Replication Study: A Cross-Country Field Observation Study of Real World PIN Usage at ATMs and in Various Electronic Payment Scenarios

Website Maintenance Alert

Due to scheduled maintenance, the USENIX website will not be available on Tuesday, December 17, from 10:00 am to 2:00 pm Pacific Daylight Time (UTC -7). We apologize for the inconvenience.

If you are trying to register for Enigma 2020, please complete your registration before or after this time period.

Authors: 

Melanie Volkamer, Karlsruhe Institute of Technology (KIT) and Technische Universität Darmstadt; Andreas Gutmann, OneSpan Innovation Centre and University College London; Karen Renaud, Abertay University, University of South Africa, and University of Glasgow; Paul Gerber, Technische Universität Darmstadt; Peter Mayer, Karlsruhe Institute of Technology (KIT) and Technische Universität Darmstadt

Abstract: 

In this paper, we describe the study we carried out to replicate and extend the field observation study of real world ATM use carried out by De Luca et al., published at the SOUPS conference in 2010. Replicating De Luca et al.'s study, we observed PIN shielding rates at ATMs in Germany. We then extended their research by conducting a similar field observation study in Sweden and the United Kingdom. Moreover, in addition to observing ATM users (withdrawing), we also observed electronic payment scenarios requiring PIN entry. Altogether, we gathered data related to 930 observations. Similar to De Luca et al., we conducted follow-up interviews, the better to interpret our findings. We were able to confirm De Luca et al.'s findings with respect to low PIN shielding incidence during ATM cash withdrawals, with no significant differences between shielding rates across the three countries. PIN shielding incidence during electronic payment scenarios was significantly lower than incidence during ATM withdrawal scenarios in both the United Kingdom and Sweden. Shielding levels in Germany were similar during both withdrawal and payment scenarios. We conclude the paper by suggesting a number of explanations for the differences in shielding that our study revealed.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {219425,
author = {Melanie Volkamer and Andreas Gutmann and Karen Renaud and Paul Gerber and Peter Mayer},
title = {Replication Study: A Cross-Country Field Observation Study of Real World {PIN} Usage at ATMs and in Various Electronic Payment Scenarios},
booktitle = {Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018)},
year = {2018},
isbn = {978-1-939133-10-6},
address = {Baltimore, MD},
pages = {1--11},
url = {https://www.usenix.org/conference/soups2018/presentation/volkamer},
publisher = {{USENIX} Association},
month = aug,
}