consumers' trust in electronic commerce transactions: the role of
TRANSCRIPT
Consumers’ Trust in Electronic Commerce Transactions: The Role
of Perceived Privacy and Perceived Security
Ramnath K. Chellappa Goizueta Business School, Emory University Atlanta, GA 30322-2710
Acknowledgement
I am greatly indebted to Omar El Sawy and Ann Majchrzak for their guidance and suggestion,
and I would like to thank Ricky Lim and Raymond for their help with the data analysis.
Consumers’ Trust in Electronic Commerce Transactions: The Role of
Perceived Privacy and Perceived Security Abstract
Consumers’ trust in their online transactions is vital for the sustained progress and development
of electronic commerce. Our paper proposes that in addition to known factors of trust such a
vendor’s reputation, consumers’ perception of privacy and security influence their trust in online
transactions. Our research shows that consumers exhibit variability in their perceptions of
privacy, security and trust between online and offline transactions even if it is conducted with the
same store. We build upon this finding to develop and validate measures of consumers'
perceived privacy and perceived security of their online transactions which are then theorized to
influence their trust in EC transactions. We propose that the perceptions of privacy and security
are factors that affect the consumers’ trust in the institutional governance mechanisms underlying
the Internet. We conduct two distinct empirical studies and through successive refinement and
analysis using the Partial Least Squares technique, we test our hypothesized relationships while
verifying the excellent measurement properties associated with our instrument. Our study finds
that the consumers’ perceived privacy and perceived security are indeed distinct constructs but
the effect of perceived privacy on trust in EC transactions is strongly mediated by perceived
security. A major implication of our findings is that while the much studied determinants of
trust such as reputation of the transacting firm should not be neglected, vendors should also
engage in efforts to positively influence consumer perceptions of privacy and security. We
discuss the significance of this observation in the context of increasing importance in acquiring
customer information for personalization and other online strategies.
Keywords: electronic commerce, perceived security, perceived privacy, online trust, PLS
ISRL Categories: AA01, AI0104, AI0401, AI0610
2
Consumers’ Trust in Electronic Commerce Transactions: The Role of
Perceived Privacy and Perceived Security
1 Introduction
There is overwhelming evidence that trust in the online environment is an important element of
electronic commerce (EC) relationships and the importance of studying online trust is
underscored by many recent studies [Hoffman, 1999 #51;Jarvenpaa, 2000 #56]. In any
consumer transaction online there are two interacting elements, namely the entity with whom the
consumer is transacting with, i.e. the online vendor and the medium on which the transaction is
taking place, i.e. the Internet. This paper proposes that in addition to a consumer’s trust in a
vendor [Mayer, 1995 #69;McKnight, 2002 #184], the overall trust in a EC transaction is also
influenced by a consumer’s perception of risk to the EC transaction due to the nature of
supporting infrastructure. We identify this consumer perception of risk in the EC transaction as
being caused by the consumer’s perception of risk to the privacy of her EC transaction and the
consumer’s perception of risk to the security of her transaction. We then formalize two
constructs namely a consumer’s perceived privacy of her EC transaction and her perceived
security of the EC transaction and through the development of theoretically grounded scales to
measure these perceptions we hypothesize their effect on the consumer’s trust in the EC
transaction. While the explanations provided by constructs developed for trust in offline
environments hold good in the online context as well, characteristics of the online medium i.e.,
the Internet itself, can influence a consumer’s trust [Keen, 2000 #192] and given that trust itself
is a context dependent construct [Gulati, 1995 #191] it is imperative that the characteristics of the
transacting medium is accounted for.
3
Security and privacy concerns of transactions are not new concepts [Westin, 1967 #106].
Consumers have always been concerned about using debit cards at not-so-reputable merchants,
and have often had their privacy invaded in the form of direct marketers who somehow obtained
their telephone numbers. However, with the advent of electronic commerce, the scale, scope and
immediacy of security and privacy issues have compounded many times over [Clarke, 1988
#24;Mason, 1986 #68]. The importance of studying the constructs of security and privacy has
been underscored by research in marketing as well. It has been argued that enhancing favorable
security and privacy perceptions [Friedman, 2000 #41;Shneiderman, 2000 #91] and building
trust [Hoffman, 1996 #50;Keen, 2000 #60] are very important for sustained activity in the
electronic business frontier. Numerous academic, governmental, and managerial articles also
suggest that there is an increased consumer concern for the privacy and security of EC
transactions [FTC, 1998 #26;Gilbert, 2001 #45]. Issues involving security and privacy have
made many consumers hesitant to transact online [FTC, 1998 #27;Meeks, 2000 #70] and in fact,
over half of the respondents in a sample of Americans nationwide said that privacy and security
are their biggest concerns about EC [Cox, 1999 #112]. According to a study in Business Week
[BusinessWeek, 2000 #19], 61% of the survey respondents would conduct transactions on the
Internet if the security and privacy of their personal information could be adequately protected.
However there is no academic research that has explored if these privacy and security concerns
online are any different from their offline counterpart and if the online concerns affect a
consumer’s decision to engage in an EC transaction.
4
In order to compare consumer perceptions of privacy and security of online and offline
transactions, it is first important to understand how consumers develop these perceptions. Hence
we incorporate theories from information systems, marketing and public policy, and we develop
and refine scales to measure consumer perceptions of privacy and security. Subsequently we test
the two primary hypotheses of this research that 1. Consumers perceive that the security and
privacy of their transactions are higher offline than online and that 2. Online consumers’
perceptions of privacy and security influence their trust in electronic commerce transactions.
This paper proceeds as follows: Section 2 provides the conceptual development of consumer
perceptions of trust, security and privacy in the online environment through a review of relevant
literature and hypothesizes the relationship between the constructs. Following this, in section 3,
we present the development and testing of our scales through an analysis of two empirical
studies. Section 4 provides a discussion of our results and outlines the study's theoretical and
managerial implications. A series of recommendations are also made for future EC research and
practice.
2. Theory and hypotheses
In any consumer-vendor context it is important to study trust as it reflects consumer perceptions
of uncertainty and risk and their willingness to engage in trust related behavior [McKnight, 2002
#184]. Now consider a consumer who buys a DVD player from BestBuy (the physical store)
and a television from BestBuy.com (the online store), and has hence provided the stores with
his/her (for simplicity sake, from here-on we shall use the pronoun “she” to refer to the
consumer) financial and other personal information. Given that the consumer has transacted
with both the online and offline form of the same store, would it be correct to assume that
consumer has the same level of trust in both transactions? This question is motivated by the fact
5
that while the BestBuy physical store does not send an employee along with every customer to
monitor what they are looking at; BestBuy.com indeed does that through cookies and other
tracking mechanisms. If the level of trust varies in the two transactions, then what are the factors
that contribute to this difference?
