Find a SECReT supervisor
prism apply now

How hard can it be?: A study investigating user trust decisions in e-commerce

22 February 2012

Iacovos Kirlappos

Consumers face a significant number of challenges when shopping online. One of those is to protect their personal and financial details from scammers, who create fake online shopping sites with tempting offers, resulting to users to disclosing that information to them. Trust plays a significant role in online commerce, as misplacement of it can result to users becoming scam victims. 

This study used exploratory research methods (eye-tracking and open interviews) and identified a set of factors that users use to assess the trustworthiness of an online retailer in a first time interaction: Perceived professionalism, ability of the trustee to fulfil, links to charity, company information, relation to other known entities, presence of regulatory authorities. The results indicate that the heuristics people use to assess trustworthiness are widely varying and are often created based on misconceptions users form, drawing from past online shopping experiences. The study also tested methodological issues on the effects of incentives in laboratory experiments, revealing a tendency of users to assign different grades and adopt riskier strategies when incentives were introduced in the experimental setup. 

A second hypothesis tested revealed the ineffectiveness of trust seals as a trust signalling mechanism, based on the practices followed in their use to date.  53% of the participants did not notice those and, even those who did, did not seem to correctly interpret their meaning, as post-experiment interviews revealed. 

This dissertation discusses the findings related to past literature on trust in the real world and, based on the identified misconceptions, presents directions towards implementing security awareness, education and training approaches to improve on user’s ability to identify scam websites.  It also proposes technical solutions that can improve on communicating to the users the risks involved in their decisions.