“Security perception of e-banking users in India: an analytical hierarchy process”

When choosing online financial transactions, security is a paramount concern of users. Three categories of banks in India, namely public, private and foreign banks, have a completely different focus on technology and capabilities. The study aims at investigating e-banking users’ perception with regard to online risk for public, private and foreign banks. Online risk perception for the abovementioned banks was assessed on three major risk parameters, i.e. security aspect, privacy aspect, and trust; using a multiple-criteria decision-making tool, called the Analytical Hierarchy Process (AHP). The outcomes indicate that security risk is paramount among various aspects of perceived risk, followed by privacy and trust concern. Moreover, public sector banks are perceived to be the safest in this aspect. Public sector banks are also considered to be benign in terms of privacy and trust. Given the general user’s perception of risk generated by all the three risk parameters taken together, public sector banks are perceived to be the most secure, followed by private and foreign banks. The findings of this study have various implications for both research and practice. Private and foreign banks in India may adopt appropriate marketing strategies to achieve a favorable perception. Various studies have been conducted earlier on these factors and their interrelationship, but limited research has been carried out to demonstrate the importance of each of these factors in relation to the other as perceived by the user. Moreover, the study quantifies factors in order of their importance.


INTRODUCTION
There are many types of banks in India, namely public sector banks (most of which are owned by government), private sector banks (owned or controlled by domestic private entities), and foreign entities owned by foreign banks. However, there are still many regional banks and co-operative banks, but public, private, and foreign banks dominate the sector. When it comes to the share of advances and deposits in the country, public sector banks lead with 71.8% in deposits and 68.1% in advances at the end of fiscal 2017. Over the years, public sector banks have been losing share of its private sector counterparts, while foreign banks have marginally lost their share on a smaller basis of about 5% of advances, in the last decade to the end of March 2017. This all is happening at a time when the banking sector is undergoing a transformation phase as a result of the digital era, and the country's central bank is catching most of the public sector banks that are napping on ballooning non-performing assets (NPAs).
The Government of India, led by Prime Minister Narendra Modi, is trying to transform India into a digitally empowered society, and a faceless, paperless, cashless, and knowledge driven economy. Numerous initiatives have been taken by the government, such as Digital India, free to air channel DigiShala, the cashlessindia.gov.in website, creating a new UPI (Unified Payment Interface) digital payment system, and an app BHIM thereon. Demonetization, an initiative to curb black economy, gave a surge to cashless economy and gave confidence to the government to set a mission of 2.5 billion cashless transactions for 2017-2018.
With the spate of government initiatives for the cashless economy, concerns about security also raise. "In India, from 2011 to 2014, there has been a surge of approximately 300 per cent in cybercrime cases registered under the IT Act, 2000," said the Assocham-PwC joint study. A recent Assocham-PwC study reported an increase in Cyber security incidents in 2016 compared to 2014 and 2015. The above figures are disquieting at a time when India is undergoing its digital transformation. Online security becomes the most critical factor when users make transactions involving money online. Various factors influence the adoption of internet banking services, such as perceived ease of use, attitudes, subjective norms, perceived usefulness, security and trust, and awareness of online banking services (Juwaheer, Pudaruth, & Ramdin, 2012).