Literature on consumers’ use of the Internet argues that consumers are concerned about the risk
involved in conducting online transactions [Jarvenpaa, 2000 #56;Hoffman, 1999 #51;Miyazaki,
2000 #72]. While there are many definitions and operationalization of risk in marketing [Mayer,
1995 #69] and IS literature [Grazioli, 2001 #193], our goal in this paper is to identify the factors
that contribute to the risk perceptions involved in online transactions. Keeping in mind that the
inherent risk in electronic commerce transactions is compounded by the spatial and temporal
separation of the transacting entities [Brynjolfsson, 2000 #18;Hoffman, 1999 #51], and given
that prior research finds that consumer's perception of risk is related to trust [Koller, 1988
#61;Gambetta, 1988 #166], we first provide the intuitions behind the development of trust in
online transactions.
2.1 Trust in EC transactions
Trust has been studied by researchers in a variety of different fields from sociology [Shapiro,
1987 #88] to marketing [Doney, 1997 #38;Ganesan, 1994 #43] to information systems
[Jarvenpaa, 1999 #140;Jarvenpaa, 2000 #56;McKnight, 2002 #184]. In this paper we are
interested in studying consumer trust in EC transactions that falls into the category of trust in
consumer-vendor relationships which has largely been studied in marketing literature [Schurr,
1985 #87], albeit in offline interactions. More recently both IS and marketing literature has
suggested that trust assumes great significance in EC transactions as well as they are conducted
6
in uncertain environments [Fung, 1999 #42], and the development of trust between consumers
and marketers is critical for the continued growth of EC [Jarvenpaa, 2000 #56;Palmer, 2000
#144;Fontenot, 1998 #39]. Along these lines McKnight et al [, 2002 #184], develop trust
measures for EC by integrating literature from a wide variety of fields including sociology,
organization theory, marketing and information systems.
In any consumer transaction online or offline, there are two interacting elements, namely the
entity with whom the consumer is transacting with, i.e. the merchant and the medium or the
infrastructure that supports the transaction. This paper takes position that while an individual’s
(consumer’s) disposition to trust [McKnight, 2002 #184], trusting intentions [Currall, 1995 #194]
and other trust-related behaviors [Anderson, 1990 #195] have been studied in the context of EC
along with the consumer perceptions of a vendor’s trustworthiness [McKnight, 2002 #184], the
nature of trust specifically with regards to medium of transaction has been some-what less
understood. Even the research that studies trust in the EC context it should be noted here that
trust itself has been studied in the EC context, but primarily from the perspective of trust in the
transacting online store [Jarvenpaa, 1999 #140;Jarvenpaa, 2000 #56]. A recent research finds
that trust in Internet shopping may indeed be affected by infrastructural contextual factors such
as security [McKnight, 2002 #184] and this is supported by earlier work in sociology and
marketing that has maintained that trust is a context dependent construct [Luhmann, 1988
#167;Zucker, 1986 #169] and is also a function of the institutional environment where the trustee
and trustor interact [Zucker, 1986 #169]. Along these lines our paper argues that even if a
consumer transacts with the same entity (e.g., a BestBuy physical store and a BestBuy.com
7
online store), she may display differences in the level of trust in the transaction due to
differences in the platform or institutional setup that supports these transactions.
The notion of institution-based trust has its origin in sociology [Barber, 1983 #196;Zucker, 1986
#169] and deals with structures that make an environment trustworthy [Garfinkel, 1963
#197;Shapiro, 1987 #88;Zucker, 1986 #169]. McKnight et al, [, 1998 #199] integrate various
sources of institution-based trust and identify two dimensions namely, structural assurance and
situational normality. Structural assurances include contextual conditions that act as promises,
contracts, regulations and guarantees while situational normality may involve a properly ordered
setting that appears likely to facilitate a successful interaction [McKnight, 1998 #199].. In this
regard, McKnight et al [, 2002 #184] liken the Web to be the 21st century equivalent of the
lawless “wild wild west” of the 19th century. Such a perception is supported by numerous media
reports of break-ins and instances of credit-card and other personal information being stolen
[Judge, 1998 #58]. Thus, when a consumer conducts a transaction with an online store that is
characterized to be operating in an uncertain environment [Fung, 1999 #42] such as the Internet,
she is less likely to trust that everything about her transaction is assured and normal as compared
to her transactions with an offline store. Therefore, we propose that:
Hypothesis 1: A consumer’s trust in her online transaction is lesser than her trust in an offline
transaction.
Now it is important to examine the factors that contribute to perceptions regarding structural
assurance and situational normality. Any commercial transaction involves sharing of
information between the transacting parties and hence the total trust exhibited by the consumer in
8
conducting a transaction can be considered to be a combination of trust in the trustee or the
vendor and trust that the environment will guarantee the integrity of the transaction. We propose
that this guarantee and belief that every aspect of the transaction will be as expected to be
determined by the consumers’ perception of risk to their privacy and security of information.
Thus the overall trust in EC transactions is a consumer's subjective evaluation of both the entity's
characteristics [Beccera, 1999 #8] and risk created by security and privacy perceptions.
Consumers who provide personal information during transactions assume the risk of having this
information endangered. Risk has been defined 'the possibility of an adverse outcome, and
uncertainty over the occurrence, timing or magnitude of that adverse outcome' [Covello, 1994
#30]. In addition to any risk associated with transacting with a particular vendor, risk in EC
transactions is essentially created by threats to transfer of information; specifically, threats to
information privacy and security. Prior research has defined trust in terms of acceptance of risk
[Sheppard, 1998 #186], and hence it could be argued that the degree of trust a consumer
develops in the EC transaction is indicative of the degree of risk to the security and privacy of
the transaction that the consumer has accepted. In the following sub-sections we develop the
constructs of perceived privacy and perceived security as a manifest of this acceptance of risk.
2.2 Perceived Privacy
Research in IS and marketing has argued that information privacy and consumer concerns
thereof is one of the most important issues in today’s technology based environment [Stewart
#198;Miyazaki, 2000 #72;Miyazaki, 2001 #185]. The concept of privacy is in itself not new and
it has generally been defined as an individual's ability to control the terms by which their
personal information is acquired and used [Westin, 1967 #106]. Prior research on privacy found
that consumers might be willing to disclose personal information in exchange for some apparent
9
benefits [Culnan, 1999 #34]. According to the authors, consumers are also likely to provide
personal information if they believe they have control over this information, the information
requested is relevant, and it is likely to create valid inferences about their preferences. Privacy
has also been discussed in much detail from an individual’s viewpoint and as organizational
practices [Culnan, 1995 #33;Culnan, 2000 #35;Smith, 1996 #93]. Loss of privacy includes (a)
sharing personal information with others that were not part of the original transaction without the
consumer’s consent, and (b) merging transaction and demographic data to create consumer
profiles without the consumer’s knowledge [Foxman, 1993 #40;Godwin, 1991 #48].
