Information Security and e-Commerce Trust
This paper studies the information security threats to e-commerce that lead to a lack of trust in the industry. The study begins by reviewing the literature and then focuses on the main issues, as well as suggesting recommended procedures for dealing with them. The main issues identified as threats to information security include identity theft and fraud. The study observes that the issues can be limited and thus trust improved by employing a framework proposed by Challeppa and Pavlou (2002), which is based on encryption, protection, authentication and verification. Implementing this framework can greatly enhance consumers’ trust in electronic commerce and therefore foster its successful implementation.
The effects of the arrival of the internet and the World Wide Web (www) on the global economy can be likened to those of the advent of industrial revolution on agrarian societies in 18th century Britain (Alfriji et al., 2003). The internet has made the world smaller through its facilitation of communication through information systems and technology. The post office and its competitors are, to a great extent, now limited to the transportation of products that have a physical substance. A significantly high volume of information and communication is transmitted through the web. The advent of information and communication technology has opened up new opportunities for businesses. Today virtually every country is involved in international trade given the easy transmission of business communications through internet networks.
Information and communication technology as well as advancements in the internet and telecommunications have greatly facilitated the globalisation of markets across the world (Alfriji et al., 2003). Significant benefits can be derived from electronic commerce ranging from the diffusion of new technologies, sales promotion of products and services, as well as the collaboration of the different participants in a supply chain network.
Despite these benefits, many individuals and businesses are concerned about the security of the information they transmit over electronic media such as the internet and the telephone. Threats to the security of information transmitted over the internet or via the telephone can deter businesses and individuals from using the internet and telephone network to communicate sensitive business information. In addition, there is also the issue of trust between the buyer and the seller. It should be noted that both buyer and seller are invisible and each runs the risk that the other party may not fulfil their obligations under the terms of the agreement since it will be difficult for the compliant party to travel miles away, perhaps overseas, to track down the non-compliant or defaulting party. In addition, even if the compliant party is capable of travelling across borders to track down the non-compliant party, there may be immigration and legal barriers which may deter the compliant party from making such a journey. In addition, significant resources in terms of money and time, may be wasted in the endeavour. As a result, it is right for one to say that trust is a foundation for successful implementation of e-commerce across the globe.
Security concerns have always accompanied the introduction of new information and communication technologies (Clarke, 1988; Mason, 1986 cited in Chellapa and Pavlou, 2002). Ratnasingham (1998) suggests that internet security and transaction security represent two areas that currently plague the successful implementation of worldwide e-commerce. While internet security concerns itself with the network system and applications components of e-commerce solution, transaction security is concerned with the requirements for secure e-commerce transactions (Ratnasingham, 1998). This paper aims to look at the problems of security and trust issues that currently impede the successful implementation of e-commerce, and proposes possible solutions on how to successfully overcome these problems so as to promote the worldwide implementation of e-commerce. The paper begins by providing a review of relevant literature in section 2 below; section 3 follows with a discussion of the main security and trust issues that impede the successful implementation of e-commerce focusing particularly on case studies; section 4 provides a conclusion which summarises the main findings of the paper.
- Literature Review.
The issue of internet security and trust in electronic commerce has gained considerable attention in Information Systems Literature. Many studies have focused attention on the security threats and trust issues with respect to successful e-commerce implementation. Aljifri et al. (2008) conducted a study that focused on understanding the threats to e-commerce in developing countries, taking into consideration the fact that these countries are yet to fully embrace information and communication technology and thus e-commerce. They note that this category of countries is facing several key issues that can be broadly defined as ‘trust barriers’ (Aljifri et al., 2008). These issues as envisaged by Aljfri et al. (2008) are capable of affecting the probability that people in the developed world will be willing to conduct digital business with people in developing countries. For example, there are serious concerns about information security in developing countries. The main reason for these concerns is the fact that developing countries lack trusted certificate authorities as well as telecommunication systems that can provide the protection required for the successful conduct of digital business in developing countries (Aljifri et al., 2008). This lack of trusted certificate authorities has led to a significant growth in mistrust with respect to the transmission of information over the internet. In particular, developing countries lack information security systems such as trusted certificates and encryption procedures that can enable a more secure environment for e-commerce transactions. (Alfriji et al., 2003).
