Journal of Organizational Computing and Electronic Commerce


22 Φεβ 2014 (πριν από 7 χρόνια και 6 μήνες)

270 εμφανίσεις

This article was downloaded by: [City University of Hong Kong Library]
On: 26 September 2013, At: 21:28
Publisher: Taylor & Francis
Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered
office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK
Journal of Organizational Computing and
Electronic Commerce
Publication details, including instructions for authors and
subscription information:
Adoption of Biometric Authentication
Systems: Implications for Research and
Practice in the Deployment of End-User
Security Systems
Dawn Laux
, Andy Luse
, Brian Mennecke
& Anthony M.
Department of Computer and Information Technology, Purdue
University, West Lafayette, Indiana, USA
Iowa State University, Ames, Iowa, USA
Published online: 28 Jul 2011.
To cite this article: Dawn Laux , Andy Luse , Brian Mennecke & Anthony M. Townsend (2011) Adoption
of Biometric Authentication Systems: Implications for Research and Practice in the Deployment of
End-User Security Systems, Journal of Organizational Computing and Electronic Commerce, 21:3,
221-245, DOI: 10.1080/10919392.2011.590111
To link to this article:
Taylor & Francis makes every effort to ensure the accuracy of all the information (the
“Content”) contained in the publications on our platform. However, Taylor & Francis,
our agents, and our licensors make no representations or warranties whatsoever as to
the accuracy, completeness, or suitability for any purpose of the Content. Any opinions
and views expressed in this publication are the opinions and views of the authors,
and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content
should not be relied upon and should be independently verified with primary sources
of information. Taylor and Francis shall not be liable for any losses, actions, claims,
proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or
howsoever caused arising directly or indirectly in connection with, in relation to or arising
out of the use of the Content.
This article may be used for research, teaching, and private study purposes. Any
substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,
systematic supply, or distribution in any form to anyone is expressly forbidden. Terms &
Conditions of access and use can be found at
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Journal of Organizational Computing and Electronic Commerce,21:221–245,2011
Copyright ©Taylor &Francis Group,LLC
ISSN:1091-9392 print/1532-7744 online
Dawn Laux,
Andy Luse,
Brian Mennecke,
and Anthony M.Townsend
Department of Computer and Information Technology,Purdue University,West
Iowa State University,Ames,Iowa,USA
Recent security lapses have demonstrated the importance of augmenting authentication
protocols in sensitive areas of the economy,such as financial services and banking.
In addition,new legislative requirements for secondary authentication mechanisms have
highlighted the use of biometric technology as a reliable,but not required,means of authen-
tication.The focus of this study examines the factors that influence the adoption of biometric
authentication in organizations.The research model measures the relative contribution that
variables in three categories (External Pressure,Readiness,and Perceived Benefits) have
in the intent to adopt biometric authentication in financial services institutions.Managers
of these institutions were surveyed,and the resulting model indicates that,as expected,the
intent to adopt is driven by competitive factors,an organization’s financial resources,and the
perceived benefits associated with the technology.An important unanticipated finding from
this research is that managerial support was not shown to be significantly related to adoption
intent,which may be attributed to the context of biometric systems adoption.This research
advances our understanding of the adoption literature by demonstrating how structural fac-
tors can influence the decisions made by organizational actors and by applying theories of
adoption to a new technology—biometrics.
Keywords:biometric technology;diffusion of innovations;organizational adoption;
end-user security systems;user authentication;financial services industry
Identity theft and fraud have ruined Dave Crouse’s life.In fewer than six months,some
$900,000 in merchandise,gambling and telephone-services charges were siphoned out
of his debit card.His attempts to salvage his finances have cost him nearly $100,000
and have bled dry his savings and retirement accounts.His credit score,once a strong
780,has been decimated.And his identity—Social Security number,address,phone
numbers,even historical information—is still being used in attempts to open credit
cards and bank accounts (Waters 2010).
Address correspondence to Andy Luse,Iowa State University,3136 Gerdin Business Building,Ames,IA
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

This story,which recently was highlighted in the Wall Street Journal’s Marketwatch
section,illustrates a growing trend in online banking and other financial services in which
key-loggers and other nefarious tools are used to steal personal information and to rob
people of their identities.Mr.Crouse fell victim to identity theft and had his personal
bank account drained after using his bank’s online services,during which key logging
software recorded his login credentials and thereby provided the thieves with access to
account information as well as direct access to his financial resources.Security lapses such
as this illustrate the importance of augmenting authentication protocols within identity
management systems used by organizations in sensitive areas of the economy,such as
financial services and banking (Gartner 2005).
Of course,this trend in identity theft and online financial fraud has not gone
unnoticed by banks and other financial services institutions.A number of legislative
requirements for secondary authentication mechanisms in the financial services industry
have been proposed,which includes mandates for strong authentication tools such as bio-
metrics technology (Federal Financial Institutions Examination Council [FFIEC] 2005).
Biometrics technology is one among several available forms of secondary authentication
(e.g.,secondary passwords,secondary “secret” questions,smart cards,etc.);however,an
advantage of biometrics is that biometric indicators cannot be easily compromised,allow-
ing this technology to be used to reliably validate the identity of the person requesting
authentication (Elliott,Kukula,and Sickler 2004).Because biometric technologies encom-
pass a group of technologies designed to identify and validate the identity of individuals
using one or more of their intrinsic and unique physical or behavioral traits (Bolle et al.
2004),it represents a robust technology for deterring fraudulent access to online,as well
as on-site,financial services.
Substantial interest exists in biometric authentication technology and its application
as a means of enhancing existing identity management systems,but there are also valid
concerns when protecting the stored data (Wayman 2008).This poses a principal adoption
decision for an organization because this type of authentication requires strict privacy mea-
sures,adequate database management,and a long-term financial commitment due to the
sensitive nature of the data being stored.Despite the interest in biometric technologies,the
use of biometrics in the financial industry is limited.Further,very little substantive research
has been completed on this topic.In one of the fewresearch studies examining this technol-
ogy in financial services,Venkatraman and Delpachitra (2008) used a case study approach
to examine factors influencing biometrics adoption,and because of the exploratory nature
of their research they concluded that further empirical research is needed to understand the
factors influencing the adoption of these systems.
Interest in improving security with biometrics is escalating with the increase in
identity theft,the potential for regulations related to authentication,and the likelihood of
increasing financial losses and liabilities incurred by financial institutions.One industry
forecast predicts that the biometrics market will reach $4.2 billion in industry revenue by
2011 (Ruttenbur and Jones 2006).The studies published to date on biometrics adoption
are largely generalized (Fairhurst 2003;Harris and Yen 2002;Jain et al.2004) or examine
specific adoption processes (Coventry,De Angeli,and Johnson 2003a,2003b;James et al.
2006).While work has been done on the customer side of biometric adoption (Chandra,
Durand,and Weaver 2008;Jones,Antón,and Earp 2007;Moody 2004;Heckle,Patrick,
and Ozok 2007;Pons and Polak 2008;Tassabehji and Kamala 2009),little research has yet
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

