The role and effectiveness of kitemarks in preventing online fraud
6 November 2024
Research summary
The migration of so many aspects of our lives to digital environments creates numerous opportunities for new fraudulent schemes. Scammers abuse the trust of online users and exploit the difficulty of distinguishing genuine online accounts, websites, services and products from fake ones. To keep people safe online a number of private as well as government run schemes are introducing ‘kitemarks’ – that is, labels or seals – that certify that a particular online service is safe, often on the basis of verification by a trusted third party (Remotti et al, 2012). For example, the British Standards Institution (BSI) award various kitemarks to certify that products and services, such as digital applications (or “apps”) and digital banking are secure (BSI 2023).
One example is Trustpilot. This is a consumer review website where consumers can leave reviews for products, services and companies (Trustpilot 2023a). The aim of Trustpilot is to help consumers shop with confidence and to help companies improve their business. With nearly 1 million reviews posted each month, the website provides a way for the public to check if websites are likely to be legitimate. Moreover, Trustpilot provides businesses with a rating badge that they can post on their own website as a way to communicate trust, which users can click on this to verify its authenticity (Trustpilot 2023b).
However, little is known about user awareness of, and interactions with, such kitemarks and their effectiveness in preventing fraud. Research that specifically addresses the utility of kitemarks for fraud prevention or their vulnerability to fraudulent exploitation is still limited. In terms of user awareness of kitemarks, during the pandemic we conducted a survey (with Neighbourhood Watch) to understand people’s day-to-day online security behaviour, including their knowledge and use of UK TrustPilot and the MHRA logo (Johnson & Nikolovska 2020). Based on answers from nearly 15K respondents, we found that only 10% were aware of the MHRA logo. Our results suggest that awareness of these schemes is limited, and even more so, users do not tend to take advantage of the opportunity to click on existing kitemarks to verify their validity. This is concerning as simply relying on logo information may be unsafe, as anyone can fake such a logo.
This project will seek to further identify kitemark schemes used in the UK and elsewhere and examine people’s behaviours and perceptions in relation to them. It will aim to evaluate users’ awareness of kitemark schemes and their implications for online security. We will also examine whether there are flaws in their implementation. For example, in the case of Trustpilot, we note that an offender could register a similarly named website to mislead consumers.
Lead Investigator(s) |
|
---|---|
Outputs |