JOIV : Int. J. Inform. Visualization, 5(4) - December 2021 366-371

INTERNATIONAL JOURNAL
ON INFORMATICS VISUALIZATION

INTERNATIONAL
JOURNAL ON
INFORMATICS
VISUALIZATION

journal homepage : www.joiv.org/index.php/joiv

Bridging Usability and Accessibility of User Authentication using
Usable Accessed (UAce) for Online Payment Applications
Juliana Mohamed a,*, Mohd Farhan Md Fudzee b, Sofia Najwa Ramli c, Mohd Norasri Ismail b, Defni d
a

b

Center for Diploma Studies, Universiti Tun Hussein Onn Malaysia (UTHM), KM 1, Jalan Panchor, 84600 Pagoh, Muar, Johor, Malaysia
AROMA Focus Group, Faculty of Computer Science and Information Technology (FSKTM), Universiti Tun Hussein Onn Malaysia (UTHM),
86400 Parit Raja, Batu Pahat, Johor, Malaysia
c
ISR, Faculty of Computer Science and Information Technology (FSKTM), Universiti Tun Hussein Onn Malaysia (UTHM),
86400 Parit Raja, Batu Pahat, Johor, Malaysia
d
Department of Information Technology, Politeknik Negeri Padang, West Sumatera, Indonesia
Corresponding author: *julianaju@uthm.edu.my

Abstract— Usability and accessibility are significant authentication aspects for online applications. Despite the fact that there are
ongoing efforts to improve the interface design, some existing research only focuses on a single aspect of it. Thus, it is vital to investigate
how to merge these two features into a practical and workable solution. This study presents a preliminary process for designing
accessible and usable applications for online banking payment using Usable Accessed (UAce by adopting Design Science Research
(DSR) as its methodology. The UAce standard considers attributes and characteristics from the user authentication. The standard
establishes a development method and tool for assessing subjectively and quantitatively usable, as well as the user authentication while
taking into account specific elements, qualities, and features. The DSR technique for developing highly usable and accessible interactive
apps was utilized in designing this approach.
Keywords— Usability; accessibility; DSR; UAce; user authentication.
Manuscript received 11 Mar. 2021; revised 27 Jun. 2021; accepted 21 Oct. 2021. Date of publication 31 Dec. 2021.
International Journal on Informatics Visualization is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.

accessibility, particularly in defining a strategy for
constructing the access and usable applications. Designing the
accessible and useful applications presents few significant
obstacles, such as resolving security and usability problems.
Our fundamental concern is how to strike a good balance
between accessibility and usability in software applications
[3]. Usability principles (known as rules or heuristics) are a
set of guidelines for HCI (Human-Computer Interaction)
designers to follow. Although various usability principles for
accessible applications have been implemented in research,
several of the criteria were facing some difficulties in being
integrated into the entire process, particularly in the
appropriate design and development of usable access
applications [4]. We have also considered incorporating
worldwide standards that are widely acknowledged by the
academic and corporate communities, such as ISO 9241-220,
as it might be one of the methods to achieve a compromise
between usability and accessibility into UAce and user
authentication.

I. INTRODUCTION
Most of the online applications have their own access and
usable features. However due to its difficulty to use,
accessibility usually becomes a secondary objective for most
users. The identification of users is required for most apps,
such as e-banking. These applications allow users to provide
rights to view their data based on their identification by using
suitable authentication mechanisms. The requirements for
having a sufficient level of accessibility for authentication
while retaining its usability may be incompatible although
both security and usability are important in all authentication
processes
Usable Accessed (UAce) [1] deals with the management of
accessibility data in user interfaces. Users' profiles (identity
of the users), tasks, technology (including network
equipment), software, and physical or organizational contexts
can all affect accessibility and usability [2]. Nevertheless,
there is not much research that was done on usable

366

nature of the client's hardware, are all included as factors in
accessibility [11].