to examine the factors that influence organizational decision-making regarding the adop-
tion of biometric technologies.Research in innovation and diffusion has historically tested
extant theory among a range of technologies;a large number of studies have been pub-
lished examining factors that influence the adoption of specific innovative technologies,
such as electronic data interchange (EDI),e-commerce,and mobile banking.An important
contribution of this study is that it extends the research stream of biometric technology
through the investigation of factors that impact a financial institution’s intention to adopt.
To do so,we develop an organizational-level adoption model for biometrics that is adapted
from organizational-driven research models used in the study of EDI adoption (Chwelos,
Benbasat,and Dexter 2001;Iacovou,Benbasat,and Dexter 1995).Unlike EDI,which is a
technology that is heavily influenced by inter-organizational relationships that are contin-
gent on symmetric data transfer protocols,biometrics can be implemented by individual
organizations with or without partnerships with other institutions.
This article is organized as follows.We begin with a review of the literature that
addresses the features,benefits,and constraints of biometric technology to highlight the
characteristics of this technology that have influenced its application,use,and acceptance.
This is followed by a discussion of the literature that has focused on normative or descrip-
tive models or frameworks that have been proposed to inform users and managers about
biometrics development and deployment.We then reviewthe literature on biometrics adop-
tion as well as the literature on organizational adoption with an eye toward understanding
how these research streams inform our study of biometrics adoption.Following this,we
describe our research methodology and procedures.The results are then presented and the
article concludes with a discussion of the findings,the limitations of the research,and
suggestions for future research.
2.1.Implementation Benefits and Constraints
Biometric technology has been extensively researched as a method of security
control and management,and significant literature exists from both trade and academic
journals documenting the many benefits and problems users have when adopting this
technology.This section reviews several of the germane features and applications of this
technology to highlight the important factors that motivate or hinder adoption.
Harris and Yen (2002) argued that with PINs (personal identification number),cards,
and tokens,an individual is “authenticated” regardless of whether that individual is actually
the person associated with that security credential,while,on the other hand,biometrics
accurately and reliably identifies the person requesting access with little or no potential for
fraud or abuse.As a result,Harris and Yen concluded that biometric technology offers a
level of security that cannot compare to traditional methods of authentication.Ahmed and
Siyal (2005) built on the premise of the superiority of biometrics by developing a system
for enhancing the security of private keys,which is a non-biometric security protocol,with
biometric technology.As motivation for this innovation,they noted that the requirements
for greater security in private keys due to their increased use in electronic commerce needed
to be enhanced using secondary authentication approaches that were unimpeachable,which
argued for the use of biometric authentication.
At the same time that interest in the security benefits of biometric technology is
increasing,there is also increasing interest in research on privacy issues.Zorkadis and
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Donos (2004) examined the rising legal concerns related to the personal nature of biomet-
ric data.This research built on earlier research by Prabhakar,Pankanti,and Jain (2003)
addressing three specific concerns:unintended functional scope,unintended application
scope,and covert recognition.Zorkadis and Donos offered several adoption principles that
they suggest should be followed in order for biometric systems to be compliant with cur-
rent legislation.They also proposed a method for securing the privacy of an individual’s
information stored in a biometric database.The researchers concluded that in order for
biometric data to be kept private and follow current legislation rules,the following must
occur:(1) biometric identification data must only be used for the purpose that it was orig-
inally collected,(2) the data should be less accessible to others for further processing if it
were to be stored in a device owned by the data subject (such as a smart card),and (3) IT
personnel must be fully cognizant of the legal rights of customers with regard to biometric
information as well as fully trained in managing appropriate security technologies.In addi-
tion,Jain,Nandakumar,and Nagar (2008) analyzed available biometric template protection
schemes to enhance the security of biometric authentication with identity management sys-
tems.They address the threat of attacks against stored biometric templates,but concluded
that a single protection scheme may not be sufficient in a large-scale deployment.
User privacy is a recurrent theme in the research that has examined biometric tech-
nologies.Alterman (2003) and Langenderfer and Linnhoff (2005) emphasized that the
ensuing widespread deployment of biometric implementations must also provide a means
for protecting the data from misuse.Ratha,Connell,and Bolle (2001) described vulnera-
bilities in biometric systems and howto protect themwith techniques that,if implemented,
would decrease the threat of information theft.Sticha and Ford (1999) examined how bio-
metric technology can be used to thwart duplicate enrollments and fraud found in the Food
Stamp Program.They also found that the biometric technology used must be acceptable to
the user,accurate,resistant to fraud,and have a quick response time.Jain and colleagues
(2004) examined pattern recognition technologies and identified accuracy,scale,security,
and privacy as being the primary problems facing organizations when implementing bio-
metric technology.Elliott and colleagues (2004) identified what they determined to be
important factors influencing the accuracy,reliability,and usefulness of biometric tech-
nologies.Specifically,they indicated that the environment that the biometric scanner will
be placed in,the quality of the image that is obtained,and the selection of the device used
in acquiring the biometric identifier froman individual are all important factors influencing
whether the technology will work as intended.
These studies draw attention to several of the factors that are important operational
considerations in the adoption of biometrics.This literature,while focused on practical
rather than theoretical models of adoption,suggests that when this technology is adopted it
requires a sophisticated set of policies and procedures to ensure its successful deployment.
This review is also useful because,while not exhaustive of the literature that addresses
these practical considerations in adoption,it paints a picture of the type of research that is
typical in the biometrics area;that is,atheoretical case studies and frameworks focused on
best practices or “lessons learned.” In the next section,we review several articles that,in a
similar way,have been offered to provide normative guidance on the implementation and
deployment of biometrics.
2.2.Implementation Strategies
While several biometric technologies have been widely used for a decade or more,
limited research has examined biometrics adoption in organizations.Much of the literature
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

