Shahriar Hasan Mickey,Muhammad Nur Yanhaona

2024-07-10

Abstract:Presently, Bangladesh is expending substantial efforts to digitize its national infrastructure, with a significant emphasis on achieving this goal through mobile applications that facilitate online payments and banking system advancements. Despite the lack of knowledge about the security level of these systems, they are currently in frequent use without much consideration. To observe whether they follow the minimum global set standards, we choose to conduct static and dynamic analysis of the applications using available open-source analyzers and open-source tools. This allows us to attempt to extract sensitive information, if possible, and determine whether the applications adhere to the standards of MASVS set by OWASP. We show how we analyzed 17 .apks and a SDK using open source scanner and discover security flaws to the applications, such as weaknesses related to data storage, vulnerable cryptographic elements, insecure network communications, and unsafe utilization of WebViews, detected by the scanner. These outputs demonstrate the need for extensive manual analysis of the application through source code review and dynamic analysis. We further implement reverse engineering and dynamic approach to verify the outputs and expose some applications do not comply with the standard method of network communication. Moreover, we attempt to verify the rest of the potential vulnerabilities in the next phase of our ongoing investigation.

Cryptography and Security,Hardware Architecture,Software Engineering

Mohammed Amin Almaiah,Shaha Al-Otaibi,Rima Shishakly,Lamia Hassan,Abdalwali Lutfi,Mahmoad Alrawad,Mohammad Qatawneh,Orieb Abu Alghanam

DOI: https://doi.org/10.3390/su15139908

IF: 3.9

2023-06-21

Sustainability

Abstract:Effective security support remains a challenge, even for mobile banking applications; this is leading to the loss of many customers due to limited protection of customer data and privacy. Cyber threats include everything from identity theft to malware threats and email and online fraud. Thus, businesses and individuals should use risk assessment methods and countermeasures to protect their m-banking apps. With this in mind, a new model using the Technology Acceptance Model (TAM) has been proposed. The model has been broken down into six main countermeasure categories, namely: perceived risk, perceived security, perceived trust, ease of use, usefulness and service quality. To test this model, structural equation modelling (SEM) was used. Our findings reveal that perceived security, perceived trust and service quality play key roles in improving the adoption of mobile banking apps. In addition, the findings indicate that perceived risk had a negative impact on both clients' trust and their attitudes toward the use of mobile banking services. The proposed model could increase the adoption of m-banking apps by enhancing their defenses against security risk issues. The model enhances the risk reduction (63.0%), data protection (75.0%), trust (32.1%), quality of service (74.0%), ease of use (44.0%) and usefulness (45.3%) ratios.

environmental sciences,environmental studies,green & sustainable science & technology

Bakheet Aljedaani,Aakash Ahmad,Mansooreh Zahedi,M. Ali Babar

DOI: https://doi.org/10.48550/arXiv.2008.13009

2020-08-30

Abstract:Mobile systems offer portable and interactive computing, empowering users, to exploit a multitude of context-sensitive services, including mobile healthcare. Mobile health applications (i.e., mHealth apps) are revolutionizing the healthcare sector by enabling stakeholders to produce and consume healthcare services. A widespread adoption of mHealth technologies and rapid increase in mHealth apps entail a critical challenge, i.e., lack of security awareness by end-users regarding health-critical data. This paper presents an empirical study aimed at exploring the security awareness of end-users of mHealth apps. We collaborated with two mHealth providers in Saudi Arabia to gather data from 101 end-users. The results reveal that despite having the required knowledge, end-users lack appropriate behaviour , i.e., reluctance or lack of understanding to adopt security practices, compromising health-critical data with social, legal, and financial consequences. The results emphasize that mHealth providers should ensure security training of end-users (e.g., threat analysis workshops), promote best practices to enforce security (e.g., multi-step authentication), and adopt suitable mHealth apps (e.g., trade-offs for security vs usability). The study provides empirical evidence and a set of guidelines about security awareness of mHealth apps.

Software Engineering

Layth Abu Arram,Mohammed Moreb

DOI: https://doi.org/10.1109/ICIT52682.2021.9491657

2021-07-14

Abstract:Smartphones have developed tremendously in the recent period up to recent days, each period a new company appears to enter the global competition market to impose itself, and this is directly proportional to the emergence of new applications every day for various devices, as well as the field of Cybersecurity has several aspects, including in the field of phones and smartphones especially with the exploitation of the large increase in the number of its users, many immoral hackers have greedy to exploit these applications for their personal interests, either theft, destruction, plagiarism, or many others. This research shows how these applications are exploited, especially in Android devices, and how such cases can be dealt with and avoided using the quantitative methodology, data analysis and results from presentation.

