Abstract
The ubiquitous use of information technology in modern life leads to many problems of financial information security. Such security issues could be due to users’ insecure behaviors during their financial transactions. The purpose of this study was to investigate the university teacher's financial information security behavior (FISB) and to examine the factors that influence their FISB. By using a survey method, the study collected primary data quantitatively. A closed-ended questionnaire based on IMB Model (Information Motivation Behavioral Skills Model) was developed. The population of the study comprised teachers from six faculties of University of the Punjab, Lahore, Pakistan. A simple random sampling technique was used to collect the data from the teachers via a print-format based questionnaire. The structural equation model (SEM) was used to test the proposed model by using ADANCO (2.1). ADANCO is a software that is used for SEM analysis. The results exhibited that a majority of the teachers are frequent users of online banking. The findings confirmed that measures familiarity and self-efficacy have a direct impact on the financial information security behavior of the respondents and self-efficacy mediates the relation between threat awareness and financial information security behavior. The study concludes that online banking users can perform secure behavior during online transactions if they are familiar with security measures and are confident to perform different online banking-related tasks. It is, therefore, suggested that individuals may be familiarized with the financial information security measures so that they may believe in their selves and develop secure financial information behavior. This can be done through awareness seminars and hands-on training by the Federal Investigation Agency in liaison with banks and educational institutions. The present study has contributed to the domain of financial information security behavior in the local context.
Introduction
Modern society has witnessed the rapid development of information technology and mobile networks, which has led to the creation of the digital age. Even though this advance allows computer users to have access to all knowledge at their fingertips, there are still several concerns that need to be addressed.
In the wake of the increasing usage of the internet in our daily lives, most aspects of our lives have been transformed by this innovative phenomenon, including education, communication, business, etc. The ability to conduct banking transactions online is one of these dimensions (Jebarajakirthy and Shankar, 2021). In the twenty-first century, the rapid increase of security risks during online transactions is the primary issue for financial institutions like banks, etc., and the need to secure cyberspace is more crucial than it has ever been (Salihu et al., 2019). One of the most important concerns in today's internet banking business is the security of information (Normalini et al., 2019).
It has become increasingly common for criminals to attack the internet to obtain personal data and confidential financial information (Jang-Jaccard and Nepal, 2014). As a result, banks are more concerned about implementing appropriate measures to combat various security threats than anything else.
Financial institutions are supposed to be aware of online dangers like hacking, security threats, etc. These institutions must take all necessary measures to improve individual understanding of financial information security and to ensure a stable financial business environment (Manoj, 2021). Customers are more concerned about their data (Kalinin et al., 2020). To create safe banking platforms, information security developers employ a variety of strategies. Computer scammers and thieves, on the other hand, have taken a few steps ahead. They are using several techniques to hack important data of companies. There have been numerous attempts by cybercriminals to gain access to the internet's infrastructure and other services to steal financial data from the users of online banking services. The financial damage inflicted by these unauthorized accesses by computer criminals has been significant, and it is becoming increasingly noticeable (Piquero et al., 2021).
The most common cause of information security breaches is user behavior. According to Karlsson et al. (2017), approximately half of all security breaches were unintentionally caused by insiders, while other research estimates that insiders pose approximately 80% of the risk to information systems (D’Arcy et al., 2009). Thus, to understand security breaches during online banking, it's critical to know how users behave while dealing with online banking services. In today's information-based society, there is still apprehension about the security of online banking services and the loss of personal financial information they contain.
Online information security challenges, especially those related to online banking, are a global phenomenon. There have been several reports of data breaches, threats, malware, and phishing assaults. Online businesses, banks, and financial institutions need to develop secure systems to protect their users from unwanted risks and breaches of the confidentiality of users’ financial information. These issues can only be addressed if the government and banks establish proper methods and policies. Also, bank customers can contribute to their security (Ali et al., 2021). As noted earlier, these security vulnerabilities are the result of users’ insecure conduct when utilizing information systems. More than anything else, information security is about persuading people to act in a certain way.
Moreover, given the continuously changing threat landscape, one cannot assume that users are always willing to learn about and practice information security. Humans are the weakest link in the security chain and are the core cause of the majority of security breaches (Hedström et al., 2011; Karlsson and Hedström, 2014). Under this backdrop, knowing the financial information security behavior of online banking users is crucial for establishing a secure information environment that is not just reliant on technology. Furthermore, it is equally important to dig out the factors that positively affect online banking users’ information security behavior, so that these factors may be utilized to improve individuals’ secure behavior during online financial transactions.