dealing with this technology has been descriptive and normative,offering theory-driven
guidelines for adoption and use.For example,Riley and Kleist (2005) studied the challenge
organizations face when assessing the benefits of biometric technologies.They offered a
strategy for the decision-making process using a step-by-step method in developing a busi-
ness case specifically for the implementation of biometric technologies.Kleist,Riley,and
Pearson (2005) identified how biometric technology may be a valuable tool in mitigating
organizational risk based on the level of risk and type of biometric used.Down and Sands
(2004) and Chandra and Calderon (2005) offered recommendations for those organizations
considering the implementation of a biometric authentication system by describing chal-
lenges,constraints,and limitations of biometric technology that every organization should
review while evaluating this type of technology.
Perhaps because of the fact that automated biometric technology is new,limited
research has been performed on organizations that are extant users of biometric tech-
nology.In a case study of a deployed biometric system,Heracleous and Wirtz (2006)
studied the role of biometric technology and how it might drive service excellence,pro-
ductivity,and security in the service industry.The main conclusion from this study is
that an organization should not implement a new technology just for the sake of doing
it;instead,organizations must be capable of strategic alignment and strategic innovation.
Coventry and colleagues (2003a,2003b) examined customer-driven usability related to
iris scanning authentication at automated teller machines (ATMs).This study examined a
prototype being used in a field test and the researchers found that the input of consumers
as well as exposure to prototype testing of the technology provided insights on how to
improve user acceptance of the biometric system.Similarly,Breckenridge (2005) exam-
ined the deployment of biometric technology in South Africa.He suggests that before
the United States embarks on an implementation plan of widespread biometric system
deployment,it would be wise to examine the lessons that can be learned from South
Africa’s troubled shift from a paper-based government archive to a biometric-based one.
For example,Breckenridge mentioned a disempowerment of local officials in the data-
driven system,as well as a privacy issue of data-creep in regards to the protection of
participant biometric data.
While guidelines and normative prescriptions are useful,it is important to under-
stand the adoption process in the context of theory.The next section reviews the limited
theoretical and empirical research that has been done to examine biometrics adoption.
2.3.Prior Biometric Adoption Research
An important consideration in the organizational adoption of a technology concerns
whether individual organizational stakeholders will accept the technology.As a result,
much of the research examining biometric adoption has focused on individual attitudes and
perceptions.For example,James and colleagues (2006) used the Technology Acceptance
Model (TAM) to determine the intention to use security technologies in the form of bio-
metric technology.Results indicate that the perceived need for security and perceived ease
of use positively influenced the individual’s perception of the usefulness of the biomet-
ric device,yet the perceived physical invasiveness of the device had a negative impact
for adoption intention.Jones and colleagues (2007) also utilized TAM in a pilot study
of business students to understand user perceptions of digital identity technologies,which
included biometric technologies.Overall,they concluded that there is a great deal of uncer-
tainty associated with authentication technologies and that these uncertainties negatively
influenced adoption.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Moody (2004) examined factors leading to the slow adoption of biometric tech-
nologies.In addition,she also attempted to identify public perceptions about biometric
technology.She concluded that individuals responding to her survey were not ready to par-
ticipate in the commercial use of biometric technology due to a high misinterpretation of
howthe technology works and a lack of exposure to the technology (94%of the survey par-
ticipants had never used a biometric system).Chandra and colleagues (2008) took a similar
approach as Moody by studying individuals’ feelings about potential uses and limitations
of biometrics in health care.They found that both health care providers (physicians,nurses,
and allied health professionals) and customers had concerns about privacy and the need for
limits on information availability.
Venkatraman and Delpachitra (2008) used a case study approach to identifying the
issues and success factors surrounding the use of biometrics in the banking sector.They
found that while biometric technology appeals to many banking organizations as a solution
to security threats,there is a hesitation to adopt this technology due to socio-technological
issues.While the case study is a guideline to identify factors for a viable biometric imple-
mentation,the researchers noted that this work represented merely a starting point for more
research in the application of biometrics in the financial industry.In embracing this charge,
our research is unique because it is the first empirical study to examine the factors affecting
the decision to adoption biometric technology in an organizational context.
In summary,much of the research examining biometric adoption and use is descrip-
tive and focuses on technology characteristics.No research has empirically examined the
adoption of biometrics in a large,representative sample of organizations in one indus-
try.Further,although several researchers have discussed the role of biometrics in security
applications for financial institutions,no systematic empirical research has been applied
to studying the role of organizational characteristics,contextual factors,and perceived
benefits of the technology in this or related industries.
2.4.Organizational Adoption Research
The innovation-decision making process involves a series of choices and actions
that are taken over time and through which individuals or organizational members evalu-
ate a new idea and decide whether to incorporate the innovation into ongoing practices
(Rogers 2003).The decision stage of the innovation-decision process is the point at
which an organization adopts or rejects an innovation and,consequently,there are many
views of how innovation impacts a firm’s productivity,survival,growth,and performance
(Gopalakrishnan and Damanpour 1997).In this section,we review the theoretical mod-
els that inform our research framework as well as the selection of variables used in our
empirical examination of biometric adoption.
2.4.1.Prior organizational research.The IT innovation adoption literature
includes a rich body of research that can be used to inform ongoing adoption research.
In a detailed review,Jeyaraj,Rottman,and Lacity (2006) examined 51 prior organizational
IT adoption publications from 1992 to 2003 and found that among the most frequently
used independent variables,the best predictors of IT adoption by organizations include
Venkatraman and Delpachitra’s study is the only research that we found related to biometrics adoption.
This study did not offer any measurement data or statistical observations;therefore,while it is useful as a first
step in studying this important area,it does not provide generalizable measurement data or a model structure that
can be used for a generalized investigation of this technology.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Top Management Support,External Pressure,and Organization Size.Furthermore,they
suggested that the characteristics of the organization adopting the technology should
be examined as part of future organizational adoption studies.Similarly,Frambach and
Schillewaert (2002) also suggested that future adoption research incorporate adopter char-
acteristics.Specifically,they noted that beyond individual versus organizational factors,
any factor used in determining whether to adopt and deploy a new innovation starts
with understanding potential customers and the factors that influence their adoption deci-
sions.An important variable they identify is the nature of the organization’s culture in
terms of its innovativeness (Deshpande,Farley,and Webster 1993;Srinivasan,Lilien,and
Rangaswamy 2002).This is similar to the results found by Deshpande and colleagues,
in which organizational innovativeness was shown to be an important determinant of
organizational performance.
Grandon and Pearson (2004) examined factors that influence electronic commerce
adoption in small- and medium-sized organizations by focusing on the perceptions of
top management regarding adoption of e-commerce technologies.The factors they exam-
ined included organizational readiness,external pressure,and the usefulness and ease of
use constructs from the TAM (Davis 1989).They found that external pressure,perceived
ease of use,and perceived usefulness were significant when influencing adoption,but that
organizational readiness was not.
In an empirical study of the factors that contribute to the adoption of e-processes
by service firms,Tsikriktsis,Lanzolla,and Frohlich (2004) added the concept of exter-
nal pressure to their research model.They characterized external pressure as being best
described as the “bandwagon” effect,where competitors and other market stakeholders
followed a leading innovator in their own adoption of the technology.The other factors in
their model included anticipated benefits,access to markets,internal barriers,and customer
barriers.All the factors,with the exception of customer barriers,were found to significantly
influence adoption.The researchers concluded that the forces driving the implementation
outweighed the barriers preventing adoption of the processes by organizations.
Srinivasan and colleagues (2002) studied the adoption of radical technologies by
organizations.This included factors such as technological opportunism,institutional
pressures (stakeholder and competitive),complementary assets,perceived usefulness,
organizational innovativeness,and top management advocacy.Top management advocacy
was defined by the researchers as “the efforts of the top management teamto emphasize the
importance of organizational responsiveness to new technologies.” This was found to be
a significant factor in the development of a new construct:technological opportunism.In
a related study by Ramamurthy,Premkumar,and Crum (1999),management support was
found to be necessary in confronting competitive pressures and facilitating the acquisition
of the proper financial resources when firms were faced with decisions about adopting an
innovative technology.In relation to top management support,another perspective of influ-
ence is research delineating the effect of managerial influence and the interaction between
perceived managerial behavior and employee characteristics when promoting the use of an
innovation to the consumer (Leonard-Barton and Deschamps 1988).This study found that,
while there was no direct relationship between management’s actions to motivate use and
the subsequent increase of use,significant relationships were observed when they consid-
ered the mediating role of personal characteristics and managerial intervention skills.Thus,
if an employee already possesses an innovative personality,management influence was
less important.Alternatively,if an employee was apprehensive in using a new innovation,
management encouragement was important.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