Computer Science

Polra Victor Falade,Grace Bunmi Ogundele

DOI: https://doi.org/10.48550/arXiv.2302.07586

2023-02-15

Cryptography and Security

Abstract:There is a rapid increase in the number of mobile banking applications' users due to an increase in smart mobile devices. Mobile banking is a financial transaction and service offered through mobile devices. Almost all financial institutions now provide mobile banking services to their customers. However, the security of mobile banking applications is of huge concern because of the amount of personal data and information they collect. If an attacker gets hold of personal information, they can access bank payment or card accounts. This research aims to analyze the vulnerability of the UK digital banks' applications to identify vulnerabilities in the apps and proffer countermeasures that can help improve the security of the bank applications. Androbugs, a vulnerability scanner, was used to analyze the vulnerability of six digital banks' android applications. Starling, Monese, Atom bank, Transferwise, Monzo, and Revolut were scanned. All the scanned digital banks' applications have vulnerabilities; however, some have more vulnerabilities than others. For example, Revolut's mobile application has the highest number of identified vulnerabilities. Therefore, there is need for more security in the digital banks' applications as well as other mobile banking applications.

Albin Forsberg,Leonardo Horn Iwaya

2024-09-27

Abstract:Mobile health applications (mHealth apps), particularly in the health and fitness category, have experienced an increase in popularity due to their convenience and availability. However, this widespread adoption raises concerns regarding the security of the user's data. In this study, we investigate the security vulnerabilities of ten top-ranked Android health and fitness apps, a set that accounts for 237 million downloads. We performed several static and dynamic security analyses using tools such as the Mobile Security Framework (MobSF) and Android emulators. We also checked the server's security levels with Qualys SSL, which allowed us to gain insights into the security posture of the servers communicating with the mHealth fitness apps. Our findings revealed many vulnerabilities, such as insecure coding, hardcoded sensitive information, over-privileged permissions, misconfiguration, and excessive communication with third-party domains. For instance, some apps store their database API key directly in the code while also exposing their database URL. We found insecure encryption methods in six apps, such as using AES with ECB mode. Two apps communicated with an alarming number of approximately 230 domains each, and a third app with over 100 domains, exacerbating privacy linkability threats. The study underscores the importance of continuous security assessments of top-ranked mHealth fitness apps to better understand the threat landscape and inform app developers.

Cryptography and Security

Sen Chen,Lingling Fan,Guozhu Meng,Ting Su,Minhui Xue,Yinxing Xue,Yang Liu,Lihua Xu

DOI: https://doi.org/10.48550/arXiv.1805.05236

2020-02-18

Abstract:Mobile banking apps, belonging to the most security-critical app category, render massive and dynamic transactions susceptible to security risks. Given huge potential financial loss caused by vulnerabilities, existing research lacks a comprehensive empirical study on the security risks of global banking apps to provide useful insights and improve the security of banking apps. Since data-related weaknesses in banking apps are critical and may directly cause serious financial loss, this paper first revisits the state-of-the-art available tools and finds that they have limited capability in identifying data-related security weaknesses of banking apps. To complement the capability of existing tools in data-related weakness detection, we propose a three-phase automated security risk assessment system, named AUSERA, which leverages static program analysis techniques and sensitive keyword identification. By leveraging AUSERA, we collect 2,157 weaknesses in 693 real-world banking apps across 83 countries, which we use as a basis to conduct a comprehensive empirical study from different aspects, such as global distribution and weakness evolution during version updates. We find that apps owned by subsidiary banks are always less secure than or equivalent to those owned by parent banks. In addition, we also track the patching of weaknesses and receive much positive feedback from banking entities so as to improve the security of banking apps in practice. To date, we highlight that 21 banks have confirmed the weaknesses we reported. We also exchange insights with 7 banks, such as HSBC in UK and OCBC in Singapore, via in-person or online meetings to help them improve their apps. We hope that the insights developed in this paper will inform the communities about the gaps among multiple stakeholders, including banks, academic researchers, and third-party security companies.