In measuring the concern for information privacy (albeit of individual’s concern of organization
practices), the instrument (Concern for Information Privacy - CFIP) developed by Smith, et al. [,
1996 #93] is the first, and it identifies four factors namely collection, errors, secondary use and
unauthorized access as the dimensions of an individual’s concern for privacy. Later research has
argued that “CFIP needs to reinvestigated in light of emerging technology, practice and
research,” [Stewart, 2002 #198], who also suggest that “CFIP itself maybe more parsimoniously
represented as a higher-order factor rather than a set of correlated first-order factors.” This view
is supported by others who suggest that privacy measurement itself needs re-examination in
varying consumer contexts, and argue that in addition to CFIP, a validated scale to measure
overall privacy attitudes is needed [Culnan, 1999 #34]. Subsequently an individual’s concern
for privacy has been shown to be a higher-order factor that can be used in conjunction with other
variables such the computer anxiety of an individual in a CFIP nomological network [Stewart,
2002 #198]. On the other hand it has also been argued that organizations can employ
“procedural fairness,” to reduce consumers’ privacy concerns leading to trust building [Culnan,
10
1999 #34]. Similarly other marketing research observes that consumers’ privacy concern is
governed by environment control and secondary use of information control [Hoffman, 1999
#52]. The former refers to a consumer’s ability to controls actions of other parties in a
transactional environment while the latter implies that ability to control the subsequent use of
any information provided during a transaction.
As individual consumers may not be able fully exercise their beliefs regarding privacy and given
its importance in sustained commercial activities, the safeguard of information privacy in
commercial transactions has fallen into the domain of governmental entities such as the United
States Information Infrastructure Task Force (IITF) which first came up with a recommended set
of principles for providing and using personal information [IITF, 1995 #54]. Subsequently, the
Clinton Administration underscored the importance of privacy for the successful emergence of
EC [Clinton, 1997 #25]. Since then the Federal Trade Commission's Bureau of Consumer
Protection, which is the de facto governmental body in charge of privacy initiatives, has
submitted various reports to the US Congress resulting in governmental guidelines for what
constitutes adequate privacy in EC [FTC, 2000 #28;FTC, 2000 #127]. These guidelines known
as the Fair Information Practices [Gillin, 2000 #46] are built upon testimonials of researchers in
this field and prior findings. For example, consistent with the CFIP scale developed by Smith, et
al, [, 1996 #93], the guidelines incorporate rules that define how vendors should collect
information, how they should fix any errors regarding personal information, how they should
inform consumers regarding subsequent use of the information and how the vendors should
prevent any unauthorized access to information. Similarly consistent with findings of Culnan
and Armstrong [, 1999 #34] and Hoffman, et al, [, 1999 #52], the guidelines require that vendors
11
should provide the consumer control over all aspects of information collection and usage. The
guidelines can be summed up into five principle actions namely, notice, choice, access, integrity,
and enforcement. First, notice requires that disclosure notices inform online consumers about
how their information will be collected. Second, choice requires that online consumers have a
choice about how their information will be used and to which parties it will be disclosed. Third,
access requires that online consumers have the opportunity to exercise control over their
information. Fourth, integrity requires adequate mechanisms are employed to protect of online
consumer information from unauthorized use. Finally, enforcement requires that there is an
effective authority to enforce and impose sanctions for potential violations.
Given that the above principles incorporate all elements pointed out by both IS [Smith, 1996
#93] and marketing [Hoffman, 1999 #52;Miyazaki, 2000 #72] research, it would suggest that if a
vendor complied with these principles and if a consumer conducts a transaction with the vendor,
then the consumer has no more concern for her information privacy vis-à-vis her transaction with
that particular vendor. However our research argues that this is indeed not the case as
consumers may still hold subjective beliefs regarding how their information provided during a
transaction is handled. We refer to this subjective belief as perceived privacy of a transaction that
is defined as the “the subjective probability with which consumers believe that the collection and
subsequent access, use, and disclosure of their private and personal information is consistent
with their expectations.” Note that our intention is not to re-validate the concern for privacy
instrument as it pertains to an individual, rather our goal is to understand perceptions of privacy
in commercial relationships (e.g., consumer-vendor relationships) where it is required that all
individual concerns of privacy are fully addressed through disclosure. Our definition points out
12
that perceived privacy reflects the amount of consumers’ belief that the institutional setup allows
for the privacy of their transaction to maintained as promised.
As opposed to an offline transaction, in any EC transaction, not only is personal information
about a consumer acquired but information about her browsing and shopping preferences can
also be collected even if no financial transaction takes place. For example, in the example of
BestBuy.com, the online store can construct a reasonably accurate consumer profile that is only
possible if the physical store BestBuy attached a camera and processor to every customer who
steps into the store following them into every aisle they visit and every product they lift from the
shelves [Chellappa, 2002 #187]. While the offline store may have access only to the financial
transaction information, the information collected online broadly falls into three categories: a.
Anonymous information, that refers to information gathered about page visits, without the use of
any invasive technologies, typically the standard information sent with any Web or Internet
request. Such information includes a machine's IP address, domain type, browser version and
type, operating system, browser language, and local time. b. Personally non-identifying
information, that refers to "information that, taken alone, cannot be used to identify or locate an
individual.” It mainly refers to information such as age, date of birth, gender, occupation,
education, income, ZIP Code with no address, interest and hobbies. The consumer through radio
buttons, menus or check boxes on a Web page has to explicitly disclose most of this information.
In addition to solicited information, this category also often involves the use of sophisticated
tracking technologies, e.g., cookies, clear gifs, etc. Such technologies, though not identifying a
customer individually, enable the information collecting entity to sketch an effective customer
profile. c. Personally identifying information that refers to information that can be used to
13
identify or locate an individual. These include email addresses, name, address, phone number,
fax number, credit card number, social security number, etc. Invariably, such information is
almost always gathered explicitly from the customer and is typically collected when consumers
register with Web sites [Chellappa, 2002 #187]. The cumulative effect of these information
types can be more telling on the privacy of the consumer as information across categories can be
combined, allowing for use of information in ways that were not feasible or practical before
[Culnan, 1999 #34]. Given that consumers part with minimal information in the offline
environment as opposed to the online one, it is reasonable to expect that their perception of risk
to their privacy offline is lesser than its online counterpart, i.e. consumers’ perceived privacy of
offline transaction is greater than privacy perceptions of offline transaction. Hence we have:
Hypothesis 2: A consumer’s perceived privacy of her online transaction is lesser than her
perceived privacy of her offline transaction
From a practical perspective, it is now important to question the role of this perceived privacy,
i.e. what element of a commercial transaction does this influence? In this regard, we find that
prior research indicates that factors such as “procedural fairness” builds impersonal trust and
finds that when vendors act on behalf of consumer concerns and incorporates fair practices, then
consumers become more trusting of that vendor [Culnan, 1999 #34]. Similarly Hoffman et al. [,
1999 #51] point that consumers’ ability to control information collection and usage can reduce
the risk associated with Internet usage. Given that during any transaction, the degree of trust an
individual forms toward the interacting entity is a function of the degree of risk that is involved
in the situation [Koller, 1988 #61], it can be argued that the perceptions of risk to the privacy of
their information in an online transaction is related to the trust in that online environment. This
14
view also finds support in other findings that suggest that privacy is a major factor in EC trust
[Friedman, 2000 #41;Shneiderman, 2000 #91]. McKnight et al, [, 2002 #184] also suggest that
factors such as trusted-third parties (e.g., third party icons like Truste) may not affect beliefs
about a specific vendor rather they may influence the trust perceptions about the Internet.
