Online Banking Adoption Vs. Security Behaviors: An Analysis of Financial Cybersecurity Practices Among U.S. Adults 65+

Online Banking Adoption Vs. Security Behaviors: An Analysis of Financial Cybersecurity Practices Among U.S. Adults 65+

Daniel Chinaemerem¹, Oguntuase Michael^1’2, Eziefule Chinonso²,

Mayegun Kabirat¹ Bawah Kendi¹, Ndukwu Amaka³

¹ LeBow College of Business, Drexel University, Philadelphia PA USA,

² College of Computing & Informatics, Drexel University, Philadelphia PA USA

³ Centre of Excellence for Data Science, Artificial Intelligence& Modelling, University of Hull, Hull, UK

DOI: https://dx.doi.org/10.47772/IJRISS.2025.909000041

Received: 24 August 2025; Accepted: 30 August 2025; Published: 27 September 2025

ABSTRACT

Digital banking adoption has increased across all age groups; older adults face disproportionate cybersecurity challenges due to lower digital literacy and different usage patterns. Understanding generational differences in security behaviors is essential for designing inclusive financial protection strategies and reducing elder financial exploitation. This study employs secondary data analysis and examines three key domains: online banking adoption patterns, cybersecurity behaviors (two-factor authentication awareness and password management), and fraud victimization outcomes across age cohorts, with particular focus on adults aged 65+ compared to younger groups. Significant disparities emerged across all measured domains. These findings reveal a critical security gap where older adults are simultaneously under protected by existing security measures and over victimized by fraud schemes. Financial institutions must implement age-inclusive security designs, including simplified two-factor authentication, enhanced fraud detection for senior accounts, and targeted education initiatives. Addressing these disparities requires moving beyond one-size-fits-all cybersecurity approaches toward human centered design that accommodates cognitive, physical, and social factors affecting technological adoption among aging populations.

Keywords– Older adults, Digital banking, Cybersecurity, Technology adoption, financial fraud

INTRODUCTION

As banking institutions accelerate their transition to digital-first operational models, they may inadvertently be amplifying cybersecurity vulnerabilities among their most financially substantial yet digitally inexperienced customer demographics. Recent Federal Bureau of Investigation data indicates that Americans over age 60 experienced financial losses exceeding $3.4 billion in 2023, representing an 11% year-over-year increase and the highest per-capita fraud losses across all age cohorts [1]. This escalating trend reflects more than isolated criminal activity; it signals a systematic disconnect between institutional digital transformation strategies and the cybersecurity preparedness of aging customers [26].

The fundamental issue lies in what this research terms the “digital adoption-security preparedness gap”. It is a temporal and educational mismatch where financial institutions rapidly deploy sophisticated digital banking features while simultaneously under-investing in age-appropriate cybersecurity education and support infrastructure [10]. This gap has been exacerbated by the COVID-19 pandemic, which served as an unprecedented catalyst for digital banking adoption across all demographic segments, including previously reluctant older users [4],[23].

The significance of this phenomenon extends beyond individual financial harm to encompass broader implications for financial stability, consumer protection, and digital equity [31]. From a business perspective, financial institutions face compelling economic incentives to digitize operations: online transactions reduce operational costs by an estimated 50-90% compared to branch transactions, while simultaneously generating valuable consumer behavioral data [3]. However, this efficiency-driven digital migration creates negative externalities disproportionately affecting older customers who may lack the technical know-how necessary to navigate complex security protocols safely [20].

Theoretically, this situation exemplifies what Rogers identified in Diffusion of Innovation Theory as the challenge of “relative advantage” versus “complexity”[2]. Where the perceived benefits of adoption of digital banking may be overshadowed by the cognitive burden of understanding associated security requirements. For older adults, this is compounded by what Czaja et al. describes as “technology anxiety,” a psychological barrier that can lead to either technology avoidance or unsafe workaround behaviors when security measures exceed user capability [6].

