The research results emphasize the influence of cybersecurity knowledge and perception on usage and protection behavior of mobile banking application.. Keywords: cybersecurity knowledge,
OVERVIEW
Necessity of the research
In the past decade, the rapid growth of Information Technology has led to increased global internet usage across various sectors, including academia, government, and industry As cyber threats escalate (Choucri, 2019), both public and private entities are increasingly focused on addressing cybersecurity challenges (Bossong & Wagner, 2017; Weiss & Jankauskas, 2018) Cyber-attacks can severely disrupt government networks, compromise business operations, and undermine public trust in financial transactions Notably, the banking sector has faced significant breaches, such as Sacombank's credit card counterfeiting incident in April 2017 and a similar event at DongA Bank in November 2018 With individuals increasingly using smartphones for online sales and payments, safeguarding customer information against cyber threats has become more critical than ever.
Since 2020, non-cash payments have experienced rapid quarterly growth, introducing various new payment methods that benefit both users and the economy This surge has intensified market competition, while also presenting risks for banks' card business activities The rise of mobile payment applications and e-wallets has enhanced customer convenience and choice, offering integrated services like airline ticket purchases, hotel bookings, and online shopping The significant increase in non-cash payment transactions compared to the previous year indicates a growing trend among customers towards digital payments.
Vietnam has made significant strides in enhancing payment security alongside robust digital transformation efforts Financial institutions and banks are actively implementing various information security solutions, such as data encryption and transaction monitoring, to mitigate risks and ensure customer safety.
In the first eight months of 2023, electronic transactions saw significant growth compared to the same period in 2022, with Internet transactions increasing by 76% in quantity and 1.79% in value QR code transactions surged by 152% in quantity and an impressive 301% in value, while mobile transactions rose by 65% in quantity and 77% in value The electronic payment market generated a revenue of $20.5 billion Conversely, cash withdrawal transactions via ATMs experienced a decline of 4% in quantity and 6% in value, highlighting the acceleration of non-cash payments in the economy.
Vietnam has made significant strides in enhancing payment security alongside its digital transformation efforts Financial institutions and banks are actively implementing various information security measures, such as data encryption, two-factor authentication, and transaction monitoring, to reduce risks for customers These initiatives promote transparency and integrity in payment transactions Additionally, banks are raising customer awareness about payment security through targeted communication, education, and consulting programs.
The rise of high-tech crimes in the banking sector has become increasingly complex, with scammers impersonating authorities like the Police and Tax agencies to trick victims into installing fake applications such as VssID and eTax Mobile These malicious actors can then secretly control victims' phones and execute unauthorized money transfers They also recruit online sales collaborators and child models, enticing victims into stock investments, only to misappropriate their funds through virtual currencies transferred abroad Additionally, scammers create fraudulent websites posing as bank employees, offering quick loan procedures while demanding upfront fees The sophistication of forged identification documents complicates detection, and banks often struggle to identify unusual transaction patterns in a timely manner Ultimately, the primary issue lies in users' inadequate protection of personal information, which allows scammers to exploit their sensitive data for fraudulent activities.
Insufficient awareness of network and information security among internet users, particularly Gen Z, significantly increases the risk of personal information being exposed to cybercriminals This generation, despite being the first to grow up with the internet, often neglects to prioritize cybersecurity, leading to a casual attitude toward online safety Their frequent engagement with social networks and untrusted websites allows for easy collection and misuse of personal data Consequently, businesses face greater cybersecurity threats when hiring Gen Z employees, as their lack of concern for online safety fosters risky behaviors that hinder the establishment of a robust culture of cyber hygiene both in the workplace and society at large.
Addressing the relationship between cybersecurity knowledge and user behavior in mobile banking applications is essential for protecting personal and organizational data, as well as promoting a safer digital environment In Vietnam, research on this topic is limited, which is why we have chosen to explore "Cybersecurity Knowledge and Perception Towards Usage and Protection Behavior of Mobile Banking Applications."
Objectives
The research paper is conducted with the following three objectives:
- Identify research models, testing a scale of cybersecurity knowledge, perception, usage and protection behavior of mobile banking application.
- Test and measure the correlation between cybersecurity knowledge, perception and usage, protection behavior of mobile banking application.
To support Gen Z customers in Ho Chi Minh City, financial institutions and banks should implement strategies that enhance cybersecurity awareness and promote safe usage of mobile banking applications By providing targeted education on cybersecurity practices, institutions can empower young users to recognize potential threats and adopt protective behaviors Additionally, creating engaging content that resonates with Gen Z's digital habits will foster a deeper understanding of mobile banking security, ultimately leading to more responsible usage and safeguarding of personal financial information.
Research Subject and Scope of the research
Research Subject: Influence of cybersecurity knowledge, perception to usage, protection behavior of mobile banking application.
Respondents: Gen z customers living and working in Ho Chi Minh City.
Regarding the geographical range: This study focuses on gen z customers living and working in Ho Chi Minh City and the largest nationwide financial institutions.
Execution time: This study is conducted from November 2023 to February 2024.
Research Methodology
This scientific research employs quantitative methods, including the collection and analysis of survey data to test a model Data was gathered through survey questionnaires completed by subjects via Google Forms sent through email, utilizing a random sampling method The study utilized various data processing tools, such as Cronbach’s Alpha for scale reliability testing, exploratory factor analysis (EFA) with SPSS 20.0, and confirmatory factor analysis (CFA) along with structural equation modeling (SEM) using AMOS 20.0 software.
