2IntroductionTrust & RiskStrategic ThrustsFramework of TrustQuestionsConclusionRelated Web Sites
3What is Trust? Definition “the assured reliance on the character, ability, strength, or truth of someone or something, or one in which confidence is placed”.Trust & RiskWeb SitesQuestions
4The above cartoon by Peter Steiner has been reproduced from page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20)only for academic discussion, evaluation, research.
5Quote From Jeff Sandquist.com On the Internet nobody knows you are a dogTuesday, July 27, 2004Fascinating how this famous cartoon from The New Yorker cartoon is proving less true as more and more folks get Weblogs. Weblogs give us an insider view of corporations and let us learn more about the individuals.Could the day arrive when we know for sure if you're a dog or not?
6Who are you? 'Who are you?' said the Caterpillar. This was not an encouraging opening for a conversation. Alice replied, rather shyly, 'I - I hardly know, sir, just at present - at least I know who I was when I got up this morning, but I think I must have been changed several times since then.'—"Alice's Adventures in Wonderland", Lewis Carroll.
7Trust in Traditional Commerce Trust & RiskIdentity (brick & mortar store)Immediacy (physically touch the product)Value (can evaluate since close at hand)Discourse (talk to a salesman in person)Community (words of mouth)Privacy (pay cash)In the traditional setting, handshaking often symbolizes a transactionIn the Internet context, it is not possibleStrategic ThrustsFrameworkConclusionWeb SitesQuestions
8What Consumers Look For to Evaluate Trustworthiness online Is the site professional?Does the information architecture make sense?Is the site easy to navigate?Is the site easy to use?Are my questions answered?Do other people trust this site?Am I familiar with this company?Are the prices reasonable?Strategic ThrustsFrameworkConclusionWeb SitesQuestionsIf they can’t design a good site professionally, why expect them to be able to handle commerce transactions and fulfillment?If the organization of information does not appear to have been carefully designed, why expect the payment systems good?Can I find the product that I want? If the site is not easy enough to navigate around, why would I trust them to have made a backend that works?Can I search, browse, and purchase from the site? If I can’t because of my browser and preferred browser configuration, then the site designers are telling me that they don’t want my businessIf I’m concerned about security and privacy, can I find information that addresses these concerns? If they can’t address my possible needs before hand, why expect them to handle my needs after the purchase?What’s the word (of mouse) about the site?Have I had good experiences with this company before, on or off the web?
9Some Properties of Trust Trust & RiskStrategic ThrustsTrust is not associative (non-symmetric)Trust is not transitiveTrust is always between exactly 2 partiesTrust will involve either direct trust or recommender trustFrameworkConclusionWeb SitesQuestions
10Trust and Risk Trust and risk are closely interrelated IntroductionTrust and risk are closely interrelatedRisk is defined as a consumer’s perception of the uncertainty and adverse consequences of engaging in an activityWhen risk is present, trust is needed to make transactions possibleDoing business on the Internet has many additional risksStrategic ThrustsFrameworkConclusionWeb SitesQuestions
11– Best PracticeSome of the things to consider when sending s are discussed in this ZDNET article.
12Collaboration and Trust Open source software is based on trust e.g. MozillaWikisBlogsHow else can you collaborate?
13Four Types of Risk Financial (risk of losing money or paying too much) IntroductionFinancial (risk of losing money or paying too much)Functional (risk of receiving the wrong or a malfunctioning product)Social (risk of using a product that reflects poorly on its user)Physical (risk that we might be harmed by the product)Higher consumer trust towards an Internet store will reduce the perceived risks associated with buying from that storeStrategic ThrustsFrameworkConclusionWeb SitesQuestions
14Factors of Trust Reputation and size are key factors IntroductionReputation and size are key factorsLong term reputation is far more than short- term product quality movementsReputation and size provide assurancesAssurances help to increase trust, particularly when parties have not interacted before and do not have first hand knowledge of each otherThe store’s perceived reputation is positively associated with a consumer’s trust in an Internet storeThe store’s perceived size is positively associated with a consumer’s trust in an Internet storeStrategic ThrustsFrameworkConclusionWeb SitesQuestions
15Outcomes of TrustIntroductionHigher consumer trust toward an Internet store will generate more favourable attitudes towards shopping at that storeThe lower the consumer’s perceived risk associated with buying from an Internet store, the more favourable the consumer’s attitudes towards shopping at that storeFavourable attitudes towards an Internet store will increase the consumer’s willingness to purchase from that Internet storeReduced perceived risks associated with buying from an Internet store will increase a consumer’s willingness to purchase from that Internet storeStrategic ThrustsFrameworkConclusionWeb SitesQuestions
16Key Strategic Thrusts to Build a framework of trust IntroductionTrust & RiskFive key strategic thrusts:Establishing a secure e-Commerce environmentBuilding confidence in E-businessesBuilding confidence in consumers to transact on the Internet; andEducating and increasing awareness of the benefits of E-CommerceBest practices for E-Commerce to increase trustFrameworkConclusionWeb SitesQuestions
17Establishing a secure E- Commerce Environment IntroductionTrust