Despite growing scholarly attention to digital divides and elder fraud, existing research exhibits significant limitations in addressing the core issue identified above. The current literature treats digital literacy deficits and cybersecurity vulnerabilities as separate phenomena, failing to examine their dynamic interaction within the specific context of banking digitization strategies [12]. While studies have documented lower digital literacy rates among older populations [6] and catalogued prevalent fraud typologies targeting seniors [7], there remains a conspicuous absence of research investigating the temporal dynamics between feature adoption and security readiness.

Our research contributes to the emerging field of “behavioral cybersecurity” by examining how organizational decisions influence individual security behaviors within specific demographic contexts.

The investigation is structured around three primary research questions:

RQ1: To what extent does the adoption rate of digital banking features among U.S. adults aged 65+ align with their concurrent adoption of requisite security behaviors, and where do the most significant misalignments occur?

RQ2: Which demographic, behavioral, or institutional factors most strongly predict effective security behavior adoption among older banking customers, and how do these predictors differ from those affecting younger populations?

RQ3: What measurable relationships exist between the timing and design characteristics of banks’ digital service deployments and subsequent fraud victimization rates among older customer segments?

By answering these questions, this research aims to provide both theoretical insights into age-related technology adoption patterns and practical guidance for financial institutions seeking to implement secure, inclusive digital banking strategies. The findings will inform evidence-based recommendations for policy makers, banking executives, and cybersecurity professionals working to protect vulnerable populations in an increasingly digital financial ecosystem.

LITERATURE REVIEW

The intersection of demographic aging and financial digitization creates unprecedented challenges requiring examination of technology adoption, cybersecurity behaviors, and fraud vulnerability as interconnected phenomena. This literature review establishes the foundation for investigating the “security gap” the disconnect between digital banking adoption and cybersecurity readiness among older adults.

Digital Banking Adoption Among Older Adults

Historically characterized as “late adopters” in Rogers’ diffusion framework [2], older adults have experienced unprecedented digital banking growth. Federal Reserve data shows primary mobile banking usage among adults 65+ increased from 8% in 2019 to 20% in 2023, a 150% growth rate driven largely by pandemic necessities [4].

Recent research reveals this adoption is often “defensive” motivated by branch closures rather than technology enthusiasm [3], [11], [22]. While older adults increasingly use basic functions (balance checking), their engagement with advanced features remains limited due to technological complexity and security concerns [4], [12]. Usability studies demonstrate that fundamental digital literacy tasks present ongoing challenges that compound security vulnerabilities [5], [13] & [26].

Cybersecurity Behaviors and Age-Related Vulnerabilities

Research reveals complex generational patterns in cybersecurity behaviors. While younger users demonstrate higher technical proficiency, they also exhibit riskier behaviors including password reuse and acceptance of security warnings [6], [15], [16]. Older adults’ express higher security concern but often lack technical knowledge to implement effective protective measures, creating an “attitude-action gap” [7].

Age-related risk perception differences significantly influence security behaviors [14]. Older adults’ higher institutional trust makes them more susceptible to authority-based social engineering attacks, while limited cyber threat experience leads to “optimism bias” [8], [16]. Security fatigue from complex protocols disproportionately affects older users, potentially leading to protective behavior disengagement [9], [18].

Financial Fraud and Institutional Responses

FBI data consistently shows older adults suffer disproportionately higher per-incident losses ($1,450 median for ages 80+ versus $500 for younger cohorts) [1]. Contemporary fraud increasingly exploits digital banking through sophisticated campaigns including credential harvesting, technical authority exploitation, and account takeover sequences [11].

Current institutional responses operate under Gramm-Leach-Bliley Act requirements, typically fulfilled through passive educational resources [29]. However, these compliance-driven approaches often prioritize legal protection over educational effectiveness [28]. The FDIC’s “Money Smart for Older Adults” program represents best practices but remains divorced from actual digital banking experiences [22].

Research Gaps

Literature synthesis reveals three critical gaps:

Temporal Sequencing Analysis: No studies systematically examine whether older adults acquire security knowledge before, during, or after adopting digital banking features, despite timing being crucial for vulnerability assessment.