Hypothesis 3: A consumer’s perceived privacy of her online transaction positively contributes to
her trust in her online transaction
2.3 Perceived Security
The open nature of the Internet and its unregulated global nature have heightened concerns about
transaction security [Fung, 1999 #42]. From the perspective of the online institutional
infrastructure, i.e., the Internet, structural assurances regarding privacy and security and security
of a transaction are distinct constructs. While privacy enforcement is largely through legal
mechanisms such as alliances with monitoring agencies (e.g., Truste, WEBcpa, BBBonline),
fines stipulated by the FTC and legal disclosure notices, enforcement of security is largely a
function of technological actions undertaken. In fact the US government has enacted two
separate acts namely the E-Privacy act (S. 2067) and the Secure Public Networks act (S. 909) to
regulate privacy and security in electronic commerce. From a consumer’s perspective perceived
security of an electronic commerce transaction may be defined as “the subjective probability
with which consumers believe that their personal information (private and monetary) will not be
viewed, stored, and manipulated during transit and storage by inappropriate parties in a manner
consistent with their confident expectations.” Just as consumers may have various beliefs
regarding the privacy of their online transactions even if vendors provide assurance regarding all
aspects of an individual’s concern for privacy, consumers may also possess different beliefs
regarding the security of their online transaction even if all security enforcements are in place.
15
The real security of an EC transaction itself can be scientifically guaranteed with adequate
encryption, digital signatures and third party authentication, and such methods [Bhimani, 1996
#180] have been addressed in great detail by trade and computer science literature
[Varadharajan, 1997 #103;US Congress, 1997 #161;US Congress, 1997 #160]. However
consumer perception of security online is altogether a different matter, and at present there is
relatively little research on this subject [Lee, 2001 #190]. The perceptions or concerns of
security by users of electronic systems was first addressed by IS research [Carr, 1987
#154;Benson, 1983 #155;White, 1987 #156;Goodhue, 1991 #157], specifically in the context of
organizational systems [Goodhue, 1991 #157]. With regards to security concerns of online
consumers recent research points out that consumer perceptions of unsatisfactory security on the
Internet continues to exist even when vendors undertake security enforcement mechanisms
[Zellweger, 1997 #189;Miyazaki, 2001 #185]. For instance, a 128-bit encryption objectively
gives the odds of a hacker decrypting a message as one in 2128. Clearly it is unlikely that an
average consumer would exactly perceive this probability or its role. Also consumers implicitly
accept certain elements such as the identity of the entities they are transacting with in traditional
environments; hence, conventional assumptions are can rightfully be questioned by a consumer
in electronic transactions. For example, the familiarity of a ‘Sears’ logo is often satisfactory
enough for consumers to assure that they are indeed at the actual ‘Sears’ department store. In
cases where the consumer is not familiar with the store location, a yellow pages reference often
suffices. In contrast, this experiential aspect of the transaction is clearly not present in the online
world. It is not only easy for someone to create a phony Web page, but it is also equally possible
for a malicious operator to create entirely spurious Web site. Do all consumers to know that
16
Citibank is housed at ‘www.citibank.com’ and not at ‘www.citibank.net’ or even that Citibank is
spelt with an “i” and not a “y” as in Citybank? Indeed there are many examples of sites that have
actually benefited from typographical errors [Sullivan, 2000 #114]. Hence we propose that:
Hypothesis 4: A consumer’s perceived security of her online transaction is lesser than her
perceived security of her offline transaction
Similar to the fair information practices principle, in the EC context, all online vendors today are
required to employ online security enforcement principles of encryption, protection, verification
and authentication [Chellappa, 2002 #188]. These mechanisms protect consumer data from
being viewed or modified and ensure that only the appropriate entities (e.g., vendor, credit card
authorizer – visa, bank) have access to consumer data. The enforcement principles contribute to
ensuring that typical guarantees regarding financial and other transactions are met, and
expectations consistent with normal commercial transactions are maintained. In other words
consumer perceptions of these security enforcement principles lead to their beliefs regarding
situational normality and structural assurance, and hence contribute to their trust perceptions
regarding EC transactions. Hence we propose:
Hypothesis 5: A consumer’s perceived security of her online transaction positively contributes to
her trust in her online transaction.
Even if privacy and security of a transaction are enforced through distinct principles, it is
possible that consumers may perceive security and privacy to be somewhat related concepts
[Jones, 1991 #57]. Such a view merits attention as even researchers in marketing have
considered consumer perceptions of risk to security and privacy of their transaction as being
17
somewhat equivalent [Miyazaki, 2001 #185]. An average consumer may believe that all
structural assurances can be guaranteed if the security of the transaction can be guaranteed. This
implies that only perceptions of security influences trust in EC transaction and any role of
privacy perceptions on trust in EC transactions is mediated by the consumer’s perceived security.
Our research proposes that perceived privacy and perceived security are indeed distinct
constructs but we need to consider the possibility of mediated effect on trust in EC.
Hypothesis 6: The influence of a consumer’s perceived privacy of her online transaction on trust
is mediated by her perceived security.
2.4 Controlling for trust in the transacting entity
Trust in the online merchant is the element of online trust that has been most studied and found
to be a significant factor in the overall trust towards online shopping [Jarvenpaa, 2000 #56;Lee,
2001 #190]. However, as discussed earlier, our paper is interested in isolating the factors
responsible for institution-based trust, i.e. trust in EC transactions themselves as separated with
trust in the transacting entity or the vendor. Hence we need to control for factors that lead to
trust in the vendors themselves rather than the EC transaction. Such a trust has been shown to be
developed due to consumer beliefs regarding the reputation of the vendor [McAllister, 1995
#168] and the customer's satisfaction with previous interactions with the etailer [Ganesan #43].
Reputation is defined as the extent to which consumers view a marketer to be reliable, honest,
and trustworthy and this is known to be a source of trust [Zucker, 1986 #169;Doney, 1997 #38].
In a process-based mechanism of trust building, repeated exchanges influence future
relationships [Gefen, 2000 #138], and empirical evidence clearly points out that trust follows
satisfaction with a service provider [Singh, 2000 #174]. Thus in any buyer-seller relationship it
18
has been argued that satisfaction with previous outcomes has a significant impact on trust
[Ganesan, 1994 #43] and hence it needs to be controlled for in our study.
Hypothesis 7: A consumer’s overall trust in her online transaction is positively related to the
reputation of the online vendor whom she transacting and her satisfaction with her past
interactions with the online vendor.