This review offers a summary of several representative adoption studies that have
been completed in the past two decades.While many variables were examined in these
studies,three broad constructs stand out as having an important influence on adoption:
the pressure on the organization to adopt,the organization’s readiness to adopt,and the
perceived benefits of the innovation for the organization.We describe how we incorporate
these constructs into our research framework in the next section.
Based on the review of literature in biometric technology research,and adoption
and diffusion research,as well as the context in which the current research is being
conducted,we conclude that three factors—external pressure,organizational readiness,
and perceived benefits—provide the foundation for our examination of the adoption of
biometric technologies.This suggests the following three questions:
1.Will organizations adopt biometric authentication because they perceive there is
pressure to do so?
2.Does the level of perceived readiness affect how willing an organization is to adopt
biometric authentication?
3.Would the perceived benefits of biometric authentication affect the organization’s
intention to adopt the technology?
To examine these questions,we adapted the EDI adoption models used by Chwelos
and colleagues (2001) and Iacovou and associates (1995) to develop the research model
shown in Figure 1.Our focus in this article is on manager attitudes about organizational
adoption of biometric technologies;therefore,we chose to use models of adoption that
consider organizational factors rather than individual adoption models such as the TAM.
Specifically,we examined three primary categories of variables that would influence orga-
nizational decision making:External Pressure,Readiness,and Perceived Benefits.The
model measures the level of contribution that variables within these three groups make
to the adoption of biometric authentication in the credit union financial services industry.
3.1.Analysis of Factors
The literature on adoption and diffusion of organizational systems suggests several
factors that are important predictors of the intention to adopt.Table 1 summarizes these
3.1.1.External pressures.Jeyaraj and colleagues’ (2006) review of predictors,
linkages,and biases in IT adoption research suggests that External Pressure is one of the
best predictors of organizational adoption (Hart and Saunders 1998;Hu,Hart,and Cooke
2006;Teo,Wei,and Benbasat 2003).In our research,the concept of External Pressure
addresses the following issue:What is the perceived amount of influence fromconsumers,
regulators,and the competition in relation to the pressure to adopt?Organizations that are
successful will be more likely to carefully listen and respond,particularly if requests are
consistent with regulatory mandates and competitive pressures.For example,if a sufficient
number of credit union members were to request biometric technology and competing
organizations were actively adopting this technology,a manager would likely perceive that
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Top Management
Figure 1 Organizational adoption model (adapted fromChwelos,Benbasat,and Dexter 2001).
momentumexists in the credit union to adopt biometrics.This is consistent with Liang and
associates’ (2007) research that examined the assimilation of enterprise systems where
normative forces were shown to directly influence Enterprise Resource Planning (ERP)
assimilation in a positive manner.As a result,we expect that there will be a positive rela-
tionship between a manager’s perceptions of external pressure and his or her expectation
that the organization would intend to adopt biometrics technology.
H1:Higher perceived external pressure will lead to greater intent to adopt biometric
3.1.2.Readiness.Four factors are associated with the concept of Readiness:
Financial Resources,Consumer Readiness,Innovativeness,and Top Management Support.
These variables are a proxy for the organization’s capabilities related to technology adop-
tion and are indicators of whether the firmis in a position to adopt a new technology.This
concept addresses questions such as:
Are financial resources available for adoption?
Will members accept and use new technologies?
Is the organization perceived to be innovative?
Is top management generally supportive of adopting a new technology?
The literature has consistently shown that readiness as a broad construct is a neces-
sary condition supporting adoption,and that it is positively related to the intent to adopt.In
this case,we are treating the readiness construct as a formative measure that is defined by
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Table 1 Summary of the current adoption factors in the study.
Factors in the
current study Factors in prior studies Source
External Pressure External Pressure
External Pressure
External Pressure
External Pressure
Competitive Pressure
Competitive Pressure
Chwelos,Benbasat,and Dexter (2001)
Grandon and Pearson (2004)
Iacovou,Benbasat,and Dexter (1995);
Tsikriktsis,Lanzolla,and Frohlich (2004);
Srinivasan,Lilien,and Rangaswamy (2002)
Ramamurthy,Premkumar,and Crum(1999)
Readiness Readiness
Organizational Readiness
Chwelos et al.(2001)
Grandon and Pearson (2004)
Organizational Readiness
Organizational Innovativeness
Srinivasan et al.(2002)
Deshpande,Farley,and Webster (1993);
Organizational Innovativeness
Organizational Innovativeness
Organizational Innovativeness
Internal Management Support
Frambach and Schillewaert (2002)
Subramanian and Nilakanta (1996)
Ramamurthy et al.(1999)
Leonard-Barton and Deschamps (1988)
Top Management Advocacy
Managerial Encouragement
Financial Resources
Perceived Costs
Premkumar,Ramamurthy,and Nilakanta
Perceived Benefits Perceived Benefits
Perceived Benefits
Anticipated Benefits
Expected Benefits
Relative Advantage
Chwelos et al.(2001);Iacovou et al.(1995)
Tsikriktsis et al.(2004);Ramamurthy et al.
Premkumar et al.(1994)
these four indicators.Each of these indicators represent an important predictor of readiness
because each has the potential to advance or retard efforts to adopt and deploy a new tech-
nology or innovation.For example,a substantial body of the organizational IS adoption
research has shown that top management support facilitates adoption because of factors,
such as strategic alignment,resource allocation,and supportive behaviors (Armstrong
and Sambamurthy 1999).Similarly,other factors such as resource allocation,innovative-
ness,and customer support have been shown to positively influence adoption decisions
(Deshpande et al.1993;Jeyaraj et al.2006;Srinivasan et al.2002).Given this,we suggest
the following:
H2:Higher readiness will lead to greater intent to adopt biometric authentication.
3.1.3.Perceived benefits.Iacovou and colleagues.(1995) described Perceived
Benefits as an organization’s level of recognition of the relative advantage that the new
technology will give it.Relative advantage is derived from Rogers’ model of diffusion of
innovations and is routinely modeled as a positive driver of adoption (Iacovou et al.1995;
Rogers 1983).Benefits of a technology or other innovation have been classified as direct
and indirect (Pfeiffer 1992).Direct benefits include operational savings,such as cost sav-
ings or improvements in operational efficiencies.Indirect benefits relate to impacts on the
organization’s activities that positively influence competitive position or market viability.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Research suggests that the motivation to adopt is often driven,at least in part,by the expec-
tation that the innovation will benefit the firm in one or both of these areas (Iacovou et al.
1995).The focus of this factor is to study the significance of the perceived indirect and
direct benefits of biometric technology in credit unions in relation to the intent to adopt.
Given the prior research showing a positive relationship between perceived benefits and
intention to adopt,we expect the following:
H3:Higher perceived benefits will lead to a greater intent to adopt biometric
4.1.Data Collection
To examine the factors presented in the model,a survey instrument was developed
based on prior adoption studies of organizational and inter-organizational systems.The sur-
vey was sanctioned and then distributed by the Credit Union National Association (CUNA)
to 425 credit unions via e-mail.The 425 credit unions were listed as members of the CUNA
Technology Council at the time of distribution.The survey recipient within each credit
union was a member of management with technology decision-making responsibilities.A
second reminder was sent by CUNA to the same set of council members via e-mail one
month later.CUNA technology members who had received the e-mail solicitation were
again solicited the following month at the CUNA Technology Council Summit.For the
solicitation at the summit,a paper survey was handed out to attendees who had not already
completed the Web-based survey (i.e.,attendees were specifically asked if they had com-
pleted the survey;they were not given the paper survey if they had previously completed
the online survey).
The survey instrument was developed to examine the factors presented in the
research model by adapting scales used in other adoption research to be consistent with
the terminology used in the credit union industry (Chwelos et al.2001;Deshpande et al.
1993;Frambach and Schillewaert 2002;Grandon and Pearson 2004;Iacovou et al.1995;
Srinivasan et al.2002;Subramanian and Nilakanta 1996;Tsikriktsis et al.2004).All psy-
chometric measures used a 7-point Likert scale (1 = Low to 7 = High) with a “Don’t
Know” option not included in the Likert scaling.
The concept of External Pressure consists of four items that asked the participant to
select the amount of pressure that was felt from members (credit union consumers),regu-
lators,and competitors.These scales were adapted fromprevious research (Chwelos et al.
2001;Grandon and Pearson 2004;Iacovou et al.1995;Srinivasan et al.2002;Tsikriktsis
et al.2004).
The concept of Readiness encompasses the level at which the organization is ready
to implement a new technology.In the current study,there are four sub-factors that define
the concept of Readiness:Innovativeness,Top Management Support,Financial Resources,
and Consumer Readiness.Measures of these factors were adapted from Chwelos and col-
leagues (2001) and Srinivasan and associates (2002).The Innovativeness factor measures
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

howthe organization perceives its propensity to innovate when implementing newproducts
and services (Srinivasan et al.).In addition,a study by Subramanian and Nilakanta (1996)
used the analysis of past implementations as a measurement of an organization’s inno-
vativeness level.Management Support has been shown to be an important predictor of
adoption decisions (Deshpande et al.1993;Frambach and Schillewaert 2002;Srinivasan
et al.2002).If it is perceived by stakeholders that there is scant top management support for
a particular project,the project will more than likely fail.Thus,the purpose of measuring
top management support is to understand the level at which the respondents believe that
sufficient support exists to adopt a new technology implementation.Financial Resources
has been utilized in previous research to measure cost by analyzing the perceived cost rel-
ative to implementing an innovative technology,such as EDI (Premkumar,Ramamurthy,
and Nilakanta 1994).In this study,Financial Resources examines respondent perceptions
about the availability of the funds needed to support a biometrics implementation.The
Financial Resources variable was derived from Chwelos and associates (2001) and was
constructed following the methodology employed in that study.Consumer Readiness is
based on respondents’ evaluation of their customers’ acceptance of previous technological
innovations (e.g.,ATMmachines,online banking,electronic bill pay,etc.) as adapted from
Subramanian and Nilakanta (1996).
The Perceived Benefits of a new technology are an indication of the relative advan-
tage an organization would receive by adopting it (Iacovou et al.1995).Perceived Benefits
was constructed by following the methodology from Chwelos and colleagues (2001) and
includes benefits pertaining to security and usability.For a credit union,the importance of
the perceived benefits should be an indicator of how likely the intention to adopt will be.
Finally,the dependent variable for this study is the Intention to Adopt biometric
authentication technology.The items were adapted from a similar scale in Chwelos and
coauthors (2001).This factor measures perceptions of the likelihood that the organization
will adopt biometric authentication technology.
A total of 116 responses were collected;surveys that had blank responses on a large
proportion of questions were removed fromthe data to be analyzed due to the fact that they
did not represent a completed survey.Ultimately there were 116 surveys of 425 collected
with a usable response rate of 19%.A total of 21 paper surveys and 58 online surveys
were included in the analysis (no difference in response patterns were discernable between
these groups).
The data were analyzed using structural equation modeling.To fully analyze the
model,a measurement model of the reflective constructs was performed,followed by a full
analysis of the structural model.These analyses are presented in the following subsections,
respectively.Two constructs within the model,readiness and perceived benefits,are oper-
ationalized as formative constructs and will be evaluated using methods proposed by Chin
(1998) and presented in the measurement model section.
5.1.Measurement Model
Confirmatory factor analysis (CFA) was used to evaluate the psychometric properties
of the latent reflective measures in the model.Multiple fit criteria were used to evaluate the
measurement model including the comparative fit index (CFI),the non-normed fit index
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

