faster than traditional

authentication methods (73%)

✔ very secure (58%)

✔ improving e-payments domain (67%)

✔ easy-to-use (83%)

✔ stress-free (53%)

These data mirror results for fingerprint authentication but are worse in every single aspect.

Nevertheless, again the most important factor is usability (i.e. speed). This time people consider it as an

improvement to e-payments domain mostly because it is easy-to-use and faster than traditional

authentication methods.

7.2.3 Suggested Improvements (Q3)

Ogbanufe & Kim (2018) stated that the protection of a database which has authentic samples stored is

also crucial because fingerprints (unlike passwords) cannot be easily changed when compromised.

Now this applies to face recognition too. Therefore, also considering that tested two factor

authentication had almost identical likeability (36.5%) as face recognition (34.5%), adding possibility

to perform m-payments with 2FA could be considered as major improvement in perceived

security (as over 90% of respondents consider 2FA very secure) and actually security itself as well.

63

Hence, a group of sceptical users not performing m-payments with biometrics at the moment could opt

for using biometrics (as one factor) too. However, this method needs to be implemented carefully as

speed is very important factor and performing 2FA for small payments could be perceived as useless.

Liebana-Cabanillas et al. (2018) consider perceived security and perceived usefulness as the most

important influences. These two were the most important ones in this research too and therefore, as

perceived usefulness is already high, perceived security needs to be improved. Buckley & Nurse (2019)

emphasised that users require high security measures when they encounter with a bank and Marinkovic

& Kalinic (2017) detected that the major identified barrier for faster deployment is lack of consumer-

perceived privacy and security. Hence, these authors also agree with Liebana-Cabanillas et al. (2018) in

terms of improving perceived security. Hence, finding ways how to inform users about security of

biometrics can be considered as a way to improve perceived security. Focusing on letting end-users

know how fingerprint and face recognition work with special emphasis on why they are secure

could be a major improvement in user-acceptance. Ideally, there should be more mediums (e.g.

videos, viral videos, broadcast, articles, animated pictures, combination of these) by which these data

could spread so that each end-user finds most favourite medium. Alternatively, as mentioned before,

end-users already consider 2FA as very secure so adding this option could be considered a solution too.

It is worth mentioning that end-users need to remember smartphone’s PIN, password, or pattern

(depending what they have setup) because their smartphone could sometimes authenticate them using

this method only (i.e. not accepting biometrics). These situations could be: smartphone reboot, when

device was not unlocked for a long time (approximately 24 – 72 hours depending on manufacturer), or

when too many wrong attempts to authenticate using biometrics were performed (approximately 3 – 5

depending on manufacturer) (Apple.com 2020, Android.com 2020, Google.com 2020). Hence, using

2FA could be also a useful way to remember a smartphone’s primary authentication method.

This research has additionally pointed out to two interesting findings which were not discussed in the

literature before:

• A lot of users (almost 33% for fingerprint and almost 7% for face recognition) have started

using biometrics because their phone suggested this option during initial setup. Hence, adding

more information why biometrics is secure to this initial setup as well as possibility to add

credit/debit card (including information why it is secure) could significantly increase number

of active users for biometrics as well as m-payments.

64

• A large number of end-users (approximately 37% for fingerprint and around 45% for face

recognition) do not believe or do not know whether vast majority of retailers are accepting this

method of payment. Hence, more information in this area would be beneficial too, like, in

case POS terminal accepts contactless payments with a card it most likely will accept also

m-payments (using NFC) (Mastercard 2020, VISA 2020, Savvides 2019). It does not matter

what authentication method smartphone user uses (e.g. fingerprint, face, PIN, password,

pattern, IRIS) in terminal’s “point of view” as it cares about NFC (or other) m-payments

communication method. Also, perhaps end-users should be encouraged to consider having

their credit/debit card in a mobile phone more like an addition to their e-payments

peripherals rather than substitution. This is for example because if phone has no battery, it is

impossible to pay with it (Pritchard, 2019) or there could be situations when they have only

phone with them (i.e. without wallet/purse which contains cards) and in such scenario they are

still able to pay (using their phone).

65

CHAPTER 8

Conclusions and Future Research

The following sections provide last comments to summarise the whole research. As first, conclusion

section which discusses main outcomes of this project is provided. Then, future work section follows

which talks about areas that could be further researched as they deserve more attention.

8.1 Conclusion

Research performed as part of this thesis has mainly attempted to determine current user-acceptability

level of biometrics in mobile payments because biometrics is likely going to substitute traditional

method of payments in order to improve e-payments security. The determination, within the scope of

the project, has been successful and it has been shown that user-acceptability is high. The main reason

for this is that end-users really like fingerprint authentication especially because of its speed.