Institutional Design Impact: Limited research investigates how banks’ specific rollout strategies and design decisions contribute to customer cybersecurity outcomes among vulnerable populations.

Evidence-Based Industry Guidance: Most research concludes with general recommendations rather than specific, empirically validated guidance for financial institutions implementing age-inclusive security strategies.

This study addresses these gaps by examining the temporal relationship between adoption of digital banking and security readiness, providing actionable insights for industry stakeholders.

RESEARCH METHODOLOGY

This study employs quantitative secondary data analysis to investigate relationships between age, digital banking behaviors, and cybersecurity risks among U.S. adults aged 65+ compared to younger cohorts. Secondary data analysis is recognized as appropriate for behavioral cybersecurity research requiring population-scale insights and temporal comparisons [1].

Data Sources

Three nationally representative datasets provide triangulated evidence across digital banking adoption, security behaviors, and fraud outcomes:

American Trends Panel data: on technology use, digital literacy, and cybersecurity behaviors across age groups, using probability-based sampling validated for behavioral research.

Federal Trade Commission Consumer Sentinel Network (2022–2024): Annual fraud reports aggregating 5.4+ million consumer complaints, providing comprehensive fraud typology and loss data by demographics [21].

FDIC National Survey (2019, 2023): Biennial banking service usage data collected with U.S. Census Bureau, tracking digital banking adoption patterns across household demographics [4].

Variables

Dependent Variables: Digital banking adoption rates; cybersecurity behaviors (2FA awareness, password management); fraud outcomes (reporting frequency, median losses, scam types).

Independent Variables: Age cohorts (18-29, 30-44, 45-59, 60-74, 75+); digital literacy indicators; socioeconomic controls (income, education, geography).

Analysis

Cross-tabulation analysis and chi-square tests examined categorical relationships. Independent samples t-tests and ANOVA compared continuous variables across age groups. Temporal trend analysis used longitudinal data (2019-2023) to identify adoption trajectories.

Data processing uses Python (Pandas, SciPy. Stats) with visualization through matplotlib and seaborn. Results are contextualized with peer-reviewed literature to support validity through triangulation [5].

Limitations

Cross-sectional design limits causal inference. Analysis constrained to variables in existing datasets. Fraud data may underestimate actual victimization due to underreporting, particularly among older adults experiencing shame or confusion about incidents.

RESULTS

Digital Banking Adoption Patterns

FDIC survey data reveal significant generational differences in digital banking adoption, consistent with the literature review findings on older adults as “late adopters” [11]. While mobile banking usage increased across all age groups between 2019 and 2023, adults aged 65+ remain substantially less likely to use digital channels as their primary banking method.

Table 1: 2FA Awareness by Age Group (%)

Source: FDIC National Survey, 2019 & 2023 [2]

Fig. 1 Mobile Banking Usage by Age group (2019 vs.2023

Despite the 150% growth rate among adults 65+, the highest percentage increase of any cohort absolute adoption levels remains dramatically lower than younger groups. This finding supports the “defensive adoption” pattern identified in the literature review, where necessity rather than preference drives older adults’ digital banking engagement [23].

Cybersecurity Behavior Disparities

Analysis of research data confirms the significant “attitude-action gap” in cybersecurity behaviors identified in the literature review [10]. Two-factor authentication awareness serves as a critical indicator of security readiness.

Table 2: 2FA Awareness by Age Group (%)

Source: Pew Research Center, 2023 [5]

Fig. 2 Two-Factor Authentication Awareness by Age Group

The 42-percent-point gap between youngest and oldest cohorts represents a critical vulnerability window. This finding directly addresses the research gap from the literature review regarding temporal sequencing older adults are adopting digital banking features without corresponding security knowledge acquisition.

Password management practices reveal similar generational divides, with implications for the “security fatigue” phenomenon discussed in the literature review [30].

Table 3: Password Management Practices by Age Group (%)

Source: Pew Research Center, 2023 [5]

The heavy reliance on analog password storage (63%) among older adults, combined with minimal password manager adoption (12%), creates the institutional design challenges identified in Research Gap 2 banks’ digital-first strategies inadequately account for users’ varying technological capabilities [31].

Fraud Victimization and Financial Impact

FTC Consumer Sentinel data reveal the consequences of the security gaps identified above, with older adults experiencing disproportionately severe financial outcomes despite lower reporting frequency.

Table 4: Median Fraud Loss Per Incident by Age Group (USD)

Source: FTC Consumer Sentinel Network, 2023 [7]

Fig. 3 Median Individual Fraud Loss by Age Group

This near tripling of median losses for adults confirms the literature review’s identification of sophisticated targeting strategies that exploit age-related vulnerabilities [8]. The fraud typology analysis reveals specific attack vectors:

Tech support scams: Adults 65+ are 5× more likely to report losses than younger adults

Prize/lottery scams: 3× higher reporting rate among seniors

Family/friend impersonation: 53% higher victimization rate

These patterns align with Shapiro’s application of Routine Activity Theory, demonstrating how cognitive changes and social isolation create “suitable targets” within the digital banking ecosystem [18].

DISCUSSION

The results provide empirical evidence for the “security gap” hypothesis advanced in the introduction and literature review. Three key patterns emerge that directly address the identified research gaps:

Temporal Misalignment

The data reveals a clear temporal disconnect between digital banking adoption and security behavior development. While mobile banking usage among adults 65+ increased 150% between 2019-2023, 2FA awareness remains at only 26% suggesting rapid feature adoption without corresponding security knowledge acquisition. This temporal sequencing creates vulnerability windows where users engage with digital banking before developing protective behaviors.

Institutional Design Impact

The password management data illustrates how banks’ digital-first strategies inadequately accommodate older adults’ technological approaches. With 63% of seniors writing passwords on paper and only 12% using password managers, current banking interfaces that assume digital password storage create usability barriers that may lead to unsafe workarounds or abandonment.

Actionable Industry Implications

The fraud victimization patterns provide specific guidance for financial institutions. The 2.9× higher median losses among adults 80+, combined with their overrepresentation in tech support and impersonation scams, suggest targeted intervention opportunities at the institutional level.

Theoretical Implications

These findings extend Technology Acceptance Model (TAM) applications to cybersecurity contexts by demonstrating how “perceived ease of use” and “perceived usefulness” interact differently for security features versus primary banking functions. While older adults may perceive digital banking as useful enough to adopt, complex security measures may exceed their perceived ease of use threshold, leading to the observed adoption-security behavior gaps.

The results also support Protection Motivation Theory (PMT) applications, suggesting that older adults’ threat appraisal (awareness of risks) significantly lags their technology adoption, creating conditions for ineffective protection motivation despite high-stakes outcomes [13].

Practical Implications

Graduated Security Implementation: The 2FA awareness gap suggests the need for age-specific security onboarding that provides education before feature activation rather than assuming prior knowledge.

Interface Design Modifications: The password management findings indicate the need for alternative authentication methods (biometrics, device registration) that don’t require complex password management for older users.

Proactive Fraud Detection: The fraud loss patterns suggest implementing enhanced monitoring for transaction types commonly associated with elder-targeted scams, with real-time customer verification protocols.

The findings support regulatory approaches that require financial institutions to demonstrate age-inclusive security design in their digital banking platforms, like accessibility requirements in other sectors. The results indicate the need for security frameworks that account for heterogeneous user populations rather than assuming uniform technical capabilities across age groups.

Future Research Directions

Several limitations constrain interpretation of these findings. The cross-sectional design prevents causal inference about the relationship between adoption timing and security outcomes. Additionally, fraud reporting data may underestimate actual victimization due to underreporting, particularly among older adults experiencing shame or confusion about incidents.

The reliance on self-reported security behaviors in survey data may also introduce social desirability bias, potentially understating risky behaviors across all age groups.