Online banking and information security perspective
Online banking is also known as internet banking. It is a virtual delivery channel that utilizes the internet as a banking system service over the World Wide Web (www), allowing clients to immediately access their financial information and execute financial transactions from their homes without having to go to the bank. People are using online banking systems more to save time. Using the internet as remote banking, service channel encompasses all traditional banking services like balance inquiries, printing statements, transferring funds to other accounts, and payment of bills as well as the latest banking services such as electronic bill presentation and payment without having to visit a financial institution (Njuguna et al., 2012).
According to a study conducted to better understand online banking usage in Portugal, internet banking offers numerous benefits to consumers (Martins et al., 2014). With Internet banking, consumers can analyze and authenticate their financial statements in real-time, saving both time and money; transactions are linked to their accounts, so they receive instant notifications. With this method, people stay connected with their banks remotely and feel safer than going to the bank. Because banks and financial organizations use the maximum levels of security to protect their assets and retain consumer confidence, Internet banking is safe and secure.
Although online banking is useful, people are also exposed to some security threats as a result of this system. Internal and external security threats, human and non-human dangers, and purposeful and unintentional threats can all be categorized as security issues (Rossi et al., 2021). These risks may result in the disclosure, alteration, destruction, or denial of access to confidential information. These dangers involve both carelessnesses and planned actions on the part of users, and they include a wide range of behaviors (Leach, 2003) in which some of which are listed below;
Absence of security knowledge Failure to follow security protocols Taking unnecessary risks Willful acts of carelessness Intentional attacks
Users must be informed of all possible ways of cybercrimes. There are several ways for cybercrimes, for example, one is identity theft, cybercriminals use someone else's identity, such as name, date of birth, and address, for fraudulent transactions. By using someone's name thieves can easily get into their accounts and do the transaction. Another popular crime is phishing, cybercriminals send emails to online banking consumers appearing to be a reputable company or organization and ask about their personal information. Similarly, vishing is a way of obtaining personal and financial data from online banking customers by using a phone call center and the VOIP (Voice over IP) approach. A few other types of attacks include virus attacks. Cybercriminals obtain unauthorized access to user accounts through Malware, worm, Trojan horse, and other similar viruses. Also, cybercriminals and computer fraudsters have gone one step further with the usage of Automatic Transfer Systems. Cyber fraudsters sometimes use social networking sites to gain access to information supplied by account holders. Banking users can send an instant message through sites like Facebook and Twitter, and fraudsters can utilize this feature to redirect people to another website by including a link. Similarly, the use of gadgets like mobiles and tablets for online banking is also a risk particularly when the users use a browser. The same threat is there while using smart TVs and browsers for online banking. Consumer education and understanding of how to best use and access these electronic media platforms are becoming increasingly vital. Several approaches based on theory have been employed in information security research to determine which elements affect behavior and how users’ security behaviors might be improved. For example, the theory of reasoned action (TRA) by Shih and Fang (2006) theory of planned behavior (TPB) (Yousafzai et al., 2010), the Technology acceptance model (TAM) (Çelik, 2008; Eriksson and Nilsson, 2007), protection motivation theory (PMT) (Terlizzi et al., 2019) and Information motivation behavioral skills model (IMB) (Farooq et al., 2019).
On the topic of financial information security behavior, a bunch of international and local studies are available however, no such study could be found exploring factors affecting secure financial information behavior underpinning a theory, particularly from a local perspective. Given the relevance of the problem and the research vacuum in the local literature particularly, it is considered critical to understand what factors influence users’ financial information security behavior when using online banking. The Information-Motivation-Behavioral Skills (IMB) Model has shown reliability in predicting behaviors related to health and voting. The researchers decided to use this model in the area of financial information security, thus the purpose of this study is to empirically test the applicability of the modified IMB model (Farooq et al., 2019) to predict the factors which affect the information security behavior of users while using online banking.
Concerning the paper structure, after the introduction, the article is organized as follows: the theoretical framework and hypotheses development with the help of literature are discussed in the next section, then the results followed by discussion and research implications are presented. Limitations of the study and future research directions are discussed at the end.
