Professional Documents
Culture Documents
This manuscript has been reproduced from the microfilm master. UMI films
the text directly from the original or copy submitted. Thus, some thesis and
dissertation copies are in typewriter face, while others may be from any type of
computer printer.
In the unlikely event that the author did not send UMI a complete manuscript
and there are missing pages, these will be noted. Also, if unauthorized
copyright material had to be removed, a note will indicate the deletion.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
THE FLORIDA STATE UNIVERSITY
COLLEGE OF EDUCATION
By
MICHAEL KEHOE
Degree Awarded:
Spring Semester, 2002
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
UMI Number 3042024
UMI*
UMI Microform 3042024
Copyright 2002 by ProQuest Information and Learning Company.
All rights reserved. This microform edition is protected against
unauthorized copying under Title 17, United States Code.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
The members of the Committee approve the dissertation of Michael Kehoe
defended on January 25. 2002.
Charle:
Professor Directing
Dissertation
L eisiriy n n
Outside Committee Member
Brenda Pitts
Committee Member
Approv
2/h /a J .
Richard Kurikel, Dean. College of Education
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
I would like to dedicate this work to my mother, Carol Kehoe, for her
tremendous love and support throughout my life. Her unwavering belief in me has
been a true source of inspiration. And to my father. Jack Kehoe, for always believing
and helping me in the pursuit of my goals. And, to my family, who although not
always close in proximity are never far from my heart.
iii
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
ACKNOWLEDGEMENTS
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
TABLE OF CONTENTS
Abstract .................................................................................................................... ix
Chapter Page
1. INTRODUCTION .......................................................................... 1
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Research and In-Home Mail/Phone Order Shopping 65
Application to On-Line Shopping .......................... 67
Future of On-Line Shopping .................................. 70
Summary ............................................................................... 72
Statement o f the Problem .................................................... 73
Rationale ................................................................................ 73
Operational Definitions ....................................................... 74
Research Questions and Hypotheses .................................. 75
Significance o f the Study ..................................................... 79
Subjects ................................................................................... 80
Variables .................................................................................. 81
Independent Variables ............................................... 81
Dependent Variables .................................................. 82
Instrumentation ....................................................................... 83
Procedure ................................................................................. 84
Data Analysis ......................................................................... 85
Limitations ............................................................................... 87
Delimitations ........................................................................... 87
vi
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Human Subjects Committee Approval ................................... 118
vu
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
LIST OF TABLES
Table Page
2. Internet A ccess............................................................................................. 92
12. Correlation o f KNOW and On-Line Shopping Frequency (FREQ) ..... 104
viii
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
ABSTRACT
The growth and expansion o f the Internet and the World Wide Web continues to
impact society in new and amazing ways. What began as an informational tool for
universities has exploded into a "human social phenomenon” (Denning and Denning,
1998). The role of economic commerce has not been as dynamic as some predicted, but
has still demonstrated remarkable success and tremendous potential (Burke, 1997). Any
failure to meet some o f the expectations may be explained in large pan by questions and
concerns surrounding existing methods o f electronic commerce and o f the Internet itself.
A key negative perception centers on the security involved in Internet practice and
electronic payment systems. The lack o f an effective and trusted payment system that
can be used in conjunction with on-line shopping has been a limiting factor in the growth
o f Internet sales (Shon and Swatman. 1998). Consumers are hesitant to provide personal
information, including credit card details, over the Internet because o f high perceptions o f
risk and concerns with privacy (Aldridge, White, & Forcht, 1997; Culnan and Armstrong,
1999). Negative perceptions are then compounded and reinforced by massive media
exposure o f Internet security incidents (Jones and Vijayasarathy, 1998). From a lack o f
positive experiences and negative perceptions, many consumers still lack the necessary
trust in on-line merchants and Internet security procedures and continue to use the Web to
simply browse (Pitkow and Kehoe, 1996; Wintrob, 1995; Booker, 1995).
ix
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
This paper provides an overview o f electronic commerce and the impact o f risk
and trust on on-line shopping consumer behavior. Due to the growth and potential o f on
behavior (Lewis, 1995; Rao, 1996), there is a tremendous need for impartial, academic
investigation into the behavior and perceptions o f on-line consumers. The present study
collected data on the perceptions o f risk and trust in relation to perceived risk, on-line
merchants and Internet security technology from a student sample at a large southeastern
university. The data were then analyzed using descriptives and parametric analyses.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
CHAPTER 1
INTRODUCTION
phenomenal rate and numerous technological advancements have had tremendous impact
on society as a whole. The automobile revolutionized the way in which people traveled.
The telephone made it possible for individuals on opposite ends o f the continent to carry
eliminated the threat of diseases such as smallpox and polio and other medical
advancements have had dramatic effect on life expectancy and quality o f life. Man has
even taken steps on the moon and built satellites that send back unbelievable images from
the farthest reaches of space, continuing to fire the dreams and inspiration o f successive
generations.
The latest product o f technology continues to impact society in new and exciting
ways. The Internet, which began as an informational tool for universities, has exploded
into a “human social phenomenon” (Denning and Denning, 1998). Today’s users are
a convenient banking branch, a highly accessible library complete with vast stores o f
knowledge and information, a forum to share ideas and thoughts with anyone and
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
everyone, a shopping outlet with an incomparable selection o f products, and a means to
travel and see the world without ever leaving their home. The possibilities seem to be
The arrival o f Tim Bemers-Lee’s trio o f programs that comprised the World Wide
Web (WWW) on the Internet in the summer o f 1991 (Schwartz, 1997) marked the start of
one of the most dynamic and tumultuous times ever in the global business world. This
movement was further promoted that same year when the National Science Foundation
(NSF) ceased financial support for the Internet, causing networks to become privately
operated and opening the door for commercial interests (KJzza, 1998; Caskey and Delpy,
1999). The Internet has since become a tool o f business with potential still undetermined.
Individuals and corporations alike have attempted to grasp the immense possibilities of
this new era in technology and gain some perspective on its potential applications for the
A brief glimpse at the statistics gives the observer a notion o f the sheer magnitude
o f growth of the network. In 1998. the U.S. Commerce Dept, reported an estimated 100
million people were currently on-line and that Internet traffic was doubling every 100
days (Caskey and Delpy, 1999). The fiscal year 1995 produced an estimated S20 million
in revenue from Internet transactions (Rosner, 1995), fiscal 1996 produced an estimated
S560 million in Internet sales (Burke, 1997), and business to business electronic
commerce (EC) was projected to surpass S I75 billion in fiscal 2001 (Shaw, 2000). The
UCLA Internet Project (2001) found that the number o f Americans on-line had risen
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Despite impressive growth in the number o f host computers and users, actual
Internet sales figures have fallen short o f some original predictions (Jones and
Vijayasarathy, 1998). The failure to meet some expectations may be explained in large
part by numerous aspects involving existing methods o f electronic commerce and o f the
Internet itself. First, as previously mentioned, the Internet was originally developed as an
information-sharing and research network and, as such, was not designed with security as
underlying protocols, little thought was given to the issues o f privacy and security
because all information was freely provided to anyone interested (Shon and Swatman,
1998; Denning, 1998). The success o f the Internet itself has been attributed to the open
exchange o f information and ideas and ready access to the masses - characteristics that
run completely counter to the basic objectives o f sound business practice, where
information must be protected and individuals granted access only when necessary
(Liddy, 1996). A message sent across the Internet may be routed through several
different networks with each new network presenting an additional security risk (Forcht,
Second, although the number o f host computers and users is increasing daily, not
everyone has access to the Internet. User retention is an issue that concerns a number o f
up study and found that 21% o f those who had Internet access in the initial study no
longer had access 7-S months later. A major reason for the reduction in users was
students leaving a university situation and free Internet access. Kingsley and Anderson
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
users who have had extensive opportunity to experience the Internet and decided to
discontinue access. Additionally, the authors point out that the individuals leaving the
commerce would like to see a rapidly expanding market rather than one where numbers
with the retention of customers as well as the recruitment o f new ones, and therefore any
Finally, slow sales growth in Internet sales can be directly associated with
standpoint, limited bandwidth leads to heavy congestion and slow connection speeds
(Kingsley and Anderson, 1998; Aldridge, et al., 1997; Jarvenpaa and Todd, 1997). The
method o f shopping involves technology that is new and unfamiliar and many consumers
do not yet have the level o f experience and comfort necessary to make a purchase (Cox
and Rich. 1964; Zikmund and Scott, 1973; Caskey and Delpy, 1999; Ratnasingham,
1998a). Many companies have blindly entered cyberspace without the prerequisite
information and skills necessary and have only succeeded in wasting precious resources
A key negative perception centers on the security involved in Internet practice and
electronic payment systems. “However successful, the use o f the Internet as an accepted
technology has been hampered by the lack o f security, either real or perceived” (Liddy,
1996). The lack o f an effective and trusted payment system that can be used in
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
conjunction with on-line shopping has been a limiting factor in the growth o f Internet
sales (Shon and Swatman, 1998). Consumers are hesitant to provide personal
information, including credit card details, over the Internet because o f concerns with
privacy (Denning and Denning, 1998; Aldridge, et al., 1997; Culnan and Armstrong,
1999) and fraud (Dinnie, 1999; Caskey and Delpy, 1999; Kizza, 1998). Negative
reinforced by massive media exposure o f every Internet security incident (Jones and
Vijasayarathy, 1998; Kasperson, et al., 1988). As a unit, these factors likely explain a
great portion o f why most consumers still prefer the Internet for information searches
rather than purchases (Pitkow and Kehoe, 1996; Pope, Brown, and Forrest, 1999; Booker,
1995; Wintrob, 1995). The objective o f site operators and Internet marketing
practitioners is to identify and address the causes for concern o f the sizable percentage of
Internet users who are still hesitant to purchase over the Internet.
The incredible explosion o f Internet interest and expansion has created a virtual
environment that progresses and evolves at an extraordinary rate. Although exciting and
adventurous as a user, the dynamic nature o f the Internet can make it difficult to measure
the impact and effect o f marketing strategy (Deighton, 1997). An analysis o f failed
business ventures on the Internet will illustrate to the current marketer that there are
Numerous failures are the result o f marketers attempting to apply the lessons learned
from conventional advertising directly to the Web (Kiani, 1998). The relatively short
existence o f Internet business practice does not offer much experience for administrators
to base marketing decisions upon (Rowley, 1996) and the constant change makes it
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
difficult to conduct an in-depth, long-term investigation (Jones and Vijayasarathy, 1998).
A contemporary marketer must take what has been learned from previous consumer
behavior research and modify these models to account for the differences and intricacies
As mentioned, one o f the most significant concerns o f users involves the negative
that would apply to this concern are risk and trust. The concept o f risk was introduced as
early as 1960 (Bauer, 1960) and the concept o f trust has received a great deal o f attention
in recent years (Ratnasingham, 1998a). Research has demonstrated that perceived risk
can be extended to the store (Cox and Rich, 1964; Dash, Schiffman, and Berenson, 1976;
Hirsch. Domoff. and Reman, 1972; Spence, Engel, and Blackwell, 1970) as well as to the
method o f shopping (Cox and Rich, 1964; Schiffman, Schus, and Winer, 1976; Simpson,
and Lakner, 1993). As a result, the concerns o f privacy and fraud and their effects on
perceived levels o f risk and trust apply both to the virtual business and to the technology
that supports the ordering and payment systems utilized in on-line shopping. The
elements of risk and trust are valid concerns for both the manufacturer and the consumer
for all transactions conducted over the Internet. A major obstacle for companies that
conduct business on the WWW is the need to gain the trust o f potential consumers.
research findings. Although the Internet has been described as “a difficult place to do
serious business" (Poon and Swatman, 1995) and few sites have been able to report a
profitable Internet operation (Caskey and Delpy, 1999), sport-related websites are among
the most popular. An Intelliquest Worldwide Internet poll reported that 52% o f on-line
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
users surveyed had visited a sport-related website within the past month (“Industry
Spotlight: Sports on the Web”, 1998) and ESPN’s website, Sportszone, is consistently
among the 25 most trafficked sites ("Top drawing Traffic Sites”, 1997). Additionally,
(“Quickee Profile”, 1998), are male, well-educated, mid-30’s, and affluent. This profile
matches remarkably well with that o f typical visitors to sport sites such as
This paper provides a brief overv iew o f electronic commerce (EC) followed by an
examination o f the concerns and mechanisms o f EC security. The paper concludes with
an examination o f risk and trust and their relationship to EC. The purpose o f the paper is
security. With Internet commerce figures showing great promise and the popularity and
whether they are meeting their objectives and what modifications might be necessary. If
research studies and statistical proof are not available in the near future to give credence
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Review o f the Literature
Depending on your view, the Internet and the WWW may be considered the
ultimate business domain, perfectly designed for commercial exchange (Flanagan, 1994).
Others have suggested that the Internet is essentially a social place for the exchange o f
information and ideas. Proponents o f this view are generally not in favor o f the growth
or the intrusion of business practice on the Web (Laquey, 1994; Frost, 1994). It would
appear, however, that these business practices are here to stay. Maignan and Lukas
(1997) list four distinct functions o f the Internet: 1) a source o f information; 2) a place or
functions transcend the boundaries o f personal use and business application and reach
into nearly every comer of an individual's life. Added to these Internet functions, now, is
a world of virtual commerce. The Internet provides the modem consumer with resources
and options as never before. .And yet, with the potential benefits come unique concerns
and risks.
The area o f electronic commerce and Internet shopping is a relatively new arrival
to the world of retail and sales growth has been slower than some anticipated, although
encouraging (Jones and Vijayasarathy, 1999; Burke, 1997; Birch, 1997; Rowley, 1996;
Foo, Leong, Hui. and Liu. 1999). In order to capitalize on the vast market potential o f the
Internet, there is a critical need for marketers to investigate consumer perceptions o f on
line shopping (Jones and Vijayasarathy. 1999). Concern exists over results o f many
surveys and studies o f consumer demographics and user characteristics as a large part of
existing research has been conducted by parties with “distinct commercial interest” in the
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
results (Lewis, 1995). A consistent theme throughout the research is a consumer concern
over the security and risk involved in on-line shopping (Pope, et al., 1999; Ratnasingham,
1998b; Fumell, Dowland, and Sanders, 1999). “However successful, the use o f the
Internet as an accepted technology has been hampered by the lack o f security, either real
or perceived” (Liddy, 1996). The future success o f the Internet as a viable mechanism
for successful commerce depends not only on the development o f safe and effective
Internet payment systems (IPS), but also on the education o f consumers and the alteration
existing electronic payment systems (EPS) and Internet security concerns. This is
followed by a review o f the consumer behavior literature involving the variables o f risk
and trust. The review concludes with a discussion o f the development o f risk perception
Electronic Commerce
Business trends are telling forecasters what intuitively most already know. The
presence. Commercial domains are the fastest growing segment o f the Internet and
business operations comprise the bulk o f traffic on the WWW. The majority o f Fortune
500 companies already operate on the Internet and thousands o f companies register new
domain names for the first time every month (Cronin. 1996). Rayport and Sviokla (1995)
clearly state the point: “Every business today competes in two worlds: a physical world
o f resources that managers can see and touch and a virtual world made o f information.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
The latter has given rise to the world o f electronic commerce” (Rayport and Sviokla,
1995, p. 75).
A number of factors have contributed to the incredible growth o f the Internet and
the WWW. Kahle and Meeske (1999), Rowley (1996) and many others identify several
major characteristics o f the technology that make this medium attractive to the marketer
and the consumer alike. First, since the Internet origins are as an information-sharing
technology, it is an extremely effective tool for information access and storage. The
Internet is fast and efficient. With the proper equipment, and if the user knows where to
look, information access can be virtually instantaneous. This feature allows an individual
to follow, in real-time, either stock market figures or the score o f a sporting event. The
technology also provides for a great deal o f convenience. Information can be accessed,
communications can be sent and received, and products can be ordered and delivered
providing a personalized service or product. For example. Gateway computers will allow
the user to design an individualized computer package that fits the consumer’s needs.
The user chooses from a variety of options and an associated price is generated for the
specifications. The consumer has the opportunity to manipulate options and prices to
develop a package that meets personal specifications (n-wu-. satewav.com). The customer
actually becomes an active participant in the production o f the product (Blattberg and
Deighton. 1996).