Research Structure
Chapter 1: Overview: Necessity of the research, Research objective, Research subject and scope, Research methodology, and Research layout, and Research structure.
Chapter 2: Theoretical framework and research model: Literature Review; Concepts; Theory; Related research; Conceptual framework and hypotheses development.
Chapter 3: Research Methodology: Research Process, Sampling Method and Quantitative Research.
Chapter 4: Quantitative Research Result: Sample description, Data Analysis from the questions: Reliability and Validity (Cronbach’s Alpha), EFA Analysis, CFA Analysis, SEM Analysis, Structural model evaluation; Results after analyzing data and model; Data analysis result.
Chapter 5: Conclusion and Implications: Conclusion; Research Significance;Implications and proposals to financial organizations; Research limitations and direction in the next research.
Research Implications
The research has both theoretical and practical applications:
+ Enhance the applicability of TRA theory to real research papers.
+ Exploit scholarly resources related to the topic.
+ Apply research methods to current topics.
+ Clarify the relationships between the factors mentioned in the model and test interaction between variables.
The research provides valuable insights for Gen Z customers and financial institutions regarding mobile banking application usage and protection behaviors By thoroughly analyzing relevant theories, it quantifies current user behaviors and highlights the influence of cybersecurity knowledge and perceptions on these practices This study serves as a foundational reference for future research in the field.
THEORETICAL FRAMEWORK AND RESEARCH MODEL
Concepts
Advancements in information technology have revolutionized traditional retail banking, enabling financial institutions to offer services through various channels, including branch banking, ATMs, internet banking, and mobile banking Mobile banking, in particular, stands out as a convenient and innovative service accessed via smartphones, facilitating interactive banking on the go Its widespread adoption, driven by the increasing use of portable devices, has enhanced access to formal banking in emerging markets, transformed financial service distribution, reduced transaction costs, and improved consumers' quality of life Understanding the customer adoption process is crucial for both bankers and customers, highlighting the significance of m-banking in today's financial landscape.
Mobile banking is a modern service that enables customers to engage with their banks via mobile devices, providing a convenient and efficient way to manage savings and make payments The popularity of mobile banking applications has surged in recent years, establishing m-banking as one of the most valuable and promising mobile commerce solutions available today.
As reliance on information technology grows, so does participation in online activities, yet many users lack essential knowledge about cybersecurity tools Basic awareness of cybersecurity does not necessarily equip individuals with the necessary skills to effectively manage cyber risks To address this gap, it is crucial to implement training programs that educate users on cybersecurity protection tools, focusing on their operational, usage, and procedural aspects By enhancing user knowledge, these programs can foster effective cybersecurity practices and mitigate potential threats (Zwilling et al., 2022).
In a study conducted by Moallem (2019) on students' perceptions of cybersecurity in California's Silicon Valley, it was found that despite being aware of surveillance, college students were largely oblivious to the risks associated with their data being inadequately secured within university systems This highlights the urgent need for educational institutions to implement regular training programs aimed at enhancing students' understanding of cybersecurity fundamentals and potential threats The research indicates that cybercriminals frequently change their tactics, underscoring the necessity for individuals to possess up-to-date knowledge and skills to effectively navigate digital environments Continuous practice is essential for developing proficiency in cybersecurity skills, which are crucial for safeguarding devices against various threats Thus, fostering cybersecurity awareness and competence among all technology users is imperative for the safe utilization of digital technologies (Misra and Khurana, 2017; Senarak, 2021).
The term cybersecurity perception was already defined by Shaw et al as follows:
Understanding the significance of information security is crucial for users, as it empowers them to take responsibility for safeguarding their organization's data and networks Training users in online security measures and encouraging proactive precautions are essential steps in fostering a culture of cybersecurity By equipping users with comprehensive cybersecurity skills, we enhance resilience against cyber-attacks and threats, protecting both national network infrastructures and individual users.
Lack of perception significantly influences the intention to adopt technology, as increased awareness of cybersecurity risks encourages proactive usage among customers (de Bruijn & Janssen, 2017) Additionally, legislative immaturity hampers effective cybersecurity management, allowing cyber attackers to exploit gaps in documented practices and laws (Nambiro et al., 2017) Furthermore, the effectiveness of technical tools is diminished by human factors, which play a crucial role in maintaining a secure network environment (Easlin et al., 2016) Therefore, it is essential for both practitioners and researchers to prioritize cybersecurity in mobile banking, highlighting the importance of user training to enhance cybersecurity awareness (Kim et al., 2015).
Internet-based banking is increasingly favored over traditional banking due to its convenience and the ability to conduct financial transactions online without visiting a bank branch However, the adoption of mobile banking services faces challenges, including security, performance, timing, and social and financial risks Despite these concerns, factors such as capability, integrity, ease of use, relative cost, benevolence, perceived usefulness, and time advantage positively influence users' intentions to adopt mobile banking The surge in mobile phone usage has driven demand for mobile banking, prompting banks, microcredit institutions, and software providers to introduce innovative services aimed at expanding customer reach, improving retention, enhancing operational efficiency, increasing market share, and creating new employment opportunities.