Figure 1 provides a representation of our model of trust in EC transactions. The potential for a
relationship between the constructs of perceived privacy and perceived security also implies that
a second generation data analysis tool [Bagozzi, 1982 #6] tool such as LISREL or PLS needs to
be employed rather than simple linear regression.
Perceived Security of
EC Transactions
Control Variables (Trust in Vendor)
Perceived Privacy of
EC Transactions
Trust in
EC Transactions
Reputation Satisfaction
+ve
+ve
+ve
+ve +ve
Figure 1: Hypothesized relationships
19
3. Methodology
We developed a survey to test our hypotheses but first we set about validating our survey
instrument. Prior research has argued heavily in favor of adopting rigorous validation of
instruments in MIS research, to bring clarity to the formulation and interpretation of research
questions [Straub, 1989 #99]. Our study follows the 3-stage procedure following
recommendations of prior research in information systems [Smith, 1996 #93;Straub, 1989 #99]
for developing and validating measurement instruments. The first stage is devoted to the domain
and dimensionality of the purported metrics through a review of relevant literature and
corresponding scales. Following this, for stage 2 a set of sample items was generated for each
new construct and assessed for reliability and content validity. This was followed by
streamlining of the metrics, in order to fit our context of perceived privacy and security in
Internet based EC and a first version of the instrument was created. We present two studies; in
the first study, we administer the first version of the multi-time scales to a sample of consumers
who have purchased an item from both the online and offline form of a single store. In this study
we measure the consumer perceptions of privacy and security with regards to offline transactions
as well, we also use this study to eliminate any redundancy in items, and ensure good
measurement properties with regards to constructs related to the EC environment. Following
this, in stage 3 we proceed with an extensive confirmatory analysis for online transactions only
(study 2) that test and validate the refined scales for their reliability and construct validity. We
also verify the convergent, discriminant and factorial validity of our study involving a sum total
of 217 subjects.
20
3.1 Pretest
Measures for perceived privacy and perceived security were developed following standard
psychometric scale development procedures [Bagozzi, 1982 #6;Anderson, 1988 #3]. Note that
while Smith et al (1996), have developed instruments for an individual’s concern for privacy, our
interest is in measure consumer perceptions of privacy given that the online vendors provide a
government mandated assurance of satisfying individual’s concern of privacy. In other words
we are interested in measuring how consumers perceive structural assurances given in the EC
environment. Similarly, we are interested in measuring how consumers perceive procedural
fairness [Culnan, 1999 #34] will be upheld in the EC environment, given that vendors promise
procedural fairness online. We need to measure how a consumer believes her information is
handled in response to claims and other technological investments for privacy protection
employed by online sellers. Similarly in order to measure consumer perceptions of security we
rely both on the consumer perceptions of the antecedents of security [Chellappa, 2002 #188] and
Goodhue and Straub’s [, 1991 #157] measures of perceptions of security in an organizational
context. Our construct of perceived security of EC transactions can be thought of as being
related to organizational user's concern of security that is measured through user assessment of
security effectiveness [Goodhue, 1991 #157, p.20]. The survey instrument itself is presented in
Appendix I.
Before we conduct the study, we tested both constructs in the context of Internet based EC
transactions through a series of informal interviews with faculty and doctoral students in a
business school to ensure that they were properly operationalized. This resulted in13 candidate
items for each construct, where each item had a corresponding domain of content [Nunnaly,
21
1978 #73]. This was followed with selection of items [Anastasi, 1986 #2], to choose ones that
best fit the proposed definition. Out of the 13 candidate items, 7 items for perceived privacy and
6 items for perceived security were incorporated into the first instrument, which was again tested
by faculty and doctoral students for comprehensiveness, clarity and appropriateness. Given
extant research on trust, reputation and satisfaction measures for them were easily available from
literature and suitably modified or adapted for our study. Each of the 23 items were followed by
a seven point Likert scale anchored by ‘1 = strongly disagree’ to ‘7 = strongly agree’.
3.2 Reliability and validity tests used
For each of the 2 studies, construct, convergent and discriminant validities were always tested,
followed by reliability analysis, in order to provide good measurement properties [Straub, 1989
#99]. First, indicators for the hypothesized principal constructs were identified through an
exploratory factor analysis, and each item was subjected to item-to-total examination. Construct
validity was ascertained through inter-item correlation and factor-loading matrices of the
principal constructs. All items tapping the same construct should have high correlations, whereas
items tapping different constructs should have significantly lower correlations. Convergent
validity refers to whether the items comprising a scale behave as if they are measuring a common
underlying construct. In this sense, all items measuring the same construct should correlate with
the items in the same scale [Bagozzi, 1988 #7]. Discriminant validity is concerned with the
ability of a measurement item to differentiate among different measure items [Davis, 1989
#37;Davis, 1989 #36]. The basic test for discriminant validity is to show that an item should
correlate more highly with other items intended to measure the same attribute than with items
used to measure a different attribute.
22
For this research we had first analyzed our data using linear regression, however due to possible
correlation between our constructs of perceived security and perceived privacy, we proceeded to
use a second generation data analysis technique [Bagozzi, 1982 #6] using Partial Least Squares
(PLS). This allows for a combined analysis of measurement and structural models, where factor
analysis can be combined with hypotheses testing [Gefen, 2000 #175]. Thus from the
perspective of validity testing, instead of factors from principal component analysis, we will
present a table of latent constructs. For reliability analysis, no reliability statistic such as
Cronbach's alpha is produced automatically by PLS. However other construct reliability
measures AVE1 (Average Variance Extracted) and CREL2 (Composite Reliability) can be used
[Gefen, 2000 #175]. To perform confirmatory factor analysis, a factor score for each construct is
calculated based on the weighted sum of that factor’s standardized and normalized indicators:
prior to running PLS, the “data matrix” output option in PLS-Graph is selected. After PLS
execution, the latent construct scores will appear as “eta latent variable scores” in the output file.
The factor scores are correlated with individual items (likewise standardized and normalized, and
provided by PLS-Graph in the “rescaled data matrix” section of output) to calculate cross
loadings. See note in Agarwal and Karahanna [, 2000 #132]. Boldface item loadings in the
tables below should be greater than cross-loadings, and should likewise, as a rule of thumb,
exceed 0.70 [Thompson, 1995 #177;Hair, 1998 #176].
1 AVE = (Σλi
2 / Σλi2 + ΣΘii), where λi are factor loadings and Θii are unique error variance = 1-λi
2. Gefen [Gefen, 2000 #175] recommend the diagonals to be = AVE. Agarwal & Karahanna, 2000 and Compeau & Higgins, 1995 are more generous and use the square root of AVE on the diagonal. 2 CREL = composite reliability = (Σλi)2 / (Σλi)2 + ΣΘii, where λi are factor loadings and Θii are unique error variance = 1-λi
2. These reliabilities are functionally equivalent to a Cronbach’s reliability alpha. Factor loadings are provided by PLS-Graph.