10
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
From a business operations standpoint, there are several more features changing
business perspectives. The cost o f operating a virtual business is considerably less than
the costs o f overhead in a traditional setting. The falling costs o f business software
programs are offsetting normally high costs o f billing and collections (Birch, 1997). In
daily business operations, companies can utilize the Internet to reduce the cost o f inter
ability to ease the burden on such expenses as private-line networks, faxes, and
messenger and overnight courier services (Cronin, 1996). Rayport & Sviokla (1995)
describe benefits associated with the “redefining o f economies o f scale” that will allow
small firms competitive pricing in markets against large companies. The global reach of
the WWW also allows the smaller organizations to reach markets that would have been
and transmitted globally. Indirect cost savings can be credited to reduced transaction
costs, avoidance o f distributor slotting fees, and more effective use o f advertising
resources. The monthly cost to operate a website can be as minimal as twenty dollars a
month and involve simply getting listed with a directory in Yahoo!, Lycos, or some other
web browser. Finally, many companies whose trade is information have demonstrated
substantial cost reduction in the cost o f production. For example, Fidelity Investments as
11
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
a result o f direct distribution over the Internet has claimed savings in the millions of
eBay.com. The company has no structural storefront and its only public shopping area
exists in cyberspace.
and conducting electronic commerce over the Internet center around three main
categories. These categories are connectivity, technical concerns, and Internet payment
systems (IPS). Connectivity is the ability o f a company to establish Internet links with
other businesses and the target markets. Undoubtedly, network connectivity links in the
currently there are major connectivity gaps in Internet access. First, only a small
the Internet and many o f the companies, in comparing cost outlay with potential benefits,
could extend into personal use o f the Internet in the home. One study reported that, of
the 2500 respondents from a national phone survey, only 8% reported being current
Internet users. 8% reported being former Internet users, and 69% reported having heard
o f the Internet, but never being a user (Katz and Aspden. 1997).
than 60% o f all the computers registered worldwide were located in the U.S. This can be
attributed to the fact that difficulties and cost o f establishing a connection outside the
12
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
U.S. are magnified (Cronin, 1996). In the U.S., the cost o f access to the Internet is
charged at the rate of local telephone services and this has aided the expansion o f markets
and services. In addition, in the U.S. and U.K., there has been an extensive network of
there are high costs associated with Internet access due to national monopolies o f
Technical concerns would cover the problems associated with the development
and operations o f a website. Unless the company has the knowledge and expertise in-
house, a consulting firm will have to be hired. As with other forms o f technology,
or additional positions created to operate and maintain new systems. A huge technical
concern is the bandwidth that the site will operate on. The decision over which Internet
Service Provider (ISP) to conduct business with will determine whether the site operates
leads to a longer amount of time required to access or download files. ISP’s with greater
bandwidth connections operate at a quicker rate, but are more expensive. McEachem &
O ’Keefe (1998) compare this decision to the location o f a business being “just off the
highway” or “up a back road.” Levels o f congestion continue to increase and the
resulting slower connections are o f great concern. Coupled with the added traffic o f a
13
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
(Rowley, 1996). A future concern is the uncertainty o f cost o f domestic Internet access
The last inhibiting factors are the concerns with the collection o f payments over
the Internet. Numerous early payment methods have been developed in an attempt to
meet the demand for a safe and effective payment mechanism. Most have utilized the
services o f existing credit card companies, in one manner or another. However, no single
method has become the standard and the lack o f universally accepted standards o f
payment has limited growth (Shon & Swatman, 1998; Ratnasingham, 1998). The
collection o f small value transactions, or micropayments, has been difficult as the cost
per transaction of most methods has not been feasible (Glassman, Manasse, Abadi,
Gauthier, and Sobalvarro, 1995;. The greatest concerns are associated with security
unsolicited mailing lists (65%), merchant legitimacy (59%), and lack o f data privacy
(57%). These concerns are extremely consistent throughout the literature as reasons
consumers have given for not shopping on-line (Jones and Vijayasarathy, 1998; Aldridge,
et al„ 1997; Rowley, 1996; Pope, et al., 1999; Stone and Gronhaug, 1993; Caskey and
Delpv, 1999; Ratnasingham, 1998b; Kizza, 1998) and for using the Internet primarily as a
tool for gathering information and browsing (Booker. 1995; Wintrob, 1995). Additional
concerns expressed for in-home shopping include a concern over substandard products
14
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
(Kizza, 1998) and difficulty in returning or exchanging merchandise (Simpson and
Lakner, 1993).
methods is the belief that the channels that the information passes through are not secure
More recent security measures implement cryptographic technology to scramble the data
and make it unintelligible to eavesdroppers, but the negative perceptions o f weak Internet
security procedures remain. Consumers are fearful o f the interception and misuse or
Unsolicited Mailing Lists - The term “spamming” has come to represent the
1995). The electronic version o f “junk mail,” many consumers have expressed
annoyance at the frequency of the messages. Attempts to mass market through the use o f
e-mail by organizations have been met with instant and decided disapproval from on-line
users. “Flames” are complaints directed at businesses that have breached the unwritten
code o f the Internet and most companies learning their way around the Internet are often
eager to avoid these types of reactions (Teague, 1995). As a result o f these methods,
many consumers are hesitant to distribute their e-mail address, much like an unlisted
telephone number. This causes a problem since many on-line shopping businesses will
15
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Merchant Legitimacy - An attractive feature to some is the anonymity provided
by the Internet. However, from a business standpoint, this feature represents an inherent
danger. Consumers may not be entirely certain that the site provider is a legitimate
business and not an illicit operation. Unless the consumer is dealing with a recognized
company or has some other form o f assurance that the merchant is legitimate, he/she may
not be willing to provide personal information and/or credit card details. Once the
information has been sent over the Internet, the consumer has no assurance that the
account will not be charged without ever delivering the goods. Additionally, bogus
schemes and cons, like pyramids and "get rich quick” promises that have been used in
Lack of Data Privacy - In addition to the issue o f misuse and abuse o f credit
card information, consumers are also concerned with personal information such as
addresses, telephone numbers, and purchasing habits. In some cases, companies have
and purchasing patterns (Ratnasingham. 1998a; Culnan and Armstrong, 1999). Other
consumers simply worry that the personal information provided to companies will at
some point be displayed on a website for anyone to access (Caskey and Delpy, 1999).
demonstrated that many consumers are wary o f ordering products sight unseen. They
experience concern about the inability to inspect the merchandise in advance and about
the inability or difficulty associated with returning the merchandise for a refund (Simpson
and Lakner. 1993; “Light mail order buyers surveyed”, 1987). In some cases, the
16
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
consumer may believe they are ordering a product o f a certain quality, but actually
The physical world o f money has been changing for a number o f years. Through
the use o f checking accounts, credit cards, debit accounts, automatic payroll deposit, and
payment drafting, the majority o f money that a person earns and spends is often never
seen as hard currency. Rather, the individual tracks finances through figures and
balances on statements and computer screens. “Money has become, in recent years, an
commerce is a relatively new concept and the Internet is helping dictate change in the
often from a remote location. Businesses realized quickly that existing systems o f
payment would be unable to meet the security concerns o f conducting trade over the
Internet and the development o f electronic payment systems developed rapidly (Shon and
Swatman. 1998; Panurach, 1996). The most efficient method o f payment for this type of
transaction is through the use o f a credit card account. However, as previously discussed
many consumers have been unwilling to transmit these details over open Internet
are the real trigger for the expansion o f electronic commerce” (Birch, 1997). Current
payment systems as they apply on-line commerce include: house accounts, third-party
17
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
based systems, SmartCard based systems, secure Webserver based systems, electronic
House Accounts - These accounts simply require the consumer to place a deposit
into an account separate from the on-line application. For example, the consumer could
call the company or mail a payment to the company. When the deposit is received, the
consumer receives a password and/or PIN in order to access the account. The cost
associated with items ordered is deducted from the account balance. All financial
transactions are undertaken separate from the ordering process and the account can be
independent third party to verify the identities o f the two negotiating parties. Known as
trusted third parties (TTP’s ) or certification authorities (CA’s), these entities provide
some measure of protection from fraud for both the consumer and the retailer (Liddy,
1997; Wilson, 1997). In 1994, FirstVirtual (FV) bank arrived on the scene and was one
of the earliest systems o f secure payment on the Web. FV’s success was due in large part
to its simplicity (Buck, 1996). The system did not require extensive technology and
simply used basic electronic mail (e-mail) messaging. The consumer established an
account with FV using a credit card to secure a personal profile. In return, FV issued the
client a Virtual PIN. The consumer would give the PIN to the manufacturer who then
sent an e-mail message to FV indicating the consumer PIN and amount o f purchase.
electronically mailed to the client to ensure authenticity o f the order. Only when the
18
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
client had confirmed the purchase did the credit card exchange with the merchant take
By acting as the third party, FV provided the consumer with a means o f security
and provided identification verification for both parties. The security o f the transaction
was guaranteed because the details o f the credit card transaction were never transmitted
over the Internet (Crede, 1996). Through the Internet, the consumer has worldwide
reported a global figure o f 13 million acceptance locations and partnership relations with
SmartCard based systems - These card-based systems are also known as stored
value cards and are similar to pre-paid phone cards. The latest generation o f SmartCard
technology utilizes a microchip to provide security. The stored value can be spent
anywhere by inserting the card into a reading device at the point o f purchase (Richards,
1996). Some types o f cards are disposable while others are associated with accounts that
can be replenished. Once the limit is depleted, the consumer must contact the company
Users have the ability to transfer funds in a variety o f ways. Through the use o f an
“electronic wallet” containing a microchip, the consumer can transfer funds from their
"wallet” to their card or to another card. The UK has installed the first 1000 Mondex-
compliant telephones and the first 250 Mondex compliant public pay phones to enable
the user to transfer funds via the telephone (Birch, 1997). Ideally, funds can even be
19
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
transferred over a network, as long as a communications channel can be established
approximately 400 million were distributed in 1996. The expansion into the U.S. market
began on a large scale at the 1996 Olympic Games in Atlanta. An estimated 300,000
rechargeable cards and 700,000 disposable cards in denominations o f S25.00, S50.00, and
SI 00.00 were issued (Birch, 1997). An attractive feature o f these methods is that all
into existing ATM technology and networks (Crede, 1996). It has been pointed out that
all o f these methods indicate a trend o f the future is currency that has become “fluid and
global” (McEachem and O ’Keefe, 1998, p. 245). The use o f the technology seems to be
a good match for American spending habits since it is estimated that 88% o f transactions
are completed by cash or check and that 83% have a transaction value o f less than SI 0.00
(Birch, 1997).
based payment systems lies in the concept that both the consumer and the merchant must
use the same Webserver for the transaction (Shon and Swatman, 1998). The Webserver is
information to outside viewers and secures the connection. The most well known
20
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
security protocols are S-HTTP and SSL, which will be discussed in more detail later in
the review.
digital cash have also been introduced. E-cash is one system that is the virtual
equivalent of traveler’s checks. The purchaser sends payment to the issuing bank which
returns equivalent E-cash credit. A distinct advantage o f digital cash is that, like hard
currency payment, the consumer may remain anonymous. These systems are extremely
secure in that they implement several security techniques, including digital signatures and
cryptography (both o f which will be discussed shortly) and are extremely difficult to
forge. However, one drawback is that the tokens are uninsured. In a worst-case scenario,
in which both the customer’s hard drive and the bank’s system were to go down
simultaneously, the bank would have no way to establish a link between the credit and
demonstrated, there is a large proportion o f small value transactions that comprise the
bulk o f transactions in the U.S. Combined with the fact that credit card transactions often
include a high cost per transaction fee, a number o f payment systems have been
specifically designed to avoid the high transaction fees and capitalize on the market
Transfer Protocol (MPTP), and Millicent (Shon and Swatman, 1998). For example,
Millicent limits the cost per transaction by minimizing the amount o f information sent
across the network and avoiding expensive security procedures. This is accomplished by
implementing components called scrip and brokers. Scrip is the account that a customer
21
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
establishes with a single vendor that is used one time and disposed of. The assumption is
that by keeping transaction amounts low and not reusing scrip, the likelihood and
scrip requires a security number known only by the customer. Independent brokers are
used to control the accounts o f the customers and vendors and handle the actual exchange
vendor software as a control mechanism against potential illegal activity on the part of
Internet Payment Systems (IPS) are electronic payment systems (EPS) used in
conjunction with electronic commerce conducted over the Internet. Several studies have
collected survey data from the individuals who conduct virtual business in order to
establish criteria important for the operation o f IPS (Shon and Swatman, 1998; Buck,
1996; Panurach, 1996). The collected data reveal a number o f significant characteristics
or attributes that consumers and vendors feel are important for an IPS to be an effective
tool. Although every study did not compile the exact same list o f variables for system
effectiveness, the findings were relatively consistent. The list is not organized in order of
importance and some o f the indicators may overlap somewhat in scope (e.g. Anonymity /
22
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
3) Acceptability - IPS should be accepted at a wide variety o f vendors, merchants,
and banks.
4) Accountability - transactions must have the ability to be accounted for.
5) Anonymity - the ability to conceal the identity o f the consumer if desired.
6) Authentication - the ability to verify the identities o f the users o f the system.
7) Customer Support - the system should be able to assist customers electronically at
little or no cost whenever necessary.
8) Duration o f Transaction - the time needed for the transaction process should be
minimized as much as possible.
9) Convenience - the system should be user friendly and should be almost as easy to
use as physical currency.
10) Fungibilitv - funds should be easily exchanged between the parties conducting
business.
11) Flexibility - the operating system should support different kinds o f IPS.
12) Functionality - the system should be able to perform numerous operations that
might be critical to the transaction process.
13) Irrefutability - the ability to ensure that the payments cannot be refuted at a later
point and are binding.
14) Legal Certainty - the payments conducted with the IPS should be legally accepted
and binding.
15) Low Fixed Costs - the amount o f expense on the part o f the consumer and the
vendor to operate the system should be minimal. For example, costs could be
related to setup, equipment, infrastructure, or operations.
16) Low Transaction Cost - cost per transaction must be as near to zero as possible
just like hard currency.
17) Portability - the ability of the IPS to operate with remote access.
18) Privacy - the ability to protect the privacy o f the information transmitted.
19) Profitability - the overall cost-effectiveness o f the system should be reasonable
for operation.
20) Regulatory Framework - the regulation o f the system by enforcement agencies
must be accounted for.
21) Reliability - the system must be considered trustworthy by both consumer and
merchant.
22) Responsibility - the IPS must be held responsible for any fraud, data security, or
data privacy intrusion as a result o f IPS operation.
23) Scalability - the operations o f the system should avoid routing o f information
through a small number or congested networks. In other words, the ability to
avoid “bottlenecks” should be taken into account.
24) Security - the system must have secure operating procedures to protect the details
o f the transactions and parties from illegal activity.
25) Traceabilitv - the system must have the ability for transactions to be traced or
backtracked, especially in episodes o f illegal activity.
26) Transferability - customers must have the ability to transfer funds in both
directions. In many cases, merchants may also be consumers.
27) Universality - a standard interface should allow use from any location globally.
23
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
28) Unobtrusiveness - the system should have the ability to fit into the daily
operations o f an individual’s life with little inconvenience.
Shon & Swatman (1998) surveyed six major groups involved with IPS in an
attempt to determine if the desired effective criteria were consistent across all groups.
that two primary concerns consistent across all groups were security and reliability. Each
individual transactions and a desire for an IPS to integrate with existing networks to be
that adequately adapts to the level o f service desired for the transaction and is flexible
enough to avoid bottlenecks and slow response time. Merchants are looking for a cost-
effective system to encourage consumer use without high associated merchant cost.
Regidators, as one might expect, expressed a need to be able to trace transactions for
performance and acceptance since each procedure is expensive to setup and provide.
Finally, in the response most applicable to the review, the consumers were
concerned with security details and low transaction costs. It has been theorized that, in
order for an IPS to be accepted by consumers, the transaction costs must not be more than
traditional payment systems (Shon and Swatman, 1998). Additionally, the effectiveness
indicators are likely to vary as the value o f a transaction changes. For example, a
consumer may desire speed and efficiency more for a transaction value o f SI.00, but be
24
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
more concerned with security and privacy for a transaction o f SI 00.00. Other research,
such as Panurach (1996), suggest that the most important factor to consumers is the wide
acceptance (universality) o f the system and the ability to integrate the IPS with existing
networks in which they already conduct business (e.g. credit cards, ATM systems, etc...).
Security
The fact that the Internet is extremely open and easily accessible is both a strength
and a liability for electronic commerce. The Internet was designed for the free exchange
o f ideas and information and not with secure transmissions in mind. Security is one o f
the most challenging and critical issues facing an organization today. An organization
must decide what information is to be protected, who should have access, and whether
business, it opens the possibility of tremendous reward and realistic risk o f criminal
intrusion. The same channels that open the door for commercial exchange also open a
window for a myriad o f potential crimes. Verity (1995) states the problem very clearly:
The perceived lack o f security o f Internet operations on the part o f the consumer has
limited the growth and potential o f Internet commerce. These perceptions are based on
25
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
real situations o f system corruption, fraud, theft, and viruses that have occurred with early
The security incidents that have occurred involving Internet operations have been
response of many administrators and executives has been a public stance that the security
of their systems is intact. This denial that security incidents can occur is a primary
contributor to the problem itself (Anderson, 1994). In an attempt to reassure the public,
management has often ignored the existence o f critically poor security procedures for
their systems.