Mobile banking offers significant time savings over traditional banking methods, with many customers utilizing it primarily for mobile balance recharges due to its cost-effectiveness According to Sarker and Wells (2003), the main requirement for accessing mobile banking is a mobile phone The widespread availability of affordable cellular devices and improved network infrastructure has established a solid foundation for mobile banking The acceptance of mobile banking services is influenced by various factors, including service quality, perceived usefulness, perceived ease of use, safety, and social influences (Navavongsathian et al., 2020).
Research highlights the importance of preventive measures and user behaviors in mitigating cyber risks, as the high costs associated with these threats become increasingly evident (Zwilling et al., 2022) Empowering individuals with choices, rather than imposing decisions, enhances their internal motivation and satisfaction, leading to improved performance (Iyengar and Lepper, 2000) Decision-makers and policymakers often respond differently to various presentations of the same cybersecurity issues, underscoring the need for clear and persuasive communication Additionally, cybersecurity risks are frequently perceived as potential threats, creating a false sense of security that can instill fear (de Bruijn and Janssen, 2017).
Customers play a crucial role in ensuring the safety and security of their mobile banking experiences, as banks cannot control their behavior or the devices they use Research indicates that customer actions often contribute to online banking fraud (Jansen and Lcukfcldt, 2015) To mitigate these risks, customers must be proactive in recognizing potential threats and implementing preventive measures Being aware of online banking threats, taking steps to prevent them, and knowing how to respond when a threat occurs are essential for safeguarding personal finances (Jansen, 2015).
Literature Review
Ajzen and Fishbein developed TRA in 1967 through much research and revision in the 1970s.
The theory of reasoned action model suggests that behavioral intentions are the primary predictors of actual behavior, with these intentions shaped by personal attitudes towards the behavior and the impact of subjective norms According to Fishbein and Ajzen (1975), both attitudes and subjective norms play a crucial role in forming behavioral intentions.
TRA focuses on understanding consumer behavior by analyzing their behavioral tendencies, which are influenced by their attitudes—specifically, their feelings of liking or disliking certain actions Additionally, subjective norms, or the influence of others, play a significant role in shaping these attitudes and subsequent behaviors.
The model suggests that consumers' attitudes toward a behavior significantly influence their performance of that behavior, more so than their attitudes toward the actual product or service (Mitra Karami, 2006) Attitude measurement in this theory aligns with the multiattribute attitude model, but it is crucial to also assess the subjective norm component, as it plays a vital role in shaping consumer behavior trends.
Components in the TRA model include:
- Behavior is the observable actions of the subject (Fishbein and Ajzen, 1975, p 13) determined by behavioral intention.
Behavioral intention reflects an individual's perceived capability to engage in a specific behavior and is considered a unique form of belief (Fishbein & Ajzen, 1975, p 12) This intention is influenced by the person's attitudes toward the behavior and the social norms they perceive.
Attitudes toward a specific action or behavior reflect an individual's positive or negative perceptions and can be assessed by synthesizing the strength of their beliefs and evaluations of those beliefs (Hale, 2003).
If the outcome is personally beneficial, they may intend to engage in the behavior(Fishbein & Ajzen, 1975).
- Subjective norms are defined as an individual’s perception, with that individual's important references, that a behavior should or should not be performed (Fishbein & Ajzen, 1975).
Subjective norms are assessed based on consumer-related factors, which are influenced by normative beliefs regarding expected behaviors and the individual's motivation to align with these expectations, as outlined by Fishbein and Ajzen (1975).
Related Studies
2.3.Ỉ Enhancing Cybersecurity Awareness among University Students: A Study on the Relationship between Knowledge, Attitude, Behavior, and Training - Anwar Fattah, Wagimin & Nurlia (2023)
This research investigates the level of cybersecurity awareness among university students, focusing on the interplay between knowledge, attitude, behavior, and training Utilizing the partial least squares structural equation modeling (PLS-SEM) method, the study analyzed quantitative data from 64 university respondents The findings reveal a significant positive relationship, indicating that knowledge, attitude, behavior, and training collectively enhance cybersecurity awareness among students.
Cybersecurity training programs equip students with essential knowledge of principles, best practices, and emerging threats in the field These programs provide insights into the latest technologies, vulnerabilities, and protective measures, enabling students to apply their skills in real-world scenarios Emphasizing ethical behavior and privacy protection, the training encourages students to take an active role in safeguarding digital assets, fostering a commitment to prioritize cybersecurity and adopt secure online practices.
Students well-versed in cybersecurity recognize its importance and the risks of insufficient security measures, leading to a positive attitude towards secure practices This awareness not only drives them to adopt secure behaviors but also emphasizes the role of attitude in translating knowledge into action Consequently, students with a proactive mindset are more inclined to implement strong passwords, enable multi-factor authentication, regularly update software, and exercise caution in online interactions.
Figure 2.2: Research Model by Anwar Fattah, Wagimin & Nurlia (2023)
Source: Anwar Fattah, Wagimin & Nur Ha (2023)
2.3.2 Risks and challengesfor cybersecurity in the banking sector in Vietnam - Nguyen Van Phuong and Tran Van Dien (2021)
In the 21st century, cyberspace presents vast opportunities for global integration and socio-economic growth, yet cybersecurity risks have emerged as a significant concern, particularly within the banking sector This study focuses on identifying and analyzing the cybersecurity challenges faced by banks in Vietnam, aiming to enhance the understanding of these issues for both online banking users and bank managers The findings will also provide valuable insights for policymakers to create a balanced cybersecurity policy framework that safeguards the advantages of online banking services.