Additionally, identifying the most common reasons behind the current acceptability level and

suggesting improvements were also required objectives to be achieved. Both of these were successfully

completed too. The most common reasons why people like biometrics for m-payments are speed,

security, simplicity (i.e. ease-of-use), and considering it as stress-free method of payment.

On the other hand, improvements could be introduced in adding two factor authentication method and

adding possibility to insert credit/debit card to smartphone during the initial phone setup. Moreover,

people need to be informed more about several topics: (1) why is particular biometric authentication

secure and (2) how does it actually work (using easy-to-understand explanation for non-technical

audience) – these information could be also part of the initial phone setup (but using other types of

medium are desired too), (3) how many POS-terminals actually accept m-payments, (4) whether it

matters, from POS-terminal’s perspective, what authentication method is used for m-payment, and (5)

perhaps encouraging users to consider m-payments as an additional method of payment rather than

substitution of credit/debit card e-payments. Last but not least, there are two more important findings:

66

vast majority of end-users: (I.) do not ask for other biometric authentication method for m-payments

and (II.) believe biometrics is more secure than traditional methods of authentication. Therefore, focus

regarding improvements can be on existing biometric authentication methods and/or creating some

combinations (perhaps two factor biometric authentication).

As has been mentioned above, this project has pointed out the areas which require further attention for

even more end-users adopting this secure method of authentication during m-payments. Nevertheless,

there is another finding which is quite important for the state of the art – end-users have high

acceptability level when it comes to biometrics in smartphones but not so high acceptance when it

comes to adding credit or debit card to their smartphone. Therefore, various kinds of improvements in

this area need to be implemented too and explaining to end-users security of biometrics in smartphones,

mentioned above, does add to this need. Possibility to add two factor authentication (2FA) could also

improve end-users’ perception of m-payments’ security as they already consider 2FA very secure.

All these outcomes can, as has been pointed out in section “1.5 Significance of Study”, be used for

determining improvements when developing smart devices which are capturing biometric samples or

designing software that will be performing m-payments as well as for information purposes aimed

towards shops which would like to know whether implementing and supporting POS-terminal capable

of performing m-payments is worth being inserted into brick and mortar stores to improve customers’

experience. Furthermore, this research can be used for other researches within this domain as it

provides user-acceptance details on limited amount of end-users in 2020 in Central Europe. Therefore,

involving larger amount of users, performing interviews in different geographical areas, or performing

the research in later years could use data researched in this project as a reference.

8.2 Future Work

This research has pointed out many details regarding user-acceptance of biometrics for m-payments.

However, throughout the project it has been detected that there are some other fields which would

deserve more attention. The following unordered list provides these areas:

• As has been pointed out already, end-users are more reluctant to insert credit/debit cards into

their smartphones than they are inserting their fingerprints or scans of face. Hence, barriers

which end-users might feel for inserting these cards into their smartphones could be research

topic on it own as it directly affects usage of biometrics for m-payments.

67

• Performing interviews with:

◦ not full-time working employees (as almost all respondents in this research were full-time

employees), or

◦ with more older people (i.e. 41 year or more) (as only little over 17% of respondents were

older than 41 years in this research).

• Ask additional interview questions on areas that deserve more attention:

◦ Ergonomics of the device,

◦ Trust,

◦ Financial cost of the device,

◦ Privacy (perhaps users often use it interchangeably with security),

◦ Reasons why over 67% of respondents have never used face recognition before,

◦ How should 2FA for m-payments authentication work in more detail (to be considered as

useful for end-users).

68

ReferencesAdegboye, A. (2015) 'Secure On-Line Transaction through Augmented Biometrics System', Global Journal of Computer Science and Technology, 15(2), pp.7-14.

Adnan, N., Nordin, S., bin Bahruddin, M. & Ali, M. (2018) ‘How trust can drive forward the user acceptance to thetechnology? In-vehicle technology for autonomous vehicle’, Transportation Research Part A-Policy and Practice, pp.819-836. doi: 10.1016/j.tra.2018.10.019

Alrawashdeh, T., Elbes, M., Almomani, A., ElQirem, F. & Tamimi, A. (2019) ‘User acceptance model of open source software: an integrated model of OSS characteristics and UTAUT’, Journal of Ambient Intelligence and Humanized Computing. doi: 10.1007/s12652-019-01524-7

Alqudah, M. (2018) 'Consumer Protection in Mobile Payments in the UAE: The Current State of Play, Challengesand the Way Ahead', Information & Communications Technology Law, 27(2), pp.166-184. Doi: 10.1080/13600834.2018.1458450

Android.com (2020), Measuring Biometric Unlock Security, Available at: https://source.android.com/security/biometric/measure (Accessed: 5 May 2020).