LITERATURE REVIEW
In literature, various factors have been identified that affect consumer perception of risk and security when transacting online. Laforet and Li (2005) have studied users' attitudes with regard to mobile and internet banking in China. Perception of risk, lack of skills, and the culture of cash-carry banking were identified as barriers to online banking. Furthermore, lack of awareness of mobile banking benefits was found to be a deterrent for its adoption. Previous positive banking experience, level of education, and reference group's sway did not affect the acceptance of mobile and online banking in China. Miyazaki and Fernandez (2001) find that perceived risk mediates the impact of the Internet experience on the online purchase behavior. Consumers' perceptions of privacy protection and security protection are regarded as antecedents and having strong influences on trust and risk. Thus, privacy and security technologies provided by the bank for Internet banking are the most important concerns for internet banking. Perceived security and privacy, usefulness, and perceived ease of use significantly affect intention to use internet banking (Lallmahamood, 2007). The impact of perceived security on trust is more significant in comparison to reputation and financial liability in online e-commerce transactions (Chellappa & Pavlou, 2000). Stone, Gueutal, Gardner, and McClure (1983) conceptualize Information privacy as "the ability of the individual to personally control informa-tion about one's self. " Smith, Milberg, and Burke (1996) in their study of privacy consider individual's concerns about organizational information privacy practices. Besides, a four-dimension scale was developed to measure this concern: the collection of an extensive proportion of personal information and its illegitimate secondary use -inside or outside the organization, errors -deliberate or accidental, in personal information, and improper access to personal information by outsiders. Based on the communication privacy management (CPM) theory, Petronio (2002), Xu, Teo, Tan, and Agarwal (2012) propose that the privacy concerns of mobile users are based on three dimensions, namely, perceived surveillance of personal information and activities, perceived intrusion, which means that information recipients are able to make independent decisions about users' information, and the secondary use of personal information. Privacy concerns may have an impact on online trust. It may depend upon consumers' attributes like gender, age, education, and their extraversion (Riquelme & Román, 2014). A privacy concern is recognized as a major threat to development of e-commerce and the digital economy (Malhotra, Kim, & Agarwal, 2004).
In addition to the privacy concern, consumer information security has been identified as one of the impediments in the e-commerce development (Gray, 1999). Although security issues are closely related to privacy concerns, this is a distinct construct (Vijayasarathy, 2004;Belanger, Hiller, & Smith, 2002). Román and Cuestas (2008) consider security as uncertainty of incurring financial losses while interacting with a website. For instance, this may result from the online credit card fraud (Miyazaki & Fernandez, 2000). As per Román (2007), perceived security means perceptions of consumers about the online transaction security, particularly with regard to safety of the payment options. In addition, it refers to safeguard of financial information from unauthorized access. Privacy concerns focus on the unauthorized use of personal information, while security concerns correspond to the safeguard of shared information. According to Chellappa (2008), security means the concerns about the guarding of private information with three specific objectives: integrity, authentication and confidentiality. Integrity refers to the intactness of the information, i.e. it is not altered or changed during the transmission or storage. Authentication ensures validation of a user's identity and eligibility to information access; and confidentiality means that only authorized users are able to access the information for the authorized purpose. Ackerman (2004) suggests that "security is necessary for privacy, but security is not sufficient to safeguard against subsequent use, to minimize the risk of disclosure, or to reassure users".
Mayer, Davis, and Schoorman (1995) suggested an inclusive definition of trust as "the willingness of a trustor party to be vulnerable to the actions of trustee party based on the expectation that the trustee party will perform a particular action important to the trustor party, irrespective of the ability to monitor or control the trustee party." Many researchers from information technology systems have investigated trust in the online context (Gefen, Karahanna, & Straub, 2003;McKnight, Choudhury, & Kacmar, 2002). Trust is found to be an important factor in electronic transaction decision-making (Kim, Ferrin, & Rao, 2008). In online banking, customers are the trustor party, while banks whose online portals are being used are trustee parties. Customers are susceptible to harm since they provide sensitive information, such as debit and credit card information, unique identification numbers, contact number, email ids, when undertaking online transactions. According to Bhattacherjee (2002), trust is a psychological state, and, therefore, is disparate from behavior; rather it is a precursor to the behavior.
The author conceptualizes trust as beliefs, having three facets, such as integrity, ability, and benevolence. Integrity refers to the consumers' perception towards online company's commitment to the terms of the online transaction. Ability corresponds to consumer perception towards competencies and knowledge of the online company to handle their transaction faultlessly. Benevolence is the perceived confidence of a consumer in a business that they will not exploit vulnerabilities in an online transaction and will always act for their well-being. In addition, it has a strong negative effect on consumer's risk perception (Kim, Ferrin, & Rao, 2008). Nilsson, Adams, and Herd (2005) concluded that authentication mechanisms, location, and situational awareness have a significant impact on the perceived trust of users in online banking. Online companies can establish trust if they affirm to an online consumer that transactions will take place as anticipated by them (Culnan & Armstrong, 1999). Chellappa and Pavlou (2001) argue that trust is positively influenced by an increase in perception of security and privacy in e-commerce transactions. Gurung and Raja (2016) have also suggested that security concerns, privacy concerns, and trust beliefs have an influence on risk perception. Their study concluded that trust had the highest influence followed by privacy concern, and security concerns.
The review of literature suggested that the perception of consumers towards information security risk is dependent upon three major factors, such as privacy, trust and security (Figure 1). When a consumer carries out online transactions with public, private and foreign banks, his perception on overall information security towards a type of a bank is driven by his assessment based on these three factors. The interrelationship is presented in Figure 1.