Research indicates that many internet users in Vietnam continue to use pirated software to save money, often overlooking the significant risks associated with cracked software This negligence can lead to hackers gaining control of their computers, stealing personal information, or infiltrating connected systems, resulting in severe information insecurity, network vulnerabilities, and substantial financial losses Furthermore, there is a lack of widespread training programs on cybersecurity and risk management for online users, and educational institutions have not adequately equipped students with the necessary knowledge to safeguard against identity theft in their online activities.
2.3.3 The Relationship between Cybersecurity Knowledge, Awareness and Behavioural Choice Protection among Mobile Banking Users in Thailand - Pongsakorn Limna et al. (2023)
This study explores the connection between cybersecurity knowledge, awareness, and protective behavior among mobile banking users in Thailand, utilizing a quantitative approach Data was collected through an online questionnaire from 414 mobile banking users via convenience sampling Findings indicate that cybersecurity knowledge has a significant effect on both cybersecurity awareness and protective behavioral choices Furthermore, cybersecurity awareness plays a crucial role in influencing these behavioral choices and serves as a significant mediator between cybersecurity knowledge and protective behaviors.
To effectively change behavior in cybersecurity, knowledge and awareness must be combined with additional influencing strategies, as mere awareness is insufficient Instilling positive behaviors is essential for these actions to become habitual and integrated into a company's cybersecurity framework Research indicates that awareness of information security threats can enhance protective behavioral choices, such as strengthening password selection Additionally, security awareness serves as a mediator for certain personality traits, reinforcing the importance of cybersecurity knowledge in shaping the behavioral choices of Thai mobile banking users.
Figure 2.3: Research Model by Pongsakorn Limna et al (2023)
Source: Pongsakorn Limn a et al (2023)
Conceptual framework and research hypotheses
2.4.Ỉ Relationship between Cybersecurity Knowledge and Cybersecurity Perception
Cybersecurity is the protection of users' data or network environment against any abuse, illegal access, or unauthorized manipulation of resources related to cyber space.
Cybersecurity is considered an essential element in mobile banking adoption (Balzacq & Cavelly, 2016; Stallings, Bauer, & Hirsch, 2013; Joubert & Belle, 2013).
Generation Z is highly engaged with technology, frequently utilizing computers, smartphones, and social media for various online activities, including research and shopping However, their understanding of cybersecurity is notably lacking, primarily due to insufficient education and awareness of online protection measures This low perception of cybersecurity is further exacerbated by behaviors that downplay its importance Research indicates that Gen Z's familiarity with essential cybersecurity tools is inadequate, and even a basic awareness does not equate to the necessary knowledge for effectively mitigating cyber threats.
Letho (2015) argued that enhancing cybersecurity awareness is crucial in an increasingly interconnected world, emphasizing the need to improve knowledge in economic and public administration sectors Research by Moti Zwilling et al (2022) supports this, revealing a positive correlation between knowledge and awareness of cybersecurity threats, indicating that individuals believe their education level significantly impacts their understanding of cybersecurity risks Furthermore, possessing extensive knowledge of computer usage and applications is linked to heightened awareness of potential cyberattacks.
Research by Huang, Rau & Salvendy (2007) on factors affecting awareness in information security indicates that factors include “knowledge”, “impact”, “severity” and
The perception of threat danger is significantly influenced by the concept of "likelihood," which encompasses components such as familiarity, understanding, control of severity, and novelty Individuals with limited knowledge of new threats often perceive them as unfamiliar and challenging to understand, making it difficult to assess their severity According to Alqahtani (2022), awareness of network security is notably impacted by knowledge of password and browser security This relationship between these knowledge factors and the overall perception of threat danger was examined and validated through multiple regression analysis.
From the above arguments, the authors hypothesize:
H^: Cybersecurity Knowledge has a positive influence on Cybersecurity Perception.
2.4.2 Relationship between Cybersecurity Knowledge and Usage Behavior
In a study focusing on building cybersecurity awareness, de Bruijn and Janssen
Inadequate knowledge of cybersecurity issues among technology users can result in careless technology usage, potentially leading to severe security breaches (2017) Bendovschi (2015) emphasizes that enhancing cybersecurity literacy is essential for combating cybercrime, ranging from individual awareness to global cybersecurity initiatives A lack of awareness regarding cybersecurity threats can leave users vulnerable to security breaches, which may result in substantial financial losses (van Schaik et al., 2017).
Alexandrou and Chen (2019) emphasize the importance of implementing educational programs to enhance cybersecurity awareness among users By informing individuals about the most common security threats, these programs serve as a crucial strategy to reduce the likelihood of human-caused security breaches.
Techniques for compressing and decoding online transaction content on mobile devices are built on the framework of online banking transactions, which vary by bank operations and services offered, including both internal and third-party services Ensuring the security of these online banking services poses significant challenges, particularly within the request-response model that necessitates customer authentication This requires a transparent banking infrastructure, encompassing information technology networks, routers, servers, and switches Hackers often target users' account credentials through methods such as credential theft, social engineering, and phishing, aiming to steal personal information for unauthorized account access.