Businesses are starting to realize that security is a critical necessity. One has only
to look at recent statistics to see reason for serious concern. The 2nd Annual Global
Information Survey' was conducted by Ernst & Young and compiled responses from 4254
Information Technology (IT) managers from 29 countries and across all industry groups
(Dinnie, 1999). Fifty-seven percent (57%) o f companies say that security risks are higher
than the previous year, compared to only 4% that say they have reduced. Seventy-five
but only 30% o f the companies have formal IT policies and only 23% provide awareness
training to their employees. Nine out o f ten organizations (90%) rated their own security
as “poor” and 43% rated the security o f their Internet services provided as no better than
26
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
As early as 1992,1.2 million intrusions were reported (Forcht and Fore, 1995)
and the number o f intrusions into government, business, and university computer systems
increased 344% between the years o fl9 9 3 and 1995 (Keating, 1996). A federal law
enforcement estimate placed a figure o f SIO billion annually in on-line theft o f data in the
U.S. One expert estimates that 85-97% o f all system break-ins are never detected and, of
the few that are, even fewer are reported fearing bad press and a negative public image o f
budgetary concerns. The Ernst & Young survey indicated 45% o f companies surveyed
do not even have budget allowance for information security (Dinnie, 1999). A 1996
report indicated that 59% o f the companies surveyed indicated they lacked human
resources to focus on more security and 55% indicated an inadequate budget to support
will have to operate within specific budgetary limitations, but the issue should not be
senior management to decide what level o f risk is acceptable and budget adequate
resources for a consistent level o f security throughout the entire system (Dinnie, 1999).
electronic commerce immeasurably safer. Some feel that techniques and innovations like
firewalls, cryptography, and digital certificates and signatures have made Internet
commerce as secure as traditional payment methods (Buck, 1996). Still others have
27
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
speculated that the adoption o f these technologies will make Internet commerce even
" There will never be a totally secure computer system because the
security o f a system depends on the intertwined security o f its 3 basic
components: software, hardware, and humanware. Hence, the only
known secure system is one that has no contact with the outside
world, no modem connections, no network connection and is
completely closed as in a bunker, but such a system would be useless "
(Kizza, 1998, p. 59).
Principles o f Security
Security can be defined as any “act to prevent the unauthorized use, access,
alteration, and/or theft of property and physical damage to property" (Kizza, 1998, p. 58).
property. A strong security system must detect potential illicit activity as well as
minimize the potential negative effects that can be sustained. It is naive for an
organization or top administrators to think that their computer system will not be
attacked. O f the companies represented in the Ernst & Young security survey, 16% o f
the firms had suffered, or believed they had suffered, at least one intrusion through the
Internet (Dinnie, 1999). Kizza (1998) identifies the three principles o f a sound security
security systems rely on a strong perimeter security, but do not require the same degree of
security for access points within the system. As a result, if an attack can find a loophole
or window into the system, once entry has been gained, the entire system is vulnerable.
28
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
The strength o f security for the entire network is only as strong as that o f its weakest
point (Forcht, et al., 1995). Additionally, the more options and capabilities that the
Webserver offers and the more flexible the site, the greater the potential for attack
assumption that an attack is inevitable. The system should be constantly reviewed for
potential problems from both internal and external sources. The rapid advancements of
outstanding rate. The company may not even realize that the system is out-of-date until it
is too late (Kizza, 1999). Even though an analysis o f security incidents indicates that a
high percentage o f problems come from an insider attack or employee error, most
organizations are still more concerned with external attack (Dinnie, 1999).
Finally, an organization must have a contingency plan in place ahead o f time to react to
an attack. The system o f recovery to update files or secure connections and eliminate
security gaps should have as little detrimental effect on normal business operations as
Internet Crime
at the same pace as the growing sales figures for electronic commerce. On March 5,
1999, the Computer Security Institute released the findings from its Computer Crime and
Security Survey conducted in conjunction with the San Francisco Bureau FBI Computer
Intrusion Squad (Computer Security Institute, 2000). The study was based on 95
29
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
respondents representing corporate interests throughout the U.S. The findings showed
that 96% o f the organizations were operating a site on the Internet and 30% o f those sites
access or misuse was reported by 20% o f the respondents within the previous 12 months
and 33% responded with an unsettling “Don’t Know.” For the third consecutive year,
cases of system penetration increased with 30% reporting instances. The percentage of
networks that reported their site as “a frequent point o f attack” increased from 37% in
1996 to 57% in 1999. Also, for the third consecutive year, financial losses exceeded
and financial fraud totaled S39,706,000.00 by 27 respondents. The types o f attacks that
were specified by the report are listed, followed by the percentages o f respondents that
reported incidents o f that type: vandalism (98%), denial o f service (93%), financial fraud
(27%), and theft o f transaction information (25%) (Computer Security Institute, 2000).
An understanding o f the motives and attractions o f the criminal attacks can help
security professionals detect and prevent computer intrusions. Rubin (1996) identifies
seven characteristics of the Internet that make it fertile ground for illicit activity.
dramatically reduced the time required to transmit and/or receive extensive files
of digital data. As a result, the time required to illegally access and copy vast
2. Anonymity. The privacy that the Internet provides allows virtual criminals a
shield from regulators and enforcement agencies. Even if the attacks are detected,
they are generally routed through several different servers to inhibit tracking
30
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
which makes identifying the criminals an extremely difficult prospect.
Additionally, the attacks may be made from anywhere in the world and, at the
present time, there is no single authority to deal with Internet crime incidents
across international borders. Rubin (1996) also discusses the aspect o f “moral
digitally and can be stolen without being removed. Copies of the original
document or data may be made while maintaining the impression that nothing has
changed. Access logs of files can be traced for signs o f irregular activity, but
careful attacks may even alter the log files to make detection even more difficult.
whenever we break down the efforts o f our opponents or the walls o f the
1996, p. 37). Criminals may attack specific sites just because they are there or
simply to see if they can. Coupled with the anonymity provided by the computer
and a minimal chance of being caught, a successful intrusion may have more
users has dramatically increased the potential for computer attacks. Additionally,
many o f these new access points have minimal or under-strength security systems.
The fact that many o f these systems can be invaded with little effort and the
effects can have broad and far-reaching effects can fill the intruders with a “sense
31
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
o f amusement” and power. This realization o f power over others may even turn
6. International scope. The influence o f the Internet is global in reach and the
different methods depending on the motives o f the attack. All attacks identify and
exploit some weakness o f system security. As mentioned, some attacks are relatively
harmless intrusions where the individual may be just curious or looking around in
cyberspace. Other types o f attacks may be more damaging and have well conceived
intent. Each computer attack will be unique due to the differing security systems
encountered and the individual abilities o f the attacker. Some o f the major categories
Internet, the file is broken down into small segments, or packets, o f information
and sent in this manner. When the packets arrive at their destination,
the file to its original form. Some attacks will utilize a packet sniffer, which is a
32
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
server for files with specific characteristics. One example may be searching
transmissions for data strings that match credit card numbers. This passive
that the primary objective is to gather information, which may or may not have
been the original intent o f the attack. The main difference between the
as they pass through a network, while snooping involves illegal entry into a
objective may be simply curiosity or the attacker may have a specific intent for
what is being searched. When the attacker locates information o f interest, the
stored somewhere else on the Internet. Unless the security system is effectively
monitored, the attacker may enter, locate and transmit files, and leave without
ever being noticed. The copying o f the information does not alter the content at
^ •*
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
deleted. An extremely dangerous version o f this type o f attack is when the
intruder manages to gain root access to the system. With root access, the
attacker assumes total control and becomes able to access and alter any file
within the system. Denning and Denning (1998) describe two cases in which
the motives for the tampering were vandalism and personal amusement. In the
first case, attackers gained entry into the Department o f Justice website. The
home page was replaced with a separate page containing a swastika and a nude
photo. The second incident was an attack on the New York City Police
Department. Hackers gained access to the phone system and changed the
message that callers receive to the following: “ Tom have reached the New York
City Police Department. For any real emergencies dial 1-1-9. Anyone else,
we re a little busy right now eating some donuts and having coffee " (Denning
and Denning, 1998. p. 35). Often times, the attackers will then alter the log
4. Spoofing. This type o f attack has the attacker impersonating another user or
legitimate user, the attacker can gain entry to the system with this information.
Once connected, the attacker has access to all o f the user files and e-mail
messages. By gaining entry at one point, the attacker can then make attacks
against other systems while continuing to shield his/her true identity and
location.
34
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Each computer that is connected to the Internet has an individual Internet
system, the user can then pose as a legitimate access point to gain entry. In
extreme cases, attackers have managed to gain access to a site and establish a
system in which all network traffic, to and from a particular site, was
intercepted. By posing as the company, the attackers were able to edit all
products they do not have, to collect and charge credit card accounts, with no
requesting a system connection. When the system responds to the requests, the
messages have included fake IP return addresses and the host systems computer
memory begins to fill with information about the connections that were unable
35
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
flooded the host system, there is no room for legitimate users to log on and the
7. Viruses and malicious code. Attacks in this category typically involve the
network connection, an e-mail message, or a floppy disk. The term viruses and
computer code is often not an entire program, but rather a fragment o f code that
is written to attach itself to application type programs. They are usually self-
replicating, which allows them to be spread from system to system, and become
activated when the application program to which they are attached is started.
Some of these attacks are merely a nuisance to the user and may be nothing
more than the addition o f a footer to each document created. Others, however,
are more destructive and could cause devastating damage to a system’s hard
drive or computer files. For example, the Michelangelo virus rewrites the initial
with the intent of extortion. The information is not destroyed, but unless the
company pays the attackers to receive the decryption key, the information
In a business transaction conducted over the Internet, both the consumer and the
manufacturer face the very real possibility that the party at the other end is
36
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
misrepresenting themselves. Each side o f the transaction faces the possibility o f
receiving fraudulent information. The consumer requires some guarantee that the
organization truly exists, the product will be delivered, and any personal information
disclosed will be secure and protected. The manufacturer desires assurance that
consumers are whom they say and that payment information is legitimate. For a
successful virtual business transaction, there are seven conditions that must be satisfied
from a standpoint of security (Grant. 1996; Shon and Swatman, 1998; Ratnasingham,
address. Both parties of a transaction must prove they are whom they say. Physical
devices, such as keys or credit cards, may be used for verification. Verification also may
passwords or a mother's maiden name, often used with credit card verifications.
use o f a signature, fingerprint, or picture identification. The use o f a third party is often
comprised o f the procedures for determining whether a user has the right to access
enterprise on the Internet sell access to a product or information available through the
membership to an entertainment site. In either case, the business will provide the user
with some means o f identification to access the product. Usually, the consumer will
37
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
select a username and a password that will authorize entry into the private areas o f the
site.
consumer at their convenience. A process for legitimate access to the services should be
made possible from remote systems as well as from the user’s primary' access point.
Also, the user wants the assurance that the information will be available at a later date.
4. Integrity. The issue o f integrity focuses on the potential for information sent
being intercepted, altered, and resubmitted. Paper documents are more difficult to tamper
with, but computer data are easily altered. (Wilson, 1999). Even the use o f a third party
can not absolutely guarantee that this did not happen. However, encryption technology
and third party intermediaries heighten the level o f confidence o f consumers and
manufacturers.
receiver o f on-line transactions. Electronic mail can be altered to change the apparent
sender (Grant, 1996) and IP spoofing procedures allow messages to be sent from a false
address. Traditionally, a written signature on paper is binding, but with the lack o f face-
to-face interaction in the virtual world, this is often not possible. Techniques for
nonrepudiability prevent a party from later denying a transaction happened. Once again,
6. Privacy. The possibility that an attacker could illegally enter a system and
intercept information is relatively high. Too many companies have inadequate security
networks to prevent such intrusions. At this time, the volume o f business transactions on
the Web is fairly small when compared to the total volume. However, most companies
38
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
hold the view that as the volume o f business transactions grows, so will the threat to
privacy and the frequency o f criminal acts. When a user commits to a commercial
transaction over the Internet, personal information is disclosed to the company. The
personal information could lead to the development o f false identities for criminals and
such as SSL and S-HTTP (discussed later in the review), have been developed to ensure
privacy o f transmissions.
7. Confidentiality. The user expects not only that the technology is adequate to
secure the transmission and protect the information, but also that the organization
maintains proper internal controls and will not sell information, such as names, addresses,
and purchasing habits, to other companies. The information should only be available to
Denning captures the essence o f Internet security in the following statement: “It is
never possible to achieve 100% security. Systems are too complex. Humans make
mistakes. Unanticipated events arise. New technology arrives before its security
implications are fully understood” (Denning, 1998, p. 50). In the battle against Internet
crime, a variety of security techniques have been developed. Due to the rapid pace o f
security methods and experts must attempt to keep pace. Present techniques range from
39
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
the very simple and inexpensive to the latest high-tech cryptographic design, depending
The foundation o f any security system should begin with common sense and
education o f employees. The term social engineering refers to the technique used by
many attackers o f obtaining vital information for the attack by talking to employees of
the targeted company (Denning and Denning, 1998). The individual will call the
enforcement agency, or some other individual with a legitimate need for secure
information. They will act as if they have forgotten a password or login information or
pretend to be having problems accessing from a remote location and ask for help. If the
“helpful” employee is not aware o f this style o f attack, the individual is often provided
with all the information needed to launch a successful attack and no technical expertise is
even required. In other cases, simple human error might give an attacker the opening or
strict security plan will minimize this threat. A comprehensive security plan should be
developed at the organizational level and at the departmental level. Guidelines for lost or
forgotten passwords and remote access should be developed and enforced. Services or
operations that are not currently in use should be turned o ff since dormant programs are
often targeted by attacks (Foo, et al., 1999). As part o f the overall plan, an organization
should also conceive a contingency policy in the event o f an attack. Finally, once in
place, the security system should be routinely and closely monitored (especially the
audits and access logs) for unusual or suspicious activity and should include a periodic
40
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
review and update. The proper training and awareness o f the “human” factor is often the
cheapest and most effective part of any security plan (Aldridge, et al., 1997).
Beyond the basic outlines o f employee training and policies, access restrictions to
incidents are the result o f an insider attack (Bernstein, Bhimani, Schultz, and Siegel,
1996), particular attention should be placed on access controls for networks, secure files,
transaction records, and hardware devices. With regards to remote use or consumer
availability, access restrictions are generally accomplished with the use offirewalls and
passwords. Firewalls are computer gateways that traffic must pass through. By
establishing a firewall, an organization can restrict entry to a secure area to users with
legitimate access. Most often, a system o f usernames and corresponding passwords are
used to pass through the firewall. However, if the usernames and passwords are not
encrypted, the information can be intercepted as it is transmined. Also, the length o f time
that a remote user is connected to the system may be relatively long, which gives an
attacker ample opportunity to intercept traffic. The final element to a complete security
program is the use of a cryptographic program design to support and facilitate the other
Cryptographic Technology
The terms, encryption and cryptography, are often used interchangeably and refer
developed that transposes information into digitally coded data. A 64-bit encryption
41
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
scheme uses 64 numbers to represent each alphanumeric character in the message being
sent. The longer the key, the more alphanumeric characters are used, which results in a
more secure transmission. The message is scrambled using the algorithmic code,
plaintext form, once received. In this manner, even if the message is intercepted during
transit, it would be unintelligible without the proper “key” to decode it (Denning, 1998).
The premise is for crypto-system developers to stay one step ahead o f the existing
technology that could be used to break the codes, ostensibly by continuing to increase the
Cryptographic designs have two basic types: single key, symmetric cryptography
and public-key, asymmetric cryptography. In single key systems, the same confidential
key is used by all parties to code and send messages and to decode and authenticate
messages received. However, the longer a single-key system is used and the more parties
that have possession of the key, the more vulnerable the system becomes to attack, since
security depends on the safekeeping o f the key at all locations. Public key systems utilize
a "private” key, which is kept under tight control, and copies o f a “public” key, which are
distributed as needed. The two keys are mathematically linked, in which one key is used
to encrypt the data and the other is used to decrypt it (Bhimani, 1996). The security of
the system relies on one-way mathematical exponentiation that is easy to perform if you
have the correct information but impossible to undo (Beth, 1995). In both types o f
systems, the mathematical functions are intensive and are performed by computer
application. The only technical responsibility on the part o f the user is the safekeeping of
the key, which can be stored on a disk or, ideally, on a SmartCard (Wilson, 1999).
42
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Encryption provides the answer to virtually all o f the security criteria with the
exception of availability (Wilson, 1999; Liddy, 1996). If the message is intercepted and
altered in any manner, the mathematical function will not work and tampering will be
evident. Thus, data integrity is insured. With single key systems, the security issues of
acceptable as long as the copies o f the key are kept secure. However, if any copy o f the
key is lost or stolen, these security issues are all compromised. With public key
technology, it is of critical importance that the private key be kept under tight control.
Additionally, for the purposes of authentication, the system should be able to match
public keys with users. Through the use o f digital certificates and digital signatures,
additional mathematical functions that can be added to the end o f transmissions, a third
party can validate identities o f the parties involved in a transaction (Bhimani, 1996).
