Biometric Authentication in M-PaymentsAnalysing and improving end-users’ acceptability
Jakub Porubsky
Information Security, master's level (120 credits)
2020
Luleå University of Technology
Department of Computer Science, Electrical and Space Engineering
Acknowledgement
I would like to thank Dr. Ali Ismail Awad for providing excellent supervision throughout the whole
writing process. The received comments were always helpful and have significantly improved my
work. Seniha Oztemiz Tulgar also deserves my gratitude for peer reviewing this thesis on a monthly
basis. The provided feedback also undoubtedly helped to shape this project into its current form.
Finally, appreciation goes to the anonymous examiner who has reviewed and marked this thesis.
i
Abstract
Traditional authentication methods like Personal Identification Number (PIN) are getting obsolete and
insecure for electronic-payments while mobile-payments are becoming more and more popular.
Biometrics such as fingerprint and face recognition authentication methods seem to be a solution to this
security issue as they are becoming a regular and integrated part of an average smartphone end-users
purchase. However, for mobile-payments to be authenticated by biometrics, end-users acceptability of
both technologies must be high. In this research, fingerprint and face recognition authentication
methods are being tested with end-users and their current acceptability level is being determined based
on interviews which are conducted upon finishing each testing scenario. The interview is using 39
questions which are determining previous usage of the technologies, their likeability, positives,
negatives, and feelings about various features biometrics provide such as ease-of-use, stress-free
method of payment, security, and many others. Additionally, one more authentication method is tested,
namely two factor authentication consisting of one biometric method (fingerprint) and one traditional
method (PIN) of authentication. The main goal for testing this method is to find out whether
implementing (as currently it is not available) such technology into mobile-payments would be
beneficial and how it scored in user-acceptance next to fingerprint and face recognition authentication
methods. Once the user-acceptance level is determined the main reasons for it are presented. Last but
not least, suggestions for improvements in this domain are presented so that biometrics are even more
accepted by end-users who are performing mobile-payments on their smartphones.
ii
Table of Contents
CHAPTER 1..............................................................................................................................................1Introduction................................................................................................................................................1
1.1 Problem Description........................................................................................................................11.2 Purpose and Objectives...................................................................................................................21.3 Research Questions.........................................................................................................................31.4 Scope and Limitations.....................................................................................................................31.5 Significance of Study......................................................................................................................41.6 Organisation of Thesis.....................................................................................................................5
CHAPTER 2..............................................................................................................................................6Background................................................................................................................................................6
2.1 Biometric Technology.....................................................................................................................62.2 Need for Biometrics in M-Payments...............................................................................................72.3 User-acceptance Frameworks..........................................................................................................8
CHAPTER 3............................................................................................................................................10Literature Review.....................................................................................................................................10
3.1 Methodology.................................................................................................................................103.2 Mobile Payments (m-payments)...................................................................................................12
3.2.1 Current State of the Art.........................................................................................................123.2.2 Challenges..............................................................................................................................133.2.3 Influences...............................................................................................................................15
3.3 User Acceptance in M-Payments..................................................................................................163.4 Research Gap Analysis..................................................................................................................19
CHAPTER 4............................................................................................................................................22Research Methodology.............................................................................................................................22
4.1 Data Collection..............................................................................................................................224.1.1 Interviews Methodology........................................................................................................234.1.2 Population and Sample..........................................................................................................234.1.3 Interview Protocol.................................................................................................................24
4.2 Data Analysis.................................................................................................................................264.3 Research Process...........................................................................................................................29
CHAPTER 5............................................................................................................................................32Statistical Analysis...................................................................................................................................32
5.1 Participants....................................................................................................................................325.2 Usage of M-Payments...................................................................................................................355.3 Usage of Biometrics in Smartphone..............................................................................................365.4 Fingerprint Authentication............................................................................................................365.5 Face Recognition Authentication..................................................................................................405.6 Two Factor Authentication............................................................................................................445.7 Other Biometric Authentication Method.......................................................................................475.8 Traditional vs Biometric Authentication.......................................................................................48
iii
CHAPTER 6............................................................................................................................................49Reflection and Discussion........................................................................................................................49
6.1 Current Usage of M-Payments and Biometrics.............................................................................496.2 Fingerprint Authentication............................................................................................................506.3 Face Recognition...........................................................................................................................516.4 Two Factor Authentication............................................................................................................536.5 Gender, Age, and Education Differences......................................................................................546.6 Experience with M-Payments and Biometrics..............................................................................566.7 Other Biometric Authentication Method.......................................................................................566.8 Traditional vs Biometric Authentication.......................................................................................576.9 Relation to Current Covid-19 Pandemic.......................................................................................57
CHAPTER 7............................................................................................................................................58Results......................................................................................................................................................58
7.1 Findings versus Literature.............................................................................................................587.2 Research Questions Answered......................................................................................................62
7.2.1 Current User-Acceptance Level (Q1)....................................................................................627.2.2 Reasons for Current User-Acceptance Level (Q2)................................................................627.2.3 Suggested Improvements (Q3)..............................................................................................63
CHAPTER 8............................................................................................................................................66Conclusions and Future Research............................................................................................................66
8.1 Conclusion.....................................................................................................................................668.2 Future Work...................................................................................................................................67
References................................................................................................................................................69
iv
List of Tables
Table 1: Brocke et al. (2009) taxonomy applied to this thesis.................................................................11Table 2: Biometric Authentication usage.................................................................................................16Table 3: Biometric Authentication user requirements..............................................................................17Table 4: Qualitative vs Quantitative approach (Landrum & Garza 2015, Chronéer 2019, Ståhlbröst 2019)........................................................................................................................................................26Table 5: Occupation.................................................................................................................................35Table 6: Fingerprint – Gender..................................................................................................................38Table 7: Fingerprint – Age.......................................................................................................................38Table 8: Fingerprint – Education..............................................................................................................39Table 9: Fingerprint – Usage of M-Payments..........................................................................................39Table 10: Fingerprint – Usage..................................................................................................................40Table 11: Face Recognition – Gender......................................................................................................42Table 12: Face Recognition – Age...........................................................................................................42Table 13: Face Recognition – Education.................................................................................................43Table 14: Face Recognition – Usage of M-Payments..............................................................................43Table 15: Face Recognition – Usage........................................................................................................44Table 16: Two Factor – Age.....................................................................................................................46Table 17: Two Factor – Education...........................................................................................................47Table 18: Findings versus Literature........................................................................................................58
v
List of Figures
Figure 1: Operating System (OS)............................................................................................................32 Figure 2: Gender.....................................................................................................................................32 Figure 3: Age...........................................................................................................................................33 Figure 4: Finished Education..................................................................................................................34 Figure 5: Usage of M-Payments.............................................................................................................35 Figure 6: Usage of Biometrics in Smartphone........................................................................................36 Figure 7: Likeability of fingerprint authentication..................................................................................37 Figure 8: Likeability of face recognition authentication.........................................................................40 Figure 9: Likeability of two factor authentication..................................................................................45 Figure 10: Other biometrics for m-payments..........................................................................................47 Figure 11: Traditional versus Biometric authentication..........................................................................48
vi
List of Abbreviations
M-Payments Mobile-Payments
E-Payments Electronic-Payments
M-Commerce Mobile-Commerce
E-Commerce Electronic-Commerce
LTU Luleå Tekniska Universitet (Luleå University of Technology)
PIN Personal Identification Number
OTP One Time Password (e.g. received via SMS on phone)
TRA Theory of Reasoned Action
TPB Theory of Planned Behaviour
TAM Technology Acceptance Model
UTAUT Unified Theory of Acceptance and Use of Technology
IEEE Institute of Electrical and Electronics Engineering
POS terminal Point Of Sale terminal
NFC Near-Field Communication
2FA Two Factor Authentication (e.g. fingerprint and PIN)
vs versus
DNA Deoxyribonucleic Acid – also used for unique authentication of people (e.g. on crime scenes by police)
vii
CHAPTER 1
Introduction
1.1 Problem Description
The biometric authentication is most likely going to substitute the traditional method in order to
improve the security of user authentication when performing m-payments. While for traditional
authentication methods, namely something user knows (e.g. password or PIN) and something user has
(e.g. token or smart card), the framework was pretty straightforward, it is not so clear for biometric
authentication. This is because both traditional methods had to contain some characters (i.e. letters,
numbers, symbols, or combination) for authentication while biometrics has samples which can be of
many types. To provide a few examples: fingerprint scan, voice recognition samples, iris scan, palm
scan, face recognition scan, etc. The samples are then compared to already stored value and
authentication is based on match rate based on calibration (e.g. at least 90% must match to confirm
authentication) as opposed to 100% similarity which was required for the traditional approach. At the
time of writing fingerprint authentication with facial recognition are the most used biometric
authentication methods but as Awad & Baba (2011, p.122) state “fingerprint is the dominant trait
between different biometrics like iris, retina, and face”. Still, fingerprint and face recognition are both
mostly used because of these sensors (i.e. fingerprint scanner and high quality camera) being widely
deployed into smartphones. The developers of biometric authentication methods are even creating some
completely new ones – for example: tongue scan (Sivakumar et al., 2018), heartbeat profile (“beat-ID”)
(Paiva et al., 2017), keystroke profile (“keyboard keystroke dynamics”) (Eude & Chang, 2018), or
pulse-response profile (Martinovic et al., 2017). Hence, there are multiple ways through which m-
payments could be authenticated and determining the most suitable one could be considered crucial.
Now, for an authentication method to be successful there are many influences which are affecting the
deployment. Some of the most important ones are: time it takes to perform the payment, ergonomics
(e.g. location of fingerprint scanner), user-acceptance (i.e. enjoyment), usefulness, and security
(Blanco-Gonzalo et al. 2019, Liebana-Cabanillas et al. 2018, Ogbanufe & Kim 2018, Trappey et al.
2016, Marinkovic & Kalinic 2017, Rad et al. 2017). Therefore, determining the current user-acceptance
as well as suggesting methods to improve it could be very useful because it can be considered as the
most important influence for particular method to be successful. In other words, if users will not like a
1
method (for any type of a reason) they will not use it even if it is most secure, extremely fast, with
excellent ergonomics. Now if this negative user perception would become a reality it could introduce a
relatively high security risk because traditional authentication methods are getting less and less secure
due to several reasons. The main reason would be that end-users need more and more accounts to work
with on a daily basis (Buckley & Nurse, 2019) meaning they are likely to create simple passwords that
are easier to remember. But reasons worth mentioning include constant increase of computing power
which could crack even stronger passwords using all available combinations within reasonable time in
the near future as well as high chance of users storing passwords on an insecure place(s) (physical and/
or electronical) as e.g. password managers are paid services that not every user wants to pay for and
very secure password like “fT5h*m9k_p2G” is very hard to remember. Therefore, traditional methods
could increase the chances of malicious users breaching individuals’ personal accounts and as a result
create financial and/or other types of direct impact. As was mentioned above, biometric authentication
seems to be a solution to this emerging challenge.
1.2 Purpose and Objectives
This study is attempting to assess the current acceptability-level of end-users who are performing m-
payments using biometric authentication. The purpose is therefore to acknowledge the current situation
from reality by means of performing actual testing scenarios with end-users who are then going to be
interviewed. The sample of end-users is aiming at being of high diversity (i.e. various age groups, sex,
education, etc.) and of high number so that data is relevant. Using the gathered data, the user-
acceptability can be determined and better understood for further purposes. Within this study, these will
then further be used to suggest possible strategies to improve the end-user’s acceptability and therefore
see which authentication method or combination of methods (i.e. two factor authentication) are ideal.
Hence, the objectives of this study are as follows:
a) Make a study of the actual user-acceptance among users when performing m-payments by
means of biometric authentication.
b) Identify the most common reasons of why the current user-acceptance is as it is.
c) Suggest improvements that can be performed to improve end-users’ acceptability.
2
1.3 Research Questions
The following ordered list lays out the research questions which this study is attempting to research in
order to achieve the aforementioned objectives:
Q1.: What is the current acceptability level of biometrics in m-payments?
Q2.: What are the common reasons behind the current acceptability level?
Q3.: What are the possible strategies to improve end-users’ acceptability?
1.4 Scope and Limitations
This project has its particular focus and this section attempts to explain it. Firstly, the smartphones
which were part of the interviews have not used all the possible alternatives. The used ones had either
iOS or Android operating system (while there are some others on the market) and biometric
authentication selected for the testing scenarios omitted at least iris scan which is quite spread among
Android phones. Selecting these alternatives has simple reasoning – at the time of writing these choices
for operating system (Statcounter 2020a, O’dea 2020, Netmarketshare 2020) and biometric
authentication methods (Kelly 2019, German & Barber 2017, NCSC 2020) were the most popular ones.
Secondly, all other smart devices capable of performing m-payments were not part of the research (e.g.
smartwatches or tablets). In 2018 global shipments of wearables (i.e. smartwatches) were around 125
million of units (Ranger, 2018), tablets around 173 millions (Barbaschow, 2019), while smartphones
were in a significant lead with 1404 million (Barbaschow, 2019) shipments. Hence, it can be said that
smartphones are the most popular smart devices (Statcounter 2020b, Statista 2019) and therefore
currently have the highest impact towards usage of m-payments. Therefore, choosing them for this
research seemed like the most adequate option.
Thirdly, the interviewees were all inhabitants of Bratislava (the capital of Slovakia) with almost all of
them having a full-time job. Central Europe (i.e. Bratislava) was the actual physical place for
conducting the research and fact that only few people from the asked respondents were not full-time
employed is how the research ended up. Nevertheless, this was not considered as a problem because
people with regular income are more likely purchasing smartphone capable of performing m-payments.
Fourthly, as the time for performing the interviews was limited (actually only 14 days were allocated
for it) and only 1 person was conducting them, the final number of participants is not extremely
extensive (52 end-users). However, for the purposes and scope of this project it is considered as
3
sufficient. In case the results are or will be required to be more precise there could be more human
resources (i.e. interviewers) and/or time allocated to this research and therefore conclude in much
higher number of participants with more relevant outcomes.
Lastly, all the interviews were done via the Internet using video conferencing even though these were
originally planned to be conducted physically face to face. This is because of Covid-19 pandemic
(Boseley 2020, BBC News 2020b, DW 2020, Gumbrecht & Howard 2020) which forced many
countries (including Slovakia) to basically stop human contact to the greatest extent possible. Vast
majority of people who were not working under critical infrastructure of the country were moved to
100% home office or stopped going to work temporarily. Additionally, all kinds of public places were
closed and people were highly advised to stay at home as much as possible (i.e. to leave home only to
buy food, drugs, or cosmetics). Nevertheless, this was used to the advantage because number of
participants would have likely been significantly smaller for face to face meetings within the given
time and human resources to perform the interviews.
1.5 Significance of Study
The significance of this study is to outline the acceptance of users regarding usage of biometric
authentication when performing m-payments. This helps determining what is the current satisfaction of
using biometric form of authentication among end-users. Hence, can be used for various purposes such
as: deciding whether such payment method should be implemented and supported (in e.g. a brick and
mortar store) or for improving the smart devices which are capturing biometric samples.
The outcome of this thesis is also concerning the common reasons behind the current acceptability
level which means that these can be analysed in a greater detail and used to better understand important
factors affecting usage of this authentication method on smartphones. Hence, to improve products as
well as all other aspects that end-users consider important (e.g. could be security or training for usage).
Nevertheless, this study will also suggest possible strategies how end-users’ acceptability level can be
improved. Therefore, if desired, readers do not have to analyse the findings mentioned above but may
focus on the last section which presents the actual strategies.
Finally, this research can serve as a reference material for further research. As the research topic is ever
evolving and the outcomes presented here may not be actual in the future it can help to lay out the
situation detected in 2020 in Central Europe. Alternatively, it can be used for comparison to a similar
research conducted in a different geographical location or practically in any other way particular
researcher(s) decides to use it for.
4
1.6 Organisation of Thesis
Chapter 2 – Provides a background information to introduce biometric technology, its need in m-
payments domain, and user-acceptance frameworks which exist for measuring user-acceptance.
Chapter 3 – Consists of literature review which was conducted to find out the current state of the art
(current situation, challenges, influences) and user acceptance in m-payments. Additionally, research
gap analysis is present to provide details on what is missing and how this project will help to fix it.
Chapter 4 – Describes detailed insights into how this research was actually conducted. It mentions
details about the data collection (interview methodology, population and sample, interview protocol),
information on what research methodology was used and why, and lays out step-by-step points of the
whole research process.
Chapter 5 – Focuses on providing results of the research without some specific conclusions. It informs
readers about raw data such as who were the participants, usage of biometrics and m-payments, all
results for 3 tested authentication methods, and results for final 2 questions (whether other biometrics is
desired and whether biometrics or traditional authentication method is more secure).
Chapter 6 – Could be considered as chapter which provides in depth reflections and discussions to the
raw data from the previous chapter. In addition, it looks at differences in age, gender, education, and
experience with the technologies. Finally, as in reality the world was at the time of writing experiencing
a pandemic situation, relation of this project to that is presented too.
Chapter 7 – Attempts to to provide accurate results of the whole research and compare them with the
reality. As first, the findings which this project has are directly compared to the current literature. Then,
the research questions are answered.
Chapter 8 – Includes conclusions of the whole project and suggestions for future research that could be
performed in this domain.
5
CHAPTER 2
Background
Background chapter is providing basic information about the topic which is biometrics during
m-payments. Firstly, background about biometrics is given. Secondly, the actual need for biometrics in
m-payments is presented. Lastly, as this thesis attempts to detect user-acceptance of biometrics while
performing m-payments, user-acceptance frameworks are introduced.
2.1 Biometric Technology
Biometrics technology can be defined as “a way of personal identification using the phycological or the
behavioural characteristics” (Awad, 2012, p.524). Moreover, biometrics is already widely known and
implemented technology for authenticating people (Turkmen & Degerli 2015, Blanco-Gonzalo et al.
2019, Paiva et al. 2017, Awad 2012). Actually, Okoh et al. (2017, p.187) state that “ancient people were
aware of the uniqueness of individuals’ fingerprints because of the discovery of fingerprints on ancient
archaeological artefacts”. Nevertheless, its popularity has recently risen largely due to extended
implementation within mobile platforms (Blanco-Gonzalo et al. 2019, Paiva et al. 2017, Zirjawi et al.