However, based on our findings, there is no qualitative or
quantitative method that defines how to build and verify
systems while taking into consideration the designated
objectives and fundamentals (also known as heuristics), that
is suitable for a good exchange between accessibility and
usability. Furthermore, there is no linkage between the ISO
9241-220 traits and qualities that the community may use to
evaluate accessibility and usability, ensuring that the user has
a satisfactory experience with a website or application.
This paper has discovered the most crucial attributes, the
usability and accessibility of user authentication to the online
payment application. The study will be presenting a
preliminary process for designing usable applications using
UAce, and the design science research (DSR) for the
methodology [9], [10]. UAce standard considering the
attributes and characteristics from the user authentication. The
standard establishes a development method and tool for
assessing subjectively and quantitatively usable security and
user authentication while taking into account specific
elements, qualities, and features. The DSR technique for
developing highly usable and accessible interactive apps was
utilized to design this approach.
The structures of this paper are as follows: Section II will
be discussing the material and method used for this study. The
results and discussions will be explained in Section III, and
finally, the conclusions and future work will be discussed in
Section IV.

Usability: This feature [12] is found and created
2)
based on Nielsen's ten usability criteria for user interface
design [13]. Nielsen's criteria of visibility is described as “to
let the user to "see" if the security features are active and being
utilised, while the convey features tell the user about the
available security measures”.
Operability: Refers to suitable and necessary time
3)
and effort in using a form of authentication.

II. MATERIAL AND METHOD
Fig. 1 UAce attributes into User authentication

This paper discusses the preliminary process of UAce user
authentication attributes, using DSR as the methodology used
in this study.

Security: The important element to be disputed of
4)
security in authentication implies confirming the personality
of a user, cycle, or gadget, frequently as an essential to
permitting admittance to assets in a data framework.

A. UAce of User authentication attributes
A Process for Enabling, Executing and Assessing HumanCentred Design Within Organizations - ISO 9241-220 [5]. It
is a particular methodology for planning more usable by
zeroing in on the utilization of the framework, and applying
human components or ergonomics, just as convenience
information and strategies. Usable Accessed (UAce) adopted
from Usable Secure (Usec) [6], [7], [8] to the authentication
techniques that the community can use to assess websites and
applications. Some characteristics, according to UAce and
authentication in accordance with ISO 9241-220, should be
examined to achieve the objectives of this study. There are six
attributes and characteristics that need to be examined and
considered as the user authentication. Figure 1 shows the
relationship of the attributes to the User authentication.
Some of the features of these attributes have the
characteristics that are listed as part of the ISO 9241-220
standard. According to a thorough assessment of the literature
and an in-depth study, usability and accessibility contribute
most principles to the UACe. The descriptions of the
attributes are as below:

Reliability: The capacity to execute specified
5)
operations that allow for effectiveness. In this context, several
elements of accessibility that include both maintenance and
technical support will be considered.
Performance: When it comes to authentication
6)
techniques, there are two factors to consider [14]:
(a) Minimal action: The application's ability to assist users in
completing tasks in a few simple steps.
(b) Time response: The time it takes to load and respond to
the programme.
B. Design Science Research methodology
We have agreed to use DSR as our main methodology of
the study [9], [10]. This strategy plans to study, research, and
examine the counterfeit and its conduct from an academic and
organizational perspective. In addition, DSR is also a
thorough procedure in planning artifacts for problem solving,
to assess what was outlined or what is working, and to
produce the outcomes. Figure 2 shows a brief description of
each phase:

Accessibility: Anyone, regardless of their cognitive,
1)
movement, or sensory abilities, will be able to utilise the
authentication method due to its accessibility. This covers
hearing, vision, mobility, learning, and colour impairments,
all of which are relevant in an authenticating setting. The
degree of specialized abilities and proficiency, just as the

367

The design of interactive systems may be approached in two
ways which are:
a)
Empirical approach
This approach is a combination of the designer’s very own
approach together with other expertise’s method, which is
accumulated through compilations of relevant advice for the
creation of a successful interface. User assessment studies
often back up these findings.
b)
Methodological approach
The approach is based on some theoretical concept and the
implementation of several processes for the design's reality.
The technique to build systems with accessibility and
usability is based on empirical approximation and guidance
[21], [22]. This type of design may not be the best option, but
we believe that it is the most suitable starting point for future
research, in designing a system using a methodological
approach to available safety.
According to the experimental approach, proposals for
commercial analysis must be obtained at the design stage
without abstraction, and without relying on complex security
procedures [23]. Nielsen [24] has proposed a few principles
in developing user interface. However, these principles do not
reflect the security features and therefore the design of safe
and usable interactive applications [25].