Theoretical framework and hypotheses development
The Information-Motivation-Behavioral Skills (IMB) Model (Fisher and Fisher, 1992) is used in this study. IMB model was proposed to predict health behavior. According to the IMB Model, information and motivation are the two most important factors in determining whether or not a person would engage in a particular behavior. These criteria are linked to behavior via the person's behavioral skills. Since then, the model has been successfully utilized to both understand and design treatments to enhance users’ behaviors in a variety of fields (for example, health (Luo et al., 2022; Taştekin Ouyaba and Çiçekoğlu Öztürk, 2022), voting (Geldrop, 2020), and recycling behaviors (Ehret et al., 2021). Two predictors (information and motivation), one suggested mediator variable (behavioral skills), and one outcome variable comprises the original IMB Model presented in (Fig. 1).

The information-motivation-behavioral skills model and it's constituent variables.
Lately, Farooq et al. (2019) applied the IMB model in the context of information security by segregating motivation into personal and social motivation, and behavioral skills into self-efficacy and measures familiarity. Self-efficacy is taken as a behavioral skill, as it is often used as a proxy measure of certain behavior (Farooq et al., 2019; Fisher et al., 2006). Since the current study intends to investigate the role of information in developing necessary behavioral skills and actions like financial security behavior, therefore, this study employed the IMB model (Farooq et al., 2019) excluding the “motivation” construct to examine financial information security behavior (Fig. 2).

The proposed model in the context of financial information security behavior.
Model constructs
The modified IMB model adopted in the study consisted of the following constructs:
Threat Awareness about Online Banking Use (Threat Awareness)
“The degree to which a participant is aware of potential security threats during online banking”.
Behavioral skills
Self-Efficacy of Using Online Banking (Self-efficacy) “The degree to which a participant believes he or she is prepared to cope with security issues and act securely during online banking” Familiarity with Information Security Measures (Measures Familiarity): “The degree to which the participant believes he or she is familiar with security measures designed to thwart known threats online”
Financial Information Security Behavior (FISB)
Financial information security behavior is provided as the model's dependent variable. This includes specialized behavior in response to threats, such as the usage of software to combat viruses, malware, and identity theft.
Research hypotheses
Familiarity with financial information security measures
Threat familiarity is believed to be a good predictor of attitudes about the Internet and network security practices. Daily, new threats emerge, and the threat landscape for computer security is always changing and shifting. As a result, certain types of online risks are more readily identified by the general populace than others. To forecast how consumers will respond to future challenges, it is critical to understand how risk perceptions are formed (Huang et al., 2014). There are numerous hazards to users’ data, including social media data sharing, user monitoring, identity theft, phishing, viruses, and other malware such as spyware, trojans, and keyloggers (Flores et al., 2014). Cookies, which are found on a wide variety of websites, are an example of something that occurs frequently. These are text files used to keep track of user behavior. The browser, as well as third parties who are not connected to the browser, can set cookies and collect information. Alohali et al. (2018) found that many consumers are now aware of these vulnerabilities and are taking safeguards as a result of media coverage of corporate privacy disasters (Clark et al., 2015). On the other hand, some threats may be more recent and less well-known, affecting familiarity and, consequently, the extent to which people take security procedures. Keyloggers and rogue software are examples of sophisticated spear-phishing emails that exploit personal user information to convince victims to provide requested information. In addition to the more basic internet security issues, a variety of other dangers must be considered. These threats include catfishing, cyberbullying, social engineering, and internet stalking. Numerous scholars have examined the impact of people's views toward the Internet, as well as the issue of information concealment versus sharing (Acquisti and Grossklags, 2004). Similarly, prudent user behavior, such as the use of computer security mechanisms, requires a fundamental awareness of the dangers that a user faces (Dinev et al., 2009). The researchers separate awareness from familiarity because awareness does not always indicate more than a passing awareness of the presence of some form of hazard. Knowledge on its own may be prone to habit formation as a result of repeated exposure, leading to an increasing disregard for warnings (Brinton et al., 2016). This does not mean that the user will become aware of or familiar with the hazard; rather, it means that they will notice it. Individuals may be familiar with email as a communication tool, but may be unaware that it also functions as a storage tool – and that even deleted emails may still be accessible via their devices or cloud services (Clark et al., 2015). As a result, simply because a user is informed of one feature does not guarantee that he/she is entirely aware of all other features - or threats. Individuals that exhibit threat awareness have awareness and sense of knowledge about a threat, but this knowledge is not based on experience and may be incomplete.