(NNFI),the root mean square error of approximation (RMSEA),the standardized root
mean square residual (SRMR),the goodness-of-fit index (GFI),and the adjusted good-
ness of fit index (AGFI).Acceptable levels for each included CFI ≥ 0.95,NNFI ≥ 0.95,
RMSEA ≤ 0.06,SRMR ≤ 0.08,GFI ≥ 0.90,and AGFI ≥ 0.80 (Bearden,Netemeyer,
and Mobley 1993;Gefen,Straub,and Boudreau 2000;Hu and Bentler 1999;Kim and
Son 2009).
The measurement model included seven factors fromthe overall research model with
their corresponding 21 indicators (see Figure 1).As mentioned,the formative indicators
of Readiness and Perceived Benefits were not included in the measurement model (Chin
1998).The output for the measurement model indicated that the model fit the data reason-
ably well:χ
(169) = 203.31,p = 0.04,CFI = 0.97,NNFI = 0.96,RMSEA = 0.044,
SRMR = 0.062,GFI = 0.85,AGFI = 0.80.All fit indicators were within acceptable lev-
els with the exception of GFI,which was below the 0.9 threshold.The means,standard
deviations,Cronbach’s alpha,composite reliability,average variance extracted (AVE),and
correlations of the measures are shown in Table 2.
Validity and reliability of the factors was performed to ensure the psychometric
properties of the measures (Bagozzi and Yi 1988;Fornell and Larcker 1981).Convergent
validity is established if all standardized factor loadings for an item are above 0.6 (Chin,
Gopal,and Salisbury 1997).All loadings were found to be above this threshold with the
exception of one of the items for usability.Values below this value have been accepted
in the past when the research is exploratory in nature (Hair et al.1998).Given this,the
model demonstrates acceptable convergent validity of the scale measures.Next,discrim-
inant validity is satisfactory as the square root of the AVE of each measure is greater
than the measure’s correlation with the other measures (Fornell and Larcker 1981;Chin
1998).Three types of reliability were also examined in relation to this measurement model.
Cronbach’s alpha,composite reliability,and average variance extracted levels were greater
than the recommended values of 0.7,0.7,and 0.5 respectively (Bagozzi and Yi 1988;
Bearden et al.1993;Fornell and Larcker) in all cases,except that of usability.The lowest
value for Cronbach’s alpha was found to be 0.70,which is at or above the recommended
value.The lowest value for composite reliability was found to be 0.69,which is very close
to the cutoff of 0.7.The AVE value of 0.44 for the Usability construct is below the recom-
mended value 0.5,but given that the other two reliability measures are within an acceptable
range,we suggest that the usability construct is adequate for the given model.Given this,
the measurement model shows acceptable fit,validity,and reliability,allowing for further
tests of the research model.
5.2.Research Model
Structural equation modeling via Mplus (Muthen and Muthen 2007) was used to
test the proposed research model.Structural equation modeling allows for the testing of
the entire model including formative indicators.In the structural model,External Pressure,
Innovativeness,Top Management Support,Consumer Readiness,Security,and Usability
are modeled as reflexive exogenous variables.Financial Readiness consists of a single
indicator,while Readiness and Perceived Benefits are modeled as formative indicators.
Intention to Adopt is modeled as a reflexive endogenous variable.
The output for the structural model indicated that the model fit the data very well:χ
(198) = 228.90,p = 0.07,CFI = 0.98,NNFI = 0.97,RMSEA = 0.038,SRMR = 0.074
(Mplus does not report GFI or AGFI).All fit indicators were well within acceptable levels,
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Top Management



Figure 2 Model 1 with associated coefficients and significance levels (

= p < 0.05,
= p < 0.01,
=p <0.001).
and the χ
test shows that the model is not significantly different fromthe saturated model,
which shows exceptional fit.
The hypothesized relationships within the model were also examined for significance
of the paths.The constructs forming the formative construct of Readiness showed mixed
results.While Innovativeness,Financial Resources,and Consumer Readiness were shown
to have a substantial impact of overall readiness,Top Management Support was not shown
to be significantly related to overall readiness.This finding is quite interesting and will
be discussed more in the next section.Security and Usability also significantly impacted
the Perceived Benefits formative construct.Overall,External Pressure,Readiness,and
Perceived Benefits all significantly impacted Intention to Adopt,supporting H1,H2,and
H3.The model accounts for 41% of the variance in Intention to Adopt.The model with
respective loadings can be viewed in Figure 2.
The results of the analysis demonstrate that the model explains a substantial amount
of variance (i.e.,approximately 41%) in Intention to Adopt.The results also show that,
within the credit union industry,the intention to adopt biometric authentication is driven
by external pressures,readiness,and the perceived benefits that the technology brings to
the organization.In a review of the original three hypotheses of the research model,H1 is
supported,H2 is partially supported,and H3 is supported.
On December 14,2004,the Federal Deposit Insurance Corporation (FDIC 2004)
published a report titled Putting an End to Account-Hijacking Identity Theft,which
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

suggested that biometric technology,such as fingerprint readers,should be integrated into
credit union transactions as a means of secondary authentication.Our research represents
the first empirical examination of an important issue raised by this report,as well as by
other trends in financial services.Specifically,we sought to address the question of which
factors would influence stakeholders in the financial services industry to adopt biomet-
ric authentication technologies.To examine this question,the research focused on three
variables:External Pressure,Readiness,and Perceived Benefits,and their relationship to
the intention to adopt biometric authentication in credit unions.We delivered surveys to
425 IT managers and received responses from 116 informants from these institutions.We
found that the intent to adopt is related to competitive factors,an organization’s financial-
resource readiness,and the perceived benefits associated with the technology (including
meeting regulatory and security requirements),but that management support was not a
significant predictor of readiness and,therefore,of the intention to adopt.
These results are interesting in light of the increasing interest in biometrics due to the
increasing perceptions of risk associated with identity theft,pending legislative regulations,
and the potential for financial losses and liabilities incurred by financial institutions.For
example,the purpose of the FDIC report was to increase the level of awareness in financial
institutions to the threat of identity theft.The report was also meant to be an educational
document on the methods available to increase security and thwart theft.Subsequently,on
October 12,2005,the FFIEC (2005) published a report titled Authentication in an Internet
Banking Environment,which strongly encouraged all financial institutions to select a
method of two-factor authentication for their online banking systems by the end of 2006.
Possible methods for accomplishing this task referenced the FDICstudy as a resource.One
method described in both reports was biometric authentication.This recommendation came
as a bit of a surprise because,as of that time,biometric authentication technology had yet
to become widely accepted in the United States.Nevertheless,these recommendations cre-
ated an environment for financial services institutions that made biometric authentication
a viable alternative for addressing authentication requirements.In fact,these two reports
provided the motivation for this study and highlight why it is important to understand how
industry stakeholders perceive biometrics technology.
Given this background,an important question raised by these results is whether
the FFIEC recommendation about the use of biometric technologies has had a significant
impact on credit unions’ thinking about the value of biometric authentication.The findings
from this study suggest that managers do perceive that biometrics can benefit their credit
unions,so while biometric authentication technology is still novel and may be considered
to be an emerging,innovative technology,it is also seen as having potential practical impli-
cations for these financial services organizations.This is also consistent with the expected
outcome that innovative credit unions would be more likely to adopt biometrics because
early adopters of newtechnology discover the benefits as well as hazards involved and can
influence any subsequent implementations by other credit unions.
Readiness was found to be an important predictor of adoption intention.When imple-
menting a technology that has not been widely utilized,an organization must have adequate
resources available for not only the implementation process,but also an exit strategy should
the endeavor fail.As Jain and associates (2008) pointed out in their study of biometric tech-
nology and identity management system integration,there are significant barriers that are
still of great concern,such as accuracy,scale,security,and privacy.This is consistent with
the results of our study,as those barriers have financial implications that must be planned
for before deciding to adopt a biometric system.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