Authentication o f transactions and identity has long been associated with symbols such as
signatures, seals or organization letterhead; digital signatures and certificates are simply
With new and inexpensive methods o f encryption technology, public key systems
are becoming standard features for business operations and software (Liddy, 1996;
Wilson, 1999). In the discussion o f the findings from Ernst & Young's 2nd Annual
Global Information Survey, the authors write: “We would consider data encryption to be
without employing at least a basic level o f encryption” (Dinnie, 1999, p. 117). Although
far from the answer to all security issues, public key cryptography is a valuable weapon.
The central issue for IPS is security o f transmissions and it has been suggested that
43
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
“developers easily and quickly overcame problems with security by applying encryption
techniques” (Shon and Swatman, 1998. p. 208). Some would argue that commercial
transactions conducted with this technology are actually safer than some purchases made
in person or over the telephone, because the sale can be verified before it is even made
A number o f factors that surround public key technology have inhibited total
acceptance into the marketplace. First, numerous forms o f similar technology have been
developed and a small number of universal standards will have to be adopted. Next, the
necessary infrastructure to support a widespread system does not exist. The current
will have to expand and develop the necessary support systems. Also, the level o f
Businesses are having to hire or train the necessary personnel as well as modify methods
governments and enforcement agencies and consumers and organizations about the types
and levels o f encryption technology permitted. The problem is that the same technology
that permits secure transactions for commercial or government purposes can also be used
by criminals for illegal activities. The controversy predates the arrival o f the WWW and
the Internet and dates back to 1977 when the U.S. government passed the Data
44
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Encryption Standard, requiring all government data and systems utilize 56-bit technology
(Anderson, 1994; Denning and Denning, 1998). Regulations limited the strength, or bit
length, o f encryption technology permitted for export to 40-bit, with a maximum o f 56-
bit under special circumstances. In August 1995, the Clinton administration announced it
would allow the export o f 64-bit software encryption if key recovery procedures were
met (Denning, 1998a). Then, in January 1997, the U.S. Commerce Department
bit length for specific financial use. The U.S. government has since relaxed regulations.
The policy o f the U.S. government on domestic versions has been to prevent the
use o f systems that are stronger than it can break or have access to the “private” key in
escrow. Internationally, South Africa (1986) and the Netherlands (1994) backed off
policies attempting to ban public cryptography after serious pressure from banks, utilities,
broadcasters and oil companies resulted (Anderson, 1994). The argument from the
commercial sector is that if the strength o f code is weak enough for the government to
electronic commerce, but it can not stand alone. The adaptation o f encryption has
received a great deal o f attention and interest and may be perceived as the solution to all
security problems with EC. Denning and Denning (1998) point out that this is a
advantage o f elements that cryptography can not control. The strongest encryption
program designed is useless if an attacker can bypass the system or find a loophole in the
45
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
overall security framework. Security system deficiencies can be the result o f a number o f
different factors.
not guarantee secure operations. An organization must assume that, sooner or later, an
criminals with better equipment and ideas that might make a system obsolete overnight.
Access logs and audits should be checked regularly for suspicious activity. Unnecessary
2. Poor password policies and control. Policies for the selection and
guess passwords make a system extremely vulnerable, especially with the ability to write
(Denning, 1998b).
needs o f each organization are unique, the security solutions will differ according to the
situation. The proper configuration o f file permissions and access privileges must be
designed to allow legitimate users access to the necessary areas while limiting access to
areas in which they are not granted access. Security loopholes may occur by granting
access to critical files to the wrong individuals or by failing to restrict access at all. Tight
46
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
initial verification. Without additional internal security mechanisms (each o f which
makes the system more complex and loopholes more likely), an attack has access to any
files or services once entry has been gained. The more dynamic and complex the
operating system, the more difficult it becomes to protect (Aldridge, et al., 1997).
flawed design in the applications being run. Both Microsoft and Netscape, who are
responsible for approximately 90% o f the Web browser market, have experienced
situations in which their products contained serious security problems (Kizza, 1998). The
Netscape flaw allowed attackers to access files on the hard drive o f any user operating
Netscape Navigator Version 4.0. Microsoft Windows 95 and Windows NT Explorer 3.0
and 3.1 allowed remote access of user programs to an attack without the host ever being
aware of access being granted. In both cases, an attack had the capability to launch
viruses or trapdoors to facilitate the attacker’s return. Many o f the flaws present in
program design have been attributed to the pressures felt by program designers. Due to
the extremely short shelf life o f software products, shortcuts are taken in an attempt to get
Since most Internet payment systems (IPS) utilize the services o f existing credit
card capabilities, it should come as no surprise that Visa and Mastercard were involved in
the development o f the existing technology. When it became apparent that there was a
need for these types o f systems, both companies responded to the problem immediately in
an attempt to gain competitive advantage as the sole provider o f secure transactions over
47
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
the Internet. Visa allied with Microsoft while Mastercard joined forces with Netscape.
After a brief competition, both sides soon realized that the best option would be to merge
ideas and develop a combined product. The result was a hybrid encryption technology
protocol for credit card transactions called Secure Electronic Transactions, or SET
Two encryption methods commonly used are Secure Sockets Layer (SSL) and
conjunction with two o f the leading Web browser manufacturers at the time, Spry and
Spyglass, presented S-HTTP. Netscape was responsible for SSL and, realizing that
cooperation would enhance the position o f both groups, efforts were combined.
Netscape, Spry, and Spyglass then teamed up with IBM and Apple to form a new
company called Teresa Systems. The prime directive o f this new organization was to
develop a common set of standards that would allow a company to adopt either S-HTTP
or SSL, but have the ability to support both (McEachem and O ’Keefe, 1998).
It has been theorized that the main limiting factor for EC is the perceived lack o f
(Birch, 1997), and that EC will grow “exponentially” as more advanced technology is
developed (Kizza, 1998). Some even suggest that with the widespread application o f
technologies such as SET that Internet commerce will be the safest way to shop (Fumell,
et al., 1999).
48
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Risk and Risk Perception
Ever since Bauer (I960) introduced the concept o f perceived risk to the social
sciences, researchers and marketing practitioners have been attempting to apply the
concept to predict consumer behavior. A review o f the literature shows that perceived
risk has been analyzed in relation to such areas as information search (Gemunden, 1985;
Locander and Herman, 1979; Zikmund and Scott, 1973; Lutz and Reilly, 1973), brand
preference and loyalty (Roselius, 1971; Hirsch, et al., 1972; Peter and Ryan, 1976),
purchase decision-making (Cox and Rich, 1964; Pope, et al., 1999; Zikmund and Scott,
1973; Perry and Hamm, 1968), personality traits (Zikmund and Scott, 1973; Peter and
Ryan, 1976; Schaninger, 1976; Brody and Cunningham, 1968), and methods o f risk-
handling (Cox and Rich, 1964; Cox, 1967; Peter and Ryan, 1976; Dowling and Staelin,
mediums, has also been investigated (Pope, et al., 1999; McCorkle, 1990; Cox and Rich,
1964; Festervand, Tsalikas, and Snyder, 1986; Hawes and Lupmkin, 1986; Korgaonkar,
1982; Spence, et al.., 1970; Akaah and Korgaonkar, 1988). A “fundamental problem” of
difficult for broad application and comparison o f the research findings (Pope, et al.,
1999).
Risk Defined
49
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
conscious deliberation o f the pros and cons o f each option. The individual simply
assesses the situation, immediately weighs potential alternatives, makes a decision, and
acts accordingly. The entire process may be as simple as whether or not to switch lanes
while driving on the highway or whether to go to the bank at lunch or after work. Lopez
(1987) theorizes that risk and security are "counter concepts” and have an inverse
relationship. An individual desires safety and security, but must accept risks as part of
Bauer (1960) proposed that risk includes an element o f uncertainty and the
consequences that are associated with each course of action. Theoretically, the consumer
will follow the option that is perceived to have the most favorable outcome. However,
the probability o f perceived outcome for a purchase situation is unknown (Cox, 1967;
Cox and Rich, 1964). Each situation will also differ in the degree o f perceived risk. The
amount o f risk that a consumer will experience is a function o f two variables: the amount
failure (Cox and Rich. 1964). Conceptually, something can only be gained if something
else is risked (Luhmann, 1993). The amount at stake is that which will be lost if the
situation is not successful or if the wrong choice is made. In a purchase situation, the
amount at stake is tied to the buying goals o f the consumer (economic, physical,
psychological, etc...) (Cox and Rich, 1964). The inability to act, or the act o f doing
nothing, will carry its own set o f consequences. The feeling o f subjective certainty
consumer feels very strongly that a purchase is the correct decision, the corresponding
level o f risk will be small. Additionally, research indicates that the feelings o f subjective
50
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
certainty and risk assessment are context-dependent (Bierman, Bonini, and Hausman,
inherently subjective. The same purchase situation when presented to two different
individuals may result in two very different levels o f risk perception (Murphy and Enis,
19S6). “The ‘true’ or ‘actual’ probabilities o f loss are not relevant to the consumer’s
reaction to risk insofar as past experience is the basis for present perception. The
consumer can only react to the amount o f risk she actually perceived and only to her
subjective interpretation o f that risk” (Cunningham, 1969, p. 84). Perceived risk is the
involving technological considerations, Starr (1969) posed the question, “How safe is
If the consumer perceives the level o f risk associated with purchasing a product or
service as too high, he/she will not complete the transaction. The consumer may initiate
risk-reducing behaviors to account for the high levels o f perceived risk (Gemunden,
1985). The consumer may either reduce the amount at stake or reduce the perceived
uncertainty o f the situation. Reducing the amount at stake may be accomplished by such
main way in which a consumer will reduce levels o f uncertainty is by seeking more
commercials and advertisements, news reports, on-line consumer groups and bulletin
boards, and newspaper and magazine stories (Zikmund and Scott. 1973).
51
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Some research suggests that individuals will attempt to mediate levels of
perceived risk in different ways. Peter and Ryan (1976) theorize that individuals’ unique
personalities are the key factor. The authors research findings suggest that consumers
who are highly “risk averse” perceive purchase situations more in terms o f potential
losses than gains. Also theorized is that the probability o f loss and the importance o f loss
are unique phenomena to individuals. This would help explain why individuals have
subjective levels of risk perception. Research has demonstrated that high risk-perceivers
Perspectives on Risk
The psychological perspective on risk centers on the notion that has been
presented that the perception of risk is what is important and whether or not it reflects
reality is irrelevant. Once the consumer makes an assessment as to the level of risk
associated with a situation or product, the evaluations become difficult to change. Often
times, individuals will form strong opinions with limited information. As new
information is presented, the initial human reaction is to want to accept new evidence that
supports the original perception and reject that which is contrary (Leiss and Chociolko,
1994). Any undesirable effects that are associated with a specific cause are important,
regardless o f whether there is a true cause-effect relationship. Mazur (1987) and Plough
and Krimsky (1987) suggest that this focus is also the major weakness o f the
52
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
individual risk perceptions and make comparisons. Additionally, perceptions can be
altered by pre-existing biases and personal limitations that may skew one’s view o f
reality (Kahneman, Slovic, and Tversky, 19S2). Renn (1989) demonstrated that risk
perceptions differ considerably between social and cultural groups. Intuitively, this
seems to make sense since individual perceptions are affected by one’s personal
Included in this view o f risk is the belief that personality characteristics will differ
and are unique to each individual. The work mentioned earlier by Peter and Ryan,
(1976), with “risk averse” consumers, and by Zikmund and Scott (1973) and McCorkle
(1990), with high and low risk-perceivers, lies within this domain. A number of
researchers have examined the variation in personal preference o f the amount o f risk that
Tversky. 1970; Lopes, 1983; Luce and Weber. 1986). Kahneman and Tversky (1979)
propose that people are risk-averse if the amount at stake is high and are risk-prone if the
possible rewards are high. The following contextual variables have all been shown to
have an impact on the magnitude o f risk perception: the catastrophic potential o f loss,
familiarity with the risk, the potential to blame others for failure, and pre-existing
attitudes about the source o f the risk (Slovic, Fischoff, and Lichtenstein, 1981; Vlek and
Stallen, 1981; Renn, 1989; 1990; Covello, 1983). The last category would include
actor concept. The key to this viewpoint is that any action taken by an individual is
53
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
standard o f basic economic theory and analysis as well, where it is believed consumers
with full information will behave according to their own best interests (Freeman, 1986;
Sen, 1977). Jungermann (1986) further stipulates that all consumer motives are
subjective in nature and decisions are made only after weighing the options with regard to
these motives.
Early studies on risk, such as the work by Spence, et al. (1970), viewed risk as a
regardless o f the situation presented. Subsequent studies have attempted to separate risk
into related, but independent, components. The results are relatively consistent in
identifying six components o f risk, or predictor variables o f the overall criterion variable
of risk (Roselius, 1971; Jacoby and Kaplan, 1972; Zikmund and Scott, 1973; Stone and
Gronhaug. 1993; Mitra, Reiss, and Capella, 1999; Stone and Mason, 1995; Pope, et al.,
1999). These six components may vary in exact terminology, but relate to the same
concepts:
1. Financial Risk. Financial risk is associated with not receiving value for the
amount paid or with paying more for a product than was necessary (Roehl and
consistently rated as having the greatest importance to consumers (Kwon, Paek, and
Arzeni, 1994; Minsall. Winaker, and Swinnev, 1982; Winaker and Lubner-Rupert, 1983).
The financial cost o f making a bad purchase decision is also the most common
association made when the concept o f risk is presented (Cox and Rich, 1964).
54
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
2. Physical Risk. Physical risk covers the potential for a service or product to pose
risk. This covers the concern that a product or service will not meet performance
expectations of the consumer or will not match the advertised product specifications
(Bauer, 1960). This type of risk would cover the fears o f on-line consumers who are
possession o f the product will not match the personality o f a consumer and how they
perceive themselves. These are concerns that an individual has about himself or herself.
5. Social Risk. Similar to psychological risk, social risk instead covers the
concerns resulting from others. Social risk describes the fear that a product or service
will not convey the proper image to others or that might make the consumer self-
conscious.
6. Time-Loss Risk. This type o f risk is associated with the amount o f time required
six components and whether or not the six-component model sufficiently covers the
criterion variable o f risk. Jacoby and Kaplan (1972) argue that each o f the six
components represent independent risk dimensions o f their own. Other studies suggest
that each component is related to the other components in varying degrees and each
contributes some percentage to the whole in terms o f the criterion variable o f risk.
55
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
However, the exact percentage of contribution by each component will vary from
individual (Stone and Gronhaug, 1993; Pope, et al., 1999). Research findings have varied
somewhat in their results in terms o f explained variance by the six variable model. In
Jacoby and Kaplan (1972) more than a third o f the variance was unaccounted for. Stone
and Gronhaug (1993) were successful in capturing 90% o f the explained variance, but
Pope, et al. (1999). only managed 70%. These varied results support the argument that
the criterion risk model is lacking a component(s), since the degree o f unexplained
Trust
than gaining and maintaining the trust o f consumers. High levels o f trust and positive
information-sharing that enables EC to operate (Hart and Saunders. 1997). The key issue
is that developing positive trust relationships, which can prove difficult in normal
business operations, is made even more difficult simply by the nature o f the medium.
56
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Analysis o f Trust
Trust, like risk, has been discussed for several decades and has been analyzed in
history, sociobiologv, and economics (Lewicki and Bunker, 1996). With its application
to the various fields, trust has been defined in many different ways. It has been described
as the act o f committing to an exchange before it is known how the other party will act
vulnerable to another with the expectation that the other will perform a particular action.