Apple.com (2020), About Touch ID advanced security technology, Available at: https://support.apple.com/en-us/HT204587 (Accessed: 5 May 2020).

Awad, A. (2012) ‘Machine Learning Techniques for Fingerprint Identification: A Short Review’, International Conference on Advanced Machine Learning Technologies and Applications, Advanced Machine Learning Technologies and Applications (AMLTA 2012). Cairo, Egypt. Dec. doi: 10.1007/978-3-642-35326-0_52

Awad, A. & Baba, K. (2011) ‘Fingerprint Singularity Detection: A Comparative Study’, International Conference onSoftware Engineering and Computer Systems, Software Engineering and Computer Systems (ICSECS 2011). doi: 10.1007/978-3-642-22170-5_11

Awad, A. & Baba, K. (2012) ‘Evaluation of a Fingerprint Identification Algorithm with SIFT Features’, 2012 IIAI International Conference on Advanced Applied Informatics, Fukuoka, Japan. 20-22 Sep. doi: 10.1109/IIAI-AAI.2012.34

Barbaschow, A. (2019), Smartphone market 'a mess' but annual tablet sales are also down, Available at: https://www.zdnet.com/article/smartphone-market-a-mess-but-annual-tablet-sales-are-also-down/ (Accessed: 12 May 2020).

BBC News (2020a), Coronavirus pandemic, Available at: https://www.bbc.com/news/coronavirus (Accessed: 9 May 2020).

BBC News (2020b), Coronavirus confirmed as pandemic by World Health Organization, https://www.bbc.com/news/world-51839944 (Accessed: 9 May 2020).

Blanco-Gonzalo, R., Miguel-Hurtado, O., Lunerti, C., Guest, R., Corsetti, B., Ellavarason, E. & Sanchez-Reillo, R. (2019) 'Biometric Systems Interaction Assessment: The State of the Art', IEEE Transactions on Human-Machine systems, 49(5), pp.397-410. doi: 10.1109/THMS.2019.2913672

69

Boseley, S. (2020) ‘WHO declares coronavirus pandemic’, The Guardian, 11 March. Available at: https://www.theguardian.com/world/2020/mar/11/who-declares-coronavirus-pandemic (Accessed: 9 May 2020).

Boseley, S., Devlin, H. & Belam, M. (2020) ‘What is Coronavirus, what are its symptoms, and when should I call a doctor?’, The Guardian, 17 April. Available at: https://www.theguardian.com/world/2020/apr/17/what-is-coronavirus-what-are-its-symptoms-and-when-should-i-call-a-doctor (Accessed: 9 May 2020).

Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R. and Cleven, A. (2009) 'Reconstructing the giant: On the importance of rigour in documenting the literature search process', 17th European Conference on Information Systems, ECIS 2009. Paper 161.

Buckley, O. & Nurse, J. (2019) 'The language of biometrics: Analysing public perceptions', Journal of Information Security and Applications, 47, pp.112-119.

Bycer, B. (2020) Paying at a Distance: How to Navigate Touch-Free In-Store Payment Methods During Coronavirus and Beyond, Available at: https://www.forbes.com/advisor/credit-cards/touch-free-in-store-payment-methods/ (Accessed: 9 May 2020).

Cater-Steel, A., Toleman, M. & Rajaeian, M. M. (2019) ‘Design Science Research in Doctoral Projects: An Analysis of Australian Theses’, 20(12), pp.1844-1869. doi: 10.17705/1jais.00587

Chronéer, D. (2019) Quantitative Research. [PDF slides] Lecture handouts. Luleå Tekniska Universitet. 10 December, 2019.

DW (2020), Coronavirus: WHO declares coronavirus outbreak a pandemic, Available at: https://www.dw.com/en/coronavirus-who-declares-coronavirus-outbreak-a-pandemic/a-52715743 (Accessed: 9 May 2020).

ECDC (2020), COVID-19 situation update worldwide, as of 8 May 2020, Available at: https://www.ecdc.europa.eu/en/geographical-distribution-2019-ncov-cases (Accessed: 9 May 2020).