The effectiveness of an attack largely relies on the utilization of stolen authentication credentials Credential theft, often facilitated by malware, compromises user information and disrupts the normal functioning of computers This malware can manifest as encryption tools, scripts, or various software, targeting sensitive data for illicit gain (Kaur, 2015).
A significant barrier to technology adoption is the lack of awareness regarding cybersecurity, as customers who are more informed about cybersecurity risks tend to be more proactive in utilizing technology.
From the above arguments, the authors hypothesize:
H2: Cybersecurity Knowledge has a positive influence on Usage Behavior.
2.4.3 Relationship between Cybersecurity Knowledge and Protection Behavior
Realizing the dangers of cyber risks, research increasingly focuses on the preventive measures and behaviors that internet users exhibit to protect their devices (Zwilling el al.,
Research indicates that having the freedom to choose, rather than being restricted to a single option or directive, significantly enhances motivation and performance When individuals make their own choices, they experience greater satisfaction and a stronger sense of control over their actions (Iyengar & Lepper, 2000).
Mamonov and Benbunan-Fich (2018) confirmed that awareness of information security threats improved the strength of newly chosen passwords Furthermore, Abawajy
Information security training is essential for equipping individuals to manage risks associated with network security threats (2004) Research by Van der Schyff and Flowerday (2021) indicates that information security knowledge acts as a mediator for various personality traits Specifically, it plays an indirect role in linking openness to the intention to review privacy settings Users with high openness tend to increase their awareness of privacy threats through events and news, leading to a greater desire to adjust their privacy settings Additionally, information security knowledge complements the relationship between conscientiousness and the intention to check privacy settings.
Research by Hadlington and Parsons (2017) indicates that employees who feel secure in their workplace often neglect cybersecurity measures, a trend supported by Tischler et al (2016), who found that individuals typically disconnect their responsibility for cyber protection from their roles, instead shifting this duty to senior management Interestingly, their study revealed no significant differences in response behaviors between experienced and inexperienced users when facing cyber malware attacks, regardless of whether it was their first encounter or a repeated one Additionally, they found no notable impact of cyber training programs on individual behaviors, but suggested that future research could explore how effective training might encourage younger users to adopt more prudent practices during cybersecurity incidents.
From there, we propose the following hypothesis:
H^: Cybersecurity Knowledge has a positive influence on Protection Behavior. 2.4.4 Relationship between Cybersecurity Perception and Usage Behavior
The rise in global cybercrime and cyberattacks has prompted concerns regarding the impact of cybersecurity on the adoption of banking applications Cybersecurity awareness, as defined by Shaw et al (2007), refers to users' understanding of the significance of information security and their responsibilities in implementing adequate controls to protect organizational data They highlighted a prevalent lack of awareness about cyber risks, particularly among users who frequently engage with applications and social networks This gap in knowledge makes them prime targets for hackers, who often exploit those with insufficient understanding of cybersecurity.
The increasing number of cyber awareness training programs offered by academic institutions and private companies highlights the significant role of the human factor in cyber breaches Research indicates that Gen Z individuals who understand safe browsing practices, data protection, and social engineering techniques tend to demonstrate more cautious online behavior This heightened awareness reduces their likelihood of clicking on suspicious links, sharing sensitive information with unknown sources, or falling victim to phishing attempts By fostering a strong understanding of cybersecurity, Gen Z is empowered to make informed decisions and take proactive measures to safeguard themselves against online threats.
Research by Ishmael Chikoo (2013) indicates that cybersecurity awareness significantly influences users' intentions to utilize mobile banking applications The findings suggest that mobile users view cybersecurity awareness as a crucial factor in their decision-making regarding mobile banking services As users become more knowledgeable about cybersecurity threats and protective measures, they are better equipped to make informed choices about using mobile devices for financial transactions (So, 2013) Consequently, individuals who are well-informed about cybersecurity protections are more likely to adopt mobile banking applications compared to those who lack such knowledge.
Customer awareness towards the adoption and use of technology is considered a contributing factor to the limited use of mobile banking (Arif, 2016) Yoon and Steege
In 2013, it was identified that website usability, openness, and users' awareness of security concerns significantly impact the usage of mobile banking applications However, there remains a knowledge gap regarding how users' perceptions of security affect their consistent engagement with these applications Cybersecurity awareness in mobile banking is crucial, as it involves educating users about potential security threats and attacks, as well as outlining preventive measures to ensure secure transactions and data protection.
2015) The more informed technology users are and the more properly informed they are about cybersecurity, the more they want to use mobile banking services (Li, Xu, He, Chen,
& Chen, 2016; van Schaik et al., 2017) Cybersecurity awareness generally tends to have a positive impact on intention to use technology (Korpela, 2015).
From there, we propose the following hypothesis:
H4: Cybersecurity Perception has a positive influence on Usage Behavior.
2.4.5 Relationship between Cybersecurity Perception and Protection Behavior
RESEARCH METHODOLOGY
Quantitative Research
The authors conducted a survey to assess the influence of cybersecurity knowledge and perception on mobile banking usage among 301 Gen Z customers in Ho Chi Minh City The data were analyzed using descriptive statistical methods, including frequency analysis for research sample statistics, Cronbach's Alpha to identify and eliminate unreliable scales, and exploratory factor analysis (EFA) to refine the observed variables This process grouped the variables into factors, which laid the groundwork for multivariate linear regression analysis aimed at determining the impact of financial knowledge and testing the model's hypotheses.