Fig. 2 Proposed Design Science research methodology

Application Domain: Any organization that designs
1)
software systems must prioritise communication factors with
users, because users' requirements and experiences might
change and differ from time to time. Some variables that
should be considered at this stage: people, organizational and
technical systems, and problems & opportunities.
There are two types of demographic people that can be
appraised to the study, which are:
a)
Classify user
Surveys and interviews are two most popular and wellproven ways for categorising individuals, and the user profile
is one approach for doing so [17]. A user interview's main
objective is to find out how people feel about security, i.e.,
their perception on threats, type of protection that they want,
and other matters on security choices. Another aim is to
determine who the user trusts and on what basis, as well as
what concepts and vocabulary they use while communicating
[18]. Although users’ interviews or observations are critical,
inquiring about the users' desired security goals might be
difficult. They clearly need to be secured as viable as could
be expected, yet the genuine inquiry is would they say they
will go additional miles for that? [19]. Once this data is
gathered and analysed, it is possible to identify some of the
users' characteristics as well as the activities that they could
perform in the system, avoiding a security-usability conflict.
b)
Stakeholder
People who are actively involved in gathering usability and
security demands to determine usability objectives and viable
security approaches are known as stakeholders. They consist
of expertise in the related field. These parties should evaluate
their varied requirements while making decisions, including
the need for usable security [20].

Evaluate: In achieving the goal of this stage, some
3)
elements are tested and evaluated to find out whether it works
properly, or does it meet all the expectations, or maybe to
simply understand how a specific tool works. For usable and
accessible interactive systems, evaluation is very critical. At
this stage, certain strategies are employed to get input from
customers. It also has something to do with usability metrics
and evaluation methods.
In this phase, the strategies required to gain response from
both users or expert evaluators are being executed, which will
be reflected in the design of safe and usable interactive
applications.
a)
Heuristic evaluation
The heuristic evaluation is a validation method, in which
the main characteristic is the presence of experts (so-called
evaluators) who will evaluate the usability and security
aspects of the system interface. This is possibly the primary
objective of this study, which is based on the concepts of
user’s security and authentication [25].
In relation to these concepts, usability and security experts
analyse the user interface. This evaluation is insufficient as it
only focuses on the design of the user interface without
considering the core functions and processes. Evaluation
methods in the next stage can help to identify the main
problems caused by inadequate process modelling.
b)
Evaluation method
The data will be examined to produce some results for
evaluator reference. Representative evaluator will use the
results to evaluate how the user interface assists users with
their tasks. Security and privacy are not the primary goal of
users [26]. Therefore, it can easily be omitted from the
interface, generating risks due to possible mistakes they can
make. The accomplished objectives will be performed with
the result analysis and infrequent tasks. Based on this, users
will be able to provide information that will help in

Build design artifacts and process: This level
2)
consists of two diverse functionalities, i.e., design of the task,
and the particulars. These two are the major factors in
building up the general process of interaction design. The
process, later, will proceed to the implementation of the
design and simulation purposes. The design will be handled
with the code by using appropriate tools. The development of
an application entails testing elements such as verifying its
functionalities, figuring out aspects related to the application
interface, validating navigation, and testing new techniques
from the start, among other things.

368

TABLE I

establishing improvements to the system for adequate usable
security. Heuristics evaluation only is inadequate to find
available security issues [18]. It should coordinate with the
user's perceptions as every one sees a bunch of undertakings
performed by the application. These users are monitored
throughout each task to see how they used the interface during
implementation, how long does it require, and whether the
task was fortunately or unfortunately. The qualitative and
quantitative findings of the evaluation and task analysis are
presented, and this assessment will be able to identify the
issues that users face when security is involved in the task.
The information gathered is examined to determine critical
aspects of the application's usability and security. The
determination of most representative activities that users
should achieve for applications where convenience and
security are available is a fundamental part in the execution of
the test system. In this study, the tasks were chosen based on
literature that contained the application's most common tasks
to collect information about users' challenges. Time and task
success of percentage by indicators are produced using this
approach.