Eude, T. & Chang, C. (2018) ‘One-class SVM for biometric authentication by keystroke dynamics for remote evaluation’, Computational Intelligence, 34(1), pp.145-160. doi: 10.1111/coin.12122

Fabregues, S. & Fetters, M. D. (2019) ‘Fundamentals of case study research in family medicine and community health’, Family Medicine and Community Health, 7(2), pp.1-8. doi: 10.1136/fmch-2018-000074

Genemo, H., Miah, S. J. & McAndrew, A. (2015) ‘A Design Science Research Methodology for Developing a Computer-Aided Assessment Approach Using Method Marking Concept’, Education and Information Technologies, 21, pp.1769-1784. doi: 10.1007/s10639-015-9417-1

German, R. & Barber, K. S. (2017) Current Biometric Adoption and Trends, Available at: https://identity.utexas.edu/assets/uploads/publications/Current-Biometric-Adoption-and-Trends.pdf (Accessed: 12May 2020).

Google.com (2020), Unlock with your fingerprint, Available at: https://support.google.com/pixelphone/answer/6285273 (Accessed: 5 May 2020).

Gumbrecht, J. & Howard, J. (2020) ‘WHO declares novel coronavirus outbreak a pandemic’, CNN, 12 March. Available at: https://edition.cnn.com/2020/03/11/health/coronavirus-pandemic-world-health-organization/index.html (Accessed: 9 May 2020).

Hemphill, T. & Longstreet, P. (2016) 'Financial data breaches in the U.S. retail economy: Restoring confidence in information technology security standards', Technology in Society, 44, pp.30-38. doi: 10.1016/j.techsoc.2015.11.007

70

Hong, J., He, J. & Qiu, X. (2018) ‘Research on Influencing Factors of Users' Adoption Intention of WeChat Marketing’, 2018 International Joint Conference on Information, Media and Engineering (ICIME). Osaka, Japan. 12-14 December. doi: 10.1109/ICIME.2018.00039

Huang, F.-H. (2020) ‘Adapting UTAUT2 to assess user acceptance of an e-scooter virtual reality service’, Virtual Reality. doi: 10.1007/s10055-019-00424-7

Jadhav, V., Patil, R., Jadhav, R. & Magikar, A. (2015) ‘Proposed E-payment System using Biometrics’, International Journal of Computer Science and Information Technologies, 6(6), pp.4957-4960.

Jayusman, H. & Setyohadi, D. (2017) ‘An empirical investigations of user acceptance of “Scalsa” e-learning in stikes Harapan Bangsa Purwokerto’, 2017 5th International Conference on Cyber and IT Service Management (CITSM). Denpasar, Indonesia. 8-10 August. doi: 10.1109/CITSM.2017.8089266

Kelly, H. (2019) ‘Fingerprints and face scans are the future of smartphones. These holdouts refuse to use them.’,The Washington Post, 15 November. Available at: https://www.washingtonpost.com/technology/2019/11/15/fingerprints-face-scans-are-future-smartphones-these-holdouts-refuse-use-them/ (Accessed: 12 May 2020).

Kelly, S. M. (2020) ‘Dirty money: The case against using cash during the coronavirus outbreak’, CNN, 7 March. Available at: https://edition.cnn.com/2020/03/07/tech/mobile-payments-coronavirus/index.html (Accessed: 9 May2020).

Kencebay, B. (2019) ‘User acceptance of driverless vehicles and robots with aspect of personal economy’, Journal of Transnational Management, 24(4), pp.283-304. doi: 10.1080/15475778.2019.1664234

LaMotte, S. (2020) ‘What is coronavirus and Covid-19? An explainer’, CNN, 31 March. Available at: https://edition.cnn.com/2020/03/31/health/what-is-coronavirus-covid-19-wellness/index.html (Accessed: 9 May 2020).

Landrum, B. & Garza, G. (2015) ‘Mending Fences: Defining the Domains and Approaches of Quantitative and Qualitative Research’, Qualitative Psychology, 2(2), pp.199-209. doi: 10.1037/qup0000030

Levy, Y. & Ellis, T. (2006) 'A Systems Approach to Conduct an Effective Literature Review in Support of Information Systems Research', INFORMING SCIENCE Journal, 9, pp.181-212.

Liébana-Cabanillas, F., Marinkovic, V., Ramos de Luna, I. & Kalinic, Z. (2018) 'Predicting the determinants of mobile payment acceptance: A hybrid SEM-neural network approach', Technological Forecasting & Social Change, 129, pp.117-130. doi: 10.1016/j.techfore.2017.12.015

Malathi, R. & Jeberson, R. (2016), 'An Integrated Approach of Physical Biometric Authentication System', Procedia Computer Science, 85, pp.820-826. doi: 10.1016/j.procs.2016.05.271

Marinkovic, V. & Kalinic, Z. (2017) ‘Antecedents of customer satisfaction in mobile commerce.’, Online Information Review, 41(2), pp.138-154. doi: 10.1108/OIR-11-2015-0364

Martinovic, I., Rasmussen, K., Roeschlin, M. and Tsudik, G. (2017), 'Authentication Using Pulse-Response Biometrics', Communications of the ACM, 60(2), pp.108-115. doi: 10.1145/3023359

Mastercard.com (2020), Just Tap & Go®, Available at: https://www.mastercard.com/en-ke/consumers/features-benefits/contactless.html (Accessed: 7 May 2020).