For effective exploratory factor analysis (EFA) and linear regression models, the required sample size should exceed 8 times the number of factor groups plus 50, as stated by Tabachnick and Fidell (1996) In this study, the research team surveyed 301 customers to assess how cybersecurity knowledge and perception influence mobile banking usage and protection in Ho Chi Minh City.
Sampling: Data used in the study were collected using convenience sampling method We sent questionnaires to any 301 customers in HCMC and selected all 301 samples suitable for the research article.
• Part 1: Questions to filler respondents:
Including 07 questions with the form of choosing the appropriate answer about whether the survey object belongs to the correct research object of the topic.
Includes 19 questions related to the research topic Questions are rated on a five- point Likert scale to measure the impact of personal financial knowledge and behavior on student loan schemes adoption in Ho Chi Minh City.
Likert scale with five levels from 1 to 5 respectively as follows:
Record personal information of respondents including gender, academic level, income and living expenses.
After collecting survey results, the authors utilized SPSS 20.0 and AMOS 20.0 software to encode, input, and analyze data through quantitative research methods These methods included assessing scale reliability, conducting exploratory factor analysis, and performing regression analysis to test research hypotheses and examine the characteristics of the research sample.
To determine the influence of cyber knowledge and perception on mobile banking usage and protection behavior of gen z customers in HCMC, the data processing process is as follows:
Cronbach's Alpha coefficient is a crucial tool for assessing the reliability of a scale, allowing researchers to identify and eliminate variables or scales that do not meet specified criteria before performing factor analysis.
According to Nguyen Dinh Tho (2011), Cronbach's Alpha coefficient is in the range
The reliability of a scale is indicated by the Cronbach's Alpha coefficient, with higher values reflecting greater reliability A coefficient exceeding 0.95 suggests that multiple variables within the scale may be measuring the same underlying concept Hoang Trong and Chu Nguyen Mong Ngoc (2005) recommend that a Cronbach's Alpha of at least 0.6 is acceptable for scales assessing new concepts or those unfamiliar to respondents.
(2011), citing Nunnally & Bernstein (1994), a scale has the best reliability when it fluctuates in the range [0.7 - 0.8] If this coefficient is greater than 0.6, the scale is acceptable.
(2) After testing the scale's reliability by Cronbach's Alpha, the observed variables that meet the requirements will be put into exploratory factor analysis (EFA).
Exploratory factor analysis (EFA) is a statistical technique that condenses a large set of observed variables into fewer, more meaningful factors while retaining most of the original information and significance This method allows for the evaluation of convergent and discriminant validity of a scale Key considerations during EFA include ensuring that the KMO statistic is greater than 0.5, the Bartlett test is significant, and the total variance extracted approaches 50% Additionally, the factor loading coefficients for observed variables should exceed 0.5, indicating that the EFA analysis is appropriate for the dataset.
Linear regression analysis involves establishing a regression model to assess the influence of various independent factors on a dependent variable This analytical approach helps to quantify the impact of each independent factor, providing valuable insights into their respective roles in the overall relationship.
For linear regression coefficient analysis, tests need to note the following:
- Evaluate the appropriateness of the multiple linear regression model using the R2 coefficient and adjusted R2 coefficient.
- Use the Beta coefficient to evaluate the degree of correlation between variables.
- Measure the level of multicollinearity of the model through VIF (Variance Inflation Factor) analysis.
Data analysis techniques
3.3.1 Test the reliability of the scale using the Cronhach’s Alpha coefficient
To ensure the reliability of a research scale and eliminate irrelevant variables, researchers utilize Cronbach's Alpha coefficient, which ranges from 0 to 1 A scale is deemed reliable when its Cronbach's Alpha falls between 0.75 and 0.95, while a coefficient of 0.7 or higher, as suggested by Hair et al (2013), indicates acceptable reliability According to Nunnally and Bernstein (1994), a scale with a coefficient above 0.6 is also considered acceptable Variables with a total correlation coefficient below 0.3 are unsatisfactory and should be excluded, whereas those with a coefficient of 0.3 or higher meet the necessary criteria Subsequently, all reliable observed variables will undergo further analysis to assess their convergence and discrimination.
To assess the reliability of a scale, it is crucial to test Cronbach's Alpha, which measures internal consistency Following this, the evaluation of convergent and discriminant validity is essential in confirmatory factor analysis (CFA) Failing to meet these validity conditions can lead to significant errors in analysis results, ultimately misrepresenting the data and its real-world implications As outlined by Hair et al (2010; 2016), the use of Composite Reliability (CR), Average Variance Extracted (AVE), and Maximum Shared Variance (MSV) indexes, along with Fornell and Larcker tables, is recommended for a thorough assessment of the scale's convergence and discrimination.
To assess Convergent Validity, Hair et al (2021) indicate that a composite reliability index (CR) greater than 0.7 and an average variance extracted (AVE) exceeding 0.5 are essential thresholds When these criteria are met, the latent variable accounts for more than half of the variance in its observed variables, indicating strong convergence and high reliability Conversely, if the AVE falls below 0.5 and the CR is under 0.7, it suggests that the observed variables contain more error than the variance explained by the latent variable, resulting in insufficient aggregate reliability for the data.