2015, Ogbanufe & Kim 2018) as well as need in healthcare (Okoh & Awad, 2015), law enforcement
and other sectors (Paiva et al. 2017, Yang et al. 2019, Ogbanufe & Kim 2018). Especially in health care
it “has proved to be very compelling for the health industry due to the many benefits it affords the
industry” (Okoh & Awad, 2015, p.92). It is an automated method which can authenticate a person using
physiological or behavioural characteristics (e.g. face recognition, fingerprint, skull structure, DNA
matching, handwriting, iris, hand vein, voice) (Turkmen & Degerli 2015, Jadhav et al. 2015, Blanco-
Gonzalo et al. 2019, Martinovic et al. 2017, Zirjawi et al. 2015, Ogbanufe & Kim 2018). Hence, in
comparison to more traditional methods (i.e. something user has – like a token or smart card and
something user knows – like a password or PIN) this method is all about what a user is. The focus on
the authentication process is therefore between a user and a biometric sensor (e.g. fingerprint sensor)
6
which needs to be of high quality in order to provide effective and useful authentication method
(Blanco-Gonzalo et al., 2019). Biometric authentication method has two phases. Firstly, the sample has
to be enrolled into a database and secondly, the verification is performed on-demand where scanned
sample and sample from a database are compared (Malathi & Jeberson 2016, Ogbanufe & Kim 2018).
Banks and other financial institutions are already using or experimenting with various kinds of
biometrics implementations into electronic-payments or other relevant services such as: contactless
payment card with fingerprint sensor, face or voice recognition for authenticating cardholders, or
electronic signatures by finger vein (Turkmen & Degerli, 2015). Additionally, there are many other
alternatives to widely deployed methods (i.e. fingerprint, face, iris, voice) being developed and tested
such as gait recognition, knuckle recognition, forehead recognition, or facial sketches (Blanco-Gonzalo
et al., 2019). It is also worth mentioning that biometrics have their drawbacks too. Their accuracy can
change with environment, ageing of a user, user position, or other influences (Paiva et al. 2017, Zirjawi
et al. 2015). Additionally, they still can be compromised or forged (Paiva et al. 2017, Ogbanufe & Kim
2018) – e.g. a fingerprint can be stolen using a synthetic material (e.g. gelatin) (Paiva et al., 2017).
2.2 Need for Biometrics in M-Payments
There are issues with the traditional authentication methods (e.g. password or PIN) which are being
widely used for electronic authentication at the moment. Some of the main problems are: (1) they are
hard to remember if they are supposed to be difficult to crack; (2) there are increasingly more accounts
with credentials required for an average user; (3) they need to be regularly changed if they are
supposed to remain secure and confidential (as theoretically every password can be cracked the
question always is how much time it will take). The solution to these problems seem to be relatively
easy. There are three types of authentication: something you know (e.g. password or PIN), something
you have (e.g. smart card or token), and something you are (e.g. fingerprint or face). Something user
knows on its own is mostly as secure as the actual password (e.g. “12345678” can be cracked in
seconds while “fT5h*m9k_p2G” could take years to crack but is much harder to remember). To
improve this method an alternative is used, namely something user possesses. Usually this is something
like a smart card which proves user’s identity. But this can be lost or stolen relatively easily and hence
on its own is also not a very secure method. Even stronger method being used is so called two factor
7
authentication which means that both factors are used – something user knows and has (e.g. password
with smart card). Though this method is not exactly user-friendly and is rather used in areas where
higher authentication level is required (e.g. server room or remote access to a bank account). The third
method is something the user is (also known as biometric authentication) which can be considered as
the most secure out of these because it cannot be forgotten, lost, and often not even stolen (e.g.
fingerprint). Awad & Baba (2012, p.129) believe that “biometric authentication compensates some
weaknesses of token- and knowledge-based authentication”. Hence, it could be considered as an
improvement. Nevertheless, this method also possesses some drawbacks too (e.g. cannot be changed
when compromised – e.g. fingerprint scan picture) and therefore the most usable one (i.e. most secure
and user-friendly) needs to be selected and deployed widely.
Biometric authentication is becoming part of our daily lives. This phenomenon has several reasons and
some of them are: (1) biometric sensors (e.g. fingerprint scan or high-quality camera) are being widely
implemented into daily objects (e.g. smartphone or laptop) and are compatible with more and more
software inside these smart devices (Buckley & Nurse 2019, Ogbanufe & Kim 2018); (2) furthermore,
these devices are becoming cheaper and of higher quality, hence more available to general public
throughout the world (Marinkovic & Kalinic 2017, Zirjawi et al. 2015); (3) users need to have many
accounts on the Internet (as we are more and more reliable on this medium) for communication with
various institutions (e.g. banks, government, electricity provider, telecommunication provider, etc.) and
therefore have to manage many passwords that we can forget (Buckley & Nurse, 2019); (4) increasing
number of users paying with a smartphone instead of a credit/debit card (Liébana-Cabanillas et al.
2018, Okpara & Bekaroo 2017). Hence, it can be seen that biometric authentication is becoming very
popular and widely used on a daily basis. Therefore, to be able to grasp the actual user acceptance a
particular method for its collection had to be selected.
2.3 User-acceptance Frameworks
There are multiple ways in which user acceptance can be measured. The common goal is to determine
whether users actually find the technology useful and easy to use, meaning they will actually use it on a
daily basis. However, for a more detailed analysis, some matrix or framework is needed. A number of
methods for this purpose exist such as:
8
• Theory of Reasoned Action (TRA) (Jayusman & Setyohadi 2017, Tao et al. 2019,
Alrawashdeh et al. 2019, Kencebay 2019, Hong et al. 2018, Adnan et al. 2018),
• Theory of Planned Behaviour (TPB) (Jayusman & Setyohadi 2017, Tao et al. 2019,
Alrawashdeh et al. 2019, Hong et al. 2018),
• Technology Acceptance Model (TAM) (Jayusman & Setyohadi 2017, Tao et al. 2019, Huang
2020, Alrawashdeh et al. 2019, Kencebay 2019, Hong et al. 2018, Adnan et al. 2018), or
• Unified Theory of Acceptance and Use of Technology (UTAUT) (Huang 2020, Alrawashdeh
et al. 2019, Nugroho et al. 2018, Kencebay 2019, Adnan et al. 2018).
While TPB and TRA are focused more on psychological aspects of humans, TAM works with external
factors that are more closely reflecting practical implications in technology design and implementation
(Tao et al., 2019). Moreover, TAM consists of robust tools which allow understanding user perception,
namely perceived ease of use (PE), perceived usefulness (PU), attitude (A), and behavioural intention
(BI). These are considered as core TAM parts (Huang, 2020). Additionally, TAM is considered as the
most widely used model for technology acceptance (Tao et al. 2019, Hong et al. 2018) which usually
accounts for approximately 30-50% of IT acceptance (Tao et al., 2019).
Nevertheless, UTAUT is considered as the modern theory (Alrawashdeh et al. 2019, Nugroho et al.
2018, Kencebay 2019). It was developed based on multiple theories including TAM, TRA, and TPB
mentioned above (ibid) and therefore could be considered as a successor of these (Hong et al., 2018). It
groups similar constructs which were present in other theories under social influence, performance
expectancy, effort expectancy, and facilitating conditions (ibid). It also added a set of moderators which
could affect relationships between just mentioned constructs. These are: voluntary, experience, gender,
and age (Alrawashdeh et al. 2019, Nugroho et al. 2018). The model could be regarded as a tool for
assessing adoption of new technologies and predicting the level of system acceptance among end-users
(Nugroho et al., 2018). It is considered to be explaining up to 70% of users’ intention to use particular
new system (ibid). Additionally, UTAUT has been commonly applied in IT systems like mobile
banking (Adnan et al., 2018), hence can be considered as an appropriate method for this study.
9
CHAPTER 3
Literature Review
The general topic which this thesis focuses on is biometric authentication. To specify it a little further
the research is focusing on biometric authentication when performing mobile payments (also known as
m-payments) which have recently boomed worldwide and fingerprint authentication of payments is
being already conducted in many countries around the world. However, there are also many
alternatives (e.g. gait, iris scan, facial recognition, etc.) that are being considered for m-payments and
some of them are possibly even more secure and more convenient for use. To better explain the
biometric identifiers, they are biologically unique data that are able to identify a person. In other words
the “sample” must contain some data (e.g. fingerprint scan) which are unique to a person. At first the
sample is provided to application which will use it as authentication in the future (just like setting up a
password). Then, when the person wants to authenticate to the application, his finger (which has its
scan stored in the application’s database) will be compared to scan provided at the time of
authentication. Ideally, only a person “owning” the finger is therefore able to authenticate as a
legitimate user. Other popular biometric authentication methods include: voice recognition; face
recognition, iris recognition (unique part of an eye); and palm vein. Nevertheless, at the time of writing,
fingerprint scans are the most used method of biometric authentication for m-payments.
3.1 Methodology
Data for the purposes of this thesis were collected by means of interviews which were conducted
throughout the main part of this study. Nevertheless, it was not the only source of information as much
relevant knowledge was gathered using existing research and literature. Such sources were accessed
through Luleå University of Technology’s library which provides access to multiple respected
databases of journals, articles, and studies (e.g. Elsevier, IEEE, Springer, EBSCOhost) as well as
Google’s database known as “Google Scholar” which provides access to multiple reliable papers
relevant to this study.
10
There are a few usable and widely known frameworks for conducting a literature review but the one
presented by Brocke et al. (2009) has been found as the most reasonable because it presents logical
workflow when performing a literature review that could be applied to this thesis. As a first step (1) the
scope needed to be determined – “biometrics in m-payments”; then (2) conceptualisation of the topic
took place – “analysing and improving end-users’ acceptability”; continuing with (3) literature research
and gathering materials that seem relevant for the selected topic. Once a large pool of material was
gathered (4) it was needed to analyse and synthesise gathered material in a greater detail to determine
sub-topics that are to be discussed and which material belongs to which sub-topic. Upon reaching more
than 30 journals and conference papers only truly relevant ones were selected based on gist reading.
These were then divided into two major topics, namely mobile payments and user acceptance in m-
payments. Finally, (5) agenda needed to be written to have a plan on how to move forward. The actual
process was to read, in a greater detail, selected papers and write both sections mentioned in step 4
separately based on findings in each paper. It is worth mentioning that Brocke et al. (2009) are
suggesting to focus only on few most relevant sources to ensure the value to the community as too
many journals can be confusing. However, the main topic selected (biometric authentication in m-
payments) is quite general and hence could benefit from having a wider grasp. Therefore more sources
are presented in this thesis’ literature review. Additionally, the taxonomy provided by Brocke et al.
(2009) helps to better focus on the planned approach and therefore can be found filled out according to
this thesis needs in the following table.
Table 1: Brocke et al. (2009) taxonomy applied to this thesis
Focus (Existing) Research outcomes + Theories (i.e. what is the current situation and how could the future look like)
Goal Investigate the challenges and solutions of using biometrics in electronic payments in the near future. Analyse and identify gaps in existing research regarding the selected topic.
Organisation Conceptual + Methodological
Perspective Neutral representation
Audience Specialized scholars
Coverage Exhaustive
11
In order to provide a summary of what actually was performed throughout the process of writing the
literature review for this thesis the following list presents the performed steps respectively:
• Planning
◦ Determining the scope (i.e. the main topic)
◦ Conceptualisation of the topic
• Gathering material from high-quality sources
• Analysing and synthesizing gathered material
• Writing a literature review
3.2 Mobile Payments (m-payments)
This section consists of multiple parts as it is quite extensive. Firstly, as an introduction, the current
situation in m-payments domain is provided. Secondly, the major challenges that m-payments have,
when it comes to biometric authentication, are provided. Thirdly, as there are many factors influencing
end-users’ willingness to use m-payments and biometric authentication, the final section discusses these
influences in a greater detail.
3.2.1 Current State of the Art
As technology trends are significantly influencing the future of the user interaction with biometrics
(Blanco-Gonzalo et al., 2019) it is worth researching further how users are coping with these trends in
their smart environments (e.g. smartphones). This is so that problems with current methods can be
identified and possibly better alternative(s) detected. Blanco-Gonzalo et al. (2019) also emphasise that
more and more people are using biometric applications daily as old authentication methods like PIN or
password are slowly becoming unpopular due to security issues and are likely going to be substituted
with biometric authentication in the relatively near future. Additionally, more and more mobile devices,
by design, are being sold with built-in high quality biometric sensors and therefore are becoming
cheaper and more accessible to the general public.
12
Liebana-Cabanillas et al. (2018) have discussed “Mobility Report” (done by Ericsson in 2016) which
shows that 7300 million mobile line subscriptions have existed at the end of 2015. At the time, it was
almost the same amount as the world’s population. Hence, today it is possible to estimate that there are
more mobile phones than there are people in the world and currently it is also possible to pay with
tablet, laptop, or smartwatches using biometrics. Nevertheless, not every mobile phone is a
“smartphone” so this statistic is not showing an actual number of devices capable of conducting m-
payments. It should rather prove that the number of users that are having a device capable of
performing m-payment is growing. For example Liebana-Cabanillas et al. (2018) mention that NFC
(Near Field Communication) technology, which is by means of radio waves allowing in-person
transactions using smartphones to be conducted, is estimated to reach 490 million by the end of 2021.
Ogbanufe & Kim (2018) believe that electronic payment solutions (e.g. Samsung pay or Apple pay) are
the key financial technology applications. In 2016 the web transactions have climbed by 12% (growth
of 4.6 billion transactions) and this sphere is expected to grow more (Ogbanufe & Kim, 2018). Hence,
it can be seen that the focus has recently targeted the adoption of mobile devices into the process (e.g.
smartphones, smartwatches, or tablets). For Ogbanufe & Kim (2018) the most important m-payments’
topic is security. Basically the experts in this field seem to agree that, to improve the security,
traditional authentication methods (i.e. PIN and chip based credit card) are being substituted by
biometrics which seems to be a better alternative.
3.2.2 Challenges
Blanco-Gonzalo et al. (2019) believe that creating algorithm that would be suitable for all kinds of
smartphones [considering size, shape, operating system, capturing sensors (e.g. camera or fingerprint
sensor)] is a major challenge that needs to be addressed. Weather conditions can also affect biometric
scans’ results as e.g. northern countries have on average much different conditions than southern
countries. But at the end of the day, from end-users’ perspective, these challenges are considered to be
the crucial ones according to Blanco-Gonzalo et al. (2019): (1) the actual time that users need to spend
on authentication (the longer the worse), (2) ergonomics of the device and/or scanner (i.e. the physical
size or need for additional external hardware), and (3) user acceptance (which will be discussed in
greater detail later).
13
Continuous authentication is also a viable topic and quite possibly a challenge too as such method
would constantly check for the authenticity of a user and therefore improve the security by a large
margin (Blanco-Gonzalo et al., 2019). As smartphones have multiple sensors, creating a so-called
behavioural profile is possible and can be used for continuous authentication. Authors further
emphasise that such method needs to be unobtrusive as users’ experience can quickly deteriorate if
multiple requests for re-authentication are needed (ibid).
Ogbanufe & Kim (2018) believe that biometric authentication has the following security issues: (1)
whether the data that is used for verification (e.g. fingerprint scan) is indeed coming from a person who
“owns the finger” in real-time (i.e. not as a reproduction by malicious user) and (2) whether the
authentic sample (in this case fingerprint scan) will match the sample stored in the database (i.e. to
achieve high match rate). These issues cover operational as well as legal and regulatory challenges.
Additionally, the protection of a database which has authentic samples stored is also crucial because
fingerprints (unlike passwords) cannot be changed when compromised (Ogbanufe & Kim, 2018).
Hence, the possibility of having two factor authentication could be considered as the most secure and
most appropriate method.
Trappey et al. (2016) were evaluating two major mobile payments providers in Asian area (namely
Alipay and Amazon). The research detected that the goal for performing authentic payments was to
protect merchants and customers from unauthorized access and modification of data. This is perhaps
because the high increase in mobile payments have brought increased risk of fraud activities as there
are many poor quality e-shops which are quickly spreading and customers are not always as cautious as
they should be. Moreover, a related media report showed that 55% of customers are worried about
transaction security and lack awareness of their consumer rights. These are quite significant challenges
which are affecting end-users’ acceptance and need further attention. Finally, it is interesting to state
that both researched major mobile providers have approached this situation differently. Alipay
(enterprise #1) decided to use biometric authentication to identify individuals while Amazon (enterprise
#2) opted for using proximity mobile payments and therefore focused on using offline commerce
model (ibid). Hence, it can be seen that an ideal method(s) of authentication is still being detected and
perhaps even multi-factor authentication is an option (whether that is one biometric and one non-
biometric factor or both biometric factors).
14
3.2.3 Influences
According to Liebana-Cabanillas et al. (2018) the major influences, based on their research in Spain,
for using m-payments are: perceived usefulness; perceived ease of use; subjective norms of the already
mentioned influences; mobility; personal innovativeness; and perceived security. It is worth noting that
perceived security and perceived usefulness were the most important ones in their research. Hence, it
can be said that focusing on end-users’ knowledge about the advanced security mechanisms used and
focusing on end-users’ experience when using the devices for m-payments are crucial for this method
of payment to be considered successful.
Ogbanufe & Kim (2018) mention that trust is also considered as an important factor as their findings
show that individuals who are using biometrics for a payment on an online store do trust it more than
those who use credit/debit card (with or without PIN). Hence, implementing such method of
authentication could increase e-shops sales and therefore they are likely to implement and start using it.
However, the research in this sphere is quite narrow and further insights to this topic are required for
finding more precise data (Ogbanufe & Kim, 2018).
Okpara & Bekaroo (2017) have looked at mobile wallets (known as m-wallets) which are also part of
mobile commerce that are slowly substituting traditional credit/debit cards and can be used for m-
payments. Their research focused on using cameras for fingerprint authentication as solid fingerprint
scanners are still not widely deployed on smartphones due to their financial cost. This shows that price
is also one of the important factors which affects end-users’ choice of purchasing smartphones (and
therefore device capable or not capable of various biometric authentication methods) along with a need
on the market for cheaper alternatives. Hence, they are suggesting a hopefully improved (or at least
more convenient and low cost) alternative version of existing biometric authentication method that
could be widely used. Nevertheless, based on the results of the tests they have conducted, it seems that
only around 65% of respondents would use “Cam-Wallet” again. Quite huge number (~34%) also
found the method difficult to use overall. Therefore, in comparison to fingerprint scanner, these results
show that this method of authentication is not good enough for the end-users to accept it.
15
3.3 User Acceptance in M-Payments
Rad et al. (2017) have investigated existing (particularly 330) articles regarding IT adoption to identify
existing research gaps and prospective areas for others which can be used for future research. The
reviewed articles were published between 2006 and 2015 (ibid). Majority of reviewed research was
about adoption of mobile technology, therefore it can be seen that smartphones have been trendy topic
for quite some time now (ibid). In order to better grasp the actual usage of biometric authentication a
summary table of multiple authors’ findings is present below.
Table 2: Biometric Authentication usage
Buckley & Nurse(2019)
• A Techpinion study was discussed which shows that 89% of Apple users with a device capable of doing Touch ID are actually using it.
• A company named Deloitte revealed that 79% of all users (using any mobile device including iPhone) in the UK are using fingerprint scanner.
