Error-Resilient Consumer Contracts

When firms contracting with consumers make mistakes, people get hurt. Inaccurate billing, misapplied payments, and similar problems push lucky consumers into Kafkaesque customer service queues—and unlucky ones off the financial cliff. Despite significant regulatory interventions, firms contracting with consumers continue to struggle to accurately bill customers, update accounts, and process payments. Firms largely rely on technology, especially databases and software, to discharge these servicing obligations. This technology must accommodate firms’ innovations in their contracts, shifting governmental regulations, and consumers’ unpredictable behavior. Given the complexity of servicing, even when firms invest significantly in technology, it will inevitably produce mistakes. When firms skimp on their servicing technology, errors that harm consumers become even more likely. And even if it were possible to build perfect servicing technology, the costs that firms would pass on to consumers may outweigh the benefits. The challenge, then, is how to reduce customer harm, accepting that perfect servicing is neither possible nor desirable. This Article argues that structural improvements to consumer contracts can make them more resilient to errors. Far from being new, these structural improvements have long been recognized in contract theory. But the resulting theoretical insights have not been applied to modern consumer financial contracts. Specifically, modularity and formalities improve resilience by mitigating the complexity of servicing, regulation, and consumer behavior. While mitigating complexity may reduce errors ex ante, the bigger payoff is in simplifying customer redress if and when errors occur. Intervening in the structure of consumer financial contracts is an underappreciated tool for achieving substantive consumer protection

Passphrase and keystroke dynamics authentication: security and usability

It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation