Abstract
This research examined a complex conundrum in information security within virtual banking, where rapid technological innovation intersects with the need to secure advanced financial systems, creating tensions. The research identified a critical knowledge gap regarding how information security threats intensify as financial institutions transition from traditional to fully virtual banking environments. Framed through a socio-technical lens, the study's objective was to develop a grounded theory that offers new insights into conceptualising the virtual banking information security conundrum. The study positions information security in virtual banking as a multifaceted and multidimensional challenge shaped by competing interests among security requirements, usability demands, technological innovation, and customer trust. To address this conundrum and its complexities, a qualitative research design employing an innovative dual-method approach was adopted, combining the Straussian grounded theory method (GTM) with Checkland's Soft Systems Methodology (SSM). This integration enables both granular analysis of information security practices and a holistic understanding of virtual banking ecosystems. The study's key outcomes, based on insights from 20 participants, is the development of the Trust-Responsive Security Architecture (TRSA) framework. TRSA integrates socio-technical perspectives to reveal how inherent tensions between security, usability, innovation, and trust can be effectively balanced. It posits that virtual banks face a paradox: excessive security controls may introduce friction, complexity, and reduced usability, ultimately undermining customer trust. TRSA reconceptualises this challenge as an emergent socio-technical balancing problem that virtual banks must continuously negotiate to sustain security, trust, and usability. The study contributes practical implications by proposing that virtual banks adopt TRSA as a guiding framework to prioritise user-centric security design, enhance regulatory compliance, and foster trust while meeting evolving information security demands.