• Additionally, some UK banks (namely Barclays & HSBC) are actively using voice recognition for personal telephone banking customers.
Blanco-Gonzalo(2019) – USA
research in 2012
• A usability evaluation within system usability scale (SuS) was carried out. Users were evaluating the following modalities: face, voice, and gesture as well as password authentication using mobile device. Perhaps not surprisingly, passwords were considered as the most user-friendly method with 78%, followed by gestures (77%), and face recognition (75%).
Blanco-Gonzalo(2019) – USA
research in 2015
• A survey which had 589 respondents investigated the feeling before and after the usage of three fingerprint sensors which were part of a smartphone.◦ The most important result was that ergonomics is very important when
it comes to user acceptance.◦ Moreover, perhaps due to the complexity of such method of
authentication, responses showed distrust in using biometrics for high security tasks (e.g. banking transactions).
Blanco-Gonzalo(2019) – SouthKorea research
in 2015
• A research was looking into the reason why users do or do not use Android’s Face Unlock and Apple’s Touch ID (selected as the most popular unlock methods using biometrics at the time of conducting the survey). All 3 types of users (active users, former users, non-users) were part of the pool of 383 respondents and the results showed that the usabi-lity has bigger influence on users in comparison to privacy and security.
The results visible in the table above show quite a few interesting findings. Buckley & Nurse
(2019) seem to be showing that fingerprint scanning is widely accepted authentication method.
16
Blanco-Gonzalo (2019) have taken a look into multiple researches which were focused on user accep-
tance of biometric authentication. Firstly, the USA research from 2012 shows that even though the
results are very tight it is visible that users still like passwords the most. Secondly, the USA research
from 2015 emphasised the importance of ergonomics and has pointed out to the importance of end-
users’ perception for high security tasks. Finally, the South Korea research from 2015 highlights that
users are likely to use method that is perhaps not as secure but easy to use – e.g. fingerprint scanning.
Buckley & Nurse (2019) have also conducted their own survey (282 participants) which shows that
users believe that situations in which they encounter with a bank is one of the fields which requires the
highest security measures. Additionally, fingerprint authentication was perceived as the most secure
authentication (out of 10 presented). The authors also point out that fingerprint authentication, which is
used in smartphones, could be relatively easily compromised. Hence, the need for informing the
general public about alternative (possibly more secure) biometric authentication methods. Finally,
perhaps the most alarming finding from their survey was that 83% of respondents believe that
biometric authentication methods are as secure as passwords. Biometric authentication is supposed to
improve authentication of individuals yet majority of them consider it at around the same level as
traditional methods. There certainly is some space for improvement in this area.
In order to improve users’ acceptance of biometric authentication and, as a result, improve security of
their accounts user requirements have to be thoroughly analysed and improved based on the findings.
The following table summarizes user requirements which have been collected:
Table 3: Biometric Authentication user requirements
Zirjawi et al.(2015) – focuson finding user
requirements forIRIS
authenticationon smartphones
(139respondents)
• Stress the importance of data protection on smartphones (whether that is health information, personal identifiers, or financial data). They further state that biometric authentication (most frequently fingerprints and IRIS scans) are being nowadays used for this protection.
• The biggest challenges that authors saw were: (1) various environments (as mobile phones can be used anywhere), (2) difficult to hold smartphone steady (resulting in low-quality scans), and (3) rear cameras are by design better than front cameras which do not present visual feedback.
• Respondents consider data security and personal privacy on smartphones as very important.
• Users do not trust face and ear recognition techniques.• From criticality perspective, fingerprints seem most critical.• Restrictions such as “taking off the glasses”, “moving the smartphone”, and
“moving the eye” were considered as acceptable obstructions while “move to get a perfect light” could be seen as unacceptable.
17
Marinkovic &Kalinic (2017)
– focus onsignificant
driversdetermining
user satisfactionin mobile
commerce (224respondents)
• M-Commerce is one of the fastest growing businesses nowadays and it consists of approximately 35% of all e-commerce transactions worldwide (the world leaders are: Japan, UK, and South Korea respectively).
• P erceived usefulness and perceived enjoyment (i.e. the actual user experience and convenience) are having the highest impact on customer satisfaction.
• Mobility and customization were also considered as very important though itis worth saying that trust was weakened with increase in customization.
• The major identified barrier for faster deployment was lack of consumer-perceived privacy and security.
Rad et al.(2017) – focus
on investigationof 330 articles
(publishedbetween 2006
and 2015)regarding IT
adoption
• Majority of reviewed research was about adoption of mobile technology, meaning it can be seen that smartphones have been a trendy topic for quite some time now.
• Two key factors (out of 26) which were evaluated the most are: perceived usefulness and perceived ease of use.
• On the third place (with almost half of articles in comparison to the second place) was attitude followed by trust.
• It is worth noting that, when considering only findings relevant to this thesis,perceived risk was on the 8th place; security was 16th, perceived cost was 20th, and privacy was on the last (26th) place.
The user requirements which Zirjawi et al. (2015) have gathered are mostly mentioning the actual use.
They detected challenges that developers must fulfil for end-users to be willing to use IRIS scan for
authentication. Moreover, they present obstructions which are acceptable as well as ones that users are
not willing to cope with, hence could be determinant of whether they will or will not use the
technology. Additionally, there are biometric authentication methods that users simply do not trust.
Marinkovic & Kalinic (2017) agree with Zirjawi et al. (2015) that the actual use is very important. In
other words they state that perceived usefulness and perceived enjoyment have the highest impact on
customer satisfaction. The authors also present suggestions for solving identified barriers. They suggest
to provide consumers with sufficient information about privacy protection, technology security, or
charging policies. Basically recommendations on how to use the technology safely and why it is safe
are needed. As to the customer privacy protection, unauthorised intrusions are unacceptable and need to
be avoided to the greatest extent possible. Hence, the recommendations are to use encryption and
modern authentication methods like fingerprint scanning. Once multiple security measures are
implemented consumers could be informed about it by means of various e-commerce trustmarks. And
finally, feedbacks from customers need to be taken, reviewed, and systems improved based on that
continuously so that end-users consider systems as secure and private and will be happy about using
them in their daily lives.
18
The findings presented by Rad et al. (2017) are showing the evolution of requirements that users have.
Quite surprisingly privacy was not investigated much in the past but in the last few years it seems that
this domain is more relevant to the end-users. Security would likely be also positioned higher but it is
interesting that perceived usefulness and perceived ease of use seem to be still the most relevant fields
for users (regarding IT technology) in the past decades. Hence, they also agree with what Zirjawi et al.
(2015) and Marinkovic & Kalinic (2017) have found out.
3.4 Research Gap Analysis
It seems that m-payments traditional authentication methods are becoming obsolete and insecure.
Biometric authentication appears to be the solution to this challenge. Multiple authors agree that
biometric authentication is most likely an improvement to passwords, PINs, tokens or other “something
user knows & has” methods which are widely used today (Hemphill & Longstreet 2016, Adegboye
2015, Ogbanufe & Kim 2018, Malathi & Jeberson 2016, Trappey et al. 2016, Liebana-Cabanillas et al.
2018). Smartphones can be nowadays used when paying at POS-terminal and there are also solutions
which use smartphones to verify online transactions. Liebana-Cabanillas et al. (2018), Ogbanufe &
Kim (2018), and Blanco-Gonzalo et al. (2019) agree that the usage of smartphones’ m-payments will
steadily grow. Hence, the aforementioned predictions have solid foundation to become reality.
User-acceptance is one of the most important domains which determines whether a particular
solution becomes widely used or not. This is because if users do not like the solution enough they will
most likely opt for alternatives. Reviewed articles agree that security and ease of use (including
high match rate, ergonomics, time required) are the most important factors that end-users
require (Blanco-Gonzalo et al. 2019, Ogbanufe & Kim 2018, Liebana-Cabanillas et al. 2018,
Alqudah 2018, Szopinski 2016). Fingerprint authentication is, at the time of writing, one of the most
used biometric authentication method in m-payments. However, the research which has been conducted
in this field presents that the users are quite confused about this authentication method. This is because
they do not know how it works (Buckley & Nurse 2019, Blanco-Gonzalo et al. 2019), it can be fooled
by malicious users (i.e. not the most secure biometric authentication method) (Buckley & Nurse 2019,
Martinovic et al. 2017), and a significant portion of users believe it is as secure as passwords (Buckley
& Nurse, 2019).
19
On the basis of the above literature review, there are some gaps which deserve more attention and
further research would be beneficial. These are: (1) what is the current acceptability level of biometrics
in m-payments?; (2) what are the reasons behind the current acceptability level?; (3) what can be done
to improve end-users’ awareness of biometric authentication methods (how they work, why they are
secure)?; (4) can two-factor authentication (as an alternative to existing biometric authentication
methods) with one factor being biometric be widely used (i.e. do users accept it as secure and easy to
use) for m-payments? These questions have been thoroughly considered and discussed to find thesis
research questions which would be most beneficial for the general public as well as academic audience.
Hence, section “1.2 Purpose and Objectives” above presents the main goals of the thesis followed by
section “1.3 Research Questions” which lays out the research questions in a greater detail.
The gaps identified above can be meaningfully used for this thesis because the way in which this
research was conducted is unique and adds value to the state of the art. To discuss the added value in a
greater detail, following the same order of questions as in the previous paragraph, here are the reasons
elaborated: (1) The current acceptability level using UTAUT framework has not been found to be
conducted before and there are also likeability questions as well as some additional ones (which add to
the uniqueness of the research too) to gather a lot of details by which the acceptability level could be
gathered in depth. (2) The statements just mentioned also helped gathering reasons for the current
acceptability level and because of the way questions were raised the outcomes can be considered
unique too. Additionally, as there were multiple authentication methods evaluated, the reasons for each
authentication method are presented and most interesting differences are given in detail too. Such
detailed comparison was not seen in the reviewed articles. (3) Once the reasons behind current
acceptability level were determined these could then be used to detect ways in which user-acceptability
could be improved. As this research took all gathered data into consideration majority of the answers to
this question are new to the state of the art and therefore could bring much value for future of
biometrics in m-payments. Finally, (4) none of the reviewed articles have performed a test where
fingerprint authentication would be combined with PIN to make 2FA for m-payments. Hence, answer
to this question could also bring much value because such method could be considered useful for end-
users and hence be implemented in the future to increase number of end-users using biometrics for m-
payments. The reasons why this method would be beneficial as well as answers to other research
questions are presented in the results chapter (section “7.2 Research Questions Answered”).
20
Answers to the research questions which were risen in the literature review and are also the main goal
of this research, are adding some more value to the current state of the art. Therefore the following
unordered list discusses these:
• Firstly, a rather simple addition, it provides another new and up-to-date (as it was conducted in
2020) research which looks into already researched topics such as: whether people believe
biometrics is more secure than traditional methods of authentication, what are the most
important factors to start using biometric for m-payments, what is the actual user-acceptance,
what is the actual usage, perceived security, perceived ease of use and many others but this
research looks at them from a little different perspective. In other words as it took place in
Central Europe (which is not very usual geographical location for finding out public’s opinion)
it gives insights on people from this particular area. For some researched areas (e.g. whether
people believe biometrics is more secure than traditional methods of authentication) the
difference between current state of the art and results of this research was quite significant.
• Secondly, direct comparisons in all researched areas between fingerprint and face recognition
authentication methods are present. The researched articles have not provided such a direct
comparison and therefore did not provide much data into why actually fingerprint
authentication is much more popular. Moreover, some comparisons with one possibly new
method of authentication are given too.
• Thirdly, largely due to the pandemic situation which was happening in the world at the time of
writing, one section (“6.9 Relation to Current Covid-19 Pandemic”) is solely focused on the
relation of m-payments with possible issues that could come with illnesses being spread with
human contact. As human race did not go through similar event for a relatively long period of
time (roughly more than 50-60 years) it forced humanity to start considering various areas of
life from a new and/or different perspective (e.g. contactless m-payments).
21
CHAPTER 4
Research Methodology
In order to provide relevant reasons for current acceptability level and suggestions for improvements of
biometric authentication in m-payments, a thorough investigation of user-acceptance needed to be
carried out both systematically as well as scientifically. In other words one must have conducted a
research. This thesis focuses on understanding the perception of users when conducting m-payments
using biometric authentication on their smartphones. Hence, a selection of appropriate research
methodology for data analysis had to be chosen so that research is performed in a scientifically
approved way and results are academically relevant. This had been performed in a way where multiple
methodologies, namely qualitative, quantitative, design science, and case study, were reviewed and the
ideal one, for the purposes of this thesis, was selected. The most important data of this selection are
given here. Specifically, qualitative approach was chosen because its features such as generalizable to a
situation, being exploratory and inductive, attempting to interpret the behaviour, and ending with
hypothesis & theory are all features of this thesis too. Hence, following this approach was perhaps
more a necessity rather than a choice. Nevertheless, some aspects of quantitative analysis like numeric
data were used too. As a result analysis of current acceptability level could have been performed.
Suggestions for improving end-users’ acceptability are then presented based on these findings. In
summary, this chapter will present details about how the data was collected, what data analysis method
was used with reasons for that choice, and what activities did the whole research process have.
4.1 Data Collection
The main method of gathering the data was through interviews which were carried out upon
performing testing scenarios where end-users’ have simulated conducting an m-payment. The
following sections discuss more details regarding the interviews.
22
4.1.1 Interviews Methodology
The interviews are one of the most crucial parts of this research as it is the method which gathers the
actual data that is used for understanding the current situation and suggesting improvements. As has
been mentioned above, before each interview’s section (e.g. fingerprint authentication) a testing
scenario was conducted so that an interviewee could test the technology which will be subject of the
actual dialogue. In case respondent was using some of the two biometric methods being researched
testing scenarios could have been skipped. The interviews that were gathered for purposes of this thesis
used a basic questionnaire (Appendix A) as a layout for topics that needed to be covered. This had to be
done for two reasons: (1) so that the flow of conversation is smooth and all important topics are
covered and (2) to gather qualitative data for user experience (i.e. user acceptability) of the already
performed testing scenarios. The design of a questionnaire was conducted in a manner which will
measure satisfaction of users’ using particular biometric authentication methods when performing
m-payments – hence using qualitative data which captures enjoyment by means of a rating scale [e.g.
from 1 (least satisfied) until 5 (most satisfied)]. As for the actual process of performing the interviews,
it was performed using the following steps:
• Planning
◦ Selecting particular testing scenarios (e.g. fingerprint authenticated m-payment)
◦ Preparing relevant and objective questions for capturing user-acceptability of performed
testing scenarios
• Collecting the data (i.e. performing the interviews)
• Analysing the data
• Discussing the findings
4.1.2 Population and Sample
The participants chosen were selected solely based on their physical and social groups. In other words,
as the technology which is designed to serve almost whole population (“almost” because e.g.
fingerprint scanning cannot be used by people who do not have fingers or live in an area without POS
terminals accepting m-payments) and does not require extensive knowledge in any specific field (e.g.
IT or biometrics) the goal was to have mixed interviewees. Meaning various: age groups, gender,
finished education, employment, experience with smartphones, and experience with m-payments have
been asked to participate.
23
An invitation for participation was either sent via a text message (e.g. SMS, WhatsApp, Facebook
Messenger) or by a phone call. If desired by the interviewee, structure of the interview (i.e.
questionnaire) was sent to the potential respondents to help them determine willingness to become a
participant. Upon positive feedback a conversation to agree for meeting’s date and time was performed.
In total, there were 55 people invited for the participation and 52 of them agreed to the interview.
All 52 interviews were done in 14 days spanning from 3rd April until 16th April 2020. Interview times
ranged from 12 minutes to 70 minutes and their average was 30.2 minutes. It is also worth mentioning
that the duration of the interview varies between 12 to 70 minutes as some respondents (e.g. the ones
using biometrics in smartphone for a long time) had very brief answers while others (e.g. the ones who
have never used biometric authentication) had some (or many) questions and also testing scenarios had
to be performed. Please refer to “Appendix B” for the detailed interview schedule.
4.1.3 Interview Protocol
An interview protocol uses both open-ended questions as well as questions which are based on a scale
that represents how an interviewee agrees to a statement – i.e. “1” which means “strongly disagree”
upwards until “5” which means “strongly agree”. Please refer to “Appendix A” for the full interview
protocol. The protocol had 39 questions which allowed to understand end-users’ feelings about various
kinds of biometric authentication methods. The protocol had been developed in a way for each
interviewee to need to answer every question.
The first section asks about interviewee background, followed by section which goes through
researched three biometric authentication methods of m-payment (namely fingerprint authentication,
facial recognition, and two factor authentication consisting of fingerprint authentication with PIN) and
attempts to gather end-users’ feelings about them. Additionally, it is worth mentioning that questions
using “strongly agree – strongly disagree” scale are present to follow UTAUT framework (introduced
in section “2.3 User-acceptance Frameworks” above). In other words, these questions were aiming to
understand end-users’: social influence, performance expectancy, effort expectancy, and facilitating
conditions. Finally, the last part is designed to find out some final comments and perception regarding
biometric authentication in m-payments.
24
This method of data collection was used to address the first two research questions (i.e. Q1 & Q2) and
also to gain required input for being able to answer the third research question (i.e. Q3). Moreover, to
improve the chances of achieving these objectives each interview began with explaining reasons behind
this research. This allowed setting the tone and importance of the interview and most likely led to more
thoughts from the respondents when answering the questions as well as appreciation of their
involvement. Finally, the structure of the interview was presented and option to ask questions freely
during the interview was mentioned.
All interviews were done virtually (i.e. via the Internet using video conference) one-on-one with both
participants being in a calm environment where focus to the discussions could have been achieved
without external influences. All 3 testing scenarios were also conducted via the Internet and they were
performed as follows. In case person did not pay using m-payment before the way how it works was
explained to him/her in detail. In case person already used fingerprint authentication and face
recognition during an m-payment there was no need for testing scenario and this parts were skipped. In
case one of the two or both were not used by the respondent before, the one(s) not used before
was(were) tested. The test was mostly performed in a way where respondents configured particular
authentication method on his/her own smartphone and simulated an m-payment (imagining paying at
POS terminal in a physical shop). For the remaining few who did not want to do it on their smartphone,
the author of the thesis previewed its usage on Android device Xiaomi Redmi Note 8 Pro via the
camera (so that respondent could see). All respondents stated that they had experience with two factor
authentication (as it is used in Internet banking in most likely all banks in Slovakia – password and
OTP via SMS), therefore only asking them to imagine paying at POS terminal in a physical shop using
fingerprint (which they tested for sure by now) and PIN (used by all of respondents by means of credit
or debit card) was performed. Users were informed that both finger and PIN needed to be inserted on a
smartphone (not on POS terminal).