71

Mingers, J. & Standing, C. (2020) ‘A Framework for Validating Information Systems Research Based on a Pluralist Account of Truth and Correctness’, Journal of the Association for Information Systems, 21(1), pp.117-151. doi: 10.17705/1jais.00594

NCSC (2020) Mobile Device Guidance, Available at: https://www.ncsc.gov.uk/collection/mobile-device-guidance/using-biometrics-on-mobile-devices (Accessed: 12 May 2020).

NetMarketShare (2020), Operating System Market Share, Available at: https://netmarketshare.com/operating-system-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Mobile%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Trend%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22platform%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22platformsMobile%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222019-05%22%2C%22dateEnd%22%3A%222020-04%22%2C%22segments%22%3A%22-1000%22%7D (Accessed: 12 May 2020).

Newey, S. & Gulland, A. (2020) ‘What is coronavirus, how did it start and how big could it get?’, The Telegraph, 9May. Available at: https://www.telegraph.co.uk/news/2020/05/07/what-coronavirus-covid-19-global-pandemic/ (Accessed: 9 May 2020).

Nugroho, R., Susilowati, A., Ambarwati, O. & Pratiwi, A. (2018) ‘Factors Affecting Users’ Acceptance of E-Billing System in Surakarta Tax Office’, ComTech, 9(1), pp.37-42/ doi: 10.21512/comtech.v9i1.4621

O’dea, S. (2020), Mobile operating systems' market share worldwide from January 2012 to December 2019, Available at: https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/ (Accessed: 12 May 2020).

Ogbanufe, O. & Kim, D. (2018) 'Comparing fingerprint-based biometrics authentication versus traditional authentication methods for e-payment', Decision Support Systems, 106, pp.1-14. doi: 10.1016/j.dss.2017.11.003

Okoh, E. & Awad, A. (2015) ‘Biometrics Applications in e-Health Security: A Preliminary Survey’, International Conference on Health Information Science, Health Information Science (HIS 2015). Melbourne, Australia. 6 May.doi: 10.1007/978-3-319-19156-0_10

Okoh, E., Makame, M. H. & Awad, A. (2017) ‘Toward online education for fingerprint recognition: A proof-of-concept web platform’, Information Security Journal: A Global Perspective, 26(4), pp.186-197. doi: 10.1080/19393555.2017.1329462

Okpara, O. & Bekaroo, G. (2017) ‘Cam-Wallet: Fingerprint-Based Authentication in M-Wallets using Embedded Cameras’, 2017 IEEE International Conference on Environment and Electrical Engineering (EEEIC) and 2017 IEEE Industrial and Commercial Power Systems Europe (I&CPS Europe). Milan, Italy, 6-9 June. doi: 10.1109/EEEIC.2017.7977654

Paiva, J., Dias, D. & Cunha, J. (2017) ‘Beat-ID: Towards a computationally low-cost single heartbeat biometric identity check system based on electrocardiogram wave morphology’, PLoS ONE, 12(7), pp.1-32. doi: 10.1371/journal.pone.0180942

Pritchard, J. (2019), Pay With Your Mobile Phone, Available at: https://www.thebalance.com/pay-with-your-mobile-phone-315479 (Accessed: 7 May 2020).

Rad, M., Nilashi, M. & Dahlan, H. (2017) ‘Information technology adoption: a review of the literature and classification’, Universal Access in the Information Society, 17(2), pp.361–390. doi: 10.1007/s10209-017-0534-z

72

Ranger, S. (2018) Wearables outlook 2022: Smartwatches will still rule, Apple will still dominate, Available at: https://www.zdnet.com/article/wearables-outlook-2022-smartwatches-will-still-rule-apple-will-still-dominate/ (Accessed: 12 May 2020).

Rooks, T. (2020) ‘Will the coronavirus crisis finally spell the end of cash payments in Germany?’, DW, 7 May. Available at: https://www.dw.com/en/paying-in-cash-in-germany-and-the-coronavirus-corona-crisis-epidemic/a-53349878 (Accessed: 9 May 2020).

Savvides, L. (2019), Samsung Pay: Everything you need to know (FAQ), Available at: https://www.cnet.com/how-to/samsung-pay-everything-you-need-to-know-faq-mobile-wallet/ (Accessed: 7 May 2020).