23
3.3 Study 1
Study 1 was conducted with graduate business students in a large private West Coast University
as subjects, who rated their perceptions of privacy, security, and trust in EC transactions through
the 23-item online questionnaire. There were two goals to this study; the first goal of this study
was to empirically verify if indeed consumers exhibited different levels of trust in their online
and offline transactions even if they interacted with the same entity, i.e., the online and offline
version of the same store. This would serve to isolate the trust towards the EC element and not
the trustworthiness of the vendors themselves. The second goal of the study was to do scale
validation of the perceived privacy and perceived security measures for the online store to
conduct the subsequent study focused solely on understanding the nature of trust building online.
Therefore even if we do not measure the reputation and past satisfaction in this study it serves
the purpose of isolating the differences between online and offline transactions independent of
the stores and it serves as a platform to refine the scales for the subsequent study.
The survey was administered to 64 subjects of whom we had 40 respondents giving us a
response rate 62.5%. The 64 subjects were selected carefully so as represent a sample of users
who have purchased items both from the online and offline form of the same store. Our
collection of stores included Barnes&Noble/Barnes&Noble.com, BestBuy/BestBuy.com,
Borders/Borders.com, CompUSA/CompUSA.com, Macy's/Macy's.com, Virgin Music/Virgin
.com, WalMart/WalMart.com. The subjects were then asked about perceived privacy, perceived
security and trust in their transactions for each store type (online and offline) based upon their
past experiences. Clearly this study does not account for self-selection and social desirability
bias, but the variance in the responses for the principal constructs gives us adequate information
24
for a first study. Since university rules prohibit collection of demographic information from
students, it was not possible to collect specific information from these students about their own
characteristics. The use of students as a sample does not appear to pose any significant problems
and the student population has been commonly studied in many studies related to consumer
behavior [Calder, 1981 #200]. Even specifically in the context of information privacy the
original Smith et al [, 1996 #93] paper includes a sample of students and there were no
significant differences reported when Stewart and Segars [Stewart, 2002 #198] employ a non-
student sample.
3.4 Results and discussion of study 1
We first analyzed the data to observe any differences in consumer perceptions of privacy and
security between their online and offline transactions. We employed the paired t-test to test to
verify these differences. Our analysis (given in table 1) shows consumers indeed differ on their
security and privacy perceptions. The analysis of means also shows that consumers’ perceptions
of security online, privacy online and trust online is lower than their counterparts in the offline
transaction. This lends support to our hypotheses 1, 2, and 4, and substantiates the claim that
even if they have conducted transactions with the online and offline counterpart of the same
store, their perceptions of trust may vary. This finding implies that trust in the transaction may
have a greater role to play than just as an indicator of intention to shop from the store. We
discuss this implication in greater detail in the final sections of this paper.
Paired Differences
95% Confidence
Interval
Construct Store Mean Std. Dev. Mean
Std. Dev.
Lower Upper
t value
p value
25
Offline 5.8600 .8242 Perceived
Security Online 5.3300 .8742 .5300 .7786 .2810 .7790 4.305 .000
Offline 5.5228 .9168 Perceived
Privacy Online 4.8875 .8838 .6353 .8052 .3778 .8928 4.990 .000
Offline 4.7407 .9251 Trust
Online 3.9786 1.0233.7621 .9444 .4601 1.0641 5.104 .000
Table 1: Study 1 - Online vs. Offline stores
In this first study, we did not control for reputation of the stores and satisfaction with past
outcome as we test perceptions regarding the same store. Their buying decision itself may have
been dependent on the trust in the stores themselves. However the data collected on the
perceptions of privacy and security provides us a good basis to refines scales for the later study.
Generally items with high loadings on the intended factor and no substantial cross-loadings were
retained. Based on this it was decided that PRIV3, SEC6, TRUST3 and TRUST5 variables in
the online store data, could be eliminated to provide for better measurement properties. For
construct validity, the path findings and the loadings in PLS analysis are presented below in table
2. While the diagonals (bolded) are consistently greater than the off-diagonals, indicating
acceptable construct validity, some items have loadings below 0.7, suggesting further revision of
some of the items.
Latent constructs Construct Items
SEC PRIV TRUST
SEC1 0.762 0.471 0.753
SEC2 0.839 0.568 0.436
SEC3 0.803 0.450 0.486
SEC4 0.614 0.320 0.191
Perceived
Security
SEC6 0.558 0.291 0.158
26
SEC7 0.930 0.651 0.394
PRIV1 0.551 0.654 0.206
PRIV2 0.233 0.445 -0.092
PRIV4 0.452 0.691 0.113
PRIV5 0.315 0.550 0.311
PRIV6 0.511 0.837 0.369
Perceived
Privacy
PRIV7 0.151 0.566 0.351
TRUST1 0.436 0.240 0.870 TRUST2 0.344 0.272 0.810 TRUST4 0.579 0.407 0.774
Trust
TRUST5 0.401 0.187 0.651
Table 2: Study 1 - Loadings in PLS Analysis for online stores
Table 3 shows the inter-construct correlations, AVE and CREL for this study. As observed, the
bold diagonals are larger than the off-diagonals, ensuring reliability.
Inter-construct correlations
Construct AVE CREL SEC PRIV TRUST
SEC 0.580 0.890 0.762
PRIV 0.404 0.797 0.626** 0.636
TRUST 0.609 0.861 0.588** 0.372* 0.781
Table 3: Study 1 - Correlation between constructs for online stores
Although the goal of the first study was not to establish any causal paths, even without
controlling for reputation and satisfaction with past outcomes, the results still support our
conceptual model. While our results show that perceived privacy and perceived security of
online transactions are indeed distinct constructs, it also appears that while perceived security is
well correlated with trust (table 4), perceived privacy influences trust primarily through
perceived security that acts a mediating variable. This implies that consumers’ perceive the
27
items in the construct of perceived privacy to be important determinants of trust but they may see
it as being operationalized through their perceptions of security in the online transaction.
Link Path coefficient (t-stat)
R-square
Privacy Security 0.626 (8.574**) 0.392
Privacy Trust 0.007 (0.032)
Security Trust 0.584 (3.334**) 0.346
* sig @ .05 ** sig @ .01 n=40
Table 4: Study 1 - Path findings via PLS analysis for online stores
3.5 Study 2
Based on study 1, the scales were refined to finally come up with a set of 7 questions for
perceived privacy, 6 questions for perceived security, and 3 questions for measuring trust.