NUMBER OF PRINCIPLES FOR EACH ATTRIBUTE

Attributes
Accessibility
Usability
Operability
Security
Reliability
Performance

Number of principles
4
5
3
3
3
2
TABLE II

PRINCIPLES OF RELIABILITY

Coded
RE 1

RE 2

RE 3

Measurement items
Reliability
Services performance of the
online banking applications
are absolutely reliable
My choice to use the online
banking applications was a
wise one
The online banking
application services is great

References
George, A.
[15]
Altobishi, T.,
Erboz, G., &
Podruzsik, S.
[16]

A survey has been given randomly to a few communities
from Kedah and Johor. The demographic of peoples and
trends has been discovered. There are 106 respondents of the
survey, and from here, 39% are male and 61% are female.
There are 52% from 18 to 25 years old, 12% from 26 to 35,
30% from 36 to 45, 5% from 46 to 55, and 2% from 56 to 60
years old. From this point, we can conclude that the majority
of the users who care about online banking applications
functionalities are adults. Among them, 6% graduated from
secondary schools, 4% from qualified certificates, 45% from
diploma level, 13% from 1st degree, 17% from master’s
degree and 15% from PhD holders. Next, 34% comes from
government sectors, 14% from private sectors, 45% from
students and 7% are unemployed. For the monthly income
aspect, 50% of them earn below RM 1000, 9% are within RM
1000 to RM 3000, 11% earn RM 3001 to RM 5000, 13% earn
RM 5001 to RM 7000, 16% are within RM 7001 and above.
There are 9% who just have 1 account, 63% have 2 to 3
accounts, 26% have 4 to 5 accounts and 2% have 6 to 7
accounts. According to this, most of the people who always
used online applications for daily routine are within the B40
category.
In addition, 12% of them prefer over branch bank counters
as their frequently used banking activities, 80% prefer to use
ATM & CDM, 92% prefer the internet methods, and 44%
prefer to via telephone. About 91% of them used the online
banking applications, and only 8% never used it at all. With
this finding, we can say that most of them often use the online
banking applications rather than going to the ATM machine
or over the counters to make some transaction activities. 13%
of them often used the online banking application daily, 45%
of them used it weekly, 39% used it on a monthly basis, 1 %
used it yearly and 2% never used it at all. About 91% of them
are often used for online shopping, 64% to pay bills, 34% for
hire purchase, 70.1% just to check account balance, 84% to
transfer money to other banks, and 9% for credit cards. Next,
66% of them choose Maybank2U as the most popular and
easy to use online banking application, 47% vote for CIMB
Clicks, 36% for Bank Muamalat, 21% choose Bank Islam, 10%
for MyBSN, 9% for iRakyat (Bank Rakyat), 6% goes to

Foundations: This stage is concluded with scientific
4)
theories and methods, experience, and expertise or metaartificial of design products and design process. The
foundation will be proposing a model and an algorithm for the
flow of the user authentication online payment banking
application.
The methodology is used for the purpose of bridging the
gap between the usability and accessibility of user
authentication online payment banking applications. The
accessibility consists of the user interface which include
application domain, build design artifacts and process,
evaluation, and foundations. Usability considers human
computer interaction. This is one of the essential justifications
for why this approach was picked as a medium in
incorporating the findings of this study into the development
of secure and usable applications. Some factors of why this
methodology was chosen is as below:
a. The user: The core of development and throughout all
the model's phases.
b. Conceptual organization: Organize each notion in the
proper order based on known scientific information.
c. Simple: Easy to grasp, with barely any nodes and
branches, as well as no conditional routes.
d. Multidisciplinary team: Working in diverse teams is
both necessary and beneficial (e.g. designers and
programmers).
e. Flexibility: The concept is not linear or limiting in any
way, but rather invites its unrestricted use.
f. Validation: Real-world testing has confirmed the
model's accuracy.
III. RESULTS AND DISCUSSION
According to the approach depicted in Figure 1, each
discovered principle was analysed and assigned to the
appropriate location to Table 1. From Table I, we can see that
a total of 20 principles has been distributed to each attribute.
Table II presented some of the principles of reliability.