Sekiguchi, W. (2020) ‘COVID-19 pandemic prompts a digital revolution’, The Japan Times, 15 April. Available at: https://www.japantimes.co.jp/opinion/2020/04/15/commentary/japan-commentary/covid-19-pandemic-prompts-digital-revolution/#.XrQmnGVR2Uk (Accessed: 9 May 2020).

Sivakumar, T., Nair, S., Zacharias, G., Nair, M. & Joseph, A. (2018), ‘Identification of tongue print images for forensic science and biometric authentication’, Journal of Intelligent & Fuzzy Systems, 34(3), pp.1421-1426. doi: 10.3233/JIFS-169437

Statcounter (2020a), Mobile Operating System Market Share Worldwide, Available at: https://gs.statcounter.com/os-market-share/mobile/worldwide (Accessed: 12 May 2020).

Statcounter (2020b), Desktop vs Mobile vs Tablet Market Share Worldwide, Available at: https://gs.statcounter.com/platform-market-share/desktop-mobile-tablet (Accessed: 12 May 2020).

Statista (2019), Annual sales volume of smartphones, tablets, wearables and laptops in France from 2011 to 2016*, Available at: https://www.statista.com/statistics/490231/wearable-devices-worldwide-by-region/ (Accessed: 12 May 2020).

Ståhlbröst, A. (2019) QUALITATIVE RESEARCH METHODS. [PDF slides] Lecture handouts. Luleå Tekniska Universitet. 3 December, 2019.

Szopinski, T. (2016) 'Factors affecting the adoption of online banking in Poland', Journal of Business Research, 69(11), pp.4763-4768. doi: 10.1016/j.jbusres.2016.04.027

Tao, D., Fu, P., Wang, Y., Zhang, T. & Qu, X. (2019) ‘Key characteristics in designing massive open online courses (MOOCs) for user acceptance: an application of the extended technology acceptance model’, Interactive Learning Environments. doi: 10.1080/10494820.2019.1695214

Trappey, A., Trappey, C. & Hsu, A. (2016) 'Patent Portfolio Analysis of E-payment Services Using Technical Ontology Roadmaps', IEEE International Conference on Systems, Man, and Cybernetics, SMC 2016. Budapest, Hungary, 9-12 October.

Turkmen, C. & Degerli, A. (2015) ‘Transformation of Consumption Perceptions: A Survey on Innovative Trends inBanking’, Procedia - Social and Behavioral Sciences, 195, pp.376-382. doi: 10.1016/j.sbspro.2015.06.337

UNDP (2020), COVID-19 pandemic, Available at: https://www.undp.org/content/undp/en/home/coronavirus.html (Accessed: 9 May 2020).

Verleye, K. (2019) ‘Designing, writing-up and reviewing case study research: an equifinality perspective’, Journalof Service Management, 30(5), pp.549-576. doi: 10.1108/JOSM-08-2019-0257

73

Visa.com (2020), Tap to pay with Visa, Available at: https://usa.visa.com/pay-with-visa/contactless-payments/contactless-payments.html (Accessed: 7 May 2020).

Visontay, E. (2020) ‘Cashless payments ‘help stop spread’ of coronavirus’, The Australian, 10 March. Available at: https://www.theaustralian.com.au/science/cashless-payments-help-stop-spread-of-coronavirus/news-story/fd4bb0b9a934ce0ca722993710a17c4f (Accessed: 9 May 2020).

Webster, J. & Watson, R. (2002) 'Analyzing the Past to Prepare for the Future: Writing a Literature Review', MIS Quarterly, 26(2), pp.xiii-xxiii.

Yang, W., Wang, S., Zheng, G., Yang, J. and Valli, C. (2019) ‘A Privacy-Preserving Lightweight Biometric Systemfor Internet of Things Security’, IEEE Communications Magazine, 57(3), pp.84-89. doi: 10.1109/MCOM.2019.1800378

Ylikoski, P. & Zahle, J. (2019) ‘Case study research in the social sciences’, Studies in History and Philosophy of Science Part A, 78, pp.1-4. doi: 10.1016/j.shpsa.2019.10.003

Young, S. (2020) ‘CORONAVIRUS: WHAT ARE THE NEW CONTACTLESS CARD RULES AND SPENDING LIMIT?’, The Independent, 20 April. Available at: https://www.independent.co.uk/life-style/coronavirus-contactless-spending-limit-how-much-a9421366.html (Accessed: 9 May 2020).