Users’ attitudes and conduct may be influenced by their perceived knowledge rather than actual knowledge. As a result, awareness may precede familiarity. On the other hand, familiarity is more directly related to knowledge, as knowledge is defined as “knowing something via experience or relationship,” implying a threat to understanding. Unfortunately, many people are unaware of the extent to which they divulge personally identifiable information online (Kurkovsky and Syta, 2010) combines with a lack of awareness of potential dangers. Threats may be disregarded if they appear improbable to materialize (lack of immediacy), the user dismisses the possibility of being impacted, or the user believes they are capable and confident enough to deal with prospective hazards and their consequences on their own. Without a doubt, these traits have been seen in password management (Tam et al., 2010). A recent Malaysian study concluded that the online banking experience and awareness of the phishing scam reduced the users’ intention to click URLs in phishing emails (Manoharan et al., 2021). Therefore, the following hypotheses were assumed:
Self-Efficacy & familiarity with security measures of using online banking
Self-efficacy refers to a person's perception that he or she can carry out the tasks necessary to achieve the desired result. Self-efficacy in information security is created by the acquisition of information security knowledge, which may come from training. Information System security cannot be completely appreciated unless the user has the necessary knowledge and abilities to apply the safeguards properly. Self-efficacy can be enhanced through knowledge and skills. Individual self-efficacy is a critical component in assuring the effectiveness of information systems.
Self-efficacy in information security, for example, is defined by Rhee et al. (2009) as a belief in one's competence to secure information and information systems against unauthorized disclosure, alteration, loss, destruction, and lack of availability. According to Ng et al. (2009) self-efficacy refers to a user's belief in his or her competence to practice computer security, which is likely to lead to increased computer security behavior. It is the assumption that a single person can install, configure, and maintain security software on his or her computer. Self-efficacies and behavior, such as compliance with ISB policies and procedures, have been linked in previous studies. Employees’ conviction in their ability to successfully comply with IS security standards, for example, should improve policy and procedure compliance. Claar (2011) also discovered that self-efficacy affects a person's email-related security behavior. Individuals with high self-efficacy performed better than those with low self-efficacy when it came to computer and Internet security compliance behavior. Individuals with a high sense of self-efficacy were more likely to increase their security efforts. Firms improve their employees’ grasp of technology and provide security awareness training to boost employee self-efficacy (Rhee et al., 2009). Similarly, Sentosa et al. (2012) supported that computer self-efficacy is positively associated with internet banking adoption among Malaysians. Self-efficacy has been proven to be a crucial belief impacting the adoption and usage of technology such as Internet banking (Kesharwani and Tripathy, 2012). Hence self-efficacy in information security is expected to influence users’ behavior (Crossler and Bélanger, 2019; Hameed and Arachchilage, 2021).). It is established that financial technology efficacy and familiarity positively effects financial literacy and ultimately improves financial behavior of individuals (Farida et al., 2021). Therefore, the following hypotheses are developed.
Materials and methods
The quantitative research design was considered suitable for this research study to attain objectivity, acquire unbiased and accurate data, develop dependable generalizability, and reduce researcher subjectivity in approach (Creswell, 2011). Since the study was measuring behavior and its predictors, therefore, the data for this study was gathered through a survey research method. The study's target population included teachers from one of the oldest universities in Pakistan which is ranked overall second among the top ten universities in the country (HEC, 2016) i.e. the University of the Punjab, Lahore, Pakistan. Teachers of six faculties (listed below) of the University of the Punjab, Lahore, Pakistan made up the study population.
Arts and Humanities Behavioral and Social Sciences Commerce Engineering & Technology Economics and Management Sciences Life Sciences
The sample for the study was chosen using a simple random sampling procedure, as the complete list of the population was available. The sample size was calculated by using GPOWER calculator, taking a 5% margin of error and a.30 effect size, the recommended sample size was 220. A questionnaire was adopted to collect data (Farooq et al., 2019). Considering the contextual differences, to ensure the survey tool's face, content, and construct validity, the first draft was reviewed by three experts from various fields and disciplines, including banking and finance, information technology, and library and information management. The experts’ feedback was incorporated into the final draft of the instrument.