Participants were asked to rate the perceived privacy and perceived security they would expect
from a prospective transaction with specified online store. To increase generalizability a sample
was chosen to consist of two groups, consisting of both graduate (3 MBA cores – a total of 198
students) and undergraduate business students (2 senior electives – 114 students), and thus
increasing the heterogeneity of the sample. A $200 reward was announced as a raffle prize for
completing the survey, 128 graduate (response rate – 64.6%) and 51 undergraduate (response
rate – 44.7%) students (total 179) responded to this online questionnaire. Study 2 was designed
to control for the effect of store reputation and satisfaction with past outcomes that are discussed
earlier as important antecedents of trust in buyer-seller relationships [Ganesan, 1994
#43;Jarvenpaa, 2000 #56]. While satisfaction with past outcomes was expected to vary
adequately among the study participants, store reputation was manipulated by presenting two
different online stores to the respondents. A concern was to choose stores with reputations such
28
that a high level of variance was possible for this control variable. Therefore a pilot study was
conducted to identify familiar and known stores versus unfamiliar and unknown stores based on
two items adapted by the standard scales found in the Marketing Scales Handbook [Bruner, 1992
#16]. A sample of 150 graduate students from the same business school rated 5 different online
stores for the two familiarity items. From this pilot study, two stores emerged that had high
variance and significantly different familiarity scores. Buy.com (www.buy.com) had a mean
value of 4.7 on a 7-point scale (STD=2.1), while PCNation.com (www.pcnation.com) had a
mean of 2.1 (STD=2.0). Therefore, half of the respondents were presented a hypothetical
scenario where the target store was Buy.com, and the other half was given PCNation.com.
Manipulation check showed a significant difference (p<.01) between Buy.com (mean=5.7,
STD=1.8) and PCNation.com (mean=4.3, STD=1.5) on the reputation variable. Therefore, social
desirability bias is limited in this study by properly manipulating target online stores and not
allowing participants to choose their desired merchants. This resulted in the final set of
questions as given in appendix I.
Two data points were out rightly dropped due to extraordinary number of missing values. For the
other data points that had missing values (especially for the unfamiliar brand), substitution by
random assignment within-groups procedure was used [Stump, 1996 #100]. This procedure
divides the sample into two groups that were highly correlated with the items with missing
values. The cases with missing values were then assigned the item value of the preceding case
within the group. This procedure is arguably a better way to handle missing data. First,
compared to the practice of deleting cases on the basis of missing data, this procedure has the
benefit of allowing full use of the data. Second, compared to the method of replacing missing
29
values with mean or median values, the random assignment procedure is advantageous because it
avoids constraining variation among responses.
3.6 Results and discussion of study 2
The same tests for construct validity and reliability explained in section 3.2 were repeated for
this study as well. All the items (except REPUT3 which loads marginally) display excellent
measurement properties suggesting that our items accurately measure the constructs in question.
Latent Constructs
Construct Item PRIV TRUST SEC REP SAT
PRIV1 0.871 0.059 0.312 0.146 -0.137
PRIV2 0.723 0.061 0.240 0.068 -0.093
PRIV4 0.881 0.085 0.334 0.142 -0.169
PRIV5 0.749 0.110 0.211 -0.059 0.081
PRIV6 0.865 0.102 0.354 0.064 0.002
Perceived
Privacy
PRIV7 0.848 0.204 0.351 0.076 0.070
TRUST1 -0.038 0.821 0.202 0.144 0.242
TRUST2 0.185 0.900 0.477 0.305 0.195
Trust
TRUST4 0.113 0.702 0.177 0.172 0.097
SECUR1 0.302 0.503 0.840 0.313 0.238
SECUR2 0.393 0.291 0.880 0.287 0.108
SECUR3 0.271 0.222 0.826 0.235 0.132
SECUR4 0.307 0.392 0.829 0.291 0.213
Perceived
Security
SECUR5 0.268 0.155 0.816 0.157 0.102
REPUT1 0.070 0.294 0.275 0.950 0.128
REPUT2 0.133 0.267 0.344 0.959 0.222
Reputation
REPUT3 0.001 0.075 0.200 0.688 0.161
SAT1 -0.025 0.241 0.222 0.222 0.952Satisfaction
SAT2 -0.078 0.124 0.102 0.061 0.805
Table 5: Study 2 - Loadings in PLS Analysis for online stores
30
Table 6 below shows the inter-construct correlations, AVE and CREL for this study. As
observed, the bold diagonals are larger than the off-diagonals, ensuring reliability of our scales.
Inter-construct Correlations
Construct CREL AVE PRIV TRUST SEC REP SAT
PRIV 0.927 0.681 0.825
TRUST 0.852 0.659 0.131 0.812
SEC 0.922 0.703 0.373** 0.404** 0.839
REP 0.905 0.765 0.095 0.278** 0.320** 0.875
SAT 0.874 0.777 -0.048 0.223** 0.201** 0.185* 0.882
* sig at 0.05 level **sig at 0.01 level
Table 6: Study 2 - Correlation between constructs for online stores
The results of study 2 also clearly show that trust is significantly correlated with perceptions of
security, validating hypothesis 5. While there is a poor correlation between perceived privacy
and trust invalidating hypothesis 3, we see a significant correlation between perceived privacy
and perceived security validating. The results shown in table 7 show that hypothesis 6 is
validated implying that the construct of perceived privacy manifests itself primarily through
perceived security. Note that from table 5, we can still see that the two constructs are distinct in
the consumer’s mind. Part of hypothesis 7 that aims to control for known factors that affect trust
is also validated, where we find that reputations loads with the 95% confidence interval although
satisfaction with past out comes loads marginally on trust in EC transactions with only the 90%
confidence. One reason may be that there may have been a mix of positive and negative
satisfaction with past outcomes that should have been measured separately.
Link Path coefficient (t-stat)
R-square
Privacy Security 0.373 (4.798**) 0.139
31
Security Trust 0.331 (3.848**) 0.204
Privacy Trust -0.001 (-0.012)
Rep Trust 0.149 (2.263*)
Sat Trust 0.129 (2.096*)
* sig at 0.05 level **sig at 0.01 level n=177
Re-run after dropping TRUST1
Link Path coefficient (t-stat)
R-square
Privacy Security 0.374 (4.816**) 0.140
Security Trust 0.357 (4.133**) 0.236
Privacy Trust 0.044(0.569)
Rep Trust 0.164(2.509*)
Sat Trust 0.096(1.609)
* sig at 0.05 level **sig at 0.01 level n=177
Table 7: Study 2 - Path findings via PLS analysis
4 Discussion and conclusions
Trust in the transacting entity has always been an important factor in any interactions involving
risk [Sheppard, 1998 #186]. In the context of buyer-seller relationships, marketing literature
finds that consumer trust in the transacting vendor is of utmost importance in order for the
consumer to accept the risk of transaction, financial or otherwise and the vendor’s reputation
and branding are known determinants of this trust [Doney, 1997 #38;Ganesan, 1994 #43].
There is no reason to believe that trust in the vendor will be any less important to the online
consumer and evidence to this effect has been presented by many later studies as well
[Jarvenpaa, 2000 #56;Lee, 2001 #190;Notenberg, 1999 #143;Keen, 2000 #192]. However from
an IS perspective it is important to explore if the underlying information technology
characteristics themselves contribute to variability in the overall consumer trust in a transaction.
