The main purpose of this paper is to propose a heuristic model for usable and secure online banking. The model is based on identified heuristics that contribute to the design of usable security in the context of online banking security. Little research has focused on the balance between usability and security in online banking authentication mechanisms when evaluating the effectiveness of security systems. Nielsen’s ten usability principles are still fundamentally important in designing usable secure systems, as indicated by the analysis of heuristics developed from recent studies. Online banking users are vulnerable to numerous old and new sophisticated online security threats that are increasingly being developed and targeting this unsuspecting group of users. An investigation into this aspect of security design can certainly benefit both the online banking users and online banking merchants, and foster a secure and usable banking environment. In this paper, a heuristic model for usable online banking security is developed, based on security design principles found in literature. Using data collected from users of online banking in South Africa through a questionnaire and banking security personnel interviews, we envisaged refining the identified heuristics and developing a checklist for each heuristic used, for heuristic evaluation by field experts.