Additionally, as interviews were chosen instead of a questionnaire, it allowed better understanding and
appreciation of instant feedback presented by end-users upon finishing the testing scenarios. These
were performed based on the protocol’s flow meaning fingerprint authentication scenario was
conducted upon which all questions relevant to this method of payment were asked before moving to
facial recognition testing scenario and two factor authentication.
25
4.2 Data Analysis
Following qualitative approach is believed to be the ideal way to determine the current acceptability
level of biometrics in m-payments. Nevertheless, a thorough justification of this selection has not been
mentioned yet. Therefore the following paragraphs will discuss it and other research methods in a
greater detail so that the appreciation of the selection can be grasped better. It has been decided that a
comparison table will layout the differences between qualitative and quantitative analysis in the most
effective way, hence the table below is attempting to allow readers better appreciate the chosen method
and its differences with quantitative analysis. It is worth noting that not all existing differences are
listed in the table but a selection of the ones that are most relevant to the selected topic of this thesis are
presented. Additionally, later in this section, justifications on why this research did not follow design
science research or case study research methodologies are given too.
Table 4: Qualitative vs Quantitative approach(Landrum & Garza 2015, Chronéer 2019, Ståhlbröst 2019)
Concept Qualitative approach Quantitative approach
Core functions Exploratory and Inductive(observation → pattern → hypothesis
→ theory)
Confirmatory and Deductive (theory→ hypothesis → observation →
confirmation)
Type of data Non-numeric Numeric
Generalizable.. ..to a situation or case ..on a broader scale
Answers Why? How? Who? How many? When? Where?
Behaviour Interpretation of behaviour Prediction of behaviour
Hypothesis & theory Ends with hypothesis & theory Begins with hypothesis & theory
Time to conduct Time consuming Efficient
The Table 4 above presents some of the main differences which need to be now applied to the current
study. The following section discusses qualitative data features mentioned in the table above in context
with this project’s research aims and therefore shows why the aforementioned concepts are more
inclined to qualitative approach.
• Core functions
◦ Exploratory – The goal is to understand common reasons for the current acceptability level
of biometrics in m-payments. Meaning, once it is understood an attempt to explain the
reasons follows, based on which possible strategies for improvement will be created.
26
◦ Inductive – The steps are: observe end-users performing m-payments using biometrics, find
patterns that they have in common, perform hypothesis on why the users did what they did,
and provide theory on how end-users’ acceptability could be improved.
• Type of data – Many questions which will be used in interviews will be open ones meaning
each interview could provide different data which will have to be thoroughly analysed to see
common characteristics (i.e. non-numeric). Nevertheless, significant portion of data will be
numeric as e.g. question “How did you like m-payment authenticated by fingerprint on scale 1
(terrible) to 5 (excellent)?” will provide numerical output.
• Generalizable – The research is focusing solely on m-payments by means of smartphone.
Meaning the research is generalizable to a situation or case.
• Answers – What is the current acceptability level? Why? How can it be improved? Who are the
asked users (e.g. age groups, education, sex)?
• Behaviour – This study attempts to interpret the current behaviour in a “tangible” format which
can then be used for prediction of behaviour once possible strategies to improve end-users’
acceptability are implemented.
• Hypothesis & theory – As can be seen in “Core functions” → “Inductive” section above, this
thesis ends with hypothesis & theory.
• Time to conduct – Due to the fact that the main source of data is by means of interviews,
which have majority of questions open ended, the analysis of findings will be time consuming.
As could be seen above, majority of concepts are belonging to “Qualitative approach” column which
is why qualitative approach is used mainly. Nevertheless, as has been explained for some concepts, the
research is not solely qualitative as it has some quantitative features present. Although it might be seen
as confusing or as a negative for a reader who does not have past experience with these approaches, it
is actually quite usual. Landrum & Garza (2015) mention that both research methods have their
limitations which can be considered as strengths when thought of as complementary. Stahlbrost (2019)
agrees stating that research is more complete when using both methods.
Additionally, some other research methodologies deserve to be mentioned and their justification of why
they are not part of this research should be given too. Firstly, design science research methodology is
being used for solving complex issues or for developing ways on how to solve some problem by means
of an artefact (Genemo et al., 2015). In other words determining activities to accomplish the desired
goal (Mingers 2020, Genemo et al. 2015). Mingers (2020) even mentions IT artefact specifically to
solve organizational problems and Cater-Steel et al. (2019) highlights that the innovative artefacts
should extend the boundaries of humans and organisations’ capabilities. None of these features are
sharing the goals of research questions determined for this project. Hence, design science is not used.
27
Secondly, case study research methodology is also often used for a research. The main goal is to
produce an in-depth account of a case (Ylikoski & Zahle, 2019). In other words it focuses on
meaningful characteristics and holistic approach of real-life events (Verleye 2019, Fabregues & Fetters
2019). Additionally, a case study should give more insights into a complex contemporary phenomena
(ibid). However, this research focuses more on few “cases” (three testing scenarios) (i.e. not just one)
and attempts to: understand reasons of likeability, measure various fields in user-acceptance, compares
differences and similarities between the “testing scenarios” (i.e. biometric methods of authentication),
and suggests strategies for improvement. Moreover, it provides one theoretical scenario (two factor
authentication) which is then compared with existing scenarios which is far from case study research
methodology features. Nevertheless, there are some features which apply to this research too like being
question-driven and the case is naturally occurring phenomenon (Ylikoski & Zahle, 2019).
Last but not least, to provide some existing academic research articles which have used this method or
have used a similar approach, the following authors are worth mentioning:
• Liebana-Cabanillas et al. (2018) have attempted to predict the most significant factors
influencing decision to use m-payments. They have used online questionnaires created in
particular methods to assess these data. Hence, apart from performing actual physical tests the
research method is very similar.
• Ogbanufe & Kim (2018) have performed an experiment to determine perceptions and beliefs of
different authentication methods for electronic payments. They have created a simple website
with 3 different types of authentication (each respondent tried all 3 methods) and then
collected individuals’ feelings by means of questionnaires. Hence, this research method is
almost identical.
• Okpara & Bekaroo (2017) have attempted to create a cheaper alternative to fingerprint scanners.
They have created a prototype (named “Cam-Wallet”) which allowed fingerprint authentication
via camera (not scanner). Afterwards they conducted experiments with end-users and collected
their feedback. These authors have designed and implemented an artefact (which in case of this
thesis is substituted with using existing available resources) but except for that their approach is
also a very similar one.
28
4.3 Research Process
The following section provides readers with step-by-step guidelines on how this research was
performed. This part is important as it provides data based on which understanding of the whole
process and conducted activities (their meaning and workflow) can be achieved.
Activity 1: Motivation
The literature review conducted last year in a different module at the LTU on a trendy topic “Future of
biometrics in e-payments – challenges and opportunities” had been the biggest motivation for this
thesis’ topic. The “Future of biometrics in e-payments” literature review brought to the attention the
current state of the art in this domain and pointed out to the current evolution and perhaps even
revolution in which e-payments are. Hence, the first phase (PH-1) of framework presented by Brocke et
al (2009), which at the time of writing was not conducted by intention to follow particular framework
but just as a logical activity to do, has been applied.
Activity 2: Problem Identification
The result of the first phase (PH-1) pointed out to the need for insights on the actual adoption of
biometrics into m-payments which could completely substitute current traditional methods of
authentication (e.g. PIN) for m-payments and perhaps even other e-payment methods. Hence, the
second phase (PH-2) – conceptualisation of the topic – could have been performed. As has been
mentioned multiple times, this shift of authentication method is considered as an improvement of
security and therefore it is important for end-users’ protection to accept it. The problems have been
therefore identified as whether user-acceptance is at a sufficient level, how can it be improved, and a
comparison of most used biometric authentication methods (namely fingerprint authentication and
facial recognition) along with two factor authentication (combining most used traditional method – PIN
– with the currently most used biometrics in m-payments – fingerprint scanning). Selecting the exact
problem and scope finalised the second phase (PH-2).
Activity 3: Literature Review
Upon the determination of the thesis topic and identification of the problem, the first major phases of
the project could begin. Initially, a hunt for academic papers relevant to the selected research topic was
conducted in phase three (PH-3). A large collection (over 30) of such papers was gathered manually
from multiple respected databases of journals, articles, and studies (e.g. Elsevier, IEEE, Springer,
EBSCOhost) as well as Google’s database known as “Google Scholar”. Then, the next phase (PH-4)
29
focused on selecting only the ones which were directly relevant to the research topic. Additionally, the
papers were divided into reasonable sections so that these could be then used as headings and sub-
headings of the to-be-written literature review. Finally, as the last phase (PH-5), a plan (i.e. agenda) was
written down so that the literature review could be written with ease in a step-by-step manner. Once all
this was done the actual writing of the literature review was performed.
Activity 4: Research Methodology and Planning
Determining the research methodology was carried out in a way where both qualitative and quantitative
methodologies were analysed and the more appropriate one selected. For the purposes of this thesis, as
was described in detail in section “4.2 Data Analysis” above, qualitative approach has been chosen.
Finally, as the last activity before performing the actual research, an initial plan of how the major parts
of the thesis will be performed from a calendar perspective were created so that the progress is well
organised and the chances of achieving the determined goals in time are maximised. This plan, which
was part of the thesis proposal, can be found in “Appendix C”. It is worth stating that this plan was not
fully followed as situation was evolving and changing week by week. Nevertheless, progress was
measured against the plan and it was perceived as useful.
Activity 5: Creating testing scenarios and interview layout (questionnaire)
This activity could be considered as one of the crucial ones. It is because the selected testing scenarios
and questions (with the design in which they were asked) is directly affecting the results of this
research. Testing scenarios were chosen based on current popularity and availability of widely
deployed smartphones’ biometric sensors. Fingerprint sensor, being the most widely used method, was
chosen to find out more details on why it is so popular. Secondly, face recognition, being also widely
deployed into smartphones and daily used by users, was chosen as an alternative that users can
comment on. This is so that their differences and reasons behind each usage are detected. Finally, to
propose one new method which is currently not used for m-payments at all is two factor authentication
which can be considered as the most secure out of these three (simply due to the fact that it has an
additional layer of security). All these methods had to be tested with end-users’ so that their opinion
could be captured by means of interviews with questionnaire used as a basic layout of what needed to
be answered. Hence, it had been considered as important to make a research to find the most
appropriate framework which would be followed to ensure that high-quality results are achieved.
UTAUT (Unified Theory of Acceptance and Use of Technology) has been chosen for this research.
Section “2.3 User-acceptance Frameworks” describes reasons of this selection in a greater detail.
30
Activity 6: Performing testing scenarios and interviews
The actual research part of this project was performed based on the selected testing scenarios and
interview layout (questionnaire). The interviewees were selected in a way to cover various kinds of
end-users as was described in section “4.1.2 Population and Sample” above. Interviews were conducted
after performing the testing scenarios (unless end-user already performed particular method of
payment) and was marked in the interview schedule (Appendix B). Interview protocol (described in
section “4.1.3 Interview Protocol” above) was followed as well.
Activity 7: Presenting the statistical analysis
Whole chapter 5 below is attempting to present most relevant findings which came out of the
interviews. As each interview was conducted separately and by the same organiser all the answers and
comments had to be manually processed into common anonymised data so that (selected portion of)
end-users’ perspective could be presented. These findings are given without providing particular
opinions. In other words readers can, if desired, find their own conclusions about the collected data.
Activity 8: Reflecting and discussing the collected data (i.e. findings)
The following chapter 6 is discussing and presenting opinions about data given in the previous chapter.
The difference is that this chapter is attempting to interpret the data into a more readable and specific
form including reflections on findings. Connections are drawn and opinions are introduced too.
Therefore, it could be considered as the second most important chapter of this thesis as it provides data
based on which answers to first two research questions (Q1 & Q2) were conducted. Finally, as the
world was (at the time of writing) in a pandemic state, a relation to the situation around Covid-19 virus
is presented. This section is included because m-payments have benefit that can be used during the
current pandemic as well as in a similar situation in the future.
Activity 9: Proving final results
Chapter 7 could be considered as the most important chapter of the thesis because it provides tangible
research outcomes. Firstly, findings by other researchers are compared with findings of this research.
And secondly, research questions (Q1, Q2, and Q3) are answered in a brief form highlighting the most
important findings.
Activity 10: Providing conclusions and suggesting future research
Finally, the last chapter is providing readers with conclusions that can be given based on this research.
Possibility to perform future research as a form of continuation of this thesis is also an option. Hence,
appropriate personal suggestions on where further research could be beneficial can be found in this
section too.
31
CHAPTER 5
Statistical Analysis
The conducted interviews have presented a lot of data to work with. As is suggested in UTAUT
framework, the interviews need to compare performance expectancy, effort expectancy, social
influence, and facilitating conditions with gender, age, experience, and voluntary use. Nevertheless,
this thesis is discussing also other relevant fields such as, how do people actually like the technology,
whether they use it, what positives and negatives do they see, and whether they would be willing to
conduct biometric authentication along with traditional authentication method to perform a two factor
authentication m-payment. The following sections present statistical analysis of these data.
5.1 Participants
The total number of participants is 52 and all of them are citizens of Bratislava, the Capital of Slovakia
(Central Europe) where the research took place. Their basic information, relevant for this research, can
be seen in the following charts. As first, it can be seen that gender and operating system are well
balanced. It is worth noting that “Other” operating system has 0 respondents but that is not a problem
as iOS and Android are by far the most popular operating systems on smartphones.
32
Figure 1: Operating System (OS) Figure 2: Gender
Secondly, the age of participants was divided into 5 groups as can be seen in the following Figure 3.
The division of age needed to be included as e.g. older people (say above 41) do not use new
technologies very much in comparison with young people (i.e. below 30) who are likely using it
natively. Additionally, the respondents’ answers could then be analysed by age to see which
authentication method is preferred by which age group, what do they like about it, which one they
dislike, why, and many more relevant information. It is also worth mentioning that majority of asked
people are between 31 and 40 years of age. This could be considered acceptable because this group
most probably has the highest potential to perform many m-payments as they are often working full-
time and are using smartphones with biometrics and NFC. It is also group which likely has larger sums
of money saved on their accounts so they are likely to loose significant financial resources in case
malicious users breach their bank account and/or debit/credit card data. On the other hand people of
higher age (41+) have only 9 representatives which is not ideal. For better understanding of this age
group it is recommended to perform more interviews targeted to this age group.
Thirdly, as can be seen in Figure 4 below, the respondents are divided based on their highest finished
education. Even though there are only 3 respondents with currently finished elementary school it is not
considered as a problem because this is the least interesting group (out of the selected). The reason
being is that people within this group are mostly teenagers with not so significant amounts of money on
33
Figure 3: Age
their bank account (that is if they already have a bank account) plus are very likely to soon finish at
least secondary school and therefore be part of that group. Now, for finding out feelings that adults who
have secondary school as the highest finished education, it is needed to ask some more respondents as
15 is not providing sufficient accuracy. Nevertheless, both “Secondary school” and “University” groups
have, for the scope of this study, enough respondents to provide analysis and conclusions.
Finally, Table 5 below presents respondents’ occupation. Basically, it was attempted to cover all
possibilities when it comes to employment so that the most accurate data is captured. It can be seen that
almost all people are within “Employed Full-Time” group which is also considered satisfactory as this
is again group of people who are likely performing m-payments the most and also should have largest
sums of money on their bank accounts. Nevertheless, future focus could be given also to students with
or without a job as they might have some sources (e.g. parents) for monthly income. Moreover,
creating secure habits that they can use also when fully employed could be considered important too.
34
Figure 4: Finished Education
5.2 Usage of M-Payments
This research, as can be seen in Figure 5 below, has shown that half of the respondents are performing
m-payments regularly. Almost 8% of them are using it only sometimes and over 42% have never used
it. This outcome shows us that the public is roughly divided into two halves. One half corresponds of
active users that are using it regularly and second half with users that are using it only sometimes, have
only tried it without feeling to use it more actively, or have never used it before.
35
Table 5: Occupation
Figure 5: Usage of M-Payments
5.3 Usage of Biometrics in Smartphone
The biometrics are enlisting much higher popularity than m-payments with more than 71% active
users. Almost 6% are not using it regularly or have tried it but did not feel like using it again. Finally,
remaining roughly 23% are people who have tried it more than 12 months ago and did not get back to it
or have never used it.
5.4 Fingerprint Authentication
Fingerprint authentication is the most favourite one out of the 3 tested authentication methods with
more than 67% respondents liking it much (4) or very much (5). Something over 21% feels neutral (3)
about it and only almost 12% do not like it so much (2) or do not like it at all (1).
36
Figure 6: Usage of Biometrics in Smartphone
The biggest motivators for people to start using fingerprint authentication in general (not just for m-
payments) are: their own interest (almost 35%), their phone which suggested this option during initial
setup (almost 33%), and their friend/partner (little over 7%). Additionally, over 15% stated that they
have never used this authentication method before.
As for the positives and negatives – respondents could have mentioned multiple answers for both
options. After analysis it can be seen that, for positives, 57% respondents mentioned speed, almost
27% mentioned security, 21% liked simplicity, and 19% found no need to remember PIN as positives.
On the other hand, for the negatives, 23% feel that it is not secure enough, 21% do not like that dirty or
otherwise damaged fingers (e.g. cut) cause problems, and 15% consider gloves to be problem (as
authentication does not work with them). However, it is worth mentioning that 15% of respondents
mentioned that they do not see any (none) negatives for this authentication method.
Majority of end-users also consider fingerprint authenticated m-payments as: faster than traditional
authentication (67% strongly agree and 13% agree), very secure (34% strongly agree and 34% agree),
improving e-payments domain (67% strongly agree and 15% agree), easy-to-use (73% strongly agree
and 21% agree), stress free method of payment (50% strongly agree and 23% agree), and feel that vast
majority of retailers accept this method of payment (50% strongly agree and 13% agree). On the other
hand, it is worth mentioning that only 32% (13% strongly agree and 19% agree) state that their friends
37
Figure 7: Likeability of fingerprint authentication
and peers are using this method of payment. Additionally, almost 64% respondents have no one who
would encourage them to use it (either now or before they started using it) and 19% have only few
people who are encouraging them to start using it.