These findings suggest several priorities for future research:

Longitudinal Studies: Tracking individual users’ security behavior development over time could provide insights into optimal intervention timing.

Intervention Testing: Randomized controlled trials of age-inclusive security design could validate specific approaches to closing the security gap.

Cross-Cultural Analysis: Examining whether similar patterns exist in other countries with different banking digitization approaches could inform policy development.

CONCLUSION

The empirical evidence confirms the existence of a critical “security gap” where older adults adopt digital banking features faster than they develop corresponding security competencies. This gap has measurable consequences: 80+ experience median fraud losses nearly three times higher than younger cohorts. However, the findings also suggest specific intervention opportunities at the institutional level, from graduated security implementation to enhanced fraud detection protocols. Addressing these disparities aligns with both cybersecurity best practices and financial inclusion goals, while potentially reducing the economic impact of elder fraud, which exceeded $1.9 billion in reported losses in 2023 [19], [26].

REFERENCES

1. Federal Bureau of Investigation, “Elder Fraud, in Focus,” FBI.gov, Apr. 30, 2024. [Online]. Available: https://www.fbi.gov/news/stories/elder-fraud-in-focus-043024. [Accessed: Dec. 15, 2024]
2. E. M. Rogers, Diffusion of Innovations, 5th ed. New York: Free Press, 2003.
3. Federal Bureau of Investigation Internet Crime Complaint Center, “2023 Internet Crime Report,” FBI.gov, 2024. [Online]. Available: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf. [Accessed: Dec. 15, 2024].
4. Federal Reserve Bank of Atlanta, “2024 Survey and Diary of Consumer Payment Choice: Summary Results,” Federal Reserve Bank of Atlanta, 2024. [Online]. Available: https://www.atlantafed.org/banking-and-payments/consumer-payments/survey-and-diary-of-consumer-payment-choice/2024-survey-and-diary. [Accessed: Dec. 15, 2024].
5. McKinsey & Company, “The value of getting personalization right—or wrong—is multiplying,” McKinsey.com, Nov. 2021. [Online]. Available: https://www.mckinsey.com/capabilities/growth-marketing-and-sales/our-insights/the-value-of-getting-personalization-right-or-wrong-is-multiplying. [Accessed: Dec. 15, 2024].
6. S. J. Czaja, W. R. Boot, N. Charness, W. A. Rogers, and J. Sharit, “Improving social support for older adults through technology: findings from the PRISM randomized controlled trial,” Gerontologist, vol. 58, no. 3, pp. 467-477, 2018.
7. M. Anderson and A. Perrin, “Tech adoption climbs among older adults,” Pew Research Center, May 2017. [Online]. Available: https://www.pewresearch.org/internet/2017/05/17/tech-adoption-climbs-among-older-adults/. [Accessed: Dec. 15, 2024].
8. AARP Fraud Watch Network, “2023 Fraud Trends Report,” AARP.org, 2023. [Online]. Available: https://www.aarp.org/money/scams-fraud/fraud-watch-network/. [Accessed: Dec. 15, 2024].
9. Federal Deposit Insurance Corporation, “How America Banks: Household Use of Banking and Financial Services,” FDIC.gov, 2023. [Online]. Available: https://www.fdic.gov/analysis/household-survey/. [Accessed: Dec. 15, 2024].
10. L. Rajaobelina, I. Brun, R. Line, and C. Cloutier-Bilodeau, “Not all elderly are the same: Fostering trust through mobile banking service experience,” Int. J. Bank Mark., vol. 39, no. 1, pp. 85–106, 2021.
11. C. Latulipe, R. Dsouza, and M. Cumbers, “Unofficial proxies: How close others help older adults with banking,” in Proc. CHI Conf. Human Factors Comput. Syst. (CHI ’22), 2022, Art. 601, pp. 1–13. doi:10.1145/3491102.3501845.