Deutsch (1960) identifies three elements that must be present in a situation for
trust to occur. First, there must be some degree o f uncertainty about future course of
actions. Second, the actions of the parties involved in the situation must have the ability
magnitude than the potential positive outcomes. Schlenker, Helm, and Tedeschi (1973)
identify three similar elements for the same scenario. These must be a risky situation
present with uncertain outcomes. There must be cues present to provide the parties with
some way to measure probabilities o f outcomes. Finally, the individual must demonstrate
the trust literature are the elements o f uncertainty o f future outcomes, presence o f risk in
the situation, and the willingness o f parties to act in accordance with expected actions on
57
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
In a purchase situation, the consumer must enter into the trusting relationship with
the merchant. Arrow (1973. p. 24) states “typically one object o f value changes hands
before the other one does, and there is confidence that the countervalue will in fact be
given up." Ratnasingham (1998a) further points out the importance o f the presence of
risk factors by suggesting that trust is only relevant in a situation where the consumer has
no control over the situation and stands to lose something o f value. Stated another way,
no trust is needed for a consumer to enter into action if there is nothing to lose and only
something to gain.
trust is the trust that a consumer places in past experience. Brand loyalty and reputation
specific qualities about the product or company. Thomas (1991) relates this type o f trust
to taxi-drivers who must make a quick judgment about whether to pick up a potential fare
based on the setting, the physical appearance and dress o f the individual, and the way that
the individual acts. Since there may be no previous experience with that individual, these
characteristics may be all the driver has on which to base a decision. Website attributes
trust encompasses the trust that a consumer would associate with formal institutions or
geographic distance that is possible between consumer and merchant and the large
number o f transactions that are likely make institutional-based trust o f great importance
to EC. The main factor seems to be that it allows the consumer to place trust in
58
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Levels o f Trust
trust (Lewicki and Bunker, 1996; Shapiro, Sheppard, and Cheraskin, 1992;
Ratnasingham, 1998a; 1998b). Each level of trust is prerequisite to the next level in the
relationship.
early stage o f any relationship (Shapiro, et al., 1992). At this point, trust is still being
developed and is. therefore, quite fragile. Consistency of partners, in acting according to
expectations, is extremely important. Little has been invested and little would be lost if
that occurs is a comparison o f the values associated with continuing the relationship and
the potential value that could be obtained by ending it. At this level, brand or product
loyalty has not been established and the consumer may compare the offers or benefits
company seems more beneficial, the consumer may end the relationship with the first
company to begin an association with the second. Progress is often slow and open to
influence from outside factors. The relationship is developed between two parties, but
the interaction, opinions, and gossip o f third parties could prove very powerful. “T rust is
by definition interpersonal, but rarely private” (Burt and Knez. 1996, p. 69). The term
deterrence-based trust is used because, at this level, behavior is often mediated by the
threat of punishment. In an economic sense, the punishment would be the loss o f the
relationship and the time, effort, and resources spent in building it (Ratnasingham,
59
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
1998b). On the part o f the consumer, the investment is not great and the threat may not
be all that important if negative factors are of sufficient magnitude (Lewicki and Bunker,
1996).
and experience to predict behavior of the other. This knowledge leads the individual to
anticipate trustworthiness in the actions o f the other (Lindskold, 1978; Rotter, 1971). For
confidence in the merchant. The more experience that a consumer has, the better able
that he/she can accurately predict the behavior of the merchant, thus increasing trust
(Shapiro, et al.. 1992). The greater the level o f information (past experience) and the
more frequent the interaction, the stronger the trust. Hirschman (1984) makes an
needs o f each party. The understanding is developed to the point that one party could act
or speak for the other (Lewicki and Bunker, 1996). Kramer (1993) discusses the type of
identification-based trust in which an individual may identify with the beliefs or goals of
Decline o f Trust
Trust relationships are dynamic and evolving entities that may fluctuate over time
(Lewicki and Bunker. 1996). The application o f trust to economics implies that when
60
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
consumers place trust in merchants, an assumption is made that the merchant will act in a
dependable manner and fulfill commitments (Cummings and Bromiley, 1996; Mishra,
1996). However, every relationship is likely to have situations in which the expectations
o f one party or another are not met. Inconsistent behavior on the part o f the merchant
could take many forms, from the relatively minor to severe, and could include such things
even fraud. Minor problems that occur infrequently are not likely to have serious effect
on the trust relationship. However, erosion o f the trust relationship can occur over time if
the problems persist. At the calculus-based level, these types o f problems undermine the
confidence o f the consumer in the organization and make it difficult to build trust. Other
loyalty has likely been established and the consumer may react with more understanding,
giving the merchant more latitude. However, the consumer is likely to harbor some
Bunker. 1996). If the trust violation is severe enough, all trust may be eliminated
In the practice of law. the terms risk and trust are often used interchangeably
(Williamson. 1993). In the social sciences literature, there is little question that it is
important to understand risk and how it applies to trust, but there is some debate as to
61
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
exactly how these two concepts are related (Blau, 1964; Coleman, 1990; Griffin, 1967;
Good, 1988; Lewis and Weigart, 1985; Luhmann, 1988; March and Shapira, 1987; Riker,
1974; Schlenker, et al., 1973; Kee and Knox, 1970; Mayer, Davis, and Schoorman, 1995;
Ratnasingham, 1998a; 1998b). The presence o f risk has been shown to be a necessary
ingredient for the development o f trust, but one does not need to risk anything in order to
trust. One must, however, take a risk to engage in trusting action (Mayer, et al., 1995).
Furthermore, trust is not involved in all risk-taking behaviors. An individual may have
no trust whatsoever, but be forced into risky behavior. Risk is necessary for trust, but it is
the presence of trust that allows people to enter into risk-taking behaviors (Ratnasingham.
1998b; Mayer, et al., 1995). Research has demonstrated that as levels o f trust decrease, a
risk, is the same as risk, or is a by-product o f risk. In their model, the authors propose
that the level of trust is compared to the level o f perceived risk in a situation before a
decision is made on the course o f action. The action is undertaken only if the level of
trust exceeds the level o f perceived risk. This work builds on the assumption o f studies
by Williamson (1993) and Blau (1964) that the willingness to engage in risk-taking
that meets the needs or desires o f the public. The essence o f commerce is the provision
62
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
o f a product or service that meets these needs or desires in exchange for compensation.
Companies, products, consumers, and services will continue to change, but the essence o f
commerce will remain the same. At its most basic level, commerce can be viewed as a
Internet and on-line shopping simply adds another variable to the overall economic
equation.
have consistently illustrated the presence o f at least six components o f risk: financial,
practitioners require a better understanding o f the factors that influence the components
o f risk to be able to effectively apply this information. To this end, researchers have
examined the effects of numerous variables on the levels o f perceived risk in consumers.
Several studies have documented findings that risk perception is greatly reduced
if prior experiences in purchase situations have proven successful (Simpson and Lakner,
1993; Festervand, et al.. 1986; Schiffan. et al., 1976; Cunningham and Cunningham.
1973). It would seem that as the level o f uncertainty required for risk is reduced, so too is
the level o f risk perceived by the consumer. Bauer (1960) and Cox and Rich (1964)
telephone shopping. The results suggested that the degree o f perceived risk acted as a
deterrent to ordering products by telephone. New products and companies present a risky
63
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
situation that is unique. Consumers have no basis o f prior experience to draw upon,
which elevates levels of uncertainty and perceived risk. Early research in catalog
shopping has indicated that early adopters demonstrate a high “willingness” to take risk
and have been shown to possess high needs for achievement, change, exploration, and
breaking down a product into a number o f variables, the researchers were able to attach
Bauer. 1967; Lutz. 1973; Roselius, 1971; Peter, 1976; Hirsch. et al., 1972). A consumer
may attempt to reduce the level of perceived risk in a purchase situation by searching for
a brand that he/she has conducted business with and has experience to draw from,
concerning product quality and merchant legitimacy. When Cox and Rich (1964)
risk perception), the two most common responses were being able to identify products by
brand, color and size and purchasing a product they are acquainted with or had used
before.
Even if the consumer has no prior experience with the brand or company, simple
brand recognition has been shown to reduce levels o f perceived risk over unfamiliar
brand names. The presence o f a recognized manufacturer's name gives the product
source credibility and reduces risk perception (Akaah and Korgaonkar, 19SS; Mitra, et
al.. 1999: Hovland. Janis. and Kelley (1953). Endorsements and guarantees are
64
Reproduced with permission o f the copyright owner. Further reproduction prohibited without permission.
techniques that businesses have used to reduce levels o f perceived risk in potential
consumers and have achieved mixed results (Simpson and Lakner, 1993; Dash, et al.,
1976; Hirsch. et al., 1972), with some findings suggesting an unfavorable response by
consumers (Roselius, 1971). McCorkle (1990) suggests that the relative ineffectiveness
credibility, and hence, a lack of confidence in the guarantee. Other researchers suggest
that guarantees satisfy only financial risk and do not account for the physical, functional,
Due to the relatively recent arrival o f the Internet and on-line shopping, limited
consumers. Much of the research that has been conducted has focused extensively on
consumer demographics and much o f the research has been conducted by parties with
"distinct interest in their outcome*’ (Katz and Aspden. 1997, p. 172; Rao, 1996; Lewis,
these consumers to have a higher than average income and a head o f household with a
higher than average level of education (Cunningham and Cunningham, 1973; Gillett,
1970; Lumpkin and Hawses, 1985). Katz and Aspden (1997) found similar characteristics
o f Internet users in their sample (n=2500 respondents) in which 66% o f the respondents
had a BS degree or better and 59% reported a household income over S50,000.00 U.S.
average Internet user as “well educated” and “affluent” (e-Marketer. 1998). Enough
65
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
purchase situation similarities exist between in-home catalog shopping and on-line
shopping that many organizations have looked for answers from catalog-shopping
al., 1991); predominant use o f credit card payment mechanisms (Shon and Swatman,
1998; Buck, 1996); and. the presence o f numerous risks not found in store-based
Spence, et al. (1970) identified three factors that cause consumers to perceive
mail-order shopping as high-risk. First, the consumers do not have the ability to
physically examine the product. Second, if the product was unsatisfactory or damaged,
there is greater difficulty in returning the merchandise for a refund or exchange. Finally,
consumers have demonstrated concern involving the business practices o f some mail
order companies. Multiple studies have supported the authors’ position with findings that
consumers perceive greater risk in shopping by mail than when compared to a store (Cox
and Rich, 1964; Festervand. et al., 1986; Korgaonkar, 1988; Akaah and Korgaonkar,
1988; Hawes and Lumpkin, 1986). Some studies found that in-home shoppers perceive
less risk than non-in-home shoppers (Cox and Rich, 1964; Schiffan. et al., 1976), which
would seem to support the position that experience lessens the uncertainty and risk
perceived in a situation. Consumers have compensated for the higher risk perceived in
mail-order shopping by purchasing products and brands with which they are familiar
(Akaah and Korgaonkar. 1988; Mitra. et al., 1999; Korgaonkar, 1982; Simpson and
Lakner. 1993: Roselius, 1971), by purchasing products o f smaller value (Cox and Rich,
66
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
altogether (Cox and Rich, 1964; Gillett, 1970; Lumpkin and Hawes, 1985). Kwon, et al.
(1991) indicated that catalog shoppers perceived the following four risk components in
Studies have also been able to attach risk to the shopping medium itself (Cox and
Rich, 1964; Spence, et al., 1970). Settle, et al. (1994) conducted a comparison o f
determinants o f shopping mode selection. The mediums examined were five mail/phone
order shopping media (catalog, television, newspapers, magazines, and direct mail) and
were compared to store-based purchase situations. The study, which did not include
enjoyable, feasible, fast, safe, convenient, sensible, and practical. The findings indicated
that mail/phone order media were significantly lower than retail stores in the dimensions
Several o f the risk factors described in the previous section can be easily applied
high proportion o f name brand items and low cost items being purchased (Pope, et al.,
1999). Frequently purchased items on the Internet to this point include travel services,
newspaper and magazine publishing companies, music and video services, information
services, and software and computer companies (Buck, 1996). This would seem to
reflect the risk reduction methods of: a) brand loyalty, and b) reducing the amount at
stake in a purchase situation by limiting cost. The risks associated with the inability to
67
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
the shopping medium transfer easily as Internet shopping is still a form o f phone/mail
order purchasing.
However, some elements o f a virtual sales situation present unique risks to the
traditional phone/mail order scenario. First, the on-line shopping involves the use of new
technology, both in the ordering process itself and in the security mechanisms used to
secure the transmissions. The unfamiliarity o f the technology and the uncertainty
associated with anything new are important considerations for commercial Internet
information and training, consumers may continue using the Web simply to collect
information and not to purchase (Pitkow and Kehoe, 1996; Booker, 1995; Wintrob,
1995).
states "more than any other single factor, the immense expansion o f technological
possibilities has contributed to drawing public attention to the risks involved.” In 1997,
estimated S60 billion in fraud for telemarketing; yet, the nature o f the medium and the
and media coverage (Machlis and Wagner, 1997). Additionally, risk perception research
has demonstrated that people have a tendency to overestimate the occurrence o f rare
events and underestimate the occurrence o f common events (Kahneman, et al., 1982).
Kximsky and Golding (1992) describe the irrational fear o f nuclear plants and cite the
reason for the negative risk perceptions as the intensity associated with the event
68
Reproduced with permission o f the copyright owner. Further reproduction prohibited without permission.
compounded by extensive media reinforcement. This combination makes it easy to see
It has been theorized that the two most significant barriers to full scale electronic
commerce are the security of Internet networks and applications and the security of
potential risks and enhance the level o f trust on the part o f consumers. With the
increasing retail options available on the Net and the addition o f encryption technologies,
concern (Weber, 1996). In EC, the ability o f companies to reduce perceived risk and the
quality o f goods and services must be satisfactory. Second, the consumer must trust the
manufacturer that the product or service will be delivered. Third, the consumer must
trust the server and the manufacturer with the credit card transaction. Fourth, the
consumer must trust the technology involved in establishing and maintaining security and
privacy in the transaction (Ratnasingham. 1998a). Fifth, the consumer must trust that if
69
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
the product is damaged, defective, or unacceptable, the manufacturer will honor some
It is unfortunate for on-line shopping that negative perceptions have been formed
and that these perceptions are likely to be difficult to change. However, in order for
the new medium, the negative consumer perceptions must be countered. One method
that should prove successful is the education o f users and potential consumers in the use
and functions o f new technology. In doing so, organizations can help reduce some o f the
uncertainty and risk associated with on-line shopping. Another important factor o f
analysis for in-home shopping has been the concern o f privacy on the part o f the
transaction can be invaded in two ways: transaction integrity and information protection.
disclosed to other companies without consent (Culnan and Armstrong, 1999). In making
a decision to complete a mail/phone order transaction, the consumer must weigh the risks
o f disclosing the information to the company with the benefits gained by developing the
as the consumer perceives the benefits to outweigh the risks, the likelihood o f a
70
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
When applied to a virtual transaction, Ratnasingham (1998c) recommends these
principles be categorized into three critical actions that must be taken by the
manufacturers:
1) Business Practices Disclosure. The company should disclose its practices for
2) Transaction Integrity. The company should ensure that all virtual transactions
are secure and technology maintained. Means of security should be explained and
through billing.
3) Information Protection. The company should ensure controls that all customer
information will remain confidential and will not be shared or sold to other
In many cases, after securing their own systems, organizations have begun requiring
business partners to utilize adequate security procedures as well (von Solms, 1998).
Muiznieks (1995) identifies some o f the key concerns about on-line shopping
with respect to customer levels of trust. The explosion o f software products has led to
development to sale. The resulting flaws and breakdowns in operating systems and
Internet browser protocols have undermined consumer trust. Additionally, the inability
of any entity to effectively manage the Internet increases consumer unease. The U.S.
Congress conducted a survey o f major U.S. corporations and found that 75% o f the
executives that responded indicated that they lacked confidence at that time in the
71
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Internet as a tool o f commerce. The primary reason listed was the lack o f trust due to
“inherent vulnerabilities” o f the Internet itself (Bequai, 1996). The Internet holds
tremendous potential, but carries with it an equally sizable potential for risk. The value
o f trust in consumer behavior is evident. The challenge for companies o f the new
Internet and overcome the lack o f trust that develops when face-to-face interaction is lost.
Summary
panems o f behavior. Just as certain is the guarantee that the criminal element will
attempt to take advantage o f consumers and manufacturers in any way possible. For on
line shopping to be successful, consumers must develop enough trust in the commercial
entities operating on the Internet and in the mechanisms o f security to feel confident
enough to conduct business. Consumers will continue to shop over the Internet as long as
the perceived benefits exceed the perceived risks. “Developing information practices that
address this perceived risk results in positive experiences with a firm over time,
increasing the customer’s perceptions that the firm can be trusted” (Cuinan and
Armstrong, 1999, p. 106). Additionally, the positive experiences will strengthen the
customer’s perceptions that the technology o f the security transactions can be misted.
For business to continue to thrive over the Internet, it is imperative that electronic
commerce becomes a safe and trusted option for consumers. With the establishment o f
encryption technology, such as SSL and S-HTTP, Internet security has become more o f a
72
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
psychological issue than a technological one. (Weber, 1996). Yet, trust must exist for a
purchase to take place (Ratnasingham, 1998a). It has become extremely important for
businesses and practitioners to continue to research and develop more advanced security
outstanding, user-friendly website, but no one knows about it, it can not be successful.
By the same token, the world of business must embrace technology and allow the
consumer to become comfortable with its operation or the level o f technology will not
matter.
The purpose of the proposed study is to investigate the level o f risk and trust of
on-line shopping and security technology perceived by consumers. The study will focus
on the perceptions of risk and trust in relation to on-line shopping and Internet security
line shoppers and non on-line shoppers, in terms o f risk and trust.