Considering gender, age, education, and usage of both biometrics and m-payments have brought some
interesting outcomes too. When it comes to gender the biggest differences were seen in:
Table 6: Fingerprint – Gender
Selected values Men (29) Women (23)
Overall likeability 5 (very much) &4 (much)
76%(+19%)
57%(lowest)
Faster than traditionalauthentication
5 (strongly agree) &4 (agree)
93%(+28%)
65%(lowest)
Age difference has shown bigger differences and it is recorded on more evaluation fields:
Table 7: Fingerprint – Age
Selected values Young (0-30)(18)
Medium (31-40)(25)
Old (41+) (9)
Overall likeability 5 (very much) &4 (much)
50%(lowest)
72%(+22%)
78%(+28%)
Faster than traditio-nal authentication
5 (strongly agree) &4 (agree)
61%(lowest)
80%(+19%)
78%(+17%)
Considering it as improvement ofe-payments domain
5 (strongly agree) &4 (agree)
67%(lowest)
80%(+13%)
89%(+22%)
Stress free method of payments
5 (strongly agree) &4 (agree)
50%(lowest)
76%(+26%)
78%(+28%)
Finished education has highlighted solely one major difference:
38
Table 8: Fingerprint – Education
Selected values Elementary &Secondary school (18)
University (34)
Stress free method of payment
5 (strongly agree) &4 (agree)
94%(+32%)
62%(lowest)
Usage of m-payments has many differences and therefore can be considered as a major influence:
Table 9: Fingerprint – Usage of M-Payments
Selected values Last 30 or 90 days (30) Never (22)
Overall likeability 5 (very much) &4 (much)
77%(+22.5%)
54.5%(lowest)
Faster than traditionalauthentication
5 (strongly agree) &4 (agree)
90%(+22%)
68%(lowest)
Consider it very secure 5 (strongly agree) &4 (agree)
80%(+25%)
55%(lowest)
Considering it as improvement ofe-payments domain
5 (strongly agree) &4 (agree)
93%(+25%)
68%(lowest)
Stress free method of payment
5 (strongly agree) &4 (agree)
80%(+16%)
64%(lowest)
Friend and peers are using this method
1 (strongly disagree) &2 (disagree)
27%(-46%)
73%(highest)
Friend and peers are/were encouraging me to use this method
1 (strongly disagree) &2 (disagree)
73%(-22%)
95%(highest)
Feel that vast majorityof retailers are accepting this method of payment
5 (strongly agree) &4 (agree)
70%(+15%)
55%(lowest)
Previous or active usage of fingerprint authentication (experience) has also proven some
relevant differences:
39
Table 10: Fingerprint – Usage
Selected values Have used it before (43) Never used it before (9)
Overall likeability 5 (very much) &4 (much)
74.5%(+41.5%)
33%(lowest)
Faster than traditionalauthentication
5 (strongly agree) &4 (agree)
86%(+42%)
44%(lowest)
Consider it very secure 5 (strongly agree) &4 (agree)
77%(+33%)
44%(lowest)
Friend and peers are using this method
1 (strongly disagree) &2 (disagree)
39.5%(-27.5%)
67%(highest)
5.5 Face Recognition Authentication
Face recognition is having approximately the same likeability as two factor authentication. Values “like
it very much” (5) and “much” (4) were selected by only approximately 34.5% of respondents. Quite
surprisingly, little over 42% of people do not like it at all (1) or not so much (2). Hence, it looks like
end-users are more reluctant when it comes to using this method of authentication.
40
Figure 8: Likeability of face recognition authentication
The biggest motivators for people to start using face recognition authentication in general (not just for
m-payments) are: their own interest (little over 21%) and their phone which suggested this option
during initial setup (almost 7%). Nevertheless, as oppose to fingerprint authentication, vast majority
(over 67%) have never used face recognition.
As for the positives and negatives – where, yet again, respondents could have mentioned multiple
answers for both options, the outcomes are as follows: for positives people like the most that it is fast
(over 36%) out of which almost 7% consider it faster than fingerprint, then they like security (little over
22%) out of which 11% consider it more secure than fingerprint, and simplicity (almost 7%) with no
need to remember PIN (almost 6%) were the last ones which were over 5%. The following ones were
below 5%: comfortable, touchless, and no need to have wallet/purse. However, almost 20% stated there
is no positive. As to the negatives: respondents firstly dislike the most that it does not work with
obstructions on face (e.g. sunglasses) (over 17%), secondly they feel it is insecure (almost 16%), and
thirdly little over 14% of end-users simply do not like it (i.e. they feel uncomfortable using it).
Violation of privacy with 12.5% and slowness with little over 6% were the last ones above 5%. Below
were: it is worse than fingerprint, inability to recognize authentic user, not so comfortable, and useless.
Nevertheless, it is worth stating that almost 22% stated that there is no drawback.
Majority of end-users also consider m-payments performed with face recognition as: faster than
traditional (almost 56% strongly agree and little over 17% agree), very secure (almost 35% strongly
agree and little over 23% agree), improving e-payments domain (48% strongly agree and little over
19% agree), easy-to-use (almost 63.5% strongly agree and little over 19% agree), stress free method of
payment (25% strongly agree and almost 28% agree), and feel that vast majority of retailers accept this
method of payment (over 40% strongly agree and over 15% agree). Nevertheless, almost 60% do not
know anyone (friends and peers) who are using this method of payment and almost 10% know only
few. Additionally, huge number of end-users (almost 79%) state that nobody is or was encouraging
them to use this method.
Finally, an analysis of results when considering gender, age, education, and usage of both biometrics
and m-payments have brought many valuable results. Starting with gender, the biggest differences
were acknowledged in:
41
Table 11: Face Recognition – Gender
Selected values Men (29) Women (23)
Easy to use 5 (strongly agree) &4 (agree)
93%(+23.5%)
69.5%(lowest)
Stress free method of payment
5 (strongly agree) &4 (agree)
62%(+18.5%)
43.5%(lowest)
Age has again shown many differences between respondents (the table below has some rows where
only 1 value is with green background because the medium value is very close to the lowest value):
Table 12: Face Recognition – Age
Selected values Young (0-30)(18)
Medium (31-40)(25)
Old (41+)(9)
Overall likeability 5 (very much) &4 (much)
50%(+28%)
28%(+6%)
22%(lowest)
Faster than traditional authentication
5 (strongly agree)& 4 (agree)
61%(lowest)
80%(+19%)
78%(+17%)
Considering it as improvement ofe-payments domain
5 (strongly agree)& 4 (agree)
67%(+7%)
60%(lowest)
89%(+29%)
Stress free method of payment
5 (strongly agree)& 4 (agree)
50%(+2%)
48%(lowest)
78%(+30%)
Friends and peers areusing this method
5 (strongly agree)& 4 (agree)
28%(+28%)
8%(+8%)
0%(lowest)
Finished education has shown some medium as well as major differences:
42
Table 13: Face Recognition – Education
Selected values Elementary &Secondary school (18)
University (34)
Overall likeability 5 (very much) &4 (much)
44%(+15%)
29%(lowest)
Considering it as improvement ofe-payments domain
5 (strongly agree) &4 (agree)
78%(+16%)
62%(lowest)
Easy to use 5 (strongly agree) &4 (agree)
94%(+17.5%)
76.5%(lowest)
Stress free method of payment
5 (strongly agree) &4 (agree)
72%(+28%)
44%(lowest)
Feel that vast majorityof retailers are accepting this method of payment
5 (strongly agree) &4 (agree)
67%(+17%)
50%(lowest)
Usage of m-payments mostly showed some medium differences:
Table 14: Face Recognition – Usage of M-Payments
Selected values Last 30 or 90 days (30) Never (22)
Overall likeability 5 (very much) &4 (much)
40%(+13%)
27%(lowest)
Faster than traditionalauthentication
5 (strongly agree) &4 (agree)
80%(+16%)
64%(lowest)
Easy to use 5 (strongly agree) &4 (agree)
90%(+17%)
73%(lowest)
Feel that vast majorityof retailers are accepting this method of payment
5 (strongly agree) &4 (agree)
63%(+17.5%)
45.5%(lowest)
43
Previous or active usage of face recognition (experience) has brought to light quite a few
relevant differences:
Table 15: Face Recognition – Usage
Selected values Have used it before (18) Never used it before(34)
Overall likeability 5 (very much) &4 (much)
72%(+57%)
15%(lowest)
Faster than traditionalauthentication
5 (strongly agree) &4 (agree)
83%(+15%)
68%(lowest)
Considering it as improvement ofe-payments domain
5 (strongly agree) &4 (agree)
78%(+16%)
62%(lowest)
Easy to use 5 (strongly agree) &4 (agree)
94%(+17.5%)
76.5%(lowest)
Friend and peers are using this method
1 (strongly disagree) &2 (disagree)
50%(-29%)
79%(highest)
Friend and peers are/were encouraging me to use this method
1 (strongly disagree) &2 (disagree)
72%(-22%)
94%(highest)
Feel that vast majorityof retailers are accepting this method of payment
5 (strongly agree) &4 (agree)
83%(+42%)
41%(lowest)
5.6 Two Factor Authentication
Two factor authentication, using fingerprint and PIN, is the only one (out of the 3 tested methods)
which is currently not available for m-payments (at least in Slovakia). Only 36.5% like it very much (5)
or much (4). On the other hand, 40.4% do not like it at all (1) or not so much (2). Hence, it appears that
the public is not ready to accept this method of payment. Moreover, almost 13.5% mentioned (during
the interview) that they can imagine this method being used only for payments consisting of larger
sums of money – similarly as with debit card where (in Slovakia at least) at the time of writing for
touchless payments above 50 euros PIN is required (below 50 euros it is possible to pay without PIN).
44
The biggest and basically the only positive respondents identified is that it is very secure (over 90%).
Hence, end-users already consider it as more secure than other tested biometrics when it comes to
m-payments. It might be also worth stating that only almost 6% have stated that there is no benefit. On
the other hand, there were quite a few negatives mentioned with vast majority (over 49%) complaining
about it being slow. More than 19% mentioned that it is not needed (i.e. useless), and the following are
each with less that 5% respondents: need to remember PIN, possible technical issues, not secure
enough, complicated, stressful. Only 7.5% stated that there is no drawback.
Majority of end-users also consider tested two factor authentication m-payments as: very secure (90.4%
strongly agree) and they would (in case it became implemented into m-payments) consider it as
improving e-payments domain (34.6% strongly agree and 30.8% agree). On the other hand, they are
not entirely considering it easy to use (only 26.9% strongly agree that it is easy to use and 21.2% agree)
and they are not really feeling it would be stress free method of payments (28.8% are neutral, 26.9%
agree, and only 17.3% strongly agree it would be stress free method of payment).
45
Figure 9: Likeability of two factor authentication
Finally, considering gender, age, and education also have brought some relevant outcomes. It is worth
mentioning that previous usage of 2FA was not explored because, at the time of writing, majority 2FA
usage on smartphones consist of two traditional authentication methods (not one biometric and other
traditional). Additionally, instead of using all 8 statements (where number between 1 – “strongly
disagree” and 5 – “strongly agree” were being selected) regarding feelings about particular method
of payments only 4 were acceptable in 2FA because the following statements have been considered
as not usable here:
• I consider fingerprint authentication faster (i.e. more efficient) than traditional authentication
(e.g. PIN, password).
◦ Reasoning: Credit and debit cards have only one factor authentication (PIN) so 2FA with
one factor being PIN cannot be faster.
• My friends and peers are using 2FA authentication.
• My friends and peers are encouraging me to use 2FA authentication.
• I feel that vast majority of retailers are accepting this method of payment.
◦ Reasoning: All 3 above are not applicable because this method currently cannot be
configured for m-payments.
When it comes to gender there was no major, or at least medium-sized difference in feelings relevant
mentioning in this section. On the other hand age has brought few interesting findings:
Table 16: Two Factor – Age
Selected values Young (0-30)(18)
Medium (31-40)(25)
Old (41+)(9)
Overall likeability 5 (very much) &4 (much)
33%(+11%)
44%(+22%)
22%(lowest)
Easy to use 1 (strongly disagree)& 2 (disagree)
17%(-15%)
32%(highest)
22%(-10%)
Stress free method of payment
5 (strongly agree) &4 (agree)
50%(+17%)
44%(+11%)
33%(lowest)
Education is yet again proving different perception of some measured feelings:
46
Table 17: Two Factor – Education
Selected values Elementary &Secondary school (18)
University (34)
Overall likeability 5 (very much) &4 (much)
22%(lowest)
44%(+22%)
Considering it as improvement ofe-payments domain
5 (strongly agree) &4 (agree)
56%(lowest)
71%(+15%)
Easy to use 5 (strongly agree) &4 (agree)
28%(lowest)
59%(+31%)
5.7 Other Biometric Authentication Method
The research has also asked respondents whether they would like other biometric authentication
methods to be available for m-payments. Respondents were able to provide multiple alternatives. The
chart below clearly shows that more than 76% do not ask for additional alternatives (none) or that they
are unaware of other biometrics. Additionally, few (3.6%) answers stated that fingerprint is ideal. Two
factor authentication, IRIS, and DNA (not specified how it would work) had 5.5% each and some
respondents mentioned voice recognition.
47
Figure 10: Other biometrics for m-payments
5.8 Traditional vs Biometric Authentication
Lastly, the research aimed at determining whether people actually feel that biometrics, which has been
widely deployed, is a more secure alternative. Respondents were asked to select which authentication
method (or neither) do they consider more secure and the chart below clearly states that vast majority
(75%) believe biometrics is more secure than traditional methods. Additionally, there are over 15% of
people who feel that they are relatively same in terms of security. Only almost 10% consider traditional
authentication as more secure.
48
Figure 11: Traditional versus Biometric authentication
CHAPTER 6
Reflection and Discussion
This chapter discusses the data provided in the previous chapter in more detail. In other words it is
providing reflections and what the detected data mean and what the most interesting outcomes of this
research are. Firstly, the current usage of m-payments and biometrics is discussed. Secondly, each of
the tested authentication methods is presented. Thirdly, the respondents are divided into groups based
on their sex, age, education, and experience with m-payments and biometrics. Fourthly, other
biometrics as well as the comparison between traditional and biometric authentication methods are
discussed. Finally, relation to the current Covid-19 pandemic is given.
6.1 Current Usage of M-Payments and Biometrics
This research has shown that vast majority of end-users (over 71%) are not against biometrics in their
mobile phones and are already actively using them. However, the m-payments in general are not so
popular. Only about half of respondents are actively paying with their mobile phone. Moreover, m-
payments have much bigger (over 42%) portion of end-users, in comparison to biometrics (almost
17.5%), who had never used it before. Hence, it looks like people are afraid or do not see enough
positives to start using it.
The analysis of biggest motivators to start using biometrics in smartphones as well as benefits and
negatives of using (or testing to use) them could bring more light into the end-user acceptance of both
biometrics and m-payments. The major motivators are own interest (almost 35% for fingerprint and
little over 21% for face recognition) and initial setup of smartphone where such option was suggested
(almost 33% for fingerprint but not even full 7% for face recognition). It is also worth mentioning that
while only something over 15% of respondents have never used fingerprint authentication before, for
face recognition it is more than 67%. As to the positives and negatives:
• Users find speed (57% for fingerprint and over 36% for face recognition) and security (almost
27% and little over 22% respectively) as the major benefits.
49
• On the other hand major negatives that both methods have in common are: not secure enough
(i.e. insecure) (23% for fingerprint and almost 16% for face recognition) and possible
obstruction (21% do not like that fingerprint sensor has problems with dirty or otherwise
damaged (e.g. cut) fingers while over 17% do not like that face recognition has problems with
sunglasses or other obstructions on face). Moreover, 15% consider gloves as problem with
fingerprint authentication and little over 14% simply do not like using face recognition as it is
something like “against their nature”.
Also interesting to note is that only almost 19% for fingerprint authentication and not even full 6% for
face recognition find no need to remember PIN as benefit. Hence, it can be seen that majority of
people do not believe this is one of the key improvements when it comes to performing
biometric-authenticated m-payments.
As can be seen from the analysis above:
• Biometrics are very popular on smartphones
but only about half of smartphone users are
performing m-payments.
• When it comes to m-payments people mostly
like biometric authentication because it is fast.
• High portion of users also see them as secure
but slightly smaller number of users believe
they are insecure.
• Only about one fifth of users see no
need to remember PIN as benefit.
• People most often start using them
because of their own interest or because
their smartphone suggested this option
during the initial setup.
6.2 Fingerprint Authentication
The report’s outcomes show that fingerprint authentication is very popular. Two out of every three
respondents liked it very much or much. The biggest positive respondents mentioned was that it is fast
(57%) and the biggest motivators for using it were their own interest (35%) as well as their phone
suggesting this option during the initial setup (almost 33%). These data show that people really like the
seamless experience that comes with fingerprint authentication and they start using it mostly because of
their own interest in the technology. But more importantly, a lot of users start using it because it is
suggested by their phone during the first boot. This points out to an assumption that in if adding a debit/
credit card was also asked for during the initial boot, there would be much more users using it.
50
On the other hand thebiggest negative which relatively significant portion of users (23%) mentioned
was that it is not secure enough. Now the number is not as high but still, some improvements in terms
of the actual security features or sharing more information with end-users on why it is very secure (per-
haps also during the initial boot of the phone) could improve end-users’ perception by a large margin.
The best results captured in the measured statements seen by almost all (94%) respondents were with
easy-to-use field. This means that respondents feel that this method of authentication is a seamless
experience and perhaps no further improvements in this area are currently needed. Additionally, vast
majority of users also feel that it is improving e-payments domain (82%) and that it is faster than
traditional authentication methods (80%). Therefore, it looks like people see it as a faster improvement
to the existing and widely used traditional methods of authentication in e-payments. Still relatively
large amount of respondents (73%) consider this method of payment as stress-free which points out
that users are quite happy with using this method of payment but there is still some room for
improvement. Security, being one of the fields that could be considered very important when it comes
to payments in general, has not scored extremely well (68%) meaning that majority of end-users do feel
it is secure but still quite large number of users do not feel the same. In order for users to be completely
adjusted to using mobile for their payments everywhere they go a strong believe needs to be put into
their feeling that vast majority of retailers are accepting this method of payment. However, only slight
majority (63%) believe so. Hence, a large room for improvement can be seen here. Finally, last fields
that were evaluated were friends and peers usage of this authentication method and their active
encouragement towards respondents to start using it (now or before they started using it). Some people
(32%) feel that their friends and peers are using it but vast majority know only few users or none. Only
minimal number of users (4%) claim that some of their friends and peers are or were encouraging them
to start using fingerprint authentication. Therefore, it looks like social connections have very little
influence on whether people start using fingerprint authentication on their smartphones.
6.3 Face Recognition
The report’s outcomes show that face recognition as a method of authentication is not very popular.
Only one out of every three respondents liked it very much or much. The fact that it is fast was also the
biggest positive respondents mentioned though with much smaller percentage (over 36%) and the
biggest motivators to start using this method were the same but again with much smaller percentage –
their own interest (little over 21%) and initial phone setup (almost 7%). From this perspective it could
51
be said that face recognition is used and liked for the same reasons as fingerprint authentication but has
much smaller satisfied audience. Moreover, it is worth mentioning that approximately two out of every
three respondents asked have never used face recognition before – meaning it has the initial barrier,
where users are deciding whether to start using it or not, quite extensive. On the other hand, the biggest
negatives are almost identically split between: problems with obstructions on a face (e.g. sunglasses)
(over 17%), feelings that it is insecure (almost 16%), and feelings of being uncomfortable using this
method (over 14%). These data show that negatives are quite spread among multiple fields and hence
there is not one major that would stand out which could be a positive sign. Nevertheless, the biggest
problem seems to be rather with the fact that vast majority of users are not tempted by this method
enough to even try it. Hence, focusing on motivators could be considered a more rational way to
improve end-users’ perception of this authentication method.