The questionnaire consisted of twenty-nine statements (Appendix A). The language of the questionnaire was ensured to be simple and concise. The instrument is comprised of four segments (Familiarity measures, threat awareness, self-efficacy, and financial information security behavior), details are available in Appendix A.
To ensure reliability, pilot testing with 45 participants was undertaken before final data collection. Cronbach's Alpha reliability testing in SPSS (26.0) was performed to assess reliability, which was found to range between.6 and.9 for all components (Table 1).
Reliability analysis.
After verifying the reliability of the instrument, the instrument was self-administered for final data collection. The questionnaire was distributed among 220 teachers selected on a simple random basis using MS Excel. A total of 201 responses were obtained from the faculty members, thus the response rate remained at 91.36%. Each questionnaire was given a number after the data was collected. The data was entered into social science statistical software (SPSS-26.0) for descriptive analysis. The structural equation model (SEM) was used to test the proposed model by using ADANCO 2.1.
Results
Characteristics of respondents
The information on the gender-wise distribution of the participants is tabulated in Table 2. The demographic profile of the respondents (Table 2) confirms that a major part of the sample consists of male respondents (n = 103, 51.2%) than their female counterparts (n = 98, 48.8%). Furthermore, a reasonable representation was from each of three age groups i.e. 78 (38.8%) were from the age group of 46–55 years. Whereas 71 (35.3%) belonged to the age group of 36–45 years and 52 (25.9%) belonged to the age group of 26–35 years as tabulated in Table 2.
Frequency distribution of respondents’ gender (n = 201).
Most of the respondents 61 (30.3%) belonged to the faculty of Life Sciences, followed by 39 (19.4%) Eng. & Technology, 37 (18.4%) belonged to the faculty of Arts & Humanities. Moreover, a smaller number of the respondents 16 (8.0%) were associated with the faculty of Behavioral & Social Sciences.
The results showed that most of the respondents 87 (43.3%) were Assistant Professors. Whereas 77 (38.3%) respondents were Lecturers, and 23 (11.4%) respondents were Associate Professors. Moreover, a small number of the respondents 14 (7.0%) were Professors.
In terms of the level of income, Table 2 revealed that most of the respondents, 101 (50.2%) fall in the range of 131,000– 180,000 income level. Moreover, 72 (35.8%) respondents fall in the range of 81,000– 130,000 income level and 23 (11.4%) people fall in the range of More Than 180,000 income level. Moreover, a smaller number of the respondents 5 (2.5%) fall in the range of Up to 80,000 income level. In terms of respondents’ experience, data in Table 2 exposed that most of the respondents 112 (55.7%) have experienced between 7–9 years. A total of 60 (29.9%) respondents have experience between 4–6 years and 16(8.0%) respondents have experience of 10 years and above. It was revealed that a small number of respondents 13 (6.5%) have experienced between 1–3 years.
Transactions routine of the respondents
The respondents of this study were asked about their frequency of financial transactions. The results in Table 3 showed that the studied participants were frequent users of online banking. The respondents of this study were asked about the places where they performed online banking. It is further exposed that a majority (67%) use the workplace for online banking transactions followed by the home place (32.3%). All studied respondents were ATMs users for financial transactions followed by personal mobiles (76.6%) and laptops (72.6%).
Frequency distribution of the respondent's online financial transaction (n = 201).
Quality of measurement model
The quality of measurement was ensured through convergent and discriminant validity and the reliability of the constructs by using ADANCO Software.
Convergent validity
Convergent validity is confirmed through factor loadings, the loadings as a thumb rule should be ≥.50. The results in Table 4 confirm that factor loadings for all observable variables were above.50 which confirmed the validity of the factor.
Reliability and validity of constructs.
ΡA = Dijkstra-Henseler's rho; ρc = Jöreskog's rho; AVE average variance extracted.