Rationale
The World Wide Web has been in existence less than a decade and has already
had tremendous impact on society as a whole. Economic statistics indicate the potential
73
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
(1997) estimates Internet sales will exceed SU.S. 100 billion by the end o f 2000. Also, an
estimated % o f consumers connecting to the Internet in the first half o f 1998 made an on
line purchase (NUA Internet Surveys. 1998). Yet, the majority o f the statistics and
estimates available are the result of studies conducted by parties with commercial interest
in the findings. Concerns and controversy over the accuracy o f reported findings exists
(Lewis, 1995; Rao. 1996). There is an urgent need for impartial, academic investigation
into the behavior and perceptions o f consumers in relation to Internet use and on-line
shopping.
Operational Definitions
For the purposes o f this study, the following terms will be used:
Downloading - the act o f making a copy o f a file from the Internet and storing it in
another location.
Electronic Commerce (EC) - commercial transactions that take place through the use o f
an electronic network.
Encryption - the technology that utilizes cryptography for Internet security' functions.
IP address - the unique address o f a computer, or access point, connected to the Internet.
74
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Packet sniffing - the use of a computer program to eavesdrop on Internet traffic as it
passes through a network and search for specific characteristics o f information, such as
at stake and the feeling o f subjective certainty o f success or failure o f potential outcomes
(Bauer, 1960).
Root access - the ability to have access and total control over a network system and all
Trust - the willingness of a consumer to share personal information over the Internet
during a commercial transaction with the expectation that the information sent will be
protected during and after the transaction and the merchant will act as expected.
World Wide Web (WWW) -- the set of protocols designed to operate on the Internet.
model?
H I: The six variable model of risk will explain a significant portion o f the total
75
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Rationale: Stone and Gronhaug (1993) were successful in capturing 90% of
the explained variance in the criterion risk variable. However, Pope, et al.
(1999) and Jacoby and Kaplan (1972) were only successful in accounting
Q2: How do consumer perceptions o f risk and trust involving Internet security
a situation (Bauer, 1960). Krimsky and Golding (1992) suggested that the impact
uncertainty associated with anything new are important considerations for on-line
shopping.
H3: Consumers will possess low levels o f trust in Internet security technology
Technology scale.
beyond an initial purchase. Wintrob (1995) and Booker (1995) suggested that
76
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
most consumers still just use the Web to browse. Luhmann discussed the
expansion.
consumer risk perception associated with all forms o f mail-phone order shopping
when compared to store situations. On-line shopping was not included in the
study, however.
Q3: How do the variables of on-line shopping experience and knowledge o f Internet
77
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Rationale: A common risk-reducing strategy is to collect information to
consumer uncertainty.
(P< -05).
line shopping between on-line shoppers and non on-line shoppers (p< .05).
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Rationale: Culnan and Armstrong (1999) suggested that companies that
address the perceived risk and build positive experience relationships with
interest and need for theoretical findings related to virtual consumer behavior (Anon,
1996). Studies such as the current one may provide marketing practitioners with the
organizations have failed in their initial attempts at marketing over the Internet as a result
Consumers and corporate executives have expressed concern over the viability of
the Internet as a successful vehicle of commerce. The most frequent concern given is a
will help site providers and commercial site operators more successfully direct their
efforts and resources. The present study will contribute to the body o f theoretical
research in the areas of perceived risk, trust, and on-line shopping. In addition, the non
vested interest and academic approach o f the study should be of value to corporations and
79
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
CHAPTER 2
The proposed study was designed to investigate the perceptions o f risk and levels
of trust of consumers in relation to on-line shopping. The following sections describe the
subjects, instrumentation, procedures for data collection, and methods o f data analysis for
Subjects
physical education program will be surveyed. There is some precedent for using a student
sample to survey on-line behavior o f users and consumers. The consistent demographic
characteristic of tertiary-educated users (Pope, et al., 1999) and the frequent provision of
free Internet access at many U.S. and U.K. universities (Rowley, 1996) are two strong
supporting factors. The university setting for the proposed study provides free point-of-
site computer and Internet access and free remote Internet access through a dial-up
connection. The selection of elective physical education classes is a result of the broad
80
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
representation of student classifications and major disciplines of study that the classes
provide.
Variables
Independent Variables
purchases on-line within the last 12 months. Non on-line shoppers will be
single purchase on-line in the last 12 months. For the purposes o f the
proposed study, a single purchase in the last 12 months would not meet the
level of use and experience with the shopping medium of a frequent shopper.
81
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
> Mode of shopping. The mode of shopping will also be used as an independent
shopping.
Dependent Variables
> Risk perception. The subjective risk a consumer perceives will vary according
to a number of variables, including (but not limited to) the amount at stake to
(Bauer, 1960; Cox & Rich, 1964; Cunningham, 1969; Murphy & Enis, 1986).
> Trust. Trust can only occur when the consumer stands to lose something of
cooperation and actions o f another entity are assumed to occur (Mayer, Davis.
& Schoonnan. 1995; Coleman. 1990; Arrow, 1973). For the proposed study,
the objects of trust are the merchants operating commercially on the Internet
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
and the security procedures that are in place to ensure privacy and prevent
illicit activity. The respondents will be asked to rate each of these components
Instrumentation
The survey instrument that will be utilized in the proposed study is composed of
three elements (See Appendix B). The first portion of the survey is the risk assessment
instrument used by Pope, et al. (1999) to examine overall risk and the six risk dimensions
(financial, security, physical, social, psychological, and time-loss). After factor analysis
of the risk items, the researchers obtained six sub-constructs o f risk. Functional risk was
included with financial risk under a heading o f “value for money” and a separate sixth
sub-component identified for on-line shopping was security risk. The authors also
pertaining to these elements were deleted from the inventory. The second portion o f the
existing studies analyzing the trust construct. No specific instrument could be found that
questions were drawn from Culnan and Armstrong’s (1999) investigation on impersonal
marketing, and Swan. Trawick. Rink, and Robert’s (1988) measurement o f purchaser
83
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
trust in industrial salespeople. The third portion of the instrument is composed of
lieu of the salesperson or significant other, the object of trust becomes the Internet vendor
or security technology. Unlike Pope, et al.’s (1999) survey structure where the questions
of risk dimensions were grouped together, the questions were mixed throughout the
questions. For consistency, all rating questions will be measured on a 5-point Likert-type
scale.
Procedure
education class meetings. The surveys will be of pencil and paper format, rather than an
on-line format, to make certain not to exclude responses o f students who may utilize
Internet access rarely or not at all. Brief instructions will be given by the investigator
prior to the surveys to ensure accurate completion of the instruments. Students who have
completed the survey in a prior physical education section will be excused, to prevent
84
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Data Analysis
Once the data have been collected, it will be coded according to the question
format. Numerous items on the inventory will be reverse-coded (#1, #4, #6, #19, #20,
#25, #27, #29, #33, #39a-g, #40a-g). Statistical treatment and procedures will vary
according to the stated hypothesis. For H I, the criterion variable will be handled as a
separate construct from the sub-components. The factors will be subjected to an item
reliability analysis and items will be deleted where necessary to achieve a Cronbach’s
alpha of .70 (Nunnally, 1978). The remaining items will comprise the independent sub
constructs of risk (Spector, 1992). The sub-construct items will undergo factor analysis
The statistical analysis of H2 will be determined through the use o f the overall
perceived risk items (#1, #7, #17, #33, #34). With a 5 point Likert-type scale for risk
items, a value of 5 would represent maximum perceived risk and a value of 1 would
represent minimum perceived risk. With a value of 3 as moderate perceived risk, a value
of 4 would represent a level of high-perceived risk. The four items will be summed and a
mean of 4 or greater for the criterion risk variable scale will represent a perception of on
The trust items for H3, H9, and H10 will also be subjected to the same item
reliability analysis and will be deleted where necessary to achieve a Cronbach’s alpha of
.70. For these items, the same format of scale will be designated for determination of
85
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
levels of low-trust (mean <2), moderate-trust (2<mean<4), and high-trust (mean>4).
The items that will comprise the trust-security technology scale for H3 and H10 are items
#19, #25, #29, and #36. The items that will comprise the trust-on-line merchant scale for
H9 are #6, #15, #20, #27, and #31. The respondent means for these scales will be
compared to the designated levels. For a determination of on-line shoppers and non on
line shoppers, it was designated that 2 or more on line purchases in the last 12 months
would represent an on-line shopper. Non on-line shoppers would be designated as the
respondents who answered item #38 with a value of “4” or “5”. In terms of item #38, the
Likert-type scale was further designated for respondent understanding by identifying the
following responses with frequency or purchase in the last 12 months (See Appendix,
#38):
The rationale for the designation was that a single purchase on-line in the last 12 months
would not necessarily constitute an adequate frequency of utilizing the shopping medium.
The responses of on-line shoppers (responses of “ 1”, “2”, or “3” to item #38) and non on
line shoppers (responses of “4” or “5” to item #38) will be correlated with a Pearson
product correlation with the trust-on-line merchant scale (H9) and with knowledge of
For H4, a one-way anova will be conducted for the mean of risk associated with
on-line shopping in comparison to store purchase situations and each o f the other mail-
phone order options in #39. H5 and H6 will treat the data using a Pearson product
86
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
correlation. HS will correlate the responses from #37 (on-line) with the criterion risk
scale used in H2. H6 will correlate the responses from #37 (on-line) with the frequency
H7 and H8 will also use Pearson product correlations. H7 will examine the
correlational relationship between on-line shopping frequency from item #38 (on-line)
and consumer perceptions of risk involved in on-line shopping from the criterion risk
variable scale used in H2. H8 will examine the differences in the perceptions of on-line
shoppers and non on-line shoppers using the frequency of shopping on-line designation
described earlier with item #38 and the criterion risk variable scale used in H2.
Limitations
The following limitations are place on the proposed study: (a) the survey method
assumes that the respondent will make an honest effort to understand and answer the
questions truthfully; (b) a possible negative correlational relationship may exist between
computer use and physical activity; and (c) the proposed study examines rating behavior
and it is suggested that the relationship would manifest itself in actual purchase behavior.
Delimitations
students enrolled in the physical education sections at the time of the study will comprise
87
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
the sample. The same survey conducted during a different semester or at a different
setting may not realize the same results. Second, it is assumed that the physical education
classes that will provide the sample will provide a broad representation o f the university
student body. However, it is possible that the nature of the physical activity of the classes
88
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
CHAPTER THREE
This chapter will illustrate the results of the statistical analyses and provide a
discussion of the findings. The purpose of the research was to examine the perceptions of
risk and trust in relation to on-line shopping and the security technology in place for
shoppers and non on-line shoppers. From the total sample size of 1,173, six hundred
consistently answered with the same response throughout the instrument. Once all the
questionnaires had been collected, they were coded in the top, right comer for later
examination. Upon completion of data entry, a printout of the data tables and the
frequencies was examined for error. In most cases the item in question could be
answered by referring back to the questionnaire. In cases where there existed duplicate
answers or missing items, the questionnaires were deemed incomplete and excluded from
the sample.
89
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Table 1 Summary o f Descriptive Statistics
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Demographic Information
physical education program at a major southeastern university. The mean age o f the
sample was 20.48 years of age and the median was 20 years of age. An examination of
the data shows that 95% of the respondents were between the ages of 18-25 and 97.3% of
the respondents were under the age of 35 years of age. The gender breakdown for the
sample was 57.8% female (n=380) and 42.2% male (n=278). A breakdown of the
In examining access to the Internet, 58.7% of the sample indicated that they had
access to the Internet at work and 91.9% indicated they had Internet access in their
homes. O f the total sample, only 30 respondents, or 4.56%, indicated that they did not
have Internet access either at work or at home. It should be noted, however, that every
respondent in the study also had free Internet access a result o f being a student at the
university, a prime determinant in the sample in the first place (Pope, et al., 1999;
Finally, the respondents were asked to indicate the number of hours per week that
they spend on the Internet. Only 2.6% responded that they spent zero hours per week
utilizing the Internet with 76.9% indicating that they are on-line between 1-10 hours per
week. These findings provide an indication that some of the respondents that do not have
Internet access at work or at home are utilizing Internet access somewhere, whether at the
91
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
university or some other location. Table 3 represents the breakdown o f Internet use per
week.
Table 2 In te rn e t Access
92
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Results for Research Questions
Question one examines the variable of risk and whether the six sub-component
model of risk adequately explains the total variance. For HI and H2, five items from the
inventory (#1, #7, #17, #33, #34) were combined to comprise the Perceived Risk Scale
(PRS) in order to e x a m in e the criterion variable of risk. A reliability analysis was run on
the PRS sub-scale and the resulting coefficient alpha was .78, indicating that the scale
was highly reliable in measuring the criterion variable of perceived risk. The inventory
design was taken from Pope, et al. (1999) who modified the risk inventory from Stone, et
al. (1993) to account for the Internet as the “distinct mode of shopping.” From the Pope
inventory design, the remaining risk items pertained to one of the six sub-components of
concern over the security scale being measured by only two items, a third item was
added. Pope, et al. (1999) reported all seven coefficient alphas (one for the criterion, or
overall, risk scale and one for each o f the six subscales) at or exceeding .70. Even so,
reliability analyses were run for each of the six risk variables. Table 4 reports the
93
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
As seen from Table 4, five of the scales proved highly reliable in measuring the intended
variable as evidenced by coefficient alphas of .70 or greater. Only the social risk
subscale (SOC; a=.67) and the physical risk subscale (PHY; a=.42) led to some concern
over the reliability of the scales. However, when item #3 was deleted from the PHY
scale, the resulting coefficient alpha was raised to .56 (PHY(r); a=.56).
Table 5 reports the correlation coefficients between PRS and each of the six
Each risk dimension correlates positively with PRS as well as with each o f the other risk
dimensions. Additionally, even though the magnitudes vary from .196 (PHY(r)-SEC) to
.784 (PRS-FIN), all of the relationships between all seven dimensions o f risk are
significant at the 0.01 level. These findings support the assertion that Stone, et al. (1993)
made that the relationships between the separate dimensions o f risk need not be
unrelated. The findings also support previous research that examined the criterion
variable of risk and the interrelationships of the risk dimensions (Pope, et al., 1999;
94
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
In order to test H I, the items were subjected to a linear regression to determine
what percentage of the criterion variable of risk was explained by the model. A stepwise
linear regression was used and the results are reported in Table 6. The risk dimension
that contributed the greatest to the overall risk variable was that o f financial risk (FIN).
In the first step of the model, FIN proved to account for 61.5% o f the total variance in the
model and was significant at the 0.01 level. As seen by Table 6, each subsequent step
made a significant contribution to the overall model resulting in a model that captured
70.8% o f the overall risk and was significant at the 0.01 level. This finding is in support
of HI that a significant portion of overall risk would be captured by the six construct
model. Additionally, the findings are very much in line with Pope, et al. (1999) who also
accounted for 70% o f the total variance of the overall risk variable.
Model Predictors
1 Predictors: (Constant), FIN
2 Predictors: (Constant), FIN, TIM
3 Predictors: (Constant), FIN, TIM, SEC
4 Predictors: (Constant), FIN, TIM, SEC, PSY
5 Predictors: (Constant), FIN, TIM, SEC, PSY, PHY(r)
Dependent Variable: PRS
95
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
The only component scale that made no contribution to the overall model was the
social risk component. The fact that social risk (SOC) made no contribution and physical
risk (PHYr) contributed less than 1% to the overall risk model can be explained in several
ways. First, there is some concern due to the reliability measures o f the two scales used
to measure the social and physical risk components. Second, on-line shopping and the
social and physical risk associated with this mode of purchase may simply be perceived
as too minor. Additionally, the ambiguity of the actual product being purchased on-line
could have contributed to the negligible contributions. Had an actual product been used
that contained more of a potential, intrinsic physical risk (e.g., parachute) or social risk
(e.g., political t-shirt), the results reported may have proven to be very different. In any
case, risk is very situation-specific and prior studies have commented on the likelihood of
perceived risk varying from product group to product group (Pope, et al., 1999).
If the six variable model of risk used in this study were perfect it would account
for 100% of the variance associated with risk. Undoubtedly some o f the variance not
captured can be attributed to error in measurement, but the percentage that remained
unaccounted for is too great for that to be the only explanation. This finding is very
much in line with past research. Although research examining the criterion variable of
risk is still lacking, the few past studies have reported widely varying results ranging
from Jacoby, et al. (1972) explaining 61.5% of the total variance o f risk to Stone, et al.’s
(1993) reported 88.8% results. The current study’s finding supports the argument that the
criterion risk model seems to be lacking a component. Furthermore, the fact that each
risk component contributed significantly to the overall risk model and that they were all
significantly, positively correlated would suggest that each o f the risk scales do overlap to
96
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
some degree but that each measures a separate construct from the others. However, it is
findings difficult and the criterion risk variable difficult to quantify and measure.