As to the best results captured in the measured statements, the order of the top 3 fields is identical to
the previously reviewed authentication method. Firstly, vast majority (82,5%) of respondents feel that it
is easy-to-use – meaning none or perhaps only minor changes are needed here. Secondly, still large
number of users (73%) feel that it is a faster method of payment than traditional ones. Thirdly, majority
of end-users (67%) believe that it is improving e-payments domain. Hence, also for face recognition,
majority of users see it is a faster improvement in comparison to the previous widely used methods of
authentication. Security has received quite frustrating feedback. Slight majority (58%) feel that face
recognition is very secure and this means that there is quite large room for improvement in terms of
users’ perception at least. The next in line is acceptability of this method of payment in shops. Perhaps
surprisingly, only a little over half of respondents (55%) feel that vast majority of retailers do accept
face recognition. This is quite odd as both fingerprint and face recognition should have the same
numbers here because m-payments “do not care” what authentication method is being used (it does not
even have to be biometrics). Similarly, almost the same percentage of users (53%) consider this method
of payment as stress-free. Hence, both of these areas do require more attention as major improvements
seem to be desired here. Last two fields are also the ones as in the previously discussed method of
authentication. Significant minority (14%) of users feel that their friends and peers are using face
recognition and only very few (4%) respondents stated that they were encouraged by their friends and
peers to start using it (now or before they started using it). Therefore, the same outcome is visible for
face recognition – social connections have very little influence on whether people start using face
recognition on their smartphones.
52
6.4 Two Factor Authentication
This method of authentication is the only theoretical one, meaning currently it is not possible to even be
configured on a smartphone for m-payments. The results are not very surprising in stating that this
method is not very popular with approximately 36,5% respondents liking it very much or much.
However, it is quite surprising that this amount is 4,5% bigger than with face recognition by which one
could say that it could be more popular than face recognition. It is also worth mentioning that 13,5%
people mentioned during the interview that they would accept and use this method of payment only if it
was used for larger payments (e.g. above 50 Euros) as entering this for every single payment (e.g. 1
Euro) seemed too obstructive and reason for not using it at all. The only positive which majority of
users mentioned was that it is very secure (over 90%) which means that this method has quite big
potential for end-users who were considering other previously evaluated authentication methods (on
their own – one factor) as insecure or not secure enough. On the other hand, the fact that it is slow was
mentioned by almost half of respondents (over 49%) and some even consider it useless (more than
19%). Hence, in case this method is going to be implemented it perhaps should be emphasised that it is
much more secure, even though it takes longer to be performed, as this is what end-users expect and
feel about this method. The fact that it is optional could ease users who believe it is useless.
Nevertheless, currently the configured biometric authentication on smartphones is used for both
unlocking the phone and m-payments – i.e. it cannot be set differently for these two activities. And it is
very hard to imagine some users would accept 2FA for m-payments as well as unlocking the phone.
This applies also because the interview question was explained as 2FA only for m-payments (not
unlocking the phone at the same time). Meaning, for this method to be considered useful it most likely
needs to be divided from unlocking and used only for m-payments.
As to the best results captured in the measured statements, this method had only 4 fields and 1 of them
was already discussed as the biggest positive (end-users consider it as very secure). The remaining 3
fields show that: majority of users (over 65%) would consider it as improvement of e-payments, only
slight minority of users (48%) consider it as easy-to-use, and even smaller minority (little over 44%)
consider it as stress free method of payment. These data show that the actual usage is not very seamless
in comparison to the previously reviewed authentication methods but perhaps 2FA is not even designed
to be and these results could be considered as good. Perhaps both easy-to-use and stress free method of
payment could be improved with 2FA consisting of both layers being biometrical (as oppose to the
tested method – fingerprint and PIN). Ideally, end-users would be able to choose which two methods
are the most ideal for them but perhaps such implementation (along with dividing authentication of
unlocking with m-payments) is very costly for developers.
53
6.5 Gender, Age, and Education Differences
This section considers gender (male and female), age (young, medium aged, and older), and education
(with or without university degree) differences and highlights facts that stand out. The data is presented
as has been given by respondents, meaning some groups have more data than others, some have fewer,
and some have none.
Fingerprint authentication
• W omen :
◦ like it significantly less than men,
◦ much fewer women also consider it as faster than traditional authentication method.
• It is mostly disliked by young people (0-30 years) for multiple reasons. Significantly smaller
number of these users:
◦ like it much or very much (overall likeability),
◦ consider it faster than traditional authentication methods,
◦ consider it as improvement of e-payments domain, and
◦ consider it as stress-free method of payment.
• Respondents with university education consider it
◦ much less “stress-free method of payment” comparing to users without university.
Face recognition
• Women :
◦ consider it significantly less easy-to-use method of payment,
◦ much fewer women also consider it as stress free method of payment.
• Older people (41 or more years):
◦ dislike this method the most,
◦ do not know anyone who uses this method of payment.
• Smallest percentage of medium aged people (31-40 years) believe this method is:
◦ an improvement of e-payments domain,
◦ stress free.
• Smallest percentage of young people (0-30 years):
◦ consider it as faster than traditional method of payment.
54
• People with university education (when compared to users without university):
◦ do not like this method so much,
◦ do not consider it as improvement of e-payments domain as much,
◦ do not consider it as easy-to-use so much,
◦ do not consider it as stress free method of payment,
◦ have smaller belief that vast majority of retailers accept this method of payment.
Two factor authentication
• Older people (41 or more years):
◦ dislike this method the most,
◦ consider it as stress-free method of payment the least.
• Largest percentage of M edium aged people (31-40 years):
◦ believe this method is not easy-to-use.
• People with out university education (when compared to users with university):
◦ do not like this method much,
◦ would not consider it so much as an improvement of e-payments domain,
◦ do not consider it as easy-to-use by a large margin.
The data summarised above do present quite a few interesting outcomes. Firstly, men are more inclined
to using biometrics and consider these as: faster than traditional authentication, easier to use, and stress
free method of payment. Secondly, the age difference.
• Young people (0-30 years) like fingerprint authentication much less than other age groups for
quite a few reasons. But they feel most comfortable with face recognition (when compared to
other age groups).
• Medium aged people (31-40 years) have the most remarks towards face recognition and are
group which is inclined to start using 2FA the most (when compared to other age groups). But it
is worth stating that they like fingerprint authentication the most out of the 3 tested methods.
• And older people (41 or more years) have face recognition and 2FA as the least favourite
(equally) while liking fingerprint authentication the most out of all age groups.
Thirdly, education, where fingerprint authentication did not encounter some major differences, except
for considering it as “stress free method of payment”. Here, much fewer university educated people
stated agree or strongly agree (when compared to respondents without university degree). However,
face recognition (for number of reasons) is much more preferred by people without university
education whereas 2FA is much more preferred by university educated people.
55
6.6 Experience with M-Payments and Biometrics
This section discusses previous experience and its influence towards feelings end-users have with
particular authentication method. Fingerprint authentication did not provide any major surprise.
People who performed m-payments in the last 30 or 90 days (meaning are using it regularly or
sometimes) have much better feelings about it in almost all evaluated fields (except for easy-to-use
where the values are almost identical). Also they know more people who are using it and have or had
more people encouraging them to use it. Similarly, when considering previous usage of fingerprint
authentication (have used it before versus never used it before), respondents who used it before like it
much more, feel its faster than traditional authentication method, and consider it very secure.
Moreover, they also know much more people using this method. Other fields had minor differences.
Face recognition is a similar story. People who performed m-payments in the last 30 or 90 days
(meaning are using it regularly or sometimes) have much better feelings about it when it comes to
likeability, belief it is faster than traditional authentication methods, ease-of-use, and feeling that vast
majority of retailers are accepting this method. People with experience also know more people using it
and have or had more friends and peers encouraging them to start using it. Also, for the people who
used face recognition before, almost all values are much higher except for “very secure” and “stress
free” where the difference was smaller but still in favour of people with previous experience.
Two factor authentication is not having any data for this section because it is currently impossible
(when using official Google Pay and Apple Pay applications) to configure m-payment to be
authenticated using both fingerprint authentication along with PIN.
6.7 Other Biometric Authentication Method
This research has shown that approximately four fifths of people do not need any other biometric
authentication for m-payments. Some of them even mentioned that fingerprint authentication is ideal
and nothing else is needed. There were also some mentioning that they would like IRIS, DNA, voice
recognition, or perhaps 2FA (both biometrics) to be added. Nevertheless, it can be seen that end-users
are satisfied with the current availabilities and do not feel like new ones are needed at this point.
56
6.8 Traditional vs Biometric Authentication
Finally, the very last question of each interview was to determine which authentication method is more
secure – traditional, biometric, or neither (i.e. both are with relatively same level of security). This
question was asked to ensure biometrics is considered as improvement for end-users when it comes to
m-payments. The results clearly show that was majority of end-users believe biometrics is more secure.
Hence, it could be said that end-users accept this method of authentication as an improvement to
security of their m-payments.
6.9 Relation to Current Covid-19 Pandemic
The situation with Covid-19 virus (also known as “coronavirus”) (BBC News 2020a, Newey &
Gulland 2020, LaMotte 2020, UNDP 2020, Boseley et al. 2020, ECDC 2020) has become so global
with such a severe impact that on 11th March 2020 World Health Organisation (WHO) has declared it as
pandemic (Boseley 2020, BBC News 2020b, DW 2020, Gumbrecht & Howard 2020). Before this date
as well as moving onwards, nations throughout the whole world have released many recommendations
and/or compulsory instructions to minimise chances of the virus spreading. As the virus spreads with
human contact, contactless payments have become very popular (Kelly 2020, Young 2020, Rooks
2020, Sekiguchi 2020, Visontay 2020). This includes debit and credit card payments as well as m-
payments. However, the major benefit of m-payments, when compared to contactless payments with a
card, is that even higher sums of money can be paid touch free. This is because larger sums of money
(approximately above 50 Euros, depending on country) need to be authenticated also by PIN on a POS-
terminal while m-payments have whole authentication process performed on personal smartphone
which does not need to directly touch the POS-terminal (Kelly 2020, Young 2020, Bycer 2020). This
benefit could, also in the future, be considered as very practical whether that is for possibly another
global (or perhaps even local) pandemic or simply for something like a flu season. Hence, contactless
m-payments could spread among people much faster because it, in certain times, does noticeably
improve public health which many end-users could consider very important.
57
CHAPTER 7
Results
This chapter provides the final sections which outline the main outcomes this research provides. Hence,
firstly, comparisons with current literature show what has been confirmed and what is different. And
secondly, the depicted research questions are directly answered.
7.1 Findings versus Literature
This section compares literature review findings with results of this research. The table below shows
findings that were compared and a brief comparison statement. However, there are three important
notes to be mentioned. Firstly, not all literature findings could be compared as this research was not
performed to compare all the existing results. Hence, some literature review findings (that cannot be
compared) are skipped. Secondly, some findings could have been directly compared (e.g. biometrics is
more secure than traditional authentication methods) while others could not (e.g. continuous
authentication needs to be unobtrusive). The ones that could are using “almost identical”, “practically
identical”, or “very different” values for comparison. The ones that could not were compared to the
greatest extent possible using values “similar” and “very similar”. Thirdly, there is a comparison
worth mentioning but cannot be directly compared. Value “unknown” is used for such situation.
Table 18: Findings versus Literature
Outcomes ofLiterature Review
Similar or IdenticalResult(s) of This Research
Comparison
People are starting to use biometricsbecause it is more secure than
traditional authentication methods(Blanco-Gonzalo, 2019).
Last question of the interview clearlyshows that vast majority of
respondents believeit is more secure.
Almost identicaloutcomes.
58
Outcomes ofLiterature Review
(continued)
Similar or IdenticalResult(s) of This Research
(continued)
Comparison(continued)
For Ogbanufe & Kim (2018) themost important m-payments’
topic is security.
Based on multiple results, it can beseen that most important topic, fromend-users’ perspective, is speed (at
least for fingerprint and facerecognition). Security is the second
most mentioned positive/topic.
Very differentoutcomes.
From end-users’ perspective, thesechallenges are considered to be thecrucial ones according to Blanco-
Gonzalo et al. (2019):(1) the actual time that users need tospend on authentication (the longer
the worse),(2) ergonomics of the device and/or
scanner (i.e. the physical size or needfor additional external hardware), and
(3) user acceptance.
(1) Speed (as mentionedin the previous row),
(2) Actually ergonomics were notmentioned by end-users’ at all (but
perhaps respondents did not considerthis and took it for granted),
(3) The ideal way to see that this istrue, is with face recognition and 2FA
– many people simply do not likethese methods and will be very hard
to convince them to start using it(even if 2FA is very secure and face
recognition is very fast).
(1) Almost identicaloutcomes.
(2) Unknown as thiswas not directly tested.
(3) Practicallyidentical outcomes.
Authors further emphasise that suchmethod (i.e. continuous
authentication) needs to beunobtrusive as users’ experience
can quickly deteriorate ifmultiple requests for
re-authentication are needed(Blanco-Gonzalo et al., 2019).
Even though with different testedauthentication methods – speed is themost important factor for end-users
during authentication (57%respondents for fingerprint and over36% for face recognition mentioned
speed as a positive – for bothauthentication methods this was the
biggest positive).
Similar results butfrom different type ofauthentication. Still, itis important that speedis crucial for success
with end-users.
P erceived security and perceivedusefulness were the most importantinfluences in research by Liebana-
Cabanillas et al. (2018).
S peed (related to usefulness) andsecurity were the most important
positives – meaning these could beconsidered as major influences.
Similar results.
A Techpinion study was discussedwhich shows that 89% of Apple userswith a device capable of doing Touch
ID are actually using it(Buckley & Nurse, 2019).
In this research 96% of Apple usersare actively (within last 30 days)using fingerprint (Touch ID) or
face recognition (Face ID) –i.e. biometrics.
Very similar results.
59
Outcomes ofLiterature Review
(continued)
Similar or IdenticalResult(s) of This Research
(continued)
Comparison(continued)
A company named Deloitte revealedthat 79% of all users (using any
mobile device including iPhone) inthe UK are using fingerprint scanner
(Buckley & Nurse, 2019).
Almost 83% of respondents haveused fingerprint scanner before and
over 71% have used it (or facerecognition) within last 30 days.
Very similar results.
Moreover, perhaps due to thecomplexity of such method of
authentication, responses showeddistrust in using biometrics for high
security tasks (e.g.banking transactions)
(Blanco-Gonzalo, 2019).
Even though over 71% respondentsare using biometrics on smartphone,
only 50% are performing m-paymentswith the device. Hence, about half ofpeople are not using biometrics form-payments. Though reasons vary.
Similar results butlooked at from differentperspective. Still, both
outcomes show thatpeople have distrust for
using biometrics forbanking transactions.
U sability has bigger influence onusers in comparison to privacy andsecurity (Blanco-Gonzalo, 2019).
The biggest positive, by a largemargin, respondents mentioned wasspeed (which is related to usability).
Practically identicaloutcomes.
83% of respondents believe thatbiometrics authentication methods are
as secure as passwords (Buckley &Nurse, 2019).
Only slightly over 15% ofrespondents believe traditional is
approximately as secure as biometricauthentication. Moreover, 75%
believe biometrics is more secure.
Very differentoutcomes.
Respondents consider(1) data security and(2) personal privacy
on smartphones as veryimportant (Zirjawi et al., 2015).
(1) Security was the second biggestpositive for fingerprint and the
biggest positive for face recognitionmentioned by respondents.
(2) Relatively small number ofrespondents (12.5%) mentioned
privacy as negative for facerecognition while fingerprint
had only 2% of users withthis problem.
(1) Practicallyidentical outcomes.
(2) Very differentoutcomes.
Users do not trust face recognitiontechnique (Zirjawi et al., 2015).
Even though 58% respondents doconsider face recognition very secure
a lot of them do not or are unsure.Additionally, 14% mentioned that
they feel uncomfortable using it. Andover 42% did not like using it so
much or did not like it at all.
Similar results but“trust” as such was notdirectly measured in
this research.
60
Outcomes ofLiterature Review
(continued)
Similar or IdenticalResult(s) of This Research
(continued)
Comparison(continued)
(1) Perceived usefulness and(2) perceived enjoyment (i.e. the
actual user experience andconvenience) are having the highest
impact on customer satisfaction(Marinkovic & Kalinic 2017,
Rad et al. 2017).
(1) Speed (related to usefulness) wasthe most repeated positive – meaning
this could be considered asa major influence.
(2) When considering fingerprint (asthe most favourite biometrics), 67%
liked using it much or very much andover 71% of respondents are usingbiometrics actively. When adding
35% people who liked facerecognition much or very much it ispossible to see that the percentage oflikeability (i.e. enjoyment) is similar
to percentage of active users (i.e.have used in “last 30 days”).
(1) Similar results.
(2) Very similarresults.
The major identified barrier forfaster deployment was lack of
consumer-perceived(1) privacy and
(2) security(Marinkovic & Kalinic, 2017).
(1) Relatively small number ofrespondents (12.5%) mentioned
privacy as negative for facerecognition while fingerprint had
only 2% of users with this problem.(2) Almost 16% believe face
recognition is insecure (secondbiggest problem) and 23% feelfingerprint sensor is not secure
enough (biggest problem).
(1) Very differentoutcomes.
(2) Practicallyidentical outcomes.
Two key factors (out of 26) whichwere evaluated the most are:(1) perceived usefulness and
(2) perceived ease of use(Marinkovic & Kalinic, 2017).
(1) Speed (related to usefulness) wasthe most repeated positive – meaning
this could be considered asa major influence.
(2) As users believe it is very fast itcould mean that it is also easy-to-use.Especially when 94% of respondents
for fingerprint and 82.5% for facerecognition do consider particular
authentication method as easy-to-use.
(1) Similar results.
(2) Very similarresults.
61
7.2 Research Questions Answered
This research has focused on answering the determined research question and sub-questions. The
following sections highlight the main outcomes of the research and therefore attempt to answer all
research questions mentioned in section “1.3 Research Questions”.
7.2.1 Current User-Acceptance Level (Q1)
To put it simply, user-acceptability level of biometrics in m-payments is high . For users who are
actively performing m-payments (i.e. have performed m-payment within last 30 days), meaning 50% of
all respondents, over 73% of them are regularly (i.e. have authenticated using biometrics on
smartphone within last 30 days) using biometrics also.
