Trust in E-Commerce
How do the aspects of trust considered above relate specifically to trust in the domain of e-commerce, and are there additional features that relate to this area? In this section, some of the more important issues that relate to online trust are highlighted. For further general discussion related to trust in Information Technology, see [ACM 2000] and [Castelfranchi & Tan 2001].
Delegation of Trust to Authorities
As considered above, people cannot always be expected to work things out for themselves, particularly when technology is involved. They will look to someone to set an example (for example, the Consumers' Association or role models). Due to a lack of information and time and the huge complexity of IT security, it is impossible for users of IT products to identify the level of security offered by individual products. They count on the reliability of a product being assessed by experts via evaluation and certification procedures, such as using criteria catalogues. Such criteria catalogues are widely used—for example, the “Orange Book” (the Trusted Computer System Evaluation Criteria used by the US Government for evaluating products for government use), the ITSEC standard which is used in Europe, or the Common Criteria in ISO/IEC, which is on track to become a worldwide standard in this area.
Trust is extremely difficult to measure because it is fundamentally concerned with an individual's subjective feelings toward another entity. The authors of the ISO/IEC standards believe that it is possible to measure, test, and evaluate the security assurance of a product or system that is to be trusted. The idea is that if a certain assurance level is reached, it is worthy of trust being invested in it. However, although such evaluation and certification should guarantee security that can be quantified and verified, this will not necessarily serve in creating trust by means of reducing complexity in such a way that the products can be understood and verified by the user [Osterwalder 2001].
Analogous mechanisms for delegation of trust relating to Trusted Platform technology are considered in detail in Chapter 10.
The Relationship of Security to Trust
As we have already seen, there is a great deal more to online trust than security. Some would argue that security isn't even a component of trust. For example, Nissenbaum argues that the level of security does not affect trust [Nissenbaum 1999]. She argues that security is increased in order to reduce risk and not to increase trustworthiness. However, we would argue that, according to the situation, security may increase the level of trust, decrease the level of trust, or indeed be neutral (as Nissenbaum suggests). An example of increasing security to increase trust comes from people being more willing to engage in e-commerce if they are assured that their credit card numbers and personal data are cryptographically protected [Giff 2000].
There can be a conflict between security and privacy. For example, some methods of enhanced authentication can result in privacy concerns (such as manufacturers' issue of identification numbers associated with networked devices). Indeed, for users to regard a computing system as trusted, manufacturers must ensure that increased security does not adversely affect privacy.
Visual clues are lacking online, which can affect security and trust. For example, because you can't see an adult frequenting a children's chat room or a scruffy man selling an expensive car, you are prevented from having immediate suspicions about those people.
Enhancing security will not necessarily increase trust, but it is an important enabler and can do so.
Components of Trust within the E-Commerce Domain
Recent research has been conducted to model trust within the e-commerce domain. The Cheskin Research and Studio Archetype/Sapient study [Cheskin 1999] defines “three key elements of web trust” from six “primary components of the building block of trust” that result in “28 different ways in which trustworthiness may be established.” The six primary components are as follows:
Seals of Approval: Information about companies that specialize in assuring the safety of web sites
Brand: The importance of the company's reputation in choosing to do business with them
Fulfillment: The process one works through from the time a purchase process is initiated until the product is received
Presentation: How the look of the site communicates meaningful information
Egger has conducted related work to identify many factors that mediate trust in e-commerce [Egger 1998].
Friedman and associates argue that it is not appropriate to use the language of trust in relation to people interacting with machines; rather, computer technologies provide “suitabilities” that follow from features of the technology [Friedman et al 2000]. How can we engineer technology that cultivates the conditions for trust online? The authors of that paper offer ten trust-related characteristics of online interaction that can be taken into account when designing and implementing systems, of which reliability and security of the technology is just one. Others include anonymity, accountability, status cue markers, insurance, and performance history and reputation.