12. Vercruyssen, W. Schirmer, N. Geerts, and D. Mortelmans, “How ‘basic’ is basic digital literacy for older adults? Insights from digital skills instructors,” Front. Educ., vol. 8, 1231701, 2023.
13. Morrison, E. Coventry, P. Briggs, J. Lumsden, and R. J. Anderson, “How do older adults feel about engaging with cyber-security? Attitudes and concerns,” Hum. Behav. Emerg. Technol., vol. 3, no. 3, pp. 355–367, 2021
14. A. Morrison et al., “Recognising diversity in older adults’ cybersecurity needs,” in Proc. ACM (ACM DL), 2023.
15. Y. Zou et al., “A cross-contextual examination of older adults’ privacy attitudes and behaviors,” Proc. Priv. Enhancing Technol. (PoPETs), 2024(1), pp. 205–226, 2024.
16. E. P. G. Reyes et al., “Understanding older adults’ experiences with information overload in digital contexts,” JMIR Human Factors, 2023. (Open-access summary in PubMed Central).
17. L. R. Shapiro, “Cyber-enabled imposter scams against older adults in the United States,” Security Journal, vol. 38, no. 2, 2025.
18. B. Havers, K. Tripathi, A. Burton, S. McManus, and C. Cooper, “Cybercrime victimisation among older adults: A probability sample survey in England and Wales,” PLoS ONE, vol. 19, no. 12, e0314380, 2024. (Open access).
19. S. Lazarus, “Cybercrime against senior citizens: Exploring ageism, ideal victims and fraud,” Security Journal, 2025.
20. Federal Trade Commission, “Consumer Sentinel Network Data Book 2024,” FTC.gov, 2024. [Online]. Available: https://www.ftc.gov/reports/consumer-sentinel-network-data-book-2024. [Accessed: Dec. 5, 2024].
21. Federal Deposit Insurance Corporation, “Money Smart for Older Adults,” FDIC.gov, 2024. [Online]. Available: https://www.fdic.gov/resources/consumers/money-smart/. [Accessed: Dec. 15, 2024].
22. E. Pacheco, “Older adults’ safety and security online: A post-pandemic exploration of attitudes and behaviors,” J. Digit. Media Interact., vol. 7, no. 17, pp. 107–126, 2024.
23. M. P. Johnston, “Secondary data analysis: A method of which the time has come,” Qualitative and Quantitative Methods in Libraries, vol. 3, no. 3, pp. 619-626, 2017.
24. J. W. Creswell and V. L. Plano Clark, Designing and Conducting Mixed Methods Research, 3rd ed. Thousand Oaks, CA: Sage Publications, 2017.
25. Nanda, J. J. Jeong, S. W. A. Shah, M. Nosouhi, and R. Doss, “Examining usable security features and user perceptions of physical authentication devices,” *Comput. Secur.*, vol. 139, 103664, Apr. 2024.
26. T. P. Vartanian, Secondary Data Analysis. Oxford: Oxford University Press, 2011.
27. S. Das, A. Kim, B. Jelen, L. Huber, and L. J. Camp, “Non-Inclusive Online Security: Older Adults’ Experience with Two-Factor Authentication,” in *Proc. 54th Hawaii Int. Conf. Syst. Sci. (HICSS-54)*, Jan. 2021, pp. 1–10. doi:10.24251/HICSS.2021.123.
28. Federal Trade Commission, “Gramm-Leach-Bliley Act Compliance Guidelines,” FTC.gov, 2023. [Online]. Available: https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act. [Accessed: Dec. 15, 2024].
29. S. G. Lyastani, M. Backes, and S. Bugiel, “A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites,” in *Proc. 32nd USENIX Security Symp.*, Anaheim, CA, USA, Aug. 2023, pp. 1–18. doi:10.5555/3576915.3623142.
30. S. Amft, A. Krause, S. Höltervennhoff, L. Simko, S. Fahl, N. Huaman, and Y. Acar, “We’ve Disabled MFA for You: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments,” in *Proc. 2023 ACM SIGSAC Conf. Comput. Commun. Secur. (CCS ’23)*, Copenhagen, Denmark, Nov. 2023, pp. 1–17. doi:10.1145/3576915.3623142.