A notable result of the study was how External Pressure influenced the intent to
adopt.This result is similar to what Tsikriktsis and colleagues (2004) called the “band-
wagon” effect;in this situation,the pressure to keep up with competitors is significant,
because in the credit union industry external factors often drive innovation and change.For
example,as with firms in most industries,credit unions monitor other financial institutions
with which they directly compete (e.g.,banks and competing credit unions),as well as
the industry as a whole.However,credit unions also frequently cooperate with other credit
unions when the relationships will benefit each of the institutions.Thus,there is a culture in
this industry that accepts change readily fromexternal sources,such as other credit unions
(i.e.,mimicry is an accepted part of industry culture).In this light,it is not surprising that
External Pressure was shown to be important in predicting intent to adopt.
The most surprising result in this study is the finding that management support
does not significantly influence readiness and,indirectly,intent to adopt.This result runs
counter to much of the prior literature that has examined this construct (Armstrong and
Sambamurthy 1999;Hu et al.2006;Teo et al.2003).An important question is why this
result would be found in the context of this research when it is so frequently shown to
be an important predictor of intent to adopt.One potential reason for this finding may be
related to the context of this study—the adoption of biometrics technology in response
to pending legislative or industry association actions.In other words,given that the deci-
sion to adopt is reactionary,rather than proactive,suggests that this might be perceived to
be less a strategic decision and more an operational response.In this light,the IT man-
agers who were the informants in this study would presumably have been cognizant of the
fact that the decision regarding whether secondary authentication would be implemented
had been taken out of the hands of senior management.As a result,all that remained
to be decided concerned which form of secondary authentication to implement.Such a
decision would likely be viewed as being primarily an operational decision rather than a
strategic decision;therefore,the expectation that top management would be involved in
the decision-making process would be low for most of these informants.This finding is
unique and has important implications for future research in adoption studies.Specifically,
this suggests that factors influencing intentions to adopt will be significantly influenced by
whether the innovation or technology being adopted is mandatory or optional.In the case
of optional or volitional technology decisions,strategic considerations would likely draw
senior managers into the decision-making process.Alternatively,for mandatory or non-
volitional technology adoption,it is likely that operational managers would be the primary
decision makers.
Overall,the results of the model are indicative of the situations that organizations
face when making business decisions concerning whether to adopt a new technology.
While not all the factors were significant,biometric authentication technology is new and
not widely accepted by consumers.This situation may very well change in the next few
years if biometrics were,for example,to be adopted by a major retailer such as Wal-Mart.
6.1.Limitations and Future Research
It is important to interpret our results in light of the limitations of this study.First,
the respondents are representatives froma single industry—credit unions—which may not
be representative of all financial institutions or of firms in other industries.Second,respon-
dents were members of a Technology Council and,as managers who are responsible for
the technology decision-making of their institutions,may be individuals who are more
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

innovative or receptive to technology innovations.In addition,while the 19%response rate
is acceptable,the total number of responses that were gathered represents only a sample
and,thus,may not be a true representative of the entire credit union industry.Further,
while the results of the model are indicative of the current situations that organizations
face when making business decisions about whether to adopt biometrics,this may very
well change as biometrics are deployed in other environments.While evolving use of this
specific technology may change,the study does tell us about how a new technology is
initially evaluated during unilateral adoptions,and it highlights the factors that need to
be addressed by change agents as they consider how to initiate the adoption of these and
similar technologies.
While the focus of this study was on the factors related to an organization’s deci-
sion to adopt biometric authentication technology,the same study could be carried out in
other industries (e.g.,banking,stock trading,insurance,etc.),particularly given the impor-
tance of biometric technology as a means of addressing identity theft and account fraud.
Organizations are looking for alternatives that will be secure,safe,and customer friendly;
as a result,this study contributes to the literature available to researchers and organizational
actors as they investigate and make adoption decisions about biometric technologies.If
indeed biometric authentication technology adoption increases,the importance of the fac-
tors examined in this study may change because of changes in organizational and consumer
awareness as well as overall confidence in the technology as a secure and safe means of
authentication.Furthermore,this study examined organizational considerations related to
biometrics adoption,not individual attitudes about personal use of the technology (e.g.,by
applying TAM).While TAMwould not be a suitable model for examining attitudes about
organizational adoption of technology because of its theoretical focus on attributes of a
specific technology,
TAMwould be useful to assess other stakeholder (e.g.,credit union
members) attitudes about specific biometric technology.
The unexpected results related to top management support might call into question
the reliability of these findings,given that it is contrary to most prior research examining
this variable.While every model needs to be critically examined for errors or misspecifica-
tion,we have confidence that this model is robust and accurately describes the relationships
in our data.As noted in the results section,the parameters and indices describing the fit of
the model are quite good.In addition,while not reported here,the authors examined sev-
eral alternative theoretically justified model designs and,in the end,found that the model
reported in this article represents the best fitting model (i.e.,it meets or exceeds the impor-
tant criteria for evaluating model fit).We are confident that these results represent a reliable
test of the theoretical model we postulated and that the results offer interesting and use-
ful findings.As noted,the finding that management support is not significantly related to
Readiness,while not predicted in our hypotheses,can be understood when considered in
light of the specific regulatory and competitive context in which this research was framed.
Contrary to what would have been predicted by traditional adoption and diffusion
research,our data indicate that External Pressure and Readiness are both more important
In the current study,the specific operations of the biometric technology are not evaluated,making TAM
estimations of usefulness and usability extremely abstract.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