The Fornell and Larcker table, introduced by Fornell and Larcker in 1981, remains a widely used method for evaluating discriminant validity in research articles and dissertations This traditional approach involves comparing the square root of the Average Variance Extracted (SQRT(AVE)) for a latent variable with the correlation coefficients between that latent variable and other latent variables Here, AVE represents the average level of explanation that a latent variable provides for its observed variables A key criterion for establishing discriminant validity is that the Maximum Shared Variance (MSV) must be less than the Average Variance Extracted (AVE).
AVE) is larger than the remaining correlation coefficients, we conclude that the scale ensures discrimination.
Variables demonstrating adequate reliability through Cronbach's Alpha will be retained for further analysis using exploratory factor analysis (EFA) This method rigorously assesses the observed variables associated with the concepts in the scale, providing insights into the measurement quality related to the research content of those concepts.
In this study, the research team employed the Principal Axis Factoring extraction method alongside Promax rotation, which, as noted by Gerbing & Anderson (1988), provides a more accurate representation of data structure compared to the Principal Components extraction method with Varimax rotation.
The criteria used for evaluation in EFA method are as follows:
Factor loading is crucial for determining the validity of a scale, with a loading factor greater than 0.3 indicating the minimum acceptable level Loadings above 0.4 are deemed important, while those exceeding 0.5 are considered practically significant To ensure convergent validity, any observed variables with factor loadings below 0.5 should be removed during exploratory factor analysis (EFA) (Hair et al., 1988).
The KMO coefficient, or Kaiser-Meyer-Olkin index, is a crucial measure for evaluating the suitability of factor analysis in research A KMO value between 0.5 and 1 indicates that factor analysis is appropriate for the given dataset, as established by Kaiser in 1974.
Bartlett's test of sphericity assesses the correlation among observed variables, with a significance value (sig) of less than 0.05 indicating a significant correlation (Nguyen DinhTho, 2011).
Eigenvalue serves as a key criterion for identifying the number of factors in Exploratory Factor Analysis (EFA) According to Nguyen Dinh Tho (2011), factors with an Eigenvalue greater than 1 are considered significant and are retained for further analysis.
- Total Variance Explained > 50% (Nguyen Dinh Tho, 2011) shows that the representative factors extracted from EFA analysis explain what percentage of the variation of observed variables in the model.
Hair et al (2006) suggest that the model's fit to market data is essential for determining the unidirectional nature of observed variables, unless there is correlation among the errors of these variables.
To measure the degree of suitability with survey data information, people often use the following indicators to evaluate the degree of suitability with surveyed data:
- CMIN/df < 3 is good, CMIN/df< 5 is acceptable;
- CFI > 0.9 is good, CF1 > 0.95 là excellent, CFI > 0.8 is acceptable (CFA ranges from Oto I);
- GFI > 0.9 is good, GFI > 0.95 is excellent;
- RMSEA < 0.06 is good, RMSEA < 0.08 is acceptable;
- PCLOSE > 0.05 is good, PCLOSE > 0.01 is acceptable.
When conducting Confirmatory Factor Analysis (CFA), it is crucial to evaluate the scale's reliability, convergent validity, and discriminant validity Reliability can be assessed using Cronbach's alpha coefficient, composite reliability, and total variance extracted, with a variance extraction greater than 0.5 indicating satisfactory reliability (Hair et al., 2011) Convergent validity is confirmed when the standardized weights of the scale exceed 0.5 and are statistically significant (P-value < 0.05) (Anderson and Gerbing, 1988) Discriminant validity is established when the correlation between components or concepts is less than 1, indicating statistical significance and a good model fit to the data.
In linear regression analysis, the overall regression coefficients (p1, p2, etc.) and the regression constant (p0) are key parameters that we aim to estimate but cannot directly measure To infer these population parameters, we utilize the corresponding estimates derived from our sample data The regression equation based on the research sample provides a framework for this estimation process.
X, X|, X2, xn: independent variable Bo: regression constant
Bl, B2 Bn: regression coefficient 8: excess
* Criteria in multivariate recovery analysis:
The R2 and adjusted R2 values indicate how well the independent variables explain the dependent variable in a regression model These values range from 0 to 1; a higher R2 value, approaching 1, signifies a stronger explanatory power of the independent variables, while a lower R2 value, closer to 0, indicates a weaker relationship.
The significance value (sig) of the F test is essential for assessing the suitability of a regression model When the sig value is below 0.05, it indicates that the multiple linear regression model is appropriate for the dataset and can be effectively utilized.
QUANTITATIVE RESEARCH RESULT
Sample description
Our group conducted an online survey involving 301 eligible participants After gathering and organizing the data, we coded the information for further analysis using SPSS software The statistical results are presented in Table 4.1.
All respondents have heard and known about the term ’‘cybersecurity'*.
About gender: There are 78 male respondents and 223 female respondents, which account for 25.9% and 74.1% respectively.
About education level: It can be seen that most respondents are undergraduate (69.8% from university and 21.9% from college) Remaining respondents are graduated (8.3%).
