In this paper, we describe the study we carried out to replicate and extend the field observation study of real world ATM use carried out by De Luca et al., published at the SOUPS conference in 2010. Replicating De Luca et al.'s study, we observed PIN shielding rates at ATMs in Germany. We then extended their research by conducting a similar field observation study in Sweden and the United Kingdom. Moreover, in addition to observing ATM users (withdrawing), we also observed electronic payment scenarios requiring PIN entry. Altogether, we gathered data related to 930 observations. Similar to De Luca et al., we conducted follow-up interviews, the better to interpret our findings. We were able to confirm De Luca et al.'s findings with respect to low PIN shielding incidence during ATM cash withdrawals, with no significant differences between shielding rates across the three countries. PIN shielding incidence during electronic payment scenarios was significantly lower than incidence during ATM withdrawal scenarios in both the United Kingdom and Sweden. Shielding levels in Germany were similar during both withdrawal and payment scenarios. We conclude the paper by suggesting a number of explanations for the differences in shielding that our study revealed.
|Title of host publication||Proceedings of the Fourteenth Symposium on Usable Privacy and Security|
|Number of pages||11|
|Publication status||Published - 31 Aug 2018|
|Event||14th Symposium on Usable Privacy and Security - Baltimore Marriott Waterfront, Baltimore, United States|
Duration: 12 Aug 2018 → 14 Aug 2018
Conference number: 14
|Other||14th Symposium on Usable Privacy and Security|
|Abbreviated title||SOUPS 2018|
|Period||12/08/18 → 14/08/18|
Volkamer, M., Gutmann, A., Renaud, K., Gerber, P., & Mayer, P. (2018). Replication study: a cross-country field observation study of real world PIN usage at ATMs and in various electronic payment scenarios: towards understanding why people do, or do not, shield PIN entry. In Proceedings of the Fourteenth Symposium on Usable Privacy and Security (pp. 1-11). USENIX Association.