factors in the adoption decision than Perceived Benefits.As we have noted,much of the
research on adoption and diffusion has focused on multilateral decision environments,in
which there may exist a clearer understanding of the mutual benefits of adoption.In this
study,where the technology is a stand-alone innovation that makes it a unilateral deci-
sion for the firm,senior managers may place less emphasis on performance and more
emphasis on maintaining competitive position within their industry or aligning with indus-
try partners.The culture of many credit unions supports this emphasis on simultaneous
competition and cooperation with other institutions in their competitive environment.This
suggests that it is important to consider the nature of the technology in combination with
the firm’s characteristics and industry position when examining stand-alone technologies
such as biometrics.
In addition,it is important to recognize that biometrics,as a security technology,
does not have the “bottom line” impact that technologies such as EDI possess;therefore,
it may be difficult for managers to quantify the benefits to their organizations.This is a
critical difference between our results and other adoption and diffusion studies.As noted
by Dutta and McCrohen (2002),top managers are largely uninvolved in security decisions
because they often perceive little or no association between security and profitability.Thus,
biometric adoption would be more likely to be positioned as a tactical security response
to a regulation or impending threat and not to the broader,bottom line strategic focus of
the institution.In this light,the middle managers who responded to this survey undoubt-
edly recognized that senior management would be more likely to place greater emphasis
in their decision-making about IT investments on the maintenance of competitive posi-
tion rather than innovative security infrastructure.In other words,an additional important
result from our study is that it highlights the fact that the nature of the technology and
the context of other external regulatory pressure is important when considering whether or
not top management support will figure into the decision to adopt technology (e.g.,Weil
and Aral 2006).For managers,this suggests that while bottom-line performance consid-
erations are important,they should also recognize that other factors,often those related to
organizational or environmental conditions,will have a strong influence on decision mak-
ing.As with any IT implementation,the management of “change” that is associated with
the introduction of a new and,perhaps,radical technology often represents a process that
is difficult to control and the outcomes are often hard to predict.We hope that these results
will be useful to managers to assist them in aligning resources and soliciting support for
the adoption of similar technologies by considering the relative importance of these factors
that influence adoption decisions.
On a broader note,as Dutta and McCrohen (2002) point out,many senior managers
consider decisions about security to be an IT function;therefore,for senior management to
support the adoption of security technologies like biometrics,it will be important to change
the attitudes that exist about the role of security technologies in the organization.In this
light,our results are consistent with the recommendations of Dutta and McCrohen’s and
Austin and Darby (2003) to encourage top management to engage in decisions related to
the adoption of security processes and technologies.
We would like to acknowledge and thank the Credit Union National Association
(CUNA) for granting us permission to conduct a survey of its members.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Ahmed,F.,and M.Y.Siyal.2005.“A novel approach for regenerating a private key using password,
fingerprint and smart card.Information Management &Computer Security 13(1):39–54.
Alterman,A.2003.“A piece of yourself:Ethical issues in biometric identification.Ethics and
Information Technology 5(3):139–150.
Armstrong,C.P.,and V.Sambamurthy.1999.“Information technology assimilation in firms:
The influence of senior leadership and IT infrastructures.Information Systems Research
Austin,R.D.,and C.A.R.Darby.2003.“The myth of secure computing.” Harvard Business Review
Bagozzi,R.P.,and Y.Yi.1988.“On the evaluation of structural equation models.” Journal of the
Academy of Marketing Science 16(1):74–94.
Bearden,W.O.,R.G.Netemeyer,and M.F.Mobley.1993.Handbook of Marketing Scales:Multi-
Item Measures for Marketing and Consumer Behavior Research.Newbury Park,CA:Sage
Bolle,R.M.,J.H.Connell,S.Pankanti,N.K.Ratha,and A.W.Senior.2004.Guide to Biometrics.
New York:Springer-Verlag.
Breckenridge,K.2005.“The biometric state:The promise and peril of digital government in the new
South Africa.” Journal of Southern African Studies 31(2):267–282.
Chandra,A.,and T.Calderon.2005.“Challenges and constraints to the diffusion of biometrics in
information systems.” Communication of the ACM 48(12):101–106.
Chandra,A.,R.Durand,and S.Weaver.2008.“The uses and potential of biometrics in health care:
Are consumers and providers ready for it?” International Journal of Pharmaceutical and
Healthcare Marketing 2(1):22–34.
Chin,W.W.1998.“The partial least squares approach to structural equation modeling.” In Modern
Methods for Business Research,edited by G.A.Marcoulides.Mahwah,NJ:Lawrence
Chin,W.W.,A.Gopal,and W.D.Salisbury.1997.“Advancing the theory of adaptive structuration:
The development of a scale to measure faithfulness of appropriation.” Information Systems
Research 8(4):342–367.
Chwelos,P.,I.Benbasat,and A.S.Dexter.2001.“Research report:Empirical test of an EDI adoption
model.” Information Systems Research 12(3):304–321.
Coventry,L.,A.De Angeli,and G.Johnson.2003a.“Honest it’s me!Self service verification.”
Paper read at CHI Workshop on Human-Computer Interaction,Adoption Study and Security
Systems,at Fort Lauderdale,FL.
Coventry,L.,A.De Angeli,and G.Johnson.2003b.“Usability and biometric verification at the
ATM interface.” Paper read at Proceedings of the SIGCHI Conference on Human Factors in
Computing Systems,at Fort Lauderdale,FL.
Davis,F.D.1989.“Perceived usefulness,perceived ease of use,and user acceptance of information
technology.” MIS Quarterly 13(3):319–340.
Deshpande,R.,J.Farley,and F.Webster,Jr.1993.“Corporate culture,customer orientation,
and innovativeness in Japanese firms:A quadrad analysis.” Journal of Marketing 57:
Down,M.P.,and R.J.Sands.2004.“Biometrics:An overview of the technology,challenges and
control considerations.” Information System Control Journal 4:53–56.
Dutta,A.,and K.McCrohen.2002.“Management’s role in information security in a cyber economy.”
California Management Review 45(1):67–87.
Elliott,S.,E.P.Kukula,and N.C.Sickler.2004.“The challenges of the environment and
the human/biometric device interaction on biometric system performance.” Paper read
at International Workshop on Biometric Technologies—Special Forum on Modeling and
Simulation in Biometric Technology,at Calgary,Alberta,Canada.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Fairhurst,M.C.2003.“Document identity,authentication and ownership:The future of biomet-
ric verification.” Paper read at Seventh International Conference on Document Analysis and
Recognition (ICDAR’03),August 3–6,at Edinburgh,Scotland.
Federal Deposit Insurance Corporation.2004.Putting an End to Account-Hijacking Identity Theft.
2004.Retrieved from
pdf,(accessed July 7,2010).
Financial Institutions Examination Council.2005.Authentication in an Internet Banking
Environment.2005.Retrieved from
(accessed July 7,2010).
Fornell,C.,and D.F.Larcker.1981.“Evaluating structural equation models with unobservable
variables and measurement error.” Journal of Marketing Research 18(1):39–50.
Frambach,R.T.,and N.Schillewaert.2002.“Organizational innovation adoption:A multi-level
framework of determinants and opportunities for future research.” Journal of Business
Research 55(2):163–176.
Gartner.2005.Gartner Survey Shows Frequent Data Security Lapses and Increased Cyber Attacks
Damage Consumer Trust in Online Commerce.Gartner 2005 Press Release.Retrieved from (accessed July 7,2010).
Gefen,D.,D.Straub,and M.Boudreau.2000.“Structural equation modeling and regression:
Guidelines for research practice.” Communications of Association for Information Systems
Gopalakrishnan,S.,and F.Damanpour.1997.“A review of innovation research in economics,soci-
ology and technology management.” Omega,International Journal of Management Science
Grandon,E.,and M.Pearson.2004.“Electronic commerce adoption:An empirical study of small
and mediumUS businesses.” Information &Management 42(1):197–216.
Hair,J.F.,R.E.Anderson,R.L.Tatham,and W.C.Black.1998.Multivariate Data Analysis.
Englewood Cliffs,NJ:Prentice–Hall.
Harris,A.J.,and D.C.Yen.2002.“Biometric authentication:Assuring access to information.”
Information Management &Computer Security 10(1):12–19.
Hart,P.J.,and C.S.Saunders.1998.“Emerging electronic partnerships:Antecedents and dimensions
of EDI use from the supplier’s perspective.” Journal of Management Information Systems
Heckle,R.,A.Patrick,and A.Ozok.2007.“Perception and acceptance of fingerprint biometric
technology.” Paper read at Symposiumon Usable Privacy and Security (SOUPS),July 18–20,
Heracleous,L.,and J.Wirtz.2006.“Biometrics:The next frontier in service excellence,productivity
and security in the service sector.” Managing Service Quality 16(1):12–22.
Hu,L.,and P.M.Bentler.1999.“Cutoff criteria for fit indexes in covariance structure analysis:
Conventional criteria versus new alternatives.” Structural Equation Modeling 6(1):1–55.
Hu,Q.,P.Hart,and D.Cooke.2006.“The role of external influences on organizational information
security practices:An institutional perspective.” Paper read at SystemSciences,2006.HICSS
‘06.Proceedings of the 39th Annual Hawaii International Conference January 4–7,Hawaii.
Iacovou,C.L.,I.Benbasat,and A.S.Dexter.1995.“Electronic data interchange and small
organizations:Adoption and impact of technology.” MIS Quarterly 19(4):465–485.
Jain,A.K.,K.Nandakumar,and A.Nagar.2008.“Biometric template security.EURASIP Journal
on Advances in Signal Processing 1.
Jain,A.K.,S.Pankanti,S.Prabhakar,L.Hong,and A.Ross.2004.“Biometrics:A grand chal-
lenge.” Paper read at 17th International Conf.on Pattern Recognition (ICPR’04),August
James,T.,T.Pirim,K.Boswell,B.Reithel,and R.Barkhi.2006.“Determining the intention to use
biometric devices:An application and extension of the technology acceptance model.” Journal
of Organizational and End User Computing 18(3):1–24.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Jeyaraj,A.,J.Rottman,and M.Lacity.2006.“A review of the predictors,linkages,and biases in IT
innovation adoption research.” Journal of Information Technology 21:1–23.
Jones,L.A.,A.I.Antón,and J.B.Earp.2007.“Towards understanding user perceptions of authen-
tication technologies.” Paper read at Proceedings of the 2007 ACM workshop on Privacy in
electronic society,October 29,Alexandria,VA.
Kim,S.S.,and J.-Y.Son.2009.“Out of dedication or constraint?A dual model of post-adoption
phenomena and its empirical test in the context of online services.” MIS Quarterly 33(1):49–70.
Kleist,V.,R.Riley Jr.,and T.Pearson.2005.“Evaluating biometrics as internal control solutions to
organizational risk.” Journal of American Academy of Business 6(2):339–343.
Langenderfer,J.,and S.Linnhoff.2005.“The emergence of biometrics and its effect on consumers.”
Journal of Consumer Affairs 39(2):314–338.
Leonard-Barton,D.,and I.Deschamps.1988.“Managerial influence in the implementation of new
technology.” Management Science 34(10):1252–1265.
Liang,H.,S.Nilesh,Q.Hu,and Y.Xue.2007.“Assimilation of enterprise systems:The effect
of institutional pressures and the mediating role of top management.” MIS Quarterly
Moody,J.2004.“Public perceptions of biometric devices:The effect of misinformation on
acceptance and use.” Journal of Issues in Informing Science and Information Technology
Muthen,L.K.,and B.O.Muthen.2007.Mplus Statistical Analysis with Latent Variables User’s
Guide.5th ed.Los Angeles:Muthen &Muthen.
Pfeiffer,H.1992.The Diffusion of Electronic Data Interchange.New York:Springer-Verlag.
Pons,A.,and P.Polak.2008.“Understanding user perspectives on biometric technology.”
Communications of the ACM 51(9):115–118.
Prabhakar,S.,S.Pankanti,and A.K.Jain.2003.“Biometric recognition:Security and privacy
concerns.” IEEE Security &Privacy Magazine 1(2):33–42.
Premkumar,G.,K.Ramamurthy,and S.Nilakanta.1994.“Implementation of electronic data inter-
change:An innovation diffusion perspective.” Journal of Management Information Systems
Ramamurthy,K.,G.Premkumar,and M.Crum.1999.“Organizational and interorganizational
determinants of EDI diffusion and organizational performance:A causal model.” Journal of
Organizational Computing and Electronic Commerce 9(4):253–285.
Ratha,N.K.,J.H.Connell,and R.M.Bolle.2001.“Enhancing security and privacy in biometrics-
based authentication systems.” IBMSystems Journal 40(3):614–634.
Riley Jr.,R.A.,and V.F.Kleist.2005.“The biometric technologies business case:A systematic
approach.” Information Management &Computer Security 13(2):89–105.
Rogers,E.M.1983.Diffusion of Innovations.New York:Free Press.
Rogers,E.M.2003.Diffusion of Innovations.5th ed.New York:Free Press.
Ruttenbur,B.W.,and A.L.Jones.2006.Biometrics:Industry Overview for the Investment
Community.Morgan Keegan & Co.,Inc.Retrieved from
asp?S=AEF7F2D6-1B8A-4A13-993F-5DAE39F048AA (accessed July 7,2010).
Srinivasan,R.,G.Lilien,and A.Rangaswamy.2002.“Technological opportunism and radical
technology adoption:An application to e-business.” Journal of Marketing 66(3):47–60.
Sticha,P.J.,and J.P.Ford.1999.“Introduction to biometric technology:Capabilities and applications
to the food stamp program.” In U.S.Department of Agriculture contract no:FCS 53-3198-6-
025 (pp.1–39).Arlington,VA:R.Lewis &Co.,Inc.
Subramanian,A.,and S.Nilakanta.1996.“Organizational innovativeness:Exploring the relationship
between organizational determinants of innovation,types of innovations,and the mea-
sures of organizational performance.” Omega,International Journal of Management Science
Tassabehji,R.,and M.A.Kamala.2009.“Improving e-banking security with biometrics:
Modelling user attitudes and acceptance.” Paper read at 3rd International Conference on New
Technologies,Mobility and Security (NTMS),Dec.20–23,Cairo.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Teo,H.H.,K.K.Wei,and I.Benbasat.2003.“Predicting intention to adopt interorganizational
linkages:An institutional perspective.” MIS Quarterly 27(1):19–49.
Tsikriktsis,N.,G.Lanzolla,and M.Frohlich.2004.“Adoption of e-processes by service firms:An
empirical study of antecedents.” Production and Operations Management 13(3):216–229.
Venkatraman,S.,and I.Delpachitra.2008.“Biometrics in banking security:A case study.”
Information Management and Computer Security 16(4):415–430.
Waters,J.2010.“Identity fraud nightmare:One man’s story.” Marketwatch.Retrieved from http://
(accessed June 21,2011).
Wayman,J.L.2008.“Biometrics in identity management systems.” IEEE Security and Privacy
Magazine 6(2):30–37.
Weil,P.,and S.Aral.2006.“Generating premium returns on your IT investments.” Sloan
Management Review 47(2):39–48.
Zorkadis,V.,and P.Donos.2004.“On biometrics-based authentication and identification from
a privacy-protection perspective:Deriving privacy-enhancing requirements.” Information
Management &Computer Security 12(1):125–137.
DawnLauxis aClinical Assistant Professor intheDepartment of Computer andInformation
Technology (CIT) at Purdue University.She has been with the University since 2007 and
is responsible for teaching database fundamentals and introductory technology courses.
Dawn earned her fromIowa State University in Information Systems in 2007,
and has 10 years of industrial experience in the information technology field.Her research
areas of interest include technology readiness and the social impacts of technology.
Andy Luse is a Ph.D.student in Business and Technology specializing in Management
of Information Technology at Iowa State University.Andy received a Human
Computer Interaction and Computer Engineering fromIowa State University in 2009.His
research interests include computer and network security,visualization for computer and
network security,and user interface design and usability.He is a member of the Association
for Computing Machinery,the Institute of Electrical and Electronics Engineers,and the
Association for Information Systems.
Brian Mennecke is an Associate Professor of Management Information Systems at
Iowa State University.His research interests include collaboration and collaborative sys-
tems,social media and virtual worlds,embodiment and perceptions of space,security
systems and biometrics,mobile and electronic commerce,and spatial technologies.He
has previously published a book on mobile commerce and articles in academic and
practitioner journals such as Management Information Systems Quarterly,the Decision
Sciences Journal,the International Journal of Human-Computer Studies,the Journal
of Management Information Systems,Organizational Behavior and Human Decision
Processing,the Journal of Information Privacy and Security,and the Journal of Digital
Forensics,Security &Law.
Anthony M.Townsend is an Associate Professor of MIS at Iowa State University.He
received his M.S.and Ph.D.from Virginia Polytechnic Institute and State University and
conducts research in collaborative systems and virtual teams.He has published in MIS
Quarterly,Information Systems Research,and the Communications of the ACM,among
other venues.He is currently conducting research in collaborative systems designed to
enhance a variety of organizational processes,including security.
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