Cryptography and Security

Bakheet Aljedaani,Aakash Ahmad,Mansooreh Zahedi,M. Ali Babar

DOI: https://doi.org/10.48550/arXiv.2101.10412

2021-01-25

Cryptography and Security

Abstract:Mobile health applications (mHealth apps for short) are being increasingly adopted in the healthcare sector, enabling stakeholders such as governments, health units, medics, and patients, to utilize health services in a pervasive manner. Despite having several known benefits, mHealth apps entail significant security and privacy challenges that can lead to data breaches with serious social, legal, and financial consequences. This research presents an empirical investigation about security awareness of end-users of mHealth apps that are available on major mobile platforms, including Android and iOS. We collaborated with two mHealth providers in Saudi Arabia to survey 101 end-users, investigating their security awareness about (i) existing and desired security features, (ii) security related issues, and (iii) methods to improve security knowledge. Findings indicate that majority of the end-users are aware of the existing security features provided by the apps (e.g., restricted app permissions); however, they desire usable security (e.g., biometric authentication) and are concerned about privacy of their health information (e.g., data anonymization). End-users suggested that protocols such as session timeout or Two-factor authentication (2FA) positively impact security but compromise usability of the app. Security-awareness via social media, peer guidance, or training from app providers can increase end-users trust in mHealth apps. This research investigates human-centric knowledge based on empirical evidence and provides a set of guidelines to develop secure and usable mHealth apps.

Alioune Diallo,Aicha War,Moustapha Awwalou Diouf,Jordan Samhi,Steven Arzt,Tegawendé F. Bissyande,Jacque Klein

2024-11-07

Abstract:The West African Economic and Monetary Union (WAEMU) states, characterized by widespread smartphone usage, have witnessed banks and financial institutions introducing mobile banking applications (MBAs). These apps empower users to perform transactions such as money transfers, bill payments, and account inquiries anytime, anywhere. However, this proliferation of MBAs also raises significant security concerns. Poorly implemented security measures during app development can expose users and financial institutions to substantial financial risks through increased vulnerability to cyberattacks. Our study evaluated fifty-nine WAEMU MBAs using static analysis techniques. These MBAs were collected from the 160 banks and financial institutions of the eight WAEMU countries listed on the Central Bank of West African States (BCEAO) website. We identified security-related code issues that could be exploited by malicious actors. We investigated the issues found in the older versions to track their evolution across updates. Additionally, we identified some banks from regions such as Europe, the United States, and other developing countries and analyzed their mobile apps for a security comparison with WAEMU MBAs. Key findings include: (1) WAEMU apps exhibit security issues introduced during development, posing significant risks of exploitation; (2) Despite frequent updates, underlying security issues often persist; (3) Compared to MBAs from developed and developing countries, WAEMU apps exhibit fewer critical security issues; and (4) Apps from banks that are branches of other non-WAEMU banks often inherit security concerns from their parent apps while also introducing additional issues unique to their context. Our research underscores the need for robust security practices in WAEMU MBAs development to enhance user safety and trust in financial services.

Cryptography and Security

Bakheet Aljedaani,Aakash Ahmad,Mansooreh Zahedi,M. Ali Babar

DOI: https://doi.org/10.48550/arXiv.2008.03034

2020-08-07

Abstract:Mobile apps exploit embedded sensors and wireless connectivity of a device to empower users with portable computations, context-aware communication, and enhanced interaction. Specifically, mobile health apps (mHealth apps for short) are becoming integral part of mobile and pervasive computing to improve the availability and quality of healthcare services. Despite the offered benefits, mHealth apps face a critical challenge, i.e., security of health critical data that is produced and consumed by the app. Several studies have revealed that security specific issues of mHealth apps have not been adequately addressed. The objectives of this study are to empirically (a) investigate the challenges that hinder development of secure mHealth apps, (b) identify practices to develop secure apps, and (c) explore motivating factors that influence secure development. We conducted this study by collecting responses of 97 developers from 25 countries, across 06 continents, working in diverse teams and roles to develop mHealth apps for Android, iOS, and Windows platform. Qualitative analysis of the survey data is based on (i) 8 critical challenges, (ii) taxonomy of best practices to ensure security, and (iii) 6 motivating factors that impact secure mHealth apps. This research provides empirical evidence as practitioners view and guidelines to develop emerging and next generation of secure mHealth apps.