369

Public Bank, 5% for RHB Now (RHB Bank), 2% each from
AMBank and Affin Bank and 1% for HSBC Online.
Following this, we can conclude that the usability of online
applications and the accessibility to make transaction
activities are very crucial to most people in Malaysia. They
want better performance and qualities while using the online
application, especially online banking applications. Although
each of the applications has its own difficulty in terms of
security, people will still use it because it is in trend, and
easier as it can be done at their fingertips. A simulation of an
online application has been developed according to the
preliminary results. The prototype depicted in Figure 3.

usable security and user authentication while taking into
account specific elements, qualities, and features of the ISO
25010:2011. Despite the fact that there are several ways for
assessing the usability of security systems, these techniques
are not user-centered owing to a lack of appropriate concepts.
Future study will focus on analysing and reviewing the
expert-developed heuristics in order to assign a value to each
principle in addition with the security element. This also can
be evaluated in relation to Internet Banking Acceptance [27].
These ideas and assessment methodologies provided in this
study, together with the DSR, may be used to provide user
interface design solutions.
ACKNOWLEDGMENT
We would like to thank UTHM by giving the opportunity
of the grant of Tier 1 (H808) entitled A Graphical-based
Authorization using Multiple Media variation to enhance the
Efficiency of Verification process during Online Transaction,
to support the research activities.
REFERENCES
[1]

[2]

[3]
Fig. 3 Simulation of online payment application
[4]

From the figure 3, the simulation is made based on the
discussed usability and accessibility attributes. The process
begins with the requested OTP images as shown above. Any
images of numbers will be generated by the server for the
purpose of verification by the user. When user the generated
numbers that were sent to them, the transaction will be
verified, and the user can proceed with their transaction. If the
user inserted the wrong number, the transaction will not be
able to proceed, and the user will be asked to repeat the step
again. This process will be done within 60 seconds or 1
minute, or it will be processed back to make sure the
transaction is authenticated.

[5]

[6]

[7]

[8]

IV. CONCLUSIONS

[9]

User interface design has a difficulty with security. As a
result, developers need tools to help them to enhance their
designs in terms of usable security for applications, such as
user authentication. The UAce principles can be used to
alleviate accessibility and usability design difficulties. This is
a significant addition to the area of UAce. We are proposing
a design science research (DSR) methodology integrated with
a user-centered design approach to align and bridge the gap
between the usability and security of user authentication
online payment banking applications. Following the ISO
9241-210 standard, it complements multiple design
techniques by giving a structure to human-centered design
that incorporates different procedures and improvement fit for
a specific situation. This standard establishes a development
method and tool for assessing subjectively and quantitatively

[10]

[11]

[12]

[13]

[14]

370

Fuglerud, K. S., & Røssvoll, T. H. (2010). Previous and related
research on usability and accessibility issues of personal identification
management systems. Norwegian Computing Center, Oslo (Norway),
Tech. Rep. DART/10/10.
Fuglerud, K. S., & Røssvoll, T. H. (2012). An evaluation of web-based
voting usability and accessibility. Universal Access in the Information
Society, 11(4), 359-373.
Andrew, S., Watson, S., Oh, T., & Tigwell, G. W. (2020, October). A
Review of Literature on Accessibility and Authentication Techniques.
In The 22nd International ACM SIGACCESS Conference on
Computers and Accessibility (pp. 1-4).
Pedersen A. Usability of authentication in web applications. A
literature review. University of Copenhagen, Tech. Rep. 2010.
Bevan, N., Carter, J., Earthy, J., Geis, T., & Harker, S. (2016, July).
New ISO standards for usability, usability reports and usability
measures. In International conference on human-computer interaction
(pp. 268-278). Springer, Cham.
Yeratziotis, A., Greunen, D., Pottas, D.: A framework for evaluating
usable security: the case of online health social networks. In: 6th
International Symposium on Human Aspects of Information Security
and Assurance (2012)
Acquisti, A., Adjerid, I., Balebako, R., Brandimarte, L., Cranor, L. F.,
Komanduri, S., ... & Wilson, S. (2017). Nudges for privacy and
security: Understanding and assisting users’ choices online. ACM
Computing Surveys (CSUR), 50(3), 1-41.
Ometov, A., Bezzateev, S., Mäkitalo, N., Andreev, S., Mikkonen, T.,
& Koucheryavy, Y. (2018). Multi-factor authentication: A survey.
Cryptography, 2(1), 1.
Dresch, A., Lacerda, D. P., & Antunes, J. A. V. (2015). Design science
research. In Design Science Research (pp. 67-102). Springer, Cham.
Venable, J., Pries-Heje, J., & Baskerville, R. (2016). FEDS: a
framework for evaluation in design science research. European journal
of information systems, 25(1), 77-89.
Forget, A., Chiasson, S., & Biddle, R. (2015, September). Choose your
own authentication. In Proceedings of the 2015 New Security
Paradigms Workshop (pp. 1-15).
Dhillon, G., Oliveira, T., Susarapu, S., & Caldeira, M. (2016).
Deciding between information security and usability: Developing
value-based objectives. Computers in Human Behavior, 61, 656-666.
Stanton, N. A., Salmon, P. M., Rafferty, L. A., Walker, G. H., Baber,
C., & Jenkins, D. P. (2017). Human factors methods: a practical guide
for engineering and design. CRC Press.
Realpe, P. C., Collazos, C. A., Hurtado, J., & Granollers, A. (2015,
September). Towards an integration of usability and security for user
authentication. In Proceedings of the XVI International Conference on
Human Computer Interaction (pp. 1-6).