External Pressures
CPP1 Competitive
Please rate your perceptions of the amount of pressure placed on your
organization by other credit unions to adopt biometrics.(No
Pressure at all =1 to Extreme Pressure =7)
CPP2 Competitive
Please rate your perceptions of the amount of pressure placed on your
organization by other financial institutions (excluding credit unions)
to adopt biometrics.(No Pressure at all =1 to Extreme
Pressure =7)
IN1_1-IN1_4 Innovativeness When introducing new products and services,please rate how your
credit union compares to other credit unions.(Strongly Disagree =1
to Strongly Agree =7)
1.We are first to market with innovative new products and services
2.We are first to develop a new process technology
3.We are first to recognize and develop new markets
4.We are at the leading edge of technological innovation
Top Management
Please rate the advocacy of your top management where it pertains to
the deployment of new technologies.(Strongly Disagree =1 to
Strongly Agree =7)
1.Top managers repeatedly tell managers that the credit union must
gear up to meet changing technology trends
2.Top managers always make an effort to convince managers of the
benefits of a new technology
3.Top managers always encourage employees to develop and
implement new technologies
4.Top managers in this organization are frequently the most ardent
champions of new technologies
FR1 Financial
In the context of your organization’s overall Information Systems
budget,howsignificant would the financial cost be in developing and
implementing biometrics as an additional level of authentication?
(Not at all Significant =1 to Extremely Significant =7)
CR1_1-CR1_3 Consumer
Please rate how receptive your members were to accepting technology
deployments within your organization.(Low Acceptance =1 to
High Acceptance =7)
1.Online Banking
2.Electronic Bill Pay
3.Electronic Statements
Perceived Benefits
PB1_1-PB1_5 Perceived Benefits Please rate the importance of achieving each of the following benefits
of biometrics in terms of your organization’s decision to adopt
biometrics.(Not at all Important =1 to Extremely Important =7)
1.Improved Accuracy of Authentication
2.Reduced Operating Costs
3.Increase in Member Account Security
4.Decrease in Member Transaction Time
5.Member Ease of Use
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013

Appendix A (Continued).
Intention to Adopt
IA1 Intention to Adopt At what stage of biometric systemdevelopment is your organization
currently engaged?
∗ Not currently developing a biometric authentication solution
(Weight =10)
∗ Planning (Weight =30)
∗ Pilot testing (Weight =50)
∗ Currently have a biometric solution in production (Weight =70)
IA2 Intention to Adopt What is the likelihood that your organization intends to adopt
biometrics as an additional level of authentication in the next six
months?(Not at all likely =10 to Extremely likely =70)
IA3 Intention to Adopt How soon do you anticipate that your organization will adopt a
biometric solution?
∗ Less than 6 months (Weight =70)
∗ 6 months to 1 year (Weight =58)
∗ 1 year to 2 years (Weight =46)
∗ 2 to 3 years (Weight =34)
∗ More than 3 years (Weight =22)
∗ Do not anticipate ever adopting biometrics (Weight =10)
Downloaded by [City University of Hong Kong Library] at 21:28 26 September 2013