To put it into perspective, approximately 3 out of every 4 users who are performing m-payments
regularly are using biometrics for their authentication. Therefore, it could be said that users are
already happily using biometrics to authenticate their m-payments.
The, not so bright finding, is that a large portion of users (50%) are not using m-payments
regularly for various reasons. Hence, the acceptability level of biometrics in m-payments is not so
much a barrier as is starting performing m-payments.
7.2.2 Reasons for Current User-Acceptance Level (Q2)
Fingerprint authentication is quite popular (67% respondents like it much or very much) because of
the following reasons (which were mentioned by respondents in an open question asking about
positives of using this method of payment):
✔ speed (57%)
✔ security (27%)
✔ simplicity (21%)
✔ no need to remember PIN (19%)
62
Additionally, to provide more details, respondents feel that this method is:
✔ faster than traditional
authentication methods (80%)
✔ very secure (68%)
✔ improving e-payments domain (82%)
✔ easy-to-use (94%)
✔ stress-free (73%)
The aforementioned data clearly show that end-users focus on usability and consider this method as an
improvement of e-payments domain largely because it is easy-to-use, stress-free, and faster than
traditional authentication methods. It is also worth mentioning that current acceptability level of
biometrics in smartphones is high mainly because of fingerprint authentication which is much more
popular when compared to face recognition.
Face recognition authentication is not so popular (almost 35% respondents like it much or very
much). Nevertheless, in case people liked it, it was for the following reasons (which were also
mentioned by respondents in an open question asking about positives of using this method of payment):
✔ speed (36%)
✔ security (22%)
✔ simplicity (7%)
✔ no need to remember PIN (6%)
Additionally, to provide more details (as was done before), respondents feel that this method is:
✔ faster than traditional
authentication methods (73%)
✔ very secure (58%)
✔ improving e-payments domain (67%)
✔ easy-to-use (83%)
✔ stress-free (53%)
These data mirror results for fingerprint authentication but are worse in every single aspect.
Nevertheless, again the most important factor is usability (i.e. speed). This time people consider it as an
improvement to e-payments domain mostly because it is easy-to-use and faster than traditional
authentication methods.
7.2.3 Suggested Improvements (Q3)
Ogbanufe & Kim (2018) stated that the protection of a database which has authentic samples stored is
also crucial because fingerprints (unlike passwords) cannot be easily changed when compromised.
Now this applies to face recognition too. Therefore, also considering that tested two factor
authentication had almost identical likeability (36.5%) as face recognition (34.5%), adding possibility
to perform m-payments with 2FA could be considered as major improvement in perceived
security (as over 90% of respondents consider 2FA very secure) and actually security itself as well.
63
Hence, a group of sceptical users not performing m-payments with biometrics at the moment could opt
for using biometrics (as one factor) too. However, this method needs to be implemented carefully as
speed is very important factor and performing 2FA for small payments could be perceived as useless.
Liebana-Cabanillas et al. (2018) consider perceived security and perceived usefulness as the most
important influences. These two were the most important ones in this research too and therefore, as
perceived usefulness is already high, perceived security needs to be improved. Buckley & Nurse (2019)
emphasised that users require high security measures when they encounter with a bank and Marinkovic
& Kalinic (2017) detected that the major identified barrier for faster deployment is lack of consumer-
perceived privacy and security. Hence, these authors also agree with Liebana-Cabanillas et al. (2018) in
terms of improving perceived security. Hence, finding ways how to inform users about security of
biometrics can be considered as a way to improve perceived security. Focusing on letting end-users
know how fingerprint and face recognition work with special emphasis on why they are secure
could be a major improvement in user-acceptance. Ideally, there should be more mediums (e.g.
videos, viral videos, broadcast, articles, animated pictures, combination of these) by which these data
could spread so that each end-user finds most favourite medium. Alternatively, as mentioned before,
end-users already consider 2FA as very secure so adding this option could be considered a solution too.
It is worth mentioning that end-users need to remember smartphone’s PIN, password, or pattern
(depending what they have setup) because their smartphone could sometimes authenticate them using
this method only (i.e. not accepting biometrics). These situations could be: smartphone reboot, when
device was not unlocked for a long time (approximately 24 – 72 hours depending on manufacturer), or
when too many wrong attempts to authenticate using biometrics were performed (approximately 3 – 5
depending on manufacturer) (Apple.com 2020, Android.com 2020, Google.com 2020). Hence, using
2FA could be also a useful way to remember a smartphone’s primary authentication method.
This research has additionally pointed out to two interesting findings which were not discussed in the
literature before:
• A lot of users (almost 33% for fingerprint and almost 7% for face recognition) have started
using biometrics because their phone suggested this option during initial setup. Hence, adding
more information why biometrics is secure to this initial setup as well as possibility to add
credit/debit card (including information why it is secure) could significantly increase number
of active users for biometrics as well as m-payments.
64
• A large number of end-users (approximately 37% for fingerprint and around 45% for face
recognition) do not believe or do not know whether vast majority of retailers are accepting this
method of payment. Hence, more information in this area would be beneficial too, like, in
case POS terminal accepts contactless payments with a card it most likely will accept also
m-payments (using NFC) (Mastercard 2020, VISA 2020, Savvides 2019). It does not matter
what authentication method smartphone user uses (e.g. fingerprint, face, PIN, password,
pattern, IRIS) in terminal’s “point of view” as it cares about NFC (or other) m-payments
communication method. Also, perhaps end-users should be encouraged to consider having
their credit/debit card in a mobile phone more like an addition to their e-payments
peripherals rather than substitution. This is for example because if phone has no battery, it is
impossible to pay with it (Pritchard, 2019) or there could be situations when they have only
phone with them (i.e. without wallet/purse which contains cards) and in such scenario they are
still able to pay (using their phone).
65
CHAPTER 8
Conclusions and Future Research
The following sections provide last comments to summarise the whole research. As first, conclusion
section which discusses main outcomes of this project is provided. Then, future work section follows
which talks about areas that could be further researched as they deserve more attention.
8.1 Conclusion
Research performed as part of this thesis has mainly attempted to determine current user-acceptability
level of biometrics in mobile payments because biometrics is likely going to substitute traditional
method of payments in order to improve e-payments security. The determination, within the scope of
the project, has been successful and it has been shown that user-acceptability is high. The main reason
for this is that end-users really like fingerprint authentication especially because of its speed.
Additionally, identifying the most common reasons behind the current acceptability level and
suggesting improvements were also required objectives to be achieved. Both of these were successfully
completed too. The most common reasons why people like biometrics for m-payments are speed,
security, simplicity (i.e. ease-of-use), and considering it as stress-free method of payment.
On the other hand, improvements could be introduced in adding two factor authentication method and
adding possibility to insert credit/debit card to smartphone during the initial phone setup. Moreover,
people need to be informed more about several topics: (1) why is particular biometric authentication
secure and (2) how does it actually work (using easy-to-understand explanation for non-technical
audience) – these information could be also part of the initial phone setup (but using other types of
medium are desired too), (3) how many POS-terminals actually accept m-payments, (4) whether it
matters, from POS-terminal’s perspective, what authentication method is used for m-payment, and (5)
perhaps encouraging users to consider m-payments as an additional method of payment rather than
substitution of credit/debit card e-payments. Last but not least, there are two more important findings:
66
vast majority of end-users: (I.) do not ask for other biometric authentication method for m-payments
and (II.) believe biometrics is more secure than traditional methods of authentication. Therefore, focus
regarding improvements can be on existing biometric authentication methods and/or creating some
combinations (perhaps two factor biometric authentication).
As has been mentioned above, this project has pointed out the areas which require further attention for
even more end-users adopting this secure method of authentication during m-payments. Nevertheless,
there is another finding which is quite important for the state of the art – end-users have high
acceptability level when it comes to biometrics in smartphones but not so high acceptance when it
comes to adding credit or debit card to their smartphone. Therefore, various kinds of improvements in
this area need to be implemented too and explaining to end-users security of biometrics in smartphones,
mentioned above, does add to this need. Possibility to add two factor authentication (2FA) could also
improve end-users’ perception of m-payments’ security as they already consider 2FA very secure.
All these outcomes can, as has been pointed out in section “1.5 Significance of Study”, be used for
determining improvements when developing smart devices which are capturing biometric samples or
designing software that will be performing m-payments as well as for information purposes aimed
towards shops which would like to know whether implementing and supporting POS-terminal capable
of performing m-payments is worth being inserted into brick and mortar stores to improve customers’
experience. Furthermore, this research can be used for other researches within this domain as it
provides user-acceptance details on limited amount of end-users in 2020 in Central Europe. Therefore,
involving larger amount of users, performing interviews in different geographical areas, or performing
the research in later years could use data researched in this project as a reference.
8.2 Future Work
This research has pointed out many details regarding user-acceptance of biometrics for m-payments.
However, throughout the project it has been detected that there are some other fields which would
deserve more attention. The following unordered list provides these areas:
• As has been pointed out already, end-users are more reluctant to insert credit/debit cards into
their smartphones than they are inserting their fingerprints or scans of face. Hence, barriers
which end-users might feel for inserting these cards into their smartphones could be research
topic on it own as it directly affects usage of biometrics for m-payments.
67
• Performing interviews with:
◦ not full-time working employees (as almost all respondents in this research were full-time
employees), or
◦ with more older people (i.e. 41 year or more) (as only little over 17% of respondents were
older than 41 years in this research).
• Ask additional interview questions on areas that deserve more attention:
◦ Ergonomics of the device,
◦ Trust,
◦ Financial cost of the device,
◦ Privacy (perhaps users often use it interchangeably with security),
◦ Reasons why over 67% of respondents have never used face recognition before,
◦ How should 2FA for m-payments authentication work in more detail (to be considered as
useful for end-users).
68
ReferencesAdegboye, A. (2015) 'Secure On-Line Transaction through Augmented Biometrics System', Global Journal of Computer Science and Technology, 15(2), pp.7-14.
Adnan, N., Nordin, S., bin Bahruddin, M. & Ali, M. (2018) ‘How trust can drive forward the user acceptance to thetechnology? In-vehicle technology for autonomous vehicle’, Transportation Research Part A-Policy and Practice, pp.819-836. doi: 10.1016/j.tra.2018.10.019
Alrawashdeh, T., Elbes, M., Almomani, A., ElQirem, F. & Tamimi, A. (2019) ‘User acceptance model of open source software: an integrated model of OSS characteristics and UTAUT’, Journal of Ambient Intelligence and Humanized Computing. doi: 10.1007/s12652-019-01524-7
Alqudah, M. (2018) 'Consumer Protection in Mobile Payments in the UAE: The Current State of Play, Challengesand the Way Ahead', Information & Communications Technology Law, 27(2), pp.166-184. Doi: 10.1080/13600834.2018.1458450
Android.com (2020), Measuring Biometric Unlock Security, Available at: https://source.android.com/security/biometric/measure (Accessed: 5 May 2020).
Apple.com (2020), About Touch ID advanced security technology, Available at: https://support.apple.com/en-us/HT204587 (Accessed: 5 May 2020).
Awad, A. (2012) ‘Machine Learning Techniques for Fingerprint Identification: A Short Review’, International Conference on Advanced Machine Learning Technologies and Applications, Advanced Machine Learning Technologies and Applications (AMLTA 2012). Cairo, Egypt. Dec. doi: 10.1007/978-3-642-35326-0_52
Awad, A. & Baba, K. (2011) ‘Fingerprint Singularity Detection: A Comparative Study’, International Conference onSoftware Engineering and Computer Systems, Software Engineering and Computer Systems (ICSECS 2011). doi: 10.1007/978-3-642-22170-5_11
Awad, A. & Baba, K. (2012) ‘Evaluation of a Fingerprint Identification Algorithm with SIFT Features’, 2012 IIAI International Conference on Advanced Applied Informatics, Fukuoka, Japan. 20-22 Sep. doi: 10.1109/IIAI-AAI.2012.34
Barbaschow, A. (2019), Smartphone market 'a mess' but annual tablet sales are also down, Available at: https://www.zdnet.com/article/smartphone-market-a-mess-but-annual-tablet-sales-are-also-down/ (Accessed: 12 May 2020).
BBC News (2020a), Coronavirus pandemic, Available at: https://www.bbc.com/news/coronavirus (Accessed: 9 May 2020).
BBC News (2020b), Coronavirus confirmed as pandemic by World Health Organization, https://www.bbc.com/news/world-51839944 (Accessed: 9 May 2020).
Blanco-Gonzalo, R., Miguel-Hurtado, O., Lunerti, C., Guest, R., Corsetti, B., Ellavarason, E. & Sanchez-Reillo, R. (2019) 'Biometric Systems Interaction Assessment: The State of the Art', IEEE Transactions on Human-Machine systems, 49(5), pp.397-410. doi: 10.1109/THMS.2019.2913672
69
Boseley, S. (2020) ‘WHO declares coronavirus pandemic’, The Guardian, 11 March. Available at: https://www.theguardian.com/world/2020/mar/11/who-declares-coronavirus-pandemic (Accessed: 9 May 2020).
Boseley, S., Devlin, H. & Belam, M. (2020) ‘What is Coronavirus, what are its symptoms, and when should I call a doctor?’, The Guardian, 17 April. Available at: https://www.theguardian.com/world/2020/apr/17/what-is-coronavirus-what-are-its-symptoms-and-when-should-i-call-a-doctor (Accessed: 9 May 2020).
Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R. and Cleven, A. (2009) 'Reconstructing the giant: On the importance of rigour in documenting the literature search process', 17th European Conference on Information Systems, ECIS 2009. Paper 161.
Buckley, O. & Nurse, J. (2019) 'The language of biometrics: Analysing public perceptions', Journal of Information Security and Applications, 47, pp.112-119.
Bycer, B. (2020) Paying at a Distance: How to Navigate Touch-Free In-Store Payment Methods During Coronavirus and Beyond, Available at: https://www.forbes.com/advisor/credit-cards/touch-free-in-store-payment-methods/ (Accessed: 9 May 2020).
Cater-Steel, A., Toleman, M. & Rajaeian, M. M. (2019) ‘Design Science Research in Doctoral Projects: An Analysis of Australian Theses’, 20(12), pp.1844-1869. doi: 10.17705/1jais.00587
Chronéer, D. (2019) Quantitative Research. [PDF slides] Lecture handouts. Luleå Tekniska Universitet. 10 December, 2019.
DW (2020), Coronavirus: WHO declares coronavirus outbreak a pandemic, Available at: https://www.dw.com/en/coronavirus-who-declares-coronavirus-outbreak-a-pandemic/a-52715743 (Accessed: 9 May 2020).
ECDC (2020), COVID-19 situation update worldwide, as of 8 May 2020, Available at: https://www.ecdc.europa.eu/en/geographical-distribution-2019-ncov-cases (Accessed: 9 May 2020).
Eude, T. & Chang, C. (2018) ‘One-class SVM for biometric authentication by keystroke dynamics for remote evaluation’, Computational Intelligence, 34(1), pp.145-160. doi: 10.1111/coin.12122
Fabregues, S. & Fetters, M. D. (2019) ‘Fundamentals of case study research in family medicine and community health’, Family Medicine and Community Health, 7(2), pp.1-8. doi: 10.1136/fmch-2018-000074
Genemo, H., Miah, S. J. & McAndrew, A. (2015) ‘A Design Science Research Methodology for Developing a Computer-Aided Assessment Approach Using Method Marking Concept’, Education and Information Technologies, 21, pp.1769-1784. doi: 10.1007/s10639-015-9417-1
German, R. & Barber, K. S. (2017) Current Biometric Adoption and Trends, Available at: https://identity.utexas.edu/assets/uploads/publications/Current-Biometric-Adoption-and-Trends.pdf (Accessed: 12May 2020).
Google.com (2020), Unlock with your fingerprint, Available at: https://support.google.com/pixelphone/answer/6285273 (Accessed: 5 May 2020).
Gumbrecht, J. & Howard, J. (2020) ‘WHO declares novel coronavirus outbreak a pandemic’, CNN, 12 March. Available at: https://edition.cnn.com/2020/03/11/health/coronavirus-pandemic-world-health-organization/index.html (Accessed: 9 May 2020).
Hemphill, T. & Longstreet, P. (2016) 'Financial data breaches in the U.S. retail economy: Restoring confidence in information technology security standards', Technology in Society, 44, pp.30-38. doi: 10.1016/j.techsoc.2015.11.007
70
Hong, J., He, J. & Qiu, X. (2018) ‘Research on Influencing Factors of Users' Adoption Intention of WeChat Marketing’, 2018 International Joint Conference on Information, Media and Engineering (ICIME). Osaka, Japan. 12-14 December. doi: 10.1109/ICIME.2018.00039
Huang, F.-H. (2020) ‘Adapting UTAUT2 to assess user acceptance of an e-scooter virtual reality service’, Virtual Reality. doi: 10.1007/s10055-019-00424-7
Jadhav, V., Patil, R., Jadhav, R. & Magikar, A. (2015) ‘Proposed E-payment System using Biometrics’, International Journal of Computer Science and Information Technologies, 6(6), pp.4957-4960.
Jayusman, H. & Setyohadi, D. (2017) ‘An empirical investigations of user acceptance of “Scalsa” e-learning in stikes Harapan Bangsa Purwokerto’, 2017 5th International Conference on Cyber and IT Service Management (CITSM). Denpasar, Indonesia. 8-10 August. doi: 10.1109/CITSM.2017.8089266
Kelly, H. (2019) ‘Fingerprints and face scans are the future of smartphones. These holdouts refuse to use them.’,The Washington Post, 15 November. Available at: https://www.washingtonpost.com/technology/2019/11/15/fingerprints-face-scans-are-future-smartphones-these-holdouts-refuse-use-them/ (Accessed: 12 May 2020).
Kelly, S. M. (2020) ‘Dirty money: The case against using cash during the coronavirus outbreak’, CNN, 7 March. Available at: https://edition.cnn.com/2020/03/07/tech/mobile-payments-coronavirus/index.html (Accessed: 9 May2020).
Kencebay, B. (2019) ‘User acceptance of driverless vehicles and robots with aspect of personal economy’, Journal of Transnational Management, 24(4), pp.283-304. doi: 10.1080/15475778.2019.1664234
LaMotte, S. (2020) ‘What is coronavirus and Covid-19? An explainer’, CNN, 31 March. Available at: https://edition.cnn.com/2020/03/31/health/what-is-coronavirus-covid-19-wellness/index.html (Accessed: 9 May 2020).
Landrum, B. & Garza, G. (2015) ‘Mending Fences: Defining the Domains and Approaches of Quantitative and Qualitative Research’, Qualitative Psychology, 2(2), pp.199-209. doi: 10.1037/qup0000030
Levy, Y. & Ellis, T. (2006) 'A Systems Approach to Conduct an Effective Literature Review in Support of Information Systems Research', INFORMING SCIENCE Journal, 9, pp.181-212.