RESEARCH METHODOLOGY
We often face problems when choosing or prioritizing competing goals. There are various approaches in published texts, but MCDM is considered as one of the most effective and powerful techniques to deal with such ambiguous and unorganized problems with multiple conflicting objectives (Lee & Eom, 1990). Besides, in MCDM, many approaches are available, such as AHP, fuzzy AHP, TOPSIS, fuzzy TOPSIS, Data Envelopment Analysis (DEA), etc. In all these approaches, all the competing alternatives are compared and decision makers (DMs) give precise ratings based on the preferences or weights to each alternative in comparison to the other competing alternative. In this research, the Analytical Hierarchy Process (AHP) is preferable to others as it is more suited to solving problems with a limited number of alternatives to choose from. Moreover, Sabaei, Erkoyuncu, and Roy (2015) have studied many publications in maintenance management, in the Scopus database, that have used MCDM methods. As a result, it was concluded that AHP is one of the most widely used MCDM methods in research. The analytical hierarchy process, initiated by Saaty (1980), is one of the techniques used to solve complex MCDM problems. The AHP method is often used in analyzing complex problems involving various selection criteria. The AHP analysis is performed in three elementary steps as follows: 1) Arrangement of the evaluation criteria in a hierarchical structure.
2) Evaluation of interest among criteria.
3) Selection of the judgment and the synthesis of interests (Gupta et al., 2018).
AHP has been used extensively in making a range of decisions, such as product screening (

Relative significance Significance intensity
Criteria i and j are of equal significance 1 Criterion i is moderately more significant than j 3 Criterion i is much more significant than j 5 Criterion i is very much more significant than j 7 Criterion i is absolutely more significant than j 9 Intermediate values between the two adjacent judgments 2, 4, 6, 8 If criterion i has one of the above non-zero numbers allotted to it when compared to criterion j, then j has the reciprocal value when compared to i

Reciprocals of above non-zero numbers
The steps taken in the AHP to arrive at the relative significance of various criteria are as follows: Step 1: After reviewing the literature, identify an important evaluation criterion, based on which the e-banking user forms the overall perception of security towards particular type of banks.  Step 2: Data were collected from assessors in the pairwise judgment matrix of substitutes at the qualitative scale defined in the Saaty scale (see Table 1).
Step 3: The average of all the answers given by respondents in the pair-wise comparison matrix ( Table 2) was organized into a square matrix.
Step 4: The priority vector (Weight) and the principal eigenvalue (λ) of an evaluation criterion were computed (Table 7).
Step 5: The consistency of judgement of the decision maker was calculated using the principal eigenvalue ( max) to calculate CI. The consistency index can be calculated using the following formula: CR is calculated using the following formula: The value of the random index (RI) depends on n. RI was taken from the table of the random consistency index, given by a number of experts. A sample of random consistency index is presented in Table 2. A pairwise judgment matrix is reliable if the consistency ratio is less than 10%. According to Singh et al. (2018), if the significance of the consistency ratio is greater than 10%, the researcher should recalculate the pairwise judgments due to inconsistencies. Table 3. Pairwise comparison matrix of various aspects of security risk Indicators Privacy concern Security concern Trust concern Privacy concern 1.00 0.92 3.73 Security concern 1.09 1.00 7.30 Trust concern 0.27 0.14 1.00   Consumer perceptions towards information security risk for public, private and foreign banks Privacy concern Security concern Trust concern Table 7. Normalized weighted scores of various aspects of security risk