The content of the scale was validated through convergent and discriminant parameters. For convergent validity average variance extracted (AVE), Joreskog's rho (PC), Dijkstra-Henseler's rho (PA) was calculated in ADANCO (2.1). The results showed that PC >.68-.85, AVE>.35 to.50 PA >.68-.82 and OL>.4-.8 which revealed an acceptable theoretical validity of the constructs (Table 4). Although, the AVE values for three constructs were below 0.5 (threshold), however, it was ignored as based on “composite reliability (CR) alone, the researchers may conclude that the convergent validity of the construct is adequate, even though more than 50% of the variance is due to error” (Fornell and Larcker 1981: 46). The CR (Pc) for the same constructs was satisfactory at >.70. Therefore, the measured constructs were considered reliable.
Discriminant validity
So far as concern the discriminant validity of the factors HTMT criterion was used, the results showed (Table 5) that the value of the square root of AVE was less than.9 which is acceptable (Franke and Sarstedt, 2019; Henseler et al., 2015). Although, AVE lower than.85 is considered the cutoff value, however, based on empirical evidence, researchers (Franke and Sarstedt, 2019; Henseler et al., 2015) suggested remaining liberal and accepting HTMT <.90. The results presented in Table 5 confirm that the constructs of the scale were found discriminant of each other.
HTMT.
Constructs reliability
Regarding SEM constructs’ reliability is preferably measured through composite reliability and Average Variance Extracted (AVE) as Cronbach's alpha (CA) sometimes underestimates the scale reliability (Khoi and Ngan, 2019). Dijkstra-Henseler's rho (PA) is considered reliable to measure the construct scores in PLS of the reflective measurement model, and composite/factor reliability is measured through Jöreskog's rho (PC) (Henseler, 2017). The average Variance Extracted (AVE) calculates the average indicator reliability. Values of rho (PA) and rho (PC) should be higher than.7 and AVE should be higher than.5. The results in Table 4 confirm that the values of rho (PA) and (PC) were higher than.7 whereas AVE values remained between.3 to.5 which are acceptable as suggested by Fornell and Larcker (1981: 46) that “based on composite reliability alone, the researcher may conclude that the convergent validity of the construct is adequate, even though more than 50% of the variance is due to error”. Additionally, Cronbach's alpha (CA) values were also above.7 indicating the constructs’ reliability.
Structural equation model of the study (SEM)
After measuring the quality of the constructs of the extended IMB model the paths were created to investigate the relationships between variables and test the hypotheses as illustrated in Figure 3. The structural model of the study showed that the majority of the paths were significant which explained 61% of the variance in FISB, 44% in self-efficacy, and 26% in measures familiarity.

Tested model.
The structural model showed that there was a significant direct impact of threat awareness (β = .40, t = 5.74, p < .01) and measures familiarity (β = .36, t = 5.72, p < .01) on self-efficacy as presented in Table 6, which supported H3 and H6. The model further showed a significant impact of threat awareness at (β = .52, t = 9.42, p < .01) on measures familiarity, thus confirming H4. However, threat awareness had no significant direct impact on FISB (β = −0.06, t = −1.14, p > .05) rejecting H1, whereas measures familiarity (β = .48, t = 7.28, p < .01) and self-efficacy (β = −0.43, t = 6.84, p < .01) also had a significant impact on FISB, thus H2 and H5 are confirmed.
Structural model.
Thus, the study concluded that there was a significant direct impact of measures familiarity and self-efficacy on FISB of the respondents. Moreover, the study found that self-efficacy had a significantly mediated impact of TA on respondents’ FISB. SE mediates the relation between TA and FISB and measures familiarity and FISB. Similarly, MF mediates the relation between TA and FISB, PM, and FISB Table 7.
Effect size.
As per Cohen (1998), f2 values between 0.15 to 0.35 predict a moderate effect, and >.35 confirm a strong effect. Thus, Measures Familiarity -> Self Efficacy, Threat Awareness -> Self-Efficacy and Self-Efficacy -> FISB predict moderate effect size whereas, Threat Awareness -> Measures Familiarity and Measures Familiarity -> FISB predicted strong effect size.
As shown in Table 8 R2 value confirms a 59% variation in financial information security behavior, 44% variation in self-efficacy, and 26% in the variable of measures familiarity.