Software Engineering,Computers and Society

Bakheet Aljedaani,M. Ali Babar

DOI: https://doi.org/10.48550/arXiv.2007.10876

2021-01-16

Abstract:Mobile health (mHealth) applications (apps) have gained significant popularity over the last few years due to its tremendous benefits, such as lowering healthcare cost and increasing patient awareness. However, the sensitivity of healthcare data makes the security of mHealth apps a serious concern. In this review, we aim to identify and analyse the reported challenges that the developers of mHealth apps face concerning security. Additionally, our study aimed to develop a conceptual framework with the challenges faced by mHealth apps development organization for developing secure apps. The knowledge of such challenges can help to reduce the risk of developing insecure mHealth apps. We followed the Systematic Literature Review method for this review. We selected studies that have been published between January 2008 and October 2020. We selected 32 primary studies using predefined criteria and used thematic analysis method for analysing the extracted data. We identified nine challenges that can affect the development of secure mHealth apps. Such as 1) lack of security guidelines and regulations for developing secure mHealth apps, 2) developers lack of knowledge and expertise for secure mHealth app development, 3) lack of stakeholders involvement during mHealth app development, etc . Based on our analysis, we have presented a conceptual framework which highlights the correlation between the identified challenges. We conclude that our findings can help them identify their weaknesses and improve their security practices. Similarly, mHealth apps developers can identify the challenges they face to develop mHealth apps that do not pose security risks for users. Our review is a step towards providing insights into the development of secure mHealth apps. Our proposed conceptual framework can act as a practice guideline for practitioners to enhance secure mHealth apps development.

Software Engineering

Doyel Pal,Praveenkumar Khethavath,Tingting Chen,Yuan Zhang

DOI: https://doi.org/10.1002/dac.3293

2017-01-01

International Journal of Communication Systems

Abstract:Payment methods using mobile devices instead of using traditional methods (cash, credit card, etc) has been gaining popularity all over the world. The ubiquitous nature of smartphones and tablets has widened the ambit for using these devices for payments and other daily life activities. Recent advancements in mobile technology along with the convenience of mobile devices made these applications possible. Despite the worldwide user adoption of mobile applications, security is the key challenge in mobile banking and payments system. Mobile payments systems need to be very efficient and provide utmost security endlessly. State‐of‐the‐art mobile payment systems need the physical presence of a merchant agent to make a payment. In this article, we had described in detail about the design and implementation of a mobile payments application, used to make in‐store purchases and make secure payments without any physical presence of a cashier or a merchant agent. We proposed a novel privacy‐preserving and secure authentication algorithm to make mobile payments using biometrics. The analysis and experimental results show the reliability and efficiency of our proposed solution.

Hosam Alamleh,Ali Abdullah S. AlQahtani,Baker Al Smadi

DOI: https://doi.org/10.48550/arXiv.2304.09468

2023-04-19

Cryptography and Security

Abstract:The rise of smartphones has led to a significant increase in the usage of mobile payments. Mobile payments allow individuals to access financial resources and make transactions through their mobile devices while on the go. However, the current mobile payment systems were designed to align with traditional payment structures, which limits the full potential of smartphones, including their security features. This has become a major concern in the rapidly growing mobile payment market. To address these security concerns,in this paper we propose new mobile payment architecture. This architecture leverages the advanced capabilities of modern smartphones to verify various aspects of a payment, such as funds, biometrics, location, and others. The proposed system aims to guarantee the legitimacy of transactions and protect against identity theft by verifying multiple elements of a payment. The security of mobile payment systems is crucial, given the rapid growth of the market. Evaluating mobile payment systems based on their authentication, encryption, and fraud detection capabilities is of utmost importance. The proposed architecture provides a secure mobile payment solution that enhances the overall payment experience by taking advantage of the advanced capabilities of modern smartphones. This will not only improve the security of mobile payments but also offer a more user-friendly payment experience for consumers.

Qusay Zuhair Abdulla,Mustafa Dhiaa Al-Hassani

DOI: https://doi.org/10.24996/ijs.2022.63.8.40

2022-08-31

Iraqi Journal of Science

Abstract:After the software revolution in the last decades, the field of information technology had a tremendous evolution that made many organizations reach the best benefits from this evolution in technologies. The banking sector evolved their old system from ordinary system to the online system. The term E-banking appears to cover almost all bank operations such as money transactions, account management, instant reports, instant notifications. E-banking offers several advantages to clients, but this opens many challenges and motivates unauthorized parties to focus on creating methods and exploiting weaknesses to attack and steal critical information that belongs to the banking system or clients. Iraqi banks recently adopted E-banking serves and made them available to all their clients. However, this shift in approach leaves many clients vulnerable to cyber-attacks. This paper presents an analytical study on Iraqi clients using E-banking as a service using real case studies. Many researchers prevent these threats by introducing novel methods to support cybersecurity specialists. This paper covers related work and the most common terms involving E-banking. It also covers the risks involved in E-banking, most common attacks, and modern security methods to prevent attacks.