RESULTS AND ANALYSIS
E-banking user perceptions of risk while transacting online with public, private and foreign banks are measured using a multiple-criteria decision-making technique, namely the Analytical Hierarchy Process (AHP). The sample of carefully selected 25 respondents was taken for the study. Users, who frequently used e-banking, had a good understanding of it, and had several bank accounts, were selected to participate in the study sample. The details of the research, such as objectives, selected factors affecting risk perception, and factors pairwise comparison scale, were explained to users before responding. To avoid any inconsistency, respondents were also provided with an opportunity to interpret and understand each of the factors (security, privacy and trust) in accordance with their intended connotation, and in the similar manner.
Three factors, security, privacy, and trust were identified to significantly influence the formation of a user's perception of online risk after reviewing the literature. In the first stage, respondents were asked to make pairwise comparison of each of the factors and assign weights according to their subjective preference of a factor over the other on a scale of 1 to 9 (Table 1). From three such comparisons -Security vs Privacy, Security vs Trust, and Privacy vs Trust -the importance of each factor relative to the other is quantified by calculating a weighted score of each factor (Table 7). Among the three factors, security risk was considered as the most important factor, getting a priority vector weight of 52% followed by privacy and trust, with 39% and 9%, respectively. It means, users are more concerned about the security parameter for the transaction and least concerned for trust.
While undertaking the e-banking transactions, users are perceived to have more concern among the three given parameters in the following order.
When respondents judge their subjective preferences with reference to various factors by making their pairwise comparison, there are chances of making inconsistent judgements, e.g., if a re-spondent judges factor one as twice (2 times) as important to factor two. And, in the second comparison, he judges factor two as 4 times as important to factor three, then mathematically, we can say that factor one is 8 times (2*4) important than factor three. However, in the AHP, since a respondent makes the third comparison and judge the importance of factor three subjectively with respect to one, as done previously for other factors, there is a likelihood of inconsistency in subjective judgment and the results drawn mathematically for the third comparison (favors one over factor three in this case). The consistency ratio (CR) becomes handy here to check the results for consistency. In the AHP, the consistency ratio is defined as CR, where CR = CI/RI. Saaty (1980) has shown that the consistency ratio (CR) of 0.10 or less is acceptable to continue the AHP analysis. Since three factors are compared the consistency index of the randomly generated comparison matrix value is measured as 0.58, and the Consistency ratio (CR) of the above results is 0.03. This is within the acceptable range of 10% or 0.10.
In addition, users compared all types of bankspublic, private, and foreign -for all three parameters of risk, namely. Security concern, Privacy concern and Trust concern. The analysis of the responses showed that public sector banks are considered to be the safest on all three concerns. The weighed score of public sector banks for the three parameters was the highest; it was 55%, 57% and 70% for security, privacy and trust, respectively. CR consistency ratio of the aforementioned weights was 0.07, 0.08, and 0.09. These are all within the acceptable range of 10% or 0.10, which confirms the accuracy of the results.
Thus, according to the overall online risk perception by users, public banks had the highest weight of 57% followed by private and foreign banks (Table  11 and Figure 2). The results suggest that public sector banks are ranked the safest among major three types of banks followed by private and foreign banks. Moreover, it is interesting to note that private and foreign banks are far behind public sector banks in terms of safety rating as perceived by online banking users -almost 50% to 80%. Public sector banks are considered the safest by all three valuation factors having a weighted score of 28% by the security aspect, 23% by the privacy aspect and 6% by the trust constituting a total weighted score of 57% (Figure 2). The online security risk procedure is based on the overall rating of various banks, which is assessed and perceived by online banking users by specified risk factors.

DISCUSSION
Among the three aspects of security perceptions considered in this study, namely security concern, privacy concern and trust concern, users are more concerned about security followed by privacy and trust. The results contradict Gurung and Raja's (2016) findings, where trust is seen as having the highest impact on risk perception followed by privacy and security. In addition, the results of this study illustrate that e-banking users in India consider public sector banks as the most secure followed by private and foreign banks. No studies have yet been conducted to evaluate and compare security perceptions of e-banking users with re-gard to different types of banks, including public, private and foreign banks in India. However, these results appear to be because users in India are more exposed to the public sector banks than private and foreign banks. Although, private sector banks have existed in India since 1899, but after the nationalization of major private banks in 1969 by the Government of India, public sector banks dominate the Indian banking sector. Private sector only became entrenched after the 1990s, and foreign banks after 2005, when government allowed their entry. This has been drawn from Gurung and Raja's (2016) findings, which show that user concerns and beliefs about security are not indestructible but keep evolving over a period of time, as their experience, awareness and conversancy with internet change. Over time, they become more confident in making transaction online. More experience of Indian e-banking users with public sector banks followed by private and foreign banks seems to increase their perception of security.

CONCLUSION
The study estimates and compares how e-banking users perceive online risk for public, private and foreign banks in India. The study reveals that among the three factors considered, security (Weighted Score = 52%) is perceived as most critical by e-banking users. And further analysis revealed that public sector banks are the safest among major three types of banks followed by private and foreign banks. Moreover, it is interesting to note that private and foreign banks are far behind public sector banks in terms of safety rating as perceived by online banking users -almost 50% to 80%. Although public sector banks are continuously losing market share measured in deposits and advances, they are still strong when it comes to online banking user's perception of risk and trust. When it comes to technology adoption, public sector banks lag behind their peers in digitizing their business processes and implementing digital technologies in their operations (Rishi & Saxena, 2004;Soni, 2019). So, the results of the study seem counterintuitive. This may be due to the years of familiarity, relationship, and experience with public banks that have given rise to such perception. Therefore, besides continuing to develop and modernize the existing security infrastructure, private and foreign banks need to educate and emphasize their safety aspects in an effort to persuade customers. Moreover, they should be more responsive to their existing customers' security concerns if any.