Liébana-Cabanillas, F., Marinkovic, V., Ramos de Luna, I. & Kalinic, Z. (2018) 'Predicting the determinants of mobile payment acceptance: A hybrid SEM-neural network approach', Technological Forecasting & Social Change, 129, pp.117-130. doi: 10.1016/j.techfore.2017.12.015
Malathi, R. & Jeberson, R. (2016), 'An Integrated Approach of Physical Biometric Authentication System', Procedia Computer Science, 85, pp.820-826. doi: 10.1016/j.procs.2016.05.271
Marinkovic, V. & Kalinic, Z. (2017) ‘Antecedents of customer satisfaction in mobile commerce.’, Online Information Review, 41(2), pp.138-154. doi: 10.1108/OIR-11-2015-0364
Martinovic, I., Rasmussen, K., Roeschlin, M. and Tsudik, G. (2017), 'Authentication Using Pulse-Response Biometrics', Communications of the ACM, 60(2), pp.108-115. doi: 10.1145/3023359
Mastercard.com (2020), Just Tap & Go®, Available at: https://www.mastercard.com/en-ke/consumers/features-benefits/contactless.html (Accessed: 7 May 2020).
71
Mingers, J. & Standing, C. (2020) ‘A Framework for Validating Information Systems Research Based on a Pluralist Account of Truth and Correctness’, Journal of the Association for Information Systems, 21(1), pp.117-151. doi: 10.17705/1jais.00594
NCSC (2020) Mobile Device Guidance, Available at: https://www.ncsc.gov.uk/collection/mobile-device-guidance/using-biometrics-on-mobile-devices (Accessed: 12 May 2020).
NetMarketShare (2020), Operating System Market Share, Available at: https://netmarketshare.com/operating-system-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Mobile%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Trend%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22platform%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22platformsMobile%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222019-05%22%2C%22dateEnd%22%3A%222020-04%22%2C%22segments%22%3A%22-1000%22%7D (Accessed: 12 May 2020).
Newey, S. & Gulland, A. (2020) ‘What is coronavirus, how did it start and how big could it get?’, The Telegraph, 9May. Available at: https://www.telegraph.co.uk/news/2020/05/07/what-coronavirus-covid-19-global-pandemic/ (Accessed: 9 May 2020).
Nugroho, R., Susilowati, A., Ambarwati, O. & Pratiwi, A. (2018) ‘Factors Affecting Users’ Acceptance of E-Billing System in Surakarta Tax Office’, ComTech, 9(1), pp.37-42/ doi: 10.21512/comtech.v9i1.4621
O’dea, S. (2020), Mobile operating systems' market share worldwide from January 2012 to December 2019, Available at: https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/ (Accessed: 12 May 2020).
Ogbanufe, O. & Kim, D. (2018) 'Comparing fingerprint-based biometrics authentication versus traditional authentication methods for e-payment', Decision Support Systems, 106, pp.1-14. doi: 10.1016/j.dss.2017.11.003
Okoh, E. & Awad, A. (2015) ‘Biometrics Applications in e-Health Security: A Preliminary Survey’, International Conference on Health Information Science, Health Information Science (HIS 2015). Melbourne, Australia. 6 May.doi: 10.1007/978-3-319-19156-0_10
Okoh, E., Makame, M. H. & Awad, A. (2017) ‘Toward online education for fingerprint recognition: A proof-of-concept web platform’, Information Security Journal: A Global Perspective, 26(4), pp.186-197. doi: 10.1080/19393555.2017.1329462
Okpara, O. & Bekaroo, G. (2017) ‘Cam-Wallet: Fingerprint-Based Authentication in M-Wallets using Embedded Cameras’, 2017 IEEE International Conference on Environment and Electrical Engineering (EEEIC) and 2017 IEEE Industrial and Commercial Power Systems Europe (I&CPS Europe). Milan, Italy, 6-9 June. doi: 10.1109/EEEIC.2017.7977654
Paiva, J., Dias, D. & Cunha, J. (2017) ‘Beat-ID: Towards a computationally low-cost single heartbeat biometric identity check system based on electrocardiogram wave morphology’, PLoS ONE, 12(7), pp.1-32. doi: 10.1371/journal.pone.0180942
Pritchard, J. (2019), Pay With Your Mobile Phone, Available at: https://www.thebalance.com/pay-with-your-mobile-phone-315479 (Accessed: 7 May 2020).
Rad, M., Nilashi, M. & Dahlan, H. (2017) ‘Information technology adoption: a review of the literature and classification’, Universal Access in the Information Society, 17(2), pp.361–390. doi: 10.1007/s10209-017-0534-z
72
Ranger, S. (2018) Wearables outlook 2022: Smartwatches will still rule, Apple will still dominate, Available at: https://www.zdnet.com/article/wearables-outlook-2022-smartwatches-will-still-rule-apple-will-still-dominate/ (Accessed: 12 May 2020).
Rooks, T. (2020) ‘Will the coronavirus crisis finally spell the end of cash payments in Germany?’, DW, 7 May. Available at: https://www.dw.com/en/paying-in-cash-in-germany-and-the-coronavirus-corona-crisis-epidemic/a-53349878 (Accessed: 9 May 2020).
Savvides, L. (2019), Samsung Pay: Everything you need to know (FAQ), Available at: https://www.cnet.com/how-to/samsung-pay-everything-you-need-to-know-faq-mobile-wallet/ (Accessed: 7 May 2020).
Sekiguchi, W. (2020) ‘COVID-19 pandemic prompts a digital revolution’, The Japan Times, 15 April. Available at: https://www.japantimes.co.jp/opinion/2020/04/15/commentary/japan-commentary/covid-19-pandemic-prompts-digital-revolution/#.XrQmnGVR2Uk (Accessed: 9 May 2020).
Sivakumar, T., Nair, S., Zacharias, G., Nair, M. & Joseph, A. (2018), ‘Identification of tongue print images for forensic science and biometric authentication’, Journal of Intelligent & Fuzzy Systems, 34(3), pp.1421-1426. doi: 10.3233/JIFS-169437
Statcounter (2020a), Mobile Operating System Market Share Worldwide, Available at: https://gs.statcounter.com/os-market-share/mobile/worldwide (Accessed: 12 May 2020).
Statcounter (2020b), Desktop vs Mobile vs Tablet Market Share Worldwide, Available at: https://gs.statcounter.com/platform-market-share/desktop-mobile-tablet (Accessed: 12 May 2020).
Statista (2019), Annual sales volume of smartphones, tablets, wearables and laptops in France from 2011 to 2016*, Available at: https://www.statista.com/statistics/490231/wearable-devices-worldwide-by-region/ (Accessed: 12 May 2020).
Ståhlbröst, A. (2019) QUALITATIVE RESEARCH METHODS. [PDF slides] Lecture handouts. Luleå Tekniska Universitet. 3 December, 2019.
Szopinski, T. (2016) 'Factors affecting the adoption of online banking in Poland', Journal of Business Research, 69(11), pp.4763-4768. doi: 10.1016/j.jbusres.2016.04.027
Tao, D., Fu, P., Wang, Y., Zhang, T. & Qu, X. (2019) ‘Key characteristics in designing massive open online courses (MOOCs) for user acceptance: an application of the extended technology acceptance model’, Interactive Learning Environments. doi: 10.1080/10494820.2019.1695214
Trappey, A., Trappey, C. & Hsu, A. (2016) 'Patent Portfolio Analysis of E-payment Services Using Technical Ontology Roadmaps', IEEE International Conference on Systems, Man, and Cybernetics, SMC 2016. Budapest, Hungary, 9-12 October.
Turkmen, C. & Degerli, A. (2015) ‘Transformation of Consumption Perceptions: A Survey on Innovative Trends inBanking’, Procedia - Social and Behavioral Sciences, 195, pp.376-382. doi: 10.1016/j.sbspro.2015.06.337
UNDP (2020), COVID-19 pandemic, Available at: https://www.undp.org/content/undp/en/home/coronavirus.html (Accessed: 9 May 2020).
Verleye, K. (2019) ‘Designing, writing-up and reviewing case study research: an equifinality perspective’, Journalof Service Management, 30(5), pp.549-576. doi: 10.1108/JOSM-08-2019-0257
73
Visa.com (2020), Tap to pay with Visa, Available at: https://usa.visa.com/pay-with-visa/contactless-payments/contactless-payments.html (Accessed: 7 May 2020).
Visontay, E. (2020) ‘Cashless payments ‘help stop spread’ of coronavirus’, The Australian, 10 March. Available at: https://www.theaustralian.com.au/science/cashless-payments-help-stop-spread-of-coronavirus/news-story/fd4bb0b9a934ce0ca722993710a17c4f (Accessed: 9 May 2020).
Webster, J. & Watson, R. (2002) 'Analyzing the Past to Prepare for the Future: Writing a Literature Review', MIS Quarterly, 26(2), pp.xiii-xxiii.
Yang, W., Wang, S., Zheng, G., Yang, J. and Valli, C. (2019) ‘A Privacy-Preserving Lightweight Biometric Systemfor Internet of Things Security’, IEEE Communications Magazine, 57(3), pp.84-89. doi: 10.1109/MCOM.2019.1800378
Ylikoski, P. & Zahle, J. (2019) ‘Case study research in the social sciences’, Studies in History and Philosophy of Science Part A, 78, pp.1-4. doi: 10.1016/j.shpsa.2019.10.003
Young, S. (2020) ‘CORONAVIRUS: WHAT ARE THE NEW CONTACTLESS CARD RULES AND SPENDING LIMIT?’, The Independent, 20 April. Available at: https://www.independent.co.uk/life-style/coronavirus-contactless-spending-limit-how-much-a9421366.html (Accessed: 9 May 2020).
Zirjawi, N., Kurtanovic, Z. & Maalej, W. (2015) ‘A survey about user requirements for biometric authentication on smartphones.’, 2015 IEEE 2nd Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE). Ottawa, ON, Canada, 25-25 August. doi: 10.1109/ESPRE.2015.7330160
74
Appendix A – questionnaire (protocol)
Biometrics in mobile payments
This questionnaire discusses personal feelings about fingerprint authentication, then face recognition, and finally two factor (PIN and fingerprint) authentication. Data will be presented as a whole, meaning personal responses will not be shared with anyone at all. They will be anonymised.
Intro Questions
1. What operating system do you have on mobile?
• iOS (Apple)
• Android (Google)
• Other
2. What is your gender?
• Male
• Female
3. How old are you?
• Less than 18
• 18-30
• 31-40
• 41-50
• 51 or more
4. What is your highest finished education?
• Elementary school
• Secondary school (high school)
• University
• None
75
5. Do you work?
• Student
• Student with Part-time job
• Student with Full-time job
• Employed Part-time
• Employed Full-time
• Unemployed
• Retired
6. When was the last time you performed m-payment?
• Within last 30 days (1 month)
• Within last 90 days (3 months)
• Within last 180 days (6 months)
• Within last 365 days (12 months)
• More than 1 year ago
• Never
7. When was the last time you authenticated using biometrics?
• Within last 30 days (1 month)
• Within last 90 days (3 months)
• Within last 180 days (6 months)
• Within last 365 days (12 months)
• More than 1 year ago
• Never
8. If you were using some biometric authentication method which one(s) and who introduced it(them) to you?If you used both please comment on both.
76
Fingerprint authentication
9. How did you like fingerprint authentication?
• 5 - very much
• 4 - much
• 3 - neutral
• 2 - not so much
• 1 - not at all
10. What are the biggest benefits of m-payments using fingerprint?
11. What are the biggest negatives of m-payments using fingerprint?
12. I consider fingerprint authentication faster (i.e. more efficient) than traditional authentication (e.g. PIN, password).
Strongly disagree 1 2 3 4 5 Strongly agree
13. I consider fingerprint authentication very secure.
Strongly disagree 1 2 3 4 5 Strongly agree
14. I consider fingerprint authentication improving e-payments domain.
Strongly disagree 1 2 3 4 5 Strongly agree
15. I consider fingerprint authentication easy to use.
Strongly disagree 1 2 3 4 5 Strongly agree
16. I consider fingerprint authentication as stress free method of payment.
Strongly disagree 1 2 3 4 5 Strongly agree
17. My friends and peers are using fingerprint authentication.
Strongly disagree 1 2 3 4 5 Strongly agree
77
18. My friends and peers are/were encouraging me to use fingerprint authentication.
Strongly disagree 1 2 3 4 5 Strongly agree
19. I feel that vast majority of retailers are accepting this method of payment.
Strongly disagree 1 2 3 4 5 Strongly agree
Face recognition
20. How did you like face recognition authentication?
• 5 - very much
• 4 - much
• 3 - neutral
• 2 - not so much
• 1 - not at all
21. What are the biggest benefits of m-payments using face recognition?
22. What are the biggest negatives of m-payments using face recognition?
23. I consider face recognition authentication faster (i.e. more efficient) than traditional authentication (e.g. PIN, password).
Strongly disagree 1 2 3 4 5 Strongly agree
24. I consider face recognition authentication very secure.
Strongly disagree 1 2 3 4 5 Strongly agree
25. I consider face recognition authentication improving e-payments domain.
Strongly disagree 1 2 3 4 5 Strongly agree
78
26. I consider face recognition authentication easy to use.
Strongly disagree 1 2 3 4 5 Strongly agree
27. I consider face recognition authentication as stress free method of payment.
Strongly disagree 1 2 3 4 5 Strongly agree
28. My friends and peers are using face recognition authentication.
Strongly disagree 1 2 3 4 5 Strongly agree
29. My friends and peers are/were encouraging me to use face recognition authentication.
Strongly disagree 1 2 3 4 5 Strongly agree
30. I feel that vast majority of retailers are accepting this method of payment.
Strongly disagree 1 2 3 4 5 Strongly agree
Two Factor authentication
31. How did you like two factor authentication?
• 5 - very much
• 4 - much
• 3 - neutral
• 2 - not so much
• 1 - not at all
32. What are the biggest benefits of m-payments using two factor authentication?
33. What are the biggest negatives of m-payments using two factor authentication?
79
34. I consider 2 factor authentication very secure.
Strongly disagree 1 2 3 4 5 Strongly agree
35. I consider two factor authentication improving e-payments domain.
Strongly disagree 1 2 3 4 5 Strongly agree
36. I consider two factor authentication easy to use.
Strongly disagree 1 2 3 4 5 Strongly agree
37. I consider two factor authentication as stress free method of payment.
Strongly disagree 1 2 3 4 5 Strongly agree
Final Questions
38. Would you prefer other biometric authentication for m-payments? If yes, which one and why?
39. Which of the following is more secure authentication method according to you?
• Traditional authentication (e.g. PIN, password)
• Biometric authentication (e.g. fingerprint, face recognition)
• Neither
THANK YOU
80
Appendix B – interview schedule
The following table shows date and duration of interviews which were performed as part of this research.
No. Participant ID Date of Interview(dd.mm.yyyy)
Duration of Interview(minutes)
1 Participant_001 3.4.2020 45
2 Participant_002 3.4.2020 45
3 Participant_003 3.4.2020 25
4 Participant_004 4.4.2020 25
5 Participant_005 4.4.2020 25
6 Participant_006 4.4.2020 35
7 Participant_007 4.4.2020 17
8 Participant_008 4.4.2020 19
9 Participant_009 4.4.2020 45
10 Participant_010 4.4.2020 30
11 Participant_011 4.4.2020 16
12 Participant_012 4.4.2020 26
13 Participant_013 5.4.2020 29
14 Participant_014 5.4.2020 42
15 Participant_015 5.4.2020 19
16 Participant_016 5.4.2020 14
17 Participant_017 5.4.2020 22
18 Participant_018 5.4.2020 47
19 Participant_019 5.4.2020 29
20 Participant_020 5.4.2020 20
21 Participant_021 8.4.2020 36
22 Participant_022 8.4.2020 24
23 Participant_023 8.4.2020 32
24 Participant_024 9.4.2020 18
25 Participant_025 9.4.2020 35
26 Participant_026 9.4.2020 24
81
27 Participant_027 9.4.2020 21
28 Participant_028 9.4.2020 32
29 Participant_029 9.4.2020 34
30 Participant_030 10.4.2020 37
31 Participant_031 10.4.2020 25
32 Participant_032 10.4.2020 22
33 Participant_033 10.4.2020 38
34 Participant_034 10.4.2020 21
35 Participant_035 10.4.2020 31
36 Participant_036 10.4.2020 34
37 Participant_037 10.4.2020 44
38 Participant_038 10.4.2020 47
39 Participant_039 10.4.2020 33
40 Participant_040 11.4.2020 28
41 Participant_041 11.4.2020 12
42 Participant_042 11.4.2020 25
43 Participant_043 11.4.2020 40
44 Participant_044 11.4.2020 40
45 Participant_045 11.4.2020 34
46 Participant_046 11.4.2020 70
47 Participant_047 12.4.2020 18
48 Participant_048 13.4.2020 22
49 Participant_049 14.4.2020 39
50 Participant_050 15.4.2020 18
51 Participant_051 15.4.2020 32
52 Participant_052 16.4.2020 29
82
Appendix C – initial research plan
The following table shows a basic layout of the timeframe I would like to follow for writing the thesis.
Each step (from section “3.” above) has a week or weeks allocated to it based on my estimates. For
better clarity brief comments are written in each row. Please note that I will not physically start writing
the thesis in Week 12 but will write it throughout the whole time allocated. Just the main parts of the
thesis are mentioned in this plan.
Time (w=week) Step(s) Brief comments
January n/a Work out with supervisor final version of research question & sub-questions
W1 (3.-9.2.) 1 Research and determine term “acceptability”
W2 (10.-16.2.) 1 Research and determine term “acceptability”
W3 (17.-23.2.) 2 Prepare testing scenarios
W4 (24.2.-1.3.) 2 Prepare testing scenarios
W5 (2.-8.3.) 3 Prepare questionnaire
W6 (9.-15.3.) 4 Get questionnaire improved by skilled people
W7 (16.-22.3.) 5 Improve the questionnaire
W8 (23.-29.3.) 6 + 7 (6) Perform testing scenarios with end-users
W9 (30.3.-5.4.) 6 + 7 (6) Perform testing scenarios with end-users
W10 (6.-12.4.) 6 + 7 (7) Gather their feedback by means of questionnaire
W11 (13.-19.4.) 6 + 7 (7) Gather their feedback by means of questionnaire
W12 (20.-26.4.) 8 Analyse the feedback
W13 (27.-3.5.) 8 + 9 (8) Analyse the feedback + (9) Discuss the results
W14 (4.-10.5.) 9 Discuss the results
W15 (11.-17.5.) 9 + 10 (9) Discuss the results + (10) Write remaining parts
W16 (18.-24.5.) 10 Write remaining parts
W17 (25.-31.5.) n/a Final reviews of the thesis
83