Zirjawi, N., Kurtanovic, Z. & Maalej, W. (2015) ‘A survey about user requirements for biometric authentication on smartphones.’, 2015 IEEE 2nd Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE). Ottawa, ON, Canada, 25-25 August. doi: 10.1109/ESPRE.2015.7330160

74

Appendix A – questionnaire (protocol)

Biometrics in mobile payments

This questionnaire discusses personal feelings about fingerprint authentication, then face recognition, and finally two factor (PIN and fingerprint) authentication. Data will be presented as a whole, meaning personal responses will not be shared with anyone at all. They will be anonymised.

Intro Questions

1. What operating system do you have on mobile?

• iOS (Apple)

• Android (Google)

• Other

2. What is your gender?

• Male

• Female

3. How old are you?

• Less than 18

• 18-30

• 31-40

• 41-50

• 51 or more

4. What is your highest finished education?

• Elementary school

• Secondary school (high school)

• University

• None

75

5. Do you work?

• Student

• Student with Part-time job

• Student with Full-time job

• Employed Part-time

• Employed Full-time

• Unemployed

• Retired

6. When was the last time you performed m-payment?

• Within last 30 days (1 month)

• Within last 90 days (3 months)

• Within last 180 days (6 months)

• Within last 365 days (12 months)

• More than 1 year ago

• Never

7. When was the last time you authenticated using biometrics?

• Within last 30 days (1 month)

• Within last 90 days (3 months)

• Within last 180 days (6 months)

• Within last 365 days (12 months)

• More than 1 year ago

• Never

8. If you were using some biometric authentication method which one(s) and who introduced it(them) to you?If you used both please comment on both.

76

Fingerprint authentication

9. How did you like fingerprint authentication?

• 5 - very much

• 4 - much

• 3 - neutral

• 2 - not so much

• 1 - not at all

10. What are the biggest benefits of m-payments using fingerprint?

11. What are the biggest negatives of m-payments using fingerprint?

12. I consider fingerprint authentication faster (i.e. more efficient) than traditional authentication (e.g. PIN, password).

Strongly disagree 1 2 3 4 5 Strongly agree

13. I consider fingerprint authentication very secure.

Strongly disagree 1 2 3 4 5 Strongly agree

14. I consider fingerprint authentication improving e-payments domain.

Strongly disagree 1 2 3 4 5 Strongly agree

15. I consider fingerprint authentication easy to use.

Strongly disagree 1 2 3 4 5 Strongly agree

16. I consider fingerprint authentication as stress free method of payment.

Strongly disagree 1 2 3 4 5 Strongly agree

17. My friends and peers are using fingerprint authentication.

Strongly disagree 1 2 3 4 5 Strongly agree

77

18. My friends and peers are/were encouraging me to use fingerprint authentication.

Strongly disagree 1 2 3 4 5 Strongly agree

19. I feel that vast majority of retailers are accepting this method of payment.

Strongly disagree 1 2 3 4 5 Strongly agree

Face recognition

20. How did you like face recognition authentication?

• 5 - very much

• 4 - much

• 3 - neutral

• 2 - not so much

• 1 - not at all

21. What are the biggest benefits of m-payments using face recognition?

22. What are the biggest negatives of m-payments using face recognition?

23. I consider face recognition authentication faster (i.e. more efficient) than traditional authentication (e.g. PIN, password).

Strongly disagree 1 2 3 4 5 Strongly agree

24. I consider face recognition authentication very secure.

Strongly disagree 1 2 3 4 5 Strongly agree

25. I consider face recognition authentication improving e-payments domain.

Strongly disagree 1 2 3 4 5 Strongly agree

78

26. I consider face recognition authentication easy to use.

Strongly disagree 1 2 3 4 5 Strongly agree

27. I consider face recognition authentication as stress free method of payment.

Strongly disagree 1 2 3 4 5 Strongly agree

28. My friends and peers are using face recognition authentication.

Strongly disagree 1 2 3 4 5 Strongly agree

29. My friends and peers are/were encouraging me to use face recognition authentication.

Strongly disagree 1 2 3 4 5 Strongly agree

30. I feel that vast majority of retailers are accepting this method of payment.

Strongly disagree 1 2 3 4 5 Strongly agree

Two Factor authentication

31. How did you like two factor authentication?

• 5 - very much

• 4 - much

• 3 - neutral

• 2 - not so much

• 1 - not at all

32. What are the biggest benefits of m-payments using two factor authentication?

33. What are the biggest negatives of m-payments using two factor authentication?

79

34. I consider 2 factor authentication very secure.

Strongly disagree 1 2 3 4 5 Strongly agree

35. I consider two factor authentication improving e-payments domain.

Strongly disagree 1 2 3 4 5 Strongly agree

36. I consider two factor authentication easy to use.

Strongly disagree 1 2 3 4 5 Strongly agree

37. I consider two factor authentication as stress free method of payment.

Strongly disagree 1 2 3 4 5 Strongly agree

Final Questions

38. Would you prefer other biometric authentication for m-payments? If yes, which one and why?

39. Which of the following is more secure authentication method according to you?

• Traditional authentication (e.g. PIN, password)

• Biometric authentication (e.g. fingerprint, face recognition)

• Neither

THANK YOU

80

Appendix B – interview schedule

The following table shows date and duration of interviews which were performed as part of this research.