Discussion
Based on the Information-Motivation-Behavior skills model (IMB) the constructs of “Information” and “Behavioral Skills” were tested as predictors of “Financial Information Security Behavior”. The findings of the study lead to the conclusion that a majority of the respondents were habitual in using online banking for their financial transactions. Most of the participants performed financial transactions at their workplace and preferred to use ATMs, Mobile, and laptops for this purpose. Concerning the predictors of financial information security behavior, information (threat awareness) was proved ineffective in directly developing financial security behavior. The same was endorsed by Scott and Ophoff (2018) who proved that information had no significant impact on secured personal information sharing behavior. On contrary, a study from the United States confirmed that information security threat awareness has a positive impact on strong password use behavior (Mamonov and Benbunan-Fich, 2018). Similarly, a recent Malaysian study confirmed that online banking users’ secure behavior is influenced by their awareness of the phishing scam (Manoharan et al., 2021). These behavioral differences are contextual, and in the local context the findings confirm that measures familiarity affected financial behavior directly rather than information, it means that only being aware of scams is not sufficient but there is a need to be aware of the methods to avoid such scams. As the current study further found that measures familiarity and self-efficacy have a direct positive impact on the financial information security behavior of the respondents. Lately, Masuch et al. (2021) confirmed that perceived threats and efficacy positively influence the intention to adopt information security behavior. It means that measures familiarity along with confidence in using online banking can lead to secure financial transactions.
This study further revealed that self-efficacy mediates the relationship between threat awareness and respondents’ financial information security behavior. The results are supported by Raj and Das (2020), Crossler and Bélanger (2019), and Scott and Ophoff (2018) who confirmed that actual and perceived knowledge about privacy settings increase the likelihood of secure information behavior.
The study also exposed that measures familiarity have not only a direct influence on financial information security behavior, but also mediates the relationship between threat awareness and financial information security behavior.
Conclusion
In conclusion, in the local context, it can be said that threat awareness does not directly lead to secure behavior in online banking, rather familiarity with the measures to remain secure works directly towards practicing secure financial actions. The current study further exposed that if internet banking users are aware of threats and dealings and they believe in using the computer system for online banking by themselves, they will practice more secure behavior during online financial transactions. Since familiarity with financial information security measures and self-efficacy not only affect secured financial transactions directly but also mediate the relationship between threat awareness and secure behavior, therefore it can be concluded that if the individuals will be more familiarize with the information security measures and will have more faith in their computer skills to use online banking, they will be more likely to practice secure financial transactions online.
Theoretical, practical, and social implications
The study possesses threefold implications i.e. theoretical, practical, and social. Theoretically, the IMB model has rarely been implemented to investigate the FISB, also it is the very first study from Pakistan on this magnitude, thus it will strengthen the literature in the area of financial information security and particularly from a developing country's perspective. Since measures’ familiarity strengthens self-efficacy and also mediates the relationship between threat awareness and financial information security behavior during online banking. Self-efficacy is also a strong mediator between threat awareness and FISB and measures familiarity and FISB while conducting financial transactions online. Practically, it is, therefore, suggested that individuals may be familiarized with the financial information security measures so that they may believe in their selves and develop financial information security behavior. This can be done through awareness seminars and hands-on training by the Federal Investigation Agency in liaison with banks and educational institutions. Another practical step can be taken by including a course in financial literacy having a focus on financial information security at the higher school level. Lastly, another limitation of the study is that the confirmatory factor analysis is not carried out, therefore, model fit indices are not reported.
As far as social implications are concerned, the study highlighted the factors that may help online banking users to remain secure during financial transactions, that it may be utilized effectively can help individuals to keep their earnings and savings safe, and ultimately can bring peace of mind for them.
Study limitations and future research
Although the random sampling technique is a strength of the study still, the findings of this investigation may be generalized in light of the noteworthy limitation that the population framework was delimited to the six teaching faculties of the University of the Punjab, Lahore. Furthermore, the study reported the results of a learned group, the other low-educated groups may offer different findings. The study was delimited to one external predictor of behavioral skills i.e. “Information” and the second predictor which is related to individuals’ internal state i.e. “Motivation” was not studied which may affect the generalization of the results. Another study including “Motivation” may be conducted to further validate the complete IMB model in the financial information security domain.
Footnotes
Acknowledgments
Javaid Iqbal and Saira Hanif Soroya contributed equally to this work.
Declaration
We have NO affiliations with or involvement in any organization or entity with any financial interest or non-financial interest in the subject matter or materials discussed in this manuscript.