The impediments to successful implementation of e-commerce in developing countries are not limited to information security issues. Poor technical and industrial infrastructure is also impeding the successful digitalisation of business in developing countries (Alfriji et al., 2003). The implementation and usage of networks is contingent on the presence of a good communications infrastructure. Such an infrastructure is absent in most developing countries and as such makes the implementation of e-commerce difficult. For example, the world bank reports that in developing countries like India and China there are only 3.3 and 12.2 PCs per 1000 people of the total population, respectively (Nair, 2002 cited in Alfriji et al., 2003). This is as opposed to industrialised economies like the US were there are approximately 510.5 PCs per 1000 people of the total population (Alfriji et al., 2003). Other impeding issues include educational, governmental and socio-cultural issues (see Alfriji et al., 2003).
Doonum (2008) also focused on studying how information security affects e-commerce but his main focus was on outsourcing. Donum (2008) provides a multiple level security framework as an effective approach in outsourcing. Donum (2008) suggests that this framework can enable the identification, monitoring and evaluation of information security risks by employing a layered security model that fits well in a complicated outsourcing domain. In the multiple level security framework, there are three levels of security including: (i) guidelines of technical security; (ii) risk analysis; and (iii) compliance and evaluation criteria, which also includes the management of information security (Donum, 2008). In addition, Chellappa and Pavlou (2002) suggest that e-commerce transactions remain threatened by information security. They argue that consumer trust in e-commerce depends on information security.
Chellappa and Pavlou (2002) also propose mechanisms of dealing with information security threats, which include encryption, protection, authentication, and verification. These mechanisms are developed from technological solutions for security threats that are visible to consumers and as such contribute to actual consumer protection (Chellappa and Pavlou, 2002). Chellappa tested the above mechanisms using a sample constituting consumers. In a study of 179 consumers, they suggest that there is a significant relationship between consumers’ perceived information security and trust in e-commerce transactions. Chellappa and Pavlou (2002) also studied the role of financial liability and a contributor to perceived security. The evidence suggests that there is little or no impact of financial liability on consumers’ trust on e-commerce (Chellappa and Pavlou, 2002). Pennanen et al. (2007) propose a value-based framework for consumer e-trust building process. They suggest that consumers perceive two value-based external factors in the e-trust building process as risk. Further more, they suggest that informants employ three value-based behavioural patterns to reduce the risk perceived by consumers and to build trust in e-commerce. Finally, Pennanen et al. (2007) also argue that the process of e-trust building is contingent on individuals’ personal values.
Mukherjee and Nath (2007) observe that trust and commitment are critical for the synthesis of successful long-term relationships in the online retailing context. Since there is no physical interaction between buyers and sellers, the ability of websites to gain the trust of buyers and to deliver the goods or services in accordance with the terms of the agreements made remain critical issues in online customer relationship management (Mukherjee and Nath, 2007). In a study examining the commitment-trust theory (CTT) of customer relationship marketing in online retailing contexts, Mukherjee and Nath (2007) observes that there has been a significant modification of the traditional CTT model in he online environment. In particular, Mukherjee and Nath (2007) suggest that the key antecedents of trust, which also have a positive impact on relationship commitment, are the privacy and security features of the website as well as shared values. In addition, Mukherjee and Nath (2007) suggest that the behavioural intentions of consumers are the consequences of both trust and commitment, and that the cost incurred in terminating the relationship has a negative impact on the customer commitment. In a keynote address delivered to the Economic Club of Detroit Michigan on the 7th of May 2001, Dick Brown, Chairman and CEO of EDS reiterates that the proper functioning and success of the digital economy is contingent upon the presence of a civilised world, something that has taken humanity centuries to construct. Brown (2001) further stresses that the business community should not depend on the authorities to police the Internet Communities. Moreover, he argues that no system of laws can protect businessmen from threats on information security or trusts. Business leaders, government leaders, consumers, must collectively and individually work towards creating an environment of trust that ensures the validity of the digital economy (Brown, 2001). As Brown (2001: 653) states: “the Internet is a hugely powerful tool in your arsenal to market and develop your business, but it is also an Achilles’ heel. If not managed correctly, it will enable the public to destroy your business”.