Krimsky, et al. (1992) suggested that the impact on perceived risk caused by the
unfamiliarity of the technology and the uncertainty associated with anything new could
have an adverse effect on on-line shopping. Examining PRS, a 5-point Likert-type scale
was used. With a mean value of 5 representing the maximum perceived risk and a mean
level of high perceived risk. The findings from the study did not support H2 that the
consumers would perceive on-line shopping as a high-risk venture. In fact, as seen from
Table 7, the mean value of PRS was found to be 2.86 which would appear to suggest that
the consumers not only did not perceive on-line shopping as a high-risk venture but
possibly perceived on-line shopping as only a moderately risky venture. The lack of a
high risk perception associated with on-line shopping may be attributed to the familiarity
of the respondents with computers and the Internet in general. However, this perception
may not be able to be generalized to individuals who do not have the level o f experience
and exposure with the Internet that the current sample has. As mentioned earlier, the
mean age of the sample was 20.48 year o f age and the age group from 18-25 represented
97.3 °tc of the respondents. It is quite possible that these individuals would have had more
97
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Table 7 Descriptives - Perceived Risk Scale (PRS)
and consumers as a critical need in order for consumers to engage in a transaction beyond
an initial purchase. It was theorized in this study that the same trust relationship can be
transferred to the mode of shopping as well. Consumers must possess enough trust in
Internet shopping and the security technology that supports the transaction to engage in
an on-line purchase. A scale to measure the levels of trust on the part o f the consumers
in relation to on-line security technology was comprised of four items (#19, #25, #29,
#36) and was called the Trust Security Technology (TST) scale. The same format and
Likert-type scale of response that was used with PRS was used with TST (i.e., a mean
maximum level of trust). The TST scale was subjected to the same reliability analysis
and a corresponding coefficient alpha of .73 was found, indicating that the scale was
highly reliable in measuring the level o f trust in relation to on-line security technology.
A mean value of 2 for the TST scale was established to demonstrate low levels of
trust on the part of the consumer. The findings from the study did not support H3 that
consumers would have low levels of trust in on-line security technology. Inspection of
98
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Table 8 shows that the mean value of TST was found to be 2.68 which would appear to
suggest that the consumers had moderate levels of trust in relation to the security methods
and procedures supporting on-line shopping. Once again, however, just as with the lack
o f a high-risk perception in relation to on-line shopping, these findings may not translate
to all age brackets and markets. Also, as mentioned earlier, the ambiguity o f the product
being ordered could have had an impact on the results. If the item being ordered on-line
had been specified as an item of value greater than $500.00, the trust or lack of trust in
the security technology may be vastly different from the responses given for an item
under $20.00. Further research investigating these factors in relation to product price is
warranted.
Research Question 4
Table 9 displays the means o f risk perceptions associated with on-line shopping
and six other purchase situations. Table 10 displays the findings of the comparison
between means of on-line shopping risk perception and each of the six purchase
situations. Respondents were asked to rate the perceived level of risk from extremely
risky (1) to very safe (5). The methods of shopping included were retail stores, direct
99
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
mail, telephone shopping, catalog shopping, on-line shopping, television shopping, and
(p<0.00l) level of risk was perceived with on-line shopping when compared to each of
the other modes of shopping. This finding would suggest that, even though by the
current study findings consumers do not perceive on-line shopping as a high-risk venture,
they still associate greater risk in this method of shopping when compared to other
indication that, given the choice of on-line shopping or some other method o f shopping,
warranted.
Zikmund. et al. (1973) noted that consumers deal with risk-reducing strategies in
uncertain situations in numerous ways. One common strategy reported was to collect
100
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
information in an attempt to reduce the uncertainty present in a purchase situation. It was
theorized in the present study that the greater the knowledge the respondent had of
Internet security technology and procedures, the less risk would be perceived in relation
Internet security technology and procedures (KNOW) and asked the respondent to
item reliability analysis was run on the KNOW scale and resulted in a coefficient alpha of
101
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
.91, giving a strong indication that the scale was reliable in measuring the respondents
knowledge of on-line security technology and procedures. When PRS and KNOW were
correlated, a significant, negative correlation was obtained (Table 11: r= -2.17; p < 0.0 1)
which appears to suggest support for a strong, negative relationship (H5). When a
consumer has a clear understanding of the strength and effectiveness o f the tools in place
to protect credit card details and information privacy, there seems to be an associated
reduction in risk. The question of a possible inverted-U relationship does exist, however.
Future studies should examine the possibility that as knowledge o f security procedures
goes to either extreme there is a corresponding rise in perceived risk. Individuals with a
strong knowledge of security procedures may actually know enough to create even more
PRS KNOW
PRS Pearson Correlation 1.000 -31 7 •*
Sig. (2 -ta iled ) • .000
KNOW Pearson Correlation -.217 ** 1.000
Sig. (2 -ta iled ) .000 •
experience can be used to diminish perceived risk. Numerous studies have documented
102
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
findings that if prior experiences have proven successful in purchase situations, the
associated risk perception is greatly reduced (Simpson, et al., 1993; Festervand. et al.,
1986; Schiffan, et al., 1976; Cunningham, et al., 1973). The current study findings
appear to suggest support for these past findings in an on-line purchase situation (H5b).
When the KNOW scale and on-line shopping frequency were correlated, a significant,
positive relationship was indicated (Table 12: r=.320; p < 0.01). It seems likely that, as
consumers gain knowledge of the procedures associated with on-line shopping, a portion
of the uncertainty associated with the procedures is alleviated, thus giving them the
confidence to utilize the method of shopping more frequently (once again, however, it
warrants further study). As Stone, et al. (1993, p. 40) noted: “uncertainty, more than
risk, would seem to characterize what consumers experience.” The perceived risk is the
risk of the unknown and the uncertainty of future outcomes due to a lack o f experience.
As consumers gain experience and are successful with on-line shopping, uncertainty and
perceived risk are diminished. A correlation of PRS with on-line shopping frequency in
the current study lends support to this particular viewpoint with a significant, negative
relationship (Table 13: r= -.493; p < 0.01), which appears to suggest support for H7.
Based on the findings of the previously mentioned studies (as well as the findings
of the current study), perceived risk has been shown to be reduced through experience
and success in a purchase situation. Intuitively, it would follow that there would be
103
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Table 12 Correlation of KNOW - On-Line Shopping Frequency (FREQ)
KNOW FREQ
KNOW Pearson Correlation 1.000 320**
Sig. (2 -ta iled ) • .000
FREQ Pearson Correlation .320** 1.000
Sig. (2 - tailed) .000 •
PRS FREQ
PRS Pearson Correlation 1.000 -.493 **
Sig. (2 -ta iled ) • .000
FREQ Pearson Correlation -.493 ** 1.000
Sig. (2 -ta iled ) .000 •
differences in the thought processes and perceptions of individuals who utilize the
shopping medium and those who do n o t The current study examined the degree of
difference to see if there was a significant difference between the two groups. For the
purposes of this study, the sample was divided into shoppers and non-shoppers, with
shoppers being characterized as individuals who had purchased on-line at least twice in
the last twelve months. The rationale for the designation of two or more on-line purchase
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
situations being considered an on-line shopper was that if a consumer analyzed the risks
involved in shopping on-line and decided to purchase, not once but twice in the last
twelve months, then they were likely to do so again. Individuals who had only
purchased once may or may not have had a bad experience and could be willing to try
When the means of perceived risk (PRS) for shoppers and non-shoppers were
compared, the means for non-shoppers were significantly higher for PRS than the
corresponding means for shoppers. This finding appears to suggest support for H8 (see
Table 14). Interestingly, although the non-shoppers mean perceived risk value indicated
only a moderate level of perceived risk (3.12 +/- .84), the mean perceived risk value for
shoppers was only 2.25 (+/- .71) indicating more of a low-risk situation. These findings
perceived less risk than non in-home shoppers when shopping by mail (Cox and Rich,
1964; Schiffan, et al.. 1976). As mentioned with earlier hypotheses, it is possible that
these findings could be the result of the experience that the current sample has with the
operations of a computer and experience with the Internet. These same findings may not
be realized for all samples and the corresponding perceived risk values could be higher
for an older sample that may have less experience with Internet technology.
While there is a need for research involving trust as it applies to on-line shopping
purchase situations, there is an intuitive sense that the lessons learned from risk studies in
purchase situations may give the marketer insight into the application o f trust. Just as
with the reported findings that past purchase situation experience helps to reduce levels
of perceived anxiety, the same experience may help to increase levels o f trust in
105
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Table 14 PRS Comparison of Non Shoppers and Shoppers
relation to: a) on-line security procedures and technology; b) on-line merchants; and, c)
merchants and was comprised of five items from the inventory (#6, #15, #20, #27, #31).
An item reliability analysis was run for the Trust On-line Merchant (TOM) scale and the
resulting coefficient alpha was .67. The means of trust values for shoppers and non-
shoppers were compared in relation to both on-line merchants (TOM) and to on-line
security technology and procedures. The results for the means comparisons are
represented by Table 15 and Table 16. Inspection of the findings demonstrate that the
non-shoppers reported significantly lower levels of trust in both the merchants and the
security technology and procedures. Just as with the risk comparison in H8, the non
shoppers reported moderate levels of trust but the shoppers reported much higher levels
of trust. This appears to suggest that previous experiences of the shoppers have allowed
them to establish enough trust in the security technology and the merchants to utilize the
106
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
shopping medium. Research has demonstrated that as levels o f trust decrease, a
suggested in previous research by Williamson (1993) and Blau (1964) the willingness to
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
CHAPTER FOUR
Summary
The primary purpose of this study was to examine consumers’ perceptions or risk
and trust in relation to on-line shopping, on-line merchants, and the underlying security
procedures of the Internet. The secondary purpose was to add empirical data to the
constructs of risk and trust. The instrument was administered to all students who were
university. The procedure collected 1,173 questionnaires, which yielded six hundred and
fifty-eight (56%) that were able to be used for the study. Data collected from the
instrument was used to examine the six component model of risk, as well as consumer
Finally, comparisons were drawn between on-line shoppers and non on-line shoppers.
Linear regression was used to examine what percentage of variance was explained
by the six component model of risk. The model captured 70.8% of the overall risk, but
108
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
was consistent with past research in that the model seemed to be lacking a risk
component. The largest contribution to the overall model was that of financial risk which
accounted for 61.5% of the total variance in the current sample. Additionally, each of the
six components of risk was significantly and positively correlated, but each component
(with the exception of social risk) also added a significant addition to the overall criterion
variable model. This seems to support the assertion that each component, though
In examining consumer perceptions of risk, it was found that consumers did not
methods of shopping, on-line shopping still was perceived as significantly higher in risk
than retail stores, direct mail, telephone shopping, catalog shopping, television shopping,
and magazine shopping. When the construct of trust was examined, the consumers
evidenced moderate levels of trust in the security procedures and methods that support
on-line shopping. However, it was discussed that the ambiguity of the item being ordered
could have played a role in the moderate levels of risk and trust reported by the
consumers. The same individuals may have given markedly different responses if the
When the overall risk variable was correlated with the consumers’ knowledge of
realized. Also, a significant, negative relationship was found between on-line shopping
frequency and overall perceived risk associated with on-line shopping. This appears to
suggest that as the consumer’s knowledge of the security protection afforded by shopping
on-line increases, some measure of the uncertainty and associated perceived risk is
109
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
alleviated. Furthermore, a significant, positive relauonship was found between the
consumer’s Internet security knowledge and their on-line shopping frequency. In all of
increase in perceived risk and decrease in on-line shopping frequency. The rationale for
Finally, the perceptions of respondents who had made two or more purchases in
the last twelve months (“shoppers”) were compared to the respondents who had not
(“non shoppers”). As expected, the on-line shoppers reported significantly lower levels
of perceived risk in on-line shopping and significantly higher levels of trust in on-line
merchants and on-line security procedures. Somewhat surprising was that non-shoppers
did not possess high levels of risk or low levels of trust. In fact, moderate levels of risk
and trust were reported by non-shoppers. Somewhat surprisingly, however, was that on
line shoppers possessed relatively low levels of perceived risk associated with on-line
shopping and relatively high levels of trust in both on-line merchants and Internet
security technology.
Conclusions
Based on the findings within the limits of this investigation, the following conclusions
1. The six component model does not adequately explain the criterion variable of risk.
110
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
2. Consumers do not perceive on-line shopping as a high-risk venture.
shopping as compare to retail stores, direct mail, telephone, catalog, television, and
magazine shopping.
shopping frequency.
7. There is a negative relationship between the perceived risk associated with on-line
8. On-line shoppers perceive less risk in on-line shopping than non on-line shoppers.
9. On-line shoppers have higher levels of trust in on-line merchants than non on-line
shoppers.
10. On-line shoppers have higher levels of trust in Internet security technology than non
on-line shoppers.
Future Research
When Internet research is conducted and reported, it is incumbent upon the reader
to investigate the source. Due to the relatively recent arrival o f commercialism to the
Internet and the vast majority of the studies being conducted by companies and
111
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
organizations with a vested interest in the success of the Internet, there is a tremendous
need for academic research in all facets of on-line shopping and Internet topics.
In the area of risk, further clarification of the components o f risk and studies
analyzing the criterion variable of risk are needed. Additionally, the characteristic of
undoubtedly varies according to the product price and purchase situation. Also, the
perceived risk and on-line shopping frequency seems to be a valuable area of research.
Although both risk and trust were investigated in the current study, the
relationship of the two variables was not examined. The Internet and on-line shopping
provides a good platform for the investigation of these two constructs as the need for
continues to grow. Further research should focus on the relationship of risk and trust and
how the presence of high or low perceived risk impacts the development of trust. Once
again, just as with perceived risk, future studies need to examine how differences in
product price and purchase situation alter trust development. Finally, the perceptions of
consumers who have chosen not to return to shopping on-line should be examined to
112
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
APPENDIX A
This research is being conducted by Michael Kehoe, a doctoral student in the Department
of Physical Education at Florida State University. The purpose of this study is to
investigate the perceptions of consumers as they relate to on-line shopping. If you
participate in the project, you will be asked questions about your purchasing habits and
perceptions of purchase options, as well as general information about yourself.
By choosing to complete the attached questionnaire, you are freely and voluntarily and
without element of force or coercion, consenting to be a participant in the research
project entitled “The Role of Perceived Risk and Consumer Trust in Relation to On-Line
Shopping and Security.” No academic reward for participating in this study will be
awarded.
You will be asked to fill out a paper and pencil questionnaire. The total time
commitment will be about 10 minutes. Your participation is totally voluntarily and you
may stop participation at any time, without prejudice or penalty. All answers to questions
will be kept confidential and identified by a subject code number. Only group findings
will be reported.
You have the right to ask and have answered any inquiry concerning this study. You
may contact Michael Kehoe, Florida State University Physical Education, for answers to
questions about this research or your rights. All questions will be answered to the fullest
extent possible.
Thank you in advance for your cooperation and participation in this study.
Sincerely,
Michael P. Kehoe
117 Tully Gymnasium
Department of Physical Education
Florida State University
(850) 644-7903
113
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
APPENDIX B
INVENTORY
1. In the next 12 months, do you think you are likely to buy XXXXXX over the Web?
Definitely will buy 1 2 3 4 5 Definitely will not buy
2. The demands on my schedule are such that purchasing XXXXXX over the Web
would create even more time pressures on me that I don't need.
Strongly Disagree 1 2 3 4 5 Strongly Agree
5. The thought of purchasing XXXXXX over the Web causes me to experience unnecessary
tension.
Strongly Disagree 1 2 3 4 5 Strongly Agree
7. All things considered, I think I would be making a mistake if I bought XXXXXX over the
Web.
Strongly Disagree 1 2 3 4 5 Strongly Agree
8. Purchasing XXXXXX over the Web would cause me to be thought of as foolish by some
people whose opinions I value.
Strongly Disagree 1 2 3 4 5 Strongly Agree
9. As I consider the purchase of XXXXXX over the Web, I worry about whether they will
perform as well as they are supposed to.
Strongly Disagree 1 2 3 4 5 Strongly Agree
10. If you purchase XXXXXX over the Web, your credit card details are likely to be stolen.
Strongly Disagree 1 2 3 4 5 Strongly Agree
114
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
11. Purchasing XXXXXX over the Web will take too much time or be a waste of time.
Strongly Disagree 1 2 3 4 5 Strongly Agree
12. Purchasing XXXXXX over the Web would be a bad way to spend my money.
Strongly Disagree 1 2 3 4 5 Strongly Agree
13. I am concerned that using the Web may lead to uncomfortable physical side effects such as
bad sleeping, backaches,and the like.
Strongly Disagree 1 2 3 4 5 Strongly Agree
14. The thought of purchasing XXXXXX over the Web gives me a feeling of unwanted anxiety.
Strongly Disagree 1 2 3 4 5 Strongly Agree
15. On-line merchants cannot be trusted to deliver the same products that they advertise.
Strongly Disagree 1 2 3 4 5 Strongly Agree
16. How important would it be to you to make the right choice of Web-based vendor?
Not at all important. 1 2 3 4 5 Extremely important.
17. When all is said and done, I really feel that the purchase of XXXXXX over the Web poses
problems for me that I just don’t need.