No. Participant ID Date of Interview(dd.mm.yyyy)

Duration of Interview(minutes)

1 Participant_001 3.4.2020 45

2 Participant_002 3.4.2020 45

3 Participant_003 3.4.2020 25

4 Participant_004 4.4.2020 25

5 Participant_005 4.4.2020 25

6 Participant_006 4.4.2020 35

7 Participant_007 4.4.2020 17

8 Participant_008 4.4.2020 19

9 Participant_009 4.4.2020 45

10 Participant_010 4.4.2020 30

11 Participant_011 4.4.2020 16

12 Participant_012 4.4.2020 26

13 Participant_013 5.4.2020 29

14 Participant_014 5.4.2020 42

15 Participant_015 5.4.2020 19

16 Participant_016 5.4.2020 14

17 Participant_017 5.4.2020 22

18 Participant_018 5.4.2020 47

19 Participant_019 5.4.2020 29

20 Participant_020 5.4.2020 20

21 Participant_021 8.4.2020 36

22 Participant_022 8.4.2020 24

23 Participant_023 8.4.2020 32

24 Participant_024 9.4.2020 18

25 Participant_025 9.4.2020 35

26 Participant_026 9.4.2020 24

81

27 Participant_027 9.4.2020 21

28 Participant_028 9.4.2020 32

29 Participant_029 9.4.2020 34

30 Participant_030 10.4.2020 37

31 Participant_031 10.4.2020 25

32 Participant_032 10.4.2020 22

33 Participant_033 10.4.2020 38

34 Participant_034 10.4.2020 21

35 Participant_035 10.4.2020 31

36 Participant_036 10.4.2020 34

37 Participant_037 10.4.2020 44

38 Participant_038 10.4.2020 47

39 Participant_039 10.4.2020 33

40 Participant_040 11.4.2020 28

41 Participant_041 11.4.2020 12

42 Participant_042 11.4.2020 25

43 Participant_043 11.4.2020 40

44 Participant_044 11.4.2020 40

45 Participant_045 11.4.2020 34

46 Participant_046 11.4.2020 70

47 Participant_047 12.4.2020 18

48 Participant_048 13.4.2020 22

49 Participant_049 14.4.2020 39

50 Participant_050 15.4.2020 18

51 Participant_051 15.4.2020 32

52 Participant_052 16.4.2020 29

82

Appendix C – initial research plan

The following table shows a basic layout of the timeframe I would like to follow for writing the thesis.

Each step (from section “3.” above) has a week or weeks allocated to it based on my estimates. For

better clarity brief comments are written in each row. Please note that I will not physically start writing

the thesis in Week 12 but will write it throughout the whole time allocated. Just the main parts of the

thesis are mentioned in this plan.

Time (w=week) Step(s) Brief comments

January n/a Work out with supervisor final version of research question & sub-questions

W1 (3.-9.2.) 1 Research and determine term “acceptability”

W2 (10.-16.2.) 1 Research and determine term “acceptability”

W3 (17.-23.2.) 2 Prepare testing scenarios

W4 (24.2.-1.3.) 2 Prepare testing scenarios

W5 (2.-8.3.) 3 Prepare questionnaire

W6 (9.-15.3.) 4 Get questionnaire improved by skilled people

W7 (16.-22.3.) 5 Improve the questionnaire

W8 (23.-29.3.) 6 + 7 (6) Perform testing scenarios with end-users

W9 (30.3.-5.4.) 6 + 7 (6) Perform testing scenarios with end-users

W10 (6.-12.4.) 6 + 7 (7) Gather their feedback by means of questionnaire

W11 (13.-19.4.) 6 + 7 (7) Gather their feedback by means of questionnaire

W12 (20.-26.4.) 8 Analyse the feedback

W13 (27.-3.5.) 8 + 9 (8) Analyse the feedback + (9) Discuss the results

W14 (4.-10.5.) 9 Discuss the results

W15 (11.-17.5.) 9 + 10 (9) Discuss the results + (10) Write remaining parts

W16 (18.-24.5.) 10 Write remaining parts

W17 (25.-31.5.) n/a Final reviews of the thesis

83