V. N. Sastry,Sriramulu Bojjagani

DOI: https://doi.org/10.1109/CIC.2017.00022

2017-10-01

Abstract:Mobile devices are becoming targets for hackers and malicious users due to the multifold increase in its capabilities and usage. Security threats are more prominent in mobile payment and mobile banking applications (MBAs). As these MBAs, store, transmit and access sensitive and confidential information, so utmost priority should be given to secure MBAs. In this paper, we have analyzed MBAs of several banks running on two dominant platforms of Android & iOS using both static and dynamic analysis. We have proposed threat model, to detect various vulnerabilities rigorously. We have done a systematic investigation of different unknown vulnerabilities particularly in mobile banking applications and showed how MBAs are vulnerable to MitM attacks. We observe that some MBAs are using simple HTTP protocol to transfer user data without concerning about security requirements. In Most of the cases, MBAs are receiving the fake or self-signed certificates. These are blindly maintaining all certificates as sound and valid, which leads to SSL/TLS Man-in-the-Middle (MitM) attacks. We present a detailed analysis of the security of MBAs which will be useful for application developers, security testers, researchers, bankers and bank customers.

Computer Science

Alioune Diallo,Jordan Samhi,Tegawendé Bissyandé,Jacques Klein

2024-09-24

Abstract:In developing countries, several key sectors, including education, finance, agriculture, and healthcare, mainly deliver their services via mobile app technology on handheld devices. As a result, mobile app security has emerged as a paramount issue in developing countries. In this paper, we investigate the state of research on mobile app security, focusing on developing countries. More specifically, we performed a systematic literature review exploring the research directions taken by existing works, the different security concerns addressed, and the techniques used by researchers to highlight or address app security issues. Our main findings are: (1) the literature includes only a few studies on mobile app security in the context of developing countries ; (2) among the different security concerns that researchers study, vulnerability detection appears to be the leading research topic; (3) FinTech apps are revealed as the main target in the relevant literature. Overall, our work highlights that there is largely room for developing further specialized techniques addressing mobile app security in the context of developing countries.

Cryptography and Security

Rami Shehab,Abrar s.alismail,Dr. Mohammed Amin Almaiah,Dr. Tayseer Alkhdour,Dr. Belal Mahmoud AlWadi,Dr. Mahmaod Alrawad

DOI: https://doi.org/10.58346/jisis.2024.i3.010

2024-08-30

Abstract:Technology is important in all aspects of our lives, particularly in the banking sector. Advanced technologies resulted in a fundamental shift in the way banks operate. Malicious use of technology leads to security breaches, customer distrust, financial instability, and other forms of cybercrime. This paper focuses on the most important threats and challenges to be considered while interacting with banks and financial institutions. Significant number of literatures will be reviewed to identify the most common threats and attacks on banks and financial institutions sector, as well as appropriate mitigation techniques and countermeasures. This paper focuses on bank and financial services institution infrastructure vulnerabilities that are escalating attacks on the sector and affecting the banking system, individuals, and organizations. The security study in these 35 projects demonstrates how cyber intrusions continue to attack the financial sector due to the weakness of security defense and data containment. It turns out that malware attacks are the most common threats to banks and financial institutions. Sharing and exchanging information between banks and financial institutions, as well as best practices taken by bank cards issuers and users are the most effective mitigation techniques. Some previous studies proposed a successful model for mitigating the impact of threats on banks and financial institutions, as well as reducing risks that cannot be mitigated using current mitigation techniques. According to banks and financial services statistics and surveys, existing controls and laws do not provide appropriate security meet the banks and financial services institutions systems' demands and requirements.