Strongly Disagree 1 2 3 4 5 Strongly Agree
18. Purchasing XXXXXX over the Web would not provide value for the money I spent.
Strongly Disagree 1 2 3 4 5 Strongly Agree
19. I am confident that the technology used to secure my credit card details and personal
information, when sent over the Internet, is safe.
Strongly Disagree 1 2 3 4 5 Strongly Agree
20. I would buy something over the Web, even if I had not heard of the on-line vendor before.
Strongly Disagree 1 2 3 4 5 Strongly Agree
21. The thought of buying XXXXXX over the Web causes me concern because some friends
would think I was just being showy.
Strongly Disagree 1 2 3 4 5 Strongly Agree
22. Purchasing XXXXXX over the Web could lead to an inefficient use of my time.
Strongly Disagree 1 2 3 4 5 Strongly Agree
23. If I bought XXXXXX over the Web, I would be concerned that the financial investment I
would make would not be wise.
Strongly Disagree 1 2 3 4 5 Strongly Agree
24. One concern I have about purchasing XXXXXX over the Web is that eyestrain could result
from looking at the computer.
Strongly Disagree 1 2 3 4 5 Strongly Agree
25. If you purchase XXXXXX over the Web, the security technology will protect your credit
card details and personal information.
Strongly Disagree 1 2 3 4 5 Strongly Agree
115
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
26. The thought of purchasing XXXXXX over the Web makes me feel psychologically
uncomfortable.
Strongly Disagree 1 2 3 4 5 Strongly Agree
28. Purchasing XXXXXX over the Web will adversely affect others’ opinion of me.
Strongly Disagree 1 2 3 4 5 Strongly Agree
29. I am confident that the security procedures on the Web will keep my personal information
confidential.
Strongly Disagree 1 2 3 4 5 Strongly Agree
30. In making your choice of Web-based XXXXXX vendor, how concerned would you be about
the outcome of your choice.
Not at all concerned. 1 2 3 4 5 Very much concerned.
31. I am concerned that if I purchase XXXXXX over the Web, the vendor will not keep my
personal information private.
Strongly Disagree 1 2 3 4 5 Strongly Agree
32. If I were to purchase XXXXXX over the Web, I would be concerned that they would not
provide the levels of benefits that I would be expecting
Strongly Disagree 1 2 3 4 5 Strongly Agree
33. Considering the possible problems associated with an on-line XXXXXX vendor’s
performance, a lot of risk would be involved with purchasing them over the Web.
Strongly Disagree 1 2 3 4 5 Strongly Agree
34. Overall, the thought of buying XXXXXX over the Web causes me to be concerned with
experiencing some kind of loss if I went ahead with the purchase.
Strongly Disagree 1 2 3 4 5 Strongly Agree
35. If I bought XXXXXX over the Web, I would be concerned that I really would not get my
money’s worth from the tickets.
Strongly Disagree 1 2 3 4 5 Strongly Agree
36. New technology is needed to make the Web a safe place to conduct business.
Strongly Disagree 1 2 3 4 5 Strongly Agree
116
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
38. Within the last 12 months, I have purchased products or services at, or by, XXXXXX:
# o f times 6± 4-5 2-3 Once Never
Retail Stores very often 1 2 3 4 5 never at all
Direct Mail very often I 2 3 4 5 never at all
Telephone very often I 2 3 4 5 never at ail
Catalog very often 1 2 3 4 5 never at all
On-line very often I 2 3 4 5 never at all
Television very often 1 2 3 4 5 never at all
Magazines very often 1 2 3 4 5 never at all
40. I would consider the security technology and procedures for XXXXXX as:
Retail Stores extremely unsafe 1 2 3 4 5 very safe
Direct Mail extremely unsafe 1 2 3 4 5 very safe
Telephone extremely unsafe 1 2 3 4 5 very safe
Catalog extremely unsafe 1 2 3 4 5 very safe
On-line extremely unsafe 1 2 3 4 5 very safe
Television extremely unsafe 1 2 3 4 5 very safe
Magazines extremely unsafe 1 2 3 4 5 very safe
117
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
APPENDIX C
H onda State
UNIVERSITY
Office of th e V ice P resid en t
for R esearch
Tallahassee, rie ru la 32306-27t>3
(S50) 644-32M) • FAX (S50) 644-4392
A P P R O V A L MEMORANDUM
from the H um an S ubjects Comm ittee
b a te : Ju ly 6, 2000
T o: Michael P. Kehoe
2229 Paul Russell Circle
Tallahassee, Ft. 32301
D e p t: Physical Education
R e: U s e o f H u m a n s u b j e c t s in R e s e a r c h
P r o je c t e n title d : The Role of Perceived Risk and Consumer Trust in Relation to On-Line Shopping
The forms mat you submitted to tnis office in regard to me u se of human suBjects w me proposal referenced
aBove nave oeen reviewed By me Secretary, me Chatr. and two m em bers of m e Human Subjects Committee
Your project is determined to Be exempt per 45 CFR § 46 101(b)2 and has been approved by an accelerated
review process
T he Hum an S u b jects Com m ittee h a s not evaluated y o u r p ro p o sal for scientific m erit, ex cep t to weigh th e
risk to th e hum an participants and th e a s p e c ts of the p ro p o sal related to potential risk an d benefit. T his
ap p ro v al d o e s not replace any departm ental o r other ap p ro v als w hich m ay be required.
If m e project h as not been completed by July 6 , 200t you m ust request renewed approval for continuation of tne
project
You are advised mat any change m protocol in mis project m ust be approved by resubmission of the project to the
Committee for approval Also, me pnnapal investigator must promptly report in wnting. any unexpected problems
causing risks to research subjects or others
By copy of this memorandum, me chairman of your department and/or your major professor is reminded mat
he/sne is responsible for being informed concerning research projects involving human subjects in me
d epartm ent and should review protocols of such investigations a s often a s needed to insure mat m e project is
being conducted in compliance with our institution and with OHHS regulations
This institution h as an Assurance on file with me Office for Protection from Research Risks The Assurance
Number is M1339.
cc C imwQid
APPUCATICN NO 00 232
118
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
REFERENCES
Alrdidge, A., White, M., & Forcht, K. (1997). Security considerations o f doing
business via the Internet: cautions to be considered. Internet Research. 7. 9-15.
Anon, R. (1996). Caught in the Net: what to make of user estimates. Public
Perspective. 7. 37-40.
Barber, B. (1983). The logic and limits of trust. New Brunswick, N J.: Rutgers
University Press.
Bell, H. & Tang, N.K.H. (1998). The effectiveness of commercial Internet web
sites: a user’s perspective. Internet Research. 8 .219-228.
Bernstein, T., Bhimani, A. B., Schultz, E., & Siegel, C. L. (1996). Internet
security for business. New York, N.Y.: Wiley & Sons.
119
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Bhimani, A. (1996). Securing the commercial Internet. Communications o f the
ACM. 39. 29-35.
Bierman, H., Jr., Bonini, C. P., & Hausman, W. H. (1969). Quantitative analysis
for business decisions (3rd ed.V Homewood, IL: Irwin.
Blattberg, R.C. & Deighton, J. (1996). Interactive marketing: exploiting the age
of addressability. Sloan Management Review. 3 3 .5-14.
Blau, P. M. (1964). Exchange and power in social life. New York, N.Y.: Wiley
& Sons.
Buck, S. P. (1996). Electronic commerce - would, could, and should you use
current Internet payment mechanisms? Internet Research. 6. 5-18.
Burke, R. R. (1997). Do you see what I see? The future o f virtual shopping.
Journal of the Academy of Marketing Science. 25. 352-360.
Bun, R. S. & Knez, M. (1996). Trust and third parties: the social production of
cooperation. Chicago, IL: University of Chicago, Graduate School o f Business.
Card Technology Today (1996). Survey: SmartCards and the Internet. Card
Technology Today. 3. 12-16.
Caskey, R. & Delpy, L. (1999). An examination of sport web sites and the
opinion of Web employees toward the use and viability of the World Wide Web as a
profitable sports marketing tool. Sport Marketing Quarterly. 8. 13-24.
Cole, J. I. (2001). The UCLA Internet Report 2001: Surveying the digital future.
Available: http://www.ccp.ucla.edu/pdf/UCLA-Intemet-Report-2001 .pdf
120
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
CommerceNet/Nielsen (1996). Internet demographics recontact study
March/April 1996 executive summary. Available: www.commerce.net/nielsen/exec.html
Crede, A. (1996). Electronic commerce and the banking industry: the required
and opportunities for new payment systems using the Internet. The Journal of Computer-
Mediated Communication. 1.
Dash, J., Schiffman, L., & Berenson, C. (1976). Risk and personality-related
dimensions of store choice. Journal of Marketing. 4 0 .32-39.
121
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Denning, D. E. (1998a). Cyberspace attacks and countermeasures. In D. E.
Denning & P. J. Denning (Eds.), Internet Besieged (pp. 29-55). New York, N.Y.: ACM
Press.
Derlega, V. J., Metts, S., Petronio, S., & Margulis, S. T. (1993). Self disclosure.
Newbury Park, N. J.: Sage.
Dowling, G. R. & Staelin, R. (1994). A model of perceived risk and intended risk
handling activity. Journal of Consumer Research. 2 1 .119-134.
Foo, S., Leong, P. C., Hui, S. C., & Liu, S. (1999). Security considerations in the
delivery of Web-based applications: a case study. Information Management and
Computer Security, 7,40-50.
Forcht, K.A. & Fore, R.E. (1995). Security issues and concerns with the Internet.
Internet Research, 5, 23-31. Available: www.emerald-librarv.com
Forcht, K., Thomas, D. S., Usry, M. L., & Egan, K. (1997). Control of the
Internet. Information Management and Computer Security, 5,23-28.
122
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Frost (1994). Cyberpoet’s guide to virtual culture. Available:
homepage.seas.upenn.edu/~mengwong/cuber/cgvc 1.htm
Fumell, S. M., Dowland, P. S., & Sanders, D. W. (1999). Dissecting the Hacker
Manifesto. Information Management and Computer Security, 7,69-75.
Glassman, S., Manasse, M., Abadi, M., Gauthier, P., & Sobalvarro, P. (1995).
The Millicent protocol for inexpensive electronic commerce. 4th International WWW
Conference. July.
Hawes, J. M. & Lumpkin, J. R. (1986). Perceived risk and the selection of a retail
patronage model. Journal o f the Academy o f Marketing Science. 14. 37-42.
Hart, P. & Saunders, C. (1997). Power and trust: critical factors in the adoption
and use of electronic data interchange. Organization Science. 8 .23-41.
Hirsch, R. D., Domoff, R. J., & Keman, J. B. (1972). Perceived risk in store
selection. Journal of Marketing Research. 9 . 435-439.
“Industry spotlight: sports on the Web" (1998, May 11). The Indusny Standard.
36,1.
123
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
International Data Corporation (1997). Unprecedented growth in global Internet
and World Wide Web usage. Available: www.idcresearch.com/HNR/cpr4ic.htm
Kahle, L. R. & Meeske, C. (1999). Sports marketing and the Internet: it’s a whole
new ball game. Sport Marketing Quarterly. 8 .9-12.
Kahneman, D., Slovic, P., & Tversky, A. (1982). Judgment under certainty:
heuristics and biases. New York, N.Y.: Cambridge University Press.
Kasperson, R. E., Renn, O., Slovic, P., Brown, H. S., Emel, J., Goble, R.,
Kasperson, J. X., & Ratick, S. (1988). The social amplification of risk: a conceptual
framework. Risk Analysis. 8 . 177-187.
Katz, J. & Aspden, P. (1997). Motivations for and barriers to Internet usage :
results of a national public opinion survey. Internet Research. 7. 170-188.
Keating, P. (1996, February). Protect your money from cybertheft. Money. 25.
20.
124
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Kiani, G. (1998). Marketing opportunities in the digital world. Internet Research.
8, 185-194.
Kingsley, P. & Anderson, T .( 1998). Facing life without the Internet. Internet
Research. 8. 303-312.
Kizza, J. M. (1998). Civilizing the Internet: global concerns and efforts toward
regulation. Jefferson, N.C.: McFarland and Company.
Kwon, Y., Paek, S. L., & Arzeni, M. (1991). Catalog vs. non-catalog shoppers of
apparel: perceived risks, shopping orientations, demographics, and motivations. Clothing
and Textiles Research Journal. 10. 13-19.
Lewis, J. D. & Weigart, A. (1985). Trust as a social reality. Social Forces. 63.
967-985.
125
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
“Light mail order buyers surveyed” (1987). Direct Marketing. 49. 12.
Lindskold, S. (1978). Trust development, the GRIT proposal, and the effects of
conciliatory acts on conflict and cooperation. Psychological Bulletin. 8 5 .772-793.
Lopez, L. L. (1987). Between hope and fear; the psychology of risk. Advances in
Experimental Psychology. 2 0 .255-259.
Maignan, I. & Lukas, B. (1997). The nature and social uses o f the Internet: a
qualitative investigation. Journal of Consumer Affairs. 31. 346-371.
126
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
McCorkle, D. E. (1990). The role of perceived risk in mail order catalog
shopping. Journal of Direct Marketing. 4. 26-35.
Nunnally, J. L. (1978). Psychometric theory (2nd ed.1. New York, N.Y.: McGraw
Hill.
127
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Pitkow, J. E. & Kehoe, C. (1996). Emerging trends in the WWW user population.
Communications of the ACM. 3 9 .106-108.
Pope, N., Brown, M., & Forrest, E. (1999). Risk, innovativeness, gender, and
involvement factors affecting the intention to purchase sport product online. Sport
Marketing Quarterly. 8 .25-34.
Rao, R. M. (1996, March 18). Nielsen’s Internet survey: does it carry any
weight? Fortune, p. 24.
128
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Richards, S. (1996). Electronic banking resource cen ter electronic
money/Internet payment systems. Available: www2.cob.ohiostate.edu/
{richards/bankpay.htm
Rowley, (1996). Retailing and shopping on the Internet. Internet Research. 6. 81-
91.
Rubin. R. (1996). Moral distancing and the issue o f information technologies: the
seven temptations. In J. M. Kizza (Ed.), Social and ethical effects o f the computer
revolution (pp. 124-135). Jefferson, N.C.: McFarland and Company.
Schiffan, L., Schus, S., & Winer, L. (1976). Risk perception as a determinant of
in-home consumption. Journal of the Academy of Marketing Sciences. 4 . 753-763.
Schlenker, B., Helm, B., & Tedeschi, J. (1973). The effects o f personality and
situational variables on behavioral trust. Journal o f Personality and Social Psychology.
25,419-427.
129
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Shaw, M. J. (2000). Electronic Commerce: State of the Art. In M. Shaw, R.
Blanning,R. Strader, & A. Whinston (Eds.), Handbook on Electronic Commerce ( pp. 3-
24). Heidelberg, N.Y.: Springer Publishing.
Simpson, L. & Lakner, H. B. (1993). Perceived risk and mail order shopping for
apparel. Journal for Consumer Studies and Home Economics. 17. 377-389.
Starr, C. (1969). Social benefit versus technological risk: what is our society
willing to pay for safety? Science. 165. 1232-1238.
Stone, R. N. & Mason, J. B. (1995). Attitude and risk: exploring the relationship.
Psychology and Marketing. 12. 135-153.
Swan, J. E., Trawick, J. F., Rink, Jr., D. R., & Roberts, J. J. (1988). Measuring
dimensions of purchaser trust of industrial salespeople. Journal of Personal Selling and
Sales Management. 8 . 1-9.
“Top Traffic-Drawing Sites” (1997, Nov. 24). Min’s New Media Report. 7.
Verity, J. W. (1995, November 13). Bullet-proofing the Net. Business Week. 98-
99.
130
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Vlek, C. A. J. & Stallen, P. J. M. (1980). Rational and personal aspects of risk.
Acta Psvchologica. 45. 273-300.
Weber, T.E. (1996, February 6). ATT will insure its card customers on its web
service. The Wall Street Journal, p. B5.
131
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
BIOGRAPHICAL SKETCH
Michael P. Kehoe was born in St. Clair, Michigan, on May 19, 1968. After
graduating from South Mecklenburg High School in Charlotte, N.C., he attended East
Carolina University in Greenville, N.C. and received his Bachelor of Science and
Masters in Education degrees. He began teaching at East Carolina University while a
graduate assistant and moved to North Carolina State University in Raleigh, N.C.,
where he taught an additional two years in the Department o f Physical Education.
Deciding to pursue a doctorate in Sport Administration, he moved to Tallahassee and
enrolled at Florida State University in the Fall semester, 1998. During his tenure at
Florida State University, he worked as the Coordinator of the Lifetime Activities
Program in the Department of Physical Education. Shortly after arriving in
Tallahassee, he accepted an internship with the Tallahassee Tiger Sharks Professional
Hockey Franchise and became the Director of Ticket Operations within a year. In his
professional career, he has also worked with professional hockey franchises in El
Paso, TX, and Port Huron, MI.
132
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.