[15]

[16]

[17]
[18]

[19]

[20]

[21]

George, A. (2018). Perceptions of Internet banking users—a structural
equation modelling (SEM) approach. IIMB management review, 30(4),
357-368.
Altobishi, T., Erboz, G., & Podruzsik, S. (2018). E-Banking effects on
customer satisfaction: The survey on clients in Jordan Banking Sector.
International Journal of Marketing Studies, 10(2), 151-161.
Muratovski, G. (2015). Research for designers: A guide to methods
and practice. Sage.
Realpe-Muñoz, P., Collazos, C. A., Granollers, T., Muñoz-Arteaga, J.,
& Fernandez, E. B. (2017, September). Design process for usable
security and authentication using a user-centered approach. In
Proceedings of the XVIII International Conference on Human
Computer Interaction (pp. 1-8).
Schwind, N., Magnin, M., Inoue, K., Okimoto, T., Sato, T., Minami,
K., & Maruyama, H. (2016). Formalization of resilience for constraintbased dynamic systems. Journal of Reliable Intelligent Environments,
2(1), 17-35.
Naqvi, B., & Seffah, A. (2018, May). A methodology for aligning
usability and security in systems and services. In 2018 3rd
International Conference on Information Systems Engineering (ICISE)
(pp. 61-66). IEEE.
Realpe PC, Collazos CA, Hurtado J, Granollers A. A set of heuristics
for usable security and user authentication. InProceedings of the XVII

[22]
[23]

[24]
[25]

[26]

[27]

371

International Conference on Human Computer Interaction 2016 Sep
13 (pp. 1-8).
Coulton, P., & Lindley, J. G. (2019). More-than human centred design:
Considering other things. The Design Journal, 22(4), 463-481.
Morales, J., Rusu, C., Botella, F., & Quiñones, D. (2019). Programmer
eXperience: A systematic literature review. IEEE Access, 7, 7107971094.
Nielsen, J. (1994). Heuristic evaluation, w: Nielsen J., Mack RL (eds.),
usability inspection methods.
Mohamed, M. A., Chakraborty, J., & Dehlinger, J. (2017). Trading off
usability and security in user interface design through mental models.
Behaviour & Information Technology, 36(5), 493-516.
Abu-Salma, R., Redmiles, E. M., Ur, B., & Wei, M. (2018). Exploring
user mental models of end-to-end encrypted communication tools. In
8th {USENIX} Workshop on Free and Open Communications on the
Internet ({FOCI} 18).
Guo, Y., Norziha Megat, M. Z. & Nur Azaliah, A. B. (2021).
Conceptual Model on Internet Banking Acceptance in China with
Social Network Influence. International Journal on Informatics
Visualization, 5(2), 177-186.