Following Brown (2001) the successful implementation of e-commerce on a global basis is only possible if all stakeholders ranging from shareholders, customers, employees, suppliers, governments, local communities, NGOs and environmental activists combine efforts to make it a success by instilling trust by being honest enough when buying and selling online. What Brown effectively means is that if one is marketing something to sell online, he/she should be honest enough to ensure that the product represents what it purports to represent. Ratnasingham (1998) also deals with the issue of trust in electronic commerce. She notes that the foundation for businesses is relationships and that trust remains an integral part of these relationships especially in today’s virtual competitive world (Ratsnasingham, 1998). Trust can be viewed from two perspectives: the rational and the social. According to the rational perspective, trust is based on the calculus of self-interest (Ratnasingham, 1998). As trust increases, transaction cost decreases and vice versa. (Ratnasigham, 1998). Trust has the capability to create loyal and very satisfied customers. As a consequence, Ratnasingham (1998) provides a discussion on the concept of trust as well as its importance for secure electronic commerce. According to Lewicki and Bunker (1996) trust is constructed in stages. The first stage is ‘deterrence-based’ and the last stage is highest level of trust. Additionally, the construction of trust is similar for all types of relationships irrespective of whether it is a romantic relationship, a manager-employee relationship, among peers relationship, as well as a relationship between trading partners in electronic commerce. A development model of trust between two parties in a business context is proposed by Shapiro et al. (1992) (cited in Ratnasingham (1998):
Figure 1: The Stages of Trust Development
|Levels of Trust (1, 2, 3)|
Stable Identification-based trust (few relationships)
(2) Stable knowledge-based trust (many relationships)
(1) Stable Deterrence/Calculus-based trust – (some relationships)
Source Shapiro et al. (1992) cited in Ratnasingham (1998).
Figure 1 above depicts the trust construction model proposed by Shapiro et al. (1992) and reproduced by Ratnasingham (1998). According to the model, trusts development has three stages: (i) stable deterrence/calculus-based trust, which occurs in many relationships; (ii) stable knowledge-based trust, which occurs in many relationships; and (iii) stable identification-based trust, which occurs in very few relationships.
Deterrence-based trust concerns itself with the threat of punishment. This is considered a negative factor in the trust development process. On the other hand, calculus-based trust is concerned with the benefits that will be derived by both parties from fulfilling their terms of the agreement in a relationship. Although calculus-based trust is considered a positive factor in the trust development factor as opposed to deterrence-based trust, deterrence-based trust is more effective than calculus-based trust because the parties consistently fulfil their terms under the agreement because of the threat of punishment that will be inflicted on them should they fail to meet their obligations (Ratsnasingham, 1998). Trust has also been identified by Srinivasan (2004) as a critical success factor of e-commerce. According to Srinivasan (2004) e-commerce must strive to achieve trust over a period of time. He further argues that acquiring customer trust depends on a number of factors that are controlled by an e-business although customer trust itself remains beyond the control of the e-business. The factors that determine the acquisition of customer trust identified by Srinivasan (2004) include the appeal of the web site, the product or service offerings, branding, service quality and trusted seals. Furthermore, one can view trust from a number of directions including transaction, information content, product, technology, as well as institution.
The above evidence suggests that the main impediments to successful e-commerce implementation include threats to the security of information and lack of trust in e-commerce transactions. The main threats to information security include the possibility that information provided online can always be intercepted. Consumers believe that that information provided online is not safe and can always be intercepted and used for purposes other than e-commerce transactions. A prominent example is when payments are made online using credit cards such as VISA and Master Cards. Consumers are increasingly concerned about the security measures taken by the credit card companies to ensure that their payment information is not intercepted by intruders. There are people out there who are constantly looking for means to hack into the personal computers of other so as to take advantage of their credit card and online banking details.