The income levels among respondents show significant variation, with 79.7% earning between 1 to 5 million VND, 11.6% falling within the 6 to 10 million VND range, and only 8.6% earning over 10 million VND This data highlights the financial challenges faced by a majority of individuals, as most rely on modest earnings supplemented by parental support or wages.
About m-banking app usage period: Most respondents have used m-banking app over 2 years (78.4%), percentages of respondents using from 1 - 2 years and less than 1 year are 15% and 6.6% respectively.
Respondents primarily learn about the term "cybersecurity" from various sources, with schools and the internet being the most common at 25.2% and 27.5%, respectively News accounts for 21.2% of their knowledge, while information from family and friends contributes 14.9% A smaller percentage, 11.2%, indicate they have heard about cybersecurity from other sources.
Reliability and Validity (Cronbach ’s Alpha)
A measured variable is considered adequate if it has a total variable correlation coefficient of 0.3 or higher (Nunnally, J 1978) According to Hair et al (2009), a reliable scale should ideally achieve a Cronbach's Alpha of 0.7 or above; however, for preliminary exploratory studies, a threshold of 0.6 is deemed acceptable Generally, a higher Cronbach's Alpha indicates greater reliability of the scale.
Table 4.2: Cronbach’s Alpha Analysis Result
Cronbach’s Alpha if Item Deleted
The Corrected Item-Total Correlation for all variables, including Cybersecurity Knowledge, Perception, Usage, and Protection Behavior, exceeds 0.3, while the Cronbach's Alpha if Item Deleted remains below the overall Cronbach Alpha This indicates that the reliability of all assessed variables is confirmed.
Cronbach's Alpha coefficient is utilized to assess the reliability of factors influencing student credit usage, encompassing four factors and 19 observed variables The analysis reveals that the Cronbach's Alpha values for CK, CP, UB, and PB are 0.864, 0.831, 0.802, and 0.810, respectively, all exceeding the acceptable threshold of 0.7 Therefore, the scale demonstrates reliability, indicating that the observed variables effectively explain the identified factors.
After testing the reliability of the scale, 19 observed variables that met the requirements are included to run EFA with the Principal Axis Factoring extraction method and Promax rotation.
The analysis indicates a KMO coefficient of 0.760, which exceeds the 0.5 threshold, confirming the appropriateness of the EFA analysis for the dataset (Kaiser & Rice, 1974) Furthermore, Bartlett's test yields a significance value of 0.000, which is less than 0.05, leading to the rejection of the null hypothesis (H_0) that the observed variables are uncorrelated This rejection implies that the correlation matrix among the variables is not homogeneous, indicating that the variables are indeed correlated and suitable for factor analysis.
Table 4.3: KMO and Bartlett's Test
Kaiser-Meyer-Olkin Measure of Sampling Adequacy.
Approx Chi-Square Bartlett's Test of Sphericity df
Perform factor analysis according to Principal components with Promax rotation.The results show that the original 19 observed variables are divided into 4 groups.
Value of total variance extracted are over 50%: satisfactory The Total Initial Eigenvalues figures of independent variables are greater than 1.
Table 4.4: EFA Analysis of Variable Result
CK4 CK2 CK1 CK5 CK3 CP3 CP4 CP5 CP2 CPI PB3 PB4 PB2 PBI PB5 UB1 UB3 UB2 UB4
The analysis of the rotated matrix reveals that the 19 observed variables are effectively grouped into four distinct factors Each factor loading coefficient exceeds 0.5, and there are no instances of variables loading onto multiple factors simultaneously with similar coefficients This confirms both convergent and discriminant validity in the analysis.
EFA, or Exploratory Factor Analysis, ensures that the factors identified remain distinct and unaffected by other variables This means that each factor is analyzed independently, without interference from others, resulting in a consistent representation of the original data After conducting factor analysis, the integrity of these independent factors is maintained, ensuring they are neither inflated nor diminished.
Confirmatory Factor Analysis (CFA)
CP3 CP4 CP5 CP2 CP1
Following the exploratory factor analysis (EFA), the team proceeded with confirmatory factor analysis (CFA) to validate the proposed model from Chapter 2 This model encompasses four key concepts for examination: Cybersecurity Knowledge (CK), Cybersecurity Perception (CP), Usage Behavior (UB), and Protection Behavior (PB).
According to the results of CFA analysis, the coefficients are all standard, showing the model's compatibility with market data, specifically:
To assess the discriminant validity among observed variables in the scale, all estimated correlation coefficients are accompanied by standard errors (SE) for p < 0.05 This indicates that at a 95% confidence level, the correlation coefficient for each pair of concepts significantly differs from 1, confirming that the concepts possess distinct value.
Table 4.5: Regression Weights: (Group number 1 - Default model)
As a result of the convergence test, all weights are greater than 0.5, so the scale has convergent validity.
Table 4.6: Average extracted variance (AVE)
CR AVE MSV MaxR(H) PB CK CP IB
The value of AVE should be equal to or greater than 0.5 We can see values > 0.5, so the scale reaches research significance.
Research model and hypotheses test
The proposed theoretical model and its associated hypotheses for the four concepts were evaluated through SEM analysis following CFA scale testing The structural equation model results indicate that all coefficients meet the required standards, with a Chi-square/df ratio of 1.775, CFI at 0.951, GFI at 0.920, and RMSEA at 0.051, demonstrating strong model fit and validity.