32
Our research develops the constructs of perceived privacy and perceived security as the chief
determinants trust in the EC transaction after the trust in the vendor is accounted for. Evidence
from our first study shows that consumers exhibit differences in their perceptions of privacy,
security and trust between online and offline transactions even if these transactions involve the
same store. Our instrument also displays excellent measurement properties and establishes
perceived privacy and perceived security of EC transactions to be distinct constructs. Both our
studies confirm that while perceived security directly acts upon trust in EC transactions,
perceived privacy’s effect on trust is mediated by perceived security. From a theoretical
perspective, our study adds to the understanding of the multi-dimensional construct of trust.
McKnight et al [, 2002 #184 p.353] suggest that future research needs to understand the link
between institution-based trust and trusting beliefs in the vendor. In studying the overall trust in
a EC transaction and by controlling for trust in the vendor, our study proposes perceived privacy
and perceived security as antecedents of trust developed due to the nature of the institutional
infrastructure, i.e., the Internet. From the perspective of research in privacy, we address Culnan
and Armstrong’s [, 1999 #34 p.113] observation that “there is no validated scale to measure
overall privacy attitudes.”
This result has some interesting managerial implications as well; note that in our first study, even
when our subjects have actually purchased (i.e., conducted a financial transaction), they display
differences in their perceptions of privacy, security and trust. Hence it cannot be argued that the
role of trust in a transaction has implications only on purchase behavior. Evidence from earlier
work supports this view as it finds that even if credit card firms fully absolve any risk from
conducting a financial transaction, consumers still have concerns regarding their transactions
33
[Chellappa, 2002 #188]. We propose that the implications of the trust affected by perceived
privacy and perceived security plays a role in the nature and type of information that a consumer
is willing to share with the vendor. Culnan and Armstrong [, 1999 #34] observe that not only
does technology allow for a vast amount of consumer information to be collected during EC
transactions but they also point out the importance of acquiring this information for a vendor’s
survival in an increasingly competitive economy. This information is critical in forming bonds
with consumers and has been studied by literature on customization and personalization
[Chellappa, 2002 #187]. In the offline world it was impossible or simply uneconomical to
acquire this magnitude of consumer information, and hence bonding with customers was limited
to purchase characteristics. However, today an Amazon.com not only provides personalized
suggestions on the basis of purchase information but it can even include personalized coupons
created by looking only at the consumer’s browsing behavior. Data and Web mining
technologies allow online vendors to even distinguish between items that were simply looked at
versus those that were included in the shopping cart without actually being purchased.
Acquiring consumer permission to collect and use this information is crucial to fully understand
future product purchase preferences. Hence if consumers perceive the sharing of this
information to be not so secure or private, they are unlikely to allow the acquisition and use of
this information. Along these lines Culnan and Armstrong [, 1999 #34] also observe that
vendors can gain competitive advantage by improving upon the consumer attitudes towards the
privacy of their information.
Given that all vendors online today employ both the fair information practices and security
information practices in their online transaction the question to be asked is why do consumers
34
still exhibit lower levels or perceived privacy and perceived security? One can lean on literature
in public policy and risk management to seek some answers. It should be noted that the
disclosure notices and security principles are created on the basis of recommendations of experts
from both research and practice through their analysis and congressional testimony [US
Congress, 1997 #160;US Congress, 1997 #161]. Research in risk management argues that there
is a significant difference in the public perceptions and expert assessment of risks, particularly
technology related risks [Powell, 1998 #82]. Hence one possibility is that consumers do not
fully understand as to how the actions undertaken by vendors allay their risk. This may be due to
a “risk communication vacuum,” [Powell, 1997 #80] that represents the inability of conveying
technological risk and hence measures taken to mitigate them to the public. One way to address
this gap is through education and awareness programs such as those instigated by the
government during outbreak of E-Coli bacteria in hamburgers. Another way is for vendors
themselves to engage in education of the public and to some extent one can see this initiative by
credit-card issuers. For example, CapitalOne has employed television advertising effectively to
inform customers that it is ok to use their cards online as well. Thus an awareness program on
the efficacy of the protection mechanisms may be required if consumers have share their
information online and if personalization strategies have to succeed. Note that at no point in
time can a vendor afford to neglect his reputation as that is clearly a factor in the overall trust in
an EC transaction.
4.1 Limitations and future research
Our study suffers that same limitations as many other empirical studies in that “confirmatory
findings should be viewed as scientific findings only to the extent that they can be replicated in
subsequent studies,” [Stewart, 2002 #198 p. 45]. Further, our sample consisted of a convenience
35
sample of students and while this does not pose a major problem for internal validity, issues of
external validity may arise [Calder, 1981 #200]. Although prior research on privacy [Smith,
1996 #93] has used both student and non-students subjects and has found no significant
difference in general privacy concerns. As we were interested in the perceptions of consumers
who transacted online, the fact that everyone in our sample of users are familiar with and transact
on the Web poses no significant risk. However, less can be said on the perceptions of consumers
who have not used the Web.
Future studies can also take into account gender and other demographic variables as technology
use and possibly perceptions of security and privacy can be subject to gender biases [Venkatesh,
2000 #181], global and cultural biases [Straub, 1997 #182;Jarvenpaa, 1999 #55] and user
expertise [Farkas, 1989 #183]. Due to the limitations on collection of demographic and other
information on the student population, our study cannot make any observations along this
dimension. These dimensions may provide interesting recommendations on the difference in the
trust building mechanisms to be adopted for differing genders and cultures. Further, future
studies may also want to differentiate between risks in financial versus non-financial transactions
and consumer perceptions of privacy and security therein.
References
36
Appendix I
Survey Instrument
Perceived Privacy
1. I am confident that I know all the parties who collect the information I provide during a
transaction with this store.
2. I am aware of the exact nature of information that will be collected during a transaction
with this store.
3. I know what information I need to provide during a transaction with this store.3
4. I believe I have control over how the information I provide will be used by this store.
5. I believe I can subsequently verify the information I provide during a transaction with
this store.
6. I believe that this store will disclose my information without my consent R
7. I believe there is an effective mechanism to address any violation of the information I
provide to this store.
Perceived Security
1. I have confidence in the security of my transaction with this store.
2. I am confident that the private information I provide during my transaction with this store
will only reach this store.
3. I believe inappropriate parties may deliberately view the information I provide during my
transaction with this store R
3 Items in italics dropped R Reverse-scale item
37
4. I believe the information I provide during my transaction with this store will not be
manipulated by inappropriate parties.
5. I believe that inappropriate parties may store the information I provide during my
transaction with this store R
6. I believe this store will not expose the information I provide during my transaction to
inappropriate parties
Trust
1. I believe that my transaction with this store is likely to be safe.
2. My transaction with this store is likely to be reliable.
3. Many things may go wrong with my transaction with this store.1, R
4. This store will promptly inform me if any problems occur with my transaction.
5. I am confident that my transaction with this store will be transparent R
Reputation
1. This online store has a reputation for being reliable.
2. This online store is known to be dependable.
3. This online store has poor reputation in the market R
Satisfaction with past outcomes
1. I am satisfied in general with my transactions on the Internet in the past.
2. I have successfully transacted on the Internet in the past.
38