Gioacchino Tangari,Muhammad Ikram,I Wayan Budi Sentana,Kiran Ijaz,Mohamed Ali Kaafar,Shlomo Berkovsky

DOI: https://doi.org/10.1093/jamia/ocab131

2021-09-18

Abstract:Objective: We conduct a first large-scale analysis of mobile health (mHealth) apps available on Google Play with the goal of providing a comprehensive view of mHealth apps' security features and gauging the associated risks for mHealth users and their data. Materials and methods: We designed an app collection platform that discovered and downloaded more than 20 000 mHealth apps from the Medical and Health & Fitness categories on Google Play. We performed a suite of app code and traffic measurements to highlight a range of app security flaws: certificate security, sensitive or unnecessary permission requests, malware presence, communication security, and security-related concerns raised in user reviews. Results: Compared to baseline non-mHealth apps, mHealth apps generally adopt more reliable signing mechanisms and request fewer dangerous permissions. However, significant fractions of mHealth apps expose users to serious security risks. Specifically, 1.8% of mHealth apps package suspicious codes (eg, trojans), 45.0% rely on unencrypted communication, and as much as 23.0% of personal data (eg, location information and passwords) is sent on unsecured traffic. An analysis of the app reviews reveals that mHealth app users are largely unaware of the surfaced security issues. Conclusion: Despite being better aligned with security best practices than non-mHealth apps, mHealth apps are still far from ensuring robust security guarantees. App users, clinicians, technology developers, and policy makers alike should be cognizant of the uncovered security issues and weigh them carefully against the benefits of mHealth apps.

Milad Taleby Ahvanooey,Qianmu Li,Mahdi Rabbani,Ahmed Raza Rajput

DOI: https://doi.org/10.48550/arXiv.2001.09406

2020-01-26

Cryptography and Security

Abstract:Nowadays, the usage of smartphones and their applications have become rapidly increasing popular in people's daily life. Over the last decade, availability of mobile money services such as mobile-payment systems and app markets have significantly increased due to the different forms of apps and connectivity provided by mobile devices such as 3G, 4G, GPRS, and Wi-Fi, etc. In the same trend, the number of vulnerabilities targeting these services and communication networks has raised as well. Therefore, smartphones have become ideal target devices for malicious programmers. With increasing the number of vulnerabilities and attacks, there has been a corresponding ascent of the security countermeasures presented by the researchers. Due to these reasons, security of the payment systems is one of the most important issues in mobile payment systems. In this survey, we aim to provide a comprehensive and structured overview of the research on security solutions for smartphone devices. This survey reviews the state of the art on security solutions, threats, and vulnerabilities during the period of 2011-2017, by focusing on software attacks, such those to smartphone applications. We outline some countermeasures aimed at protecting smartphones against these groups of attacks, based on the detection rules, data collections and operating systems, especially focusing on open source applications. With this categorization, we want to provide an easy understanding for users and researchers to improve their knowledge about the security and privacy of smartphones.

Md. Hafez

DOI: https://doi.org/10.1108/k-03-2022-0333

IF: 2.352

2022-10-04

Kybernetes

Abstract:Purpose The objective of this study is to investigate the effect of consumption values (functional, social, epistemic, and emotional value) on mobile banking (m-banking) usage intention and intention to recommend m-banking services in the context of the Bangladeshi banking sector. Furthermore, this study examines how perceived security moderates the effects of consumption values on m-banking usage intention and recommendation intention. Design/methodology/approach A self-structured questionnaire had been used to obtain survey data from a sample of 237 m-banking users in Bangladesh using a convenience sampling method. Data were analyzed by structural equation modeling based on AMOS 23.0. Findings The findings show that all the dimensions of consumption values (functional, epistemic, and emotional value) except social value have a significant impact on mobile banking usage intention. In turn, mobile banking usage intention has a substantial direct effect on users' recommendation intention. Furthermore, the results also demonstrate that perceived security moderates the effects of functional values on m-banking usage intention as well as m-banking usage intention on recommendation intention. Practical implications These research findings offer insightful guidelines to bank marketers to increase m-banking usage intention and recommendation intention by emphasizing the functional, epistemic, and emotional value of m-banking services as well as safeguarding consumers' perceived security in m-banking transactions. Originality/value This study contributes to the body of knowledge by measuring the effects of consumption values dimensions on the m-banking usage intention and recommendation intention which were hardly investigated particularly in the m-banking context. To date, this study is the first attempt to examine how perceived security moderates the effects of consumption values dimensions on the m-banking usage intention as well as m-banking usage intention on recommendation intention. The findings contribute to a theoretical understanding of the importance of consumption values in consumer decision-making, particularly in the rarely studied domain of mobile banking.

computer science, cybernetics