Another threat to information security is lack of privacy. Identity theft has become a cause for concern. Consumers transmit a lot of individual identifiable information over the internet when making online purchases, and can be duped by ‘phishing’ by fraudsters too. Information such as name, address, telephone number and e-mail address are constantly under threat from identity thieves who aim at duplicating this information using it for their personal gains. Ratnasingham (1998) identify a number of security flaws inherent in the Internet. These include misrouting, transmission failure, data corruption, as well as failure of physical components. Information is transmitted and received over the internet through network protocols, Internet Protocol (IP) and Transmission Control Protocol (TCP) (Ratnasingham, 1998). Ratnasingham (1998) notes that these transmission mechanisms do not provide any mechanism for protecting the confidentiality of the data packets transmitted. Unprotected packets can easily be intercepted and revealed by network sniffing software and devices as they move across the internet (Ratnasingham, 1998). Perpetrators use this information to achieve their desires. These security threats significantly inhibit the trust of consumers in electronic commerce and as such limit its successful implementation. To solve these problems, Chellapa and Pavlou (2002) propose a conceptual framework that can help build the trust of consumers in electronic commerce. The conceptual framework is based on encryption, protection, verification and authentication. Implementing this framework increases the perceived security of consumers in electronic commerce transactions and decreases the financial liability that they may incur by engaging in electronic commerce. Increased perceived security and limited financial liability all lead to an increase in the trust in electronic commerce transactions. Reputation is also an important factor in building trust in electronic commerce transactions. Figure 2 below shows how the conceptual framework proposed by Cellappa and Pavlou (1998) helps to improve consumers’ perceived trust in electronic commerce.
Figure 2: Conceptual Framework
Source: Challeppa and Pavlou (2002:362).
Two tools commonly use to improve internet security include secure socket layer (SSL) and secure electronic transaction (SET). (Srinivasan, 2004). SSL was developed by Netscape to support point-to-point encryption. SET was developed jointly by VISA and MasterCard in collaboration with other technology companies as an open standard to support end-to-end secure online transactions. (Srinivasan, 2004). SSL and SET are therefore contributing to online security and thus enhancing the trust of consumers in electronic commerce (Srinivasan, 2004).
- Conclusions and Recommendation
Based on the foregoing discussion, a number of findings can be discerned. Firstly, the study concludes that developing countries are still lagging behind as far as electronic commerce is concerned. The main issues impeding the successful implementation of e-commerce in these countries is the lack of an infrastructural environment adapted to successful e-commerce development; lack of educational skills, socio-cultural issues, government bureaucracies and corruption, and political issues. It is therefore important for developing countries to take steps towards providing an infrastructural environment adapted for the implementation of e-commerce; design courses to train people on how to implement e-commerce; attempt to change the socio-cultural perceptions of the population; and attempt to change the political landscape to improve the implementation of e-commerce. Generally, e-commerce is plagued by a number of security issues such as identity theft, and fraud, which have greatly reduced the trust of consumers in e-commerce transactions as well as the trust between trading partners across the globe. To revitalise the trust of consumers and other interested parties in e-commerce transactions, it is important for security measures to be put in place that limit the ability of intruders from hacking into the personal information of people who use the internet, and that there are measure put in place to create trusted online systems in order that companies can do business online safely and securely.
Aljifri, H. A., Pons, A., Collins, D. (2003), “Global e-commerce: a framework for understanding and overcoming the trust barrier”, Information Management & Computer Security, vol. 11, No. 3, pp. 130-138.
Brown, D. (2001), “The Digital Economy: Our word must be our bond”, Address Delivered to the Economic Club of Detroit, Detroit Michigan, May 7, 2001.
Chellappa, K., Pavlou, P. A. (2002), “Perceived information security, financial liability and consumer trust in electronic commerce transactions”, Logistics Information Management, vol. 15, No. 5/6, pp. 358-368.
Doonum, R. M. (2008), “Multi-level information system security in outsourcing domain”, Business Process Management Journal, vol. 14, No. 6, pp. 849-857.
Mukherkejee, A. (2007), “Role of electronic trust in online retailing: A re-examination of the commitment-trust theory”, European Journal of Marketing, vol. 41, No. 9/10, 2007, pp. 1173-1202.
Pennanen, K., Trainen, T., Luomala, H. T. (2007), “A qualitative exploration of a consumer’s value-based e-trust building process: A framework development”, Qualitative Market Research: An International Journal, vol. 10, No. 1, pp. 28-47.
Ratnasingham, P. (1998), “Trust in Web-based electronic commerce security”, Information Management & Computer Security, vol. 6, No. 4, pp. 162-166.
Srinivasan, S. (2004), “Role of trust in e-business success”, Information Management & Computer Security, vol. 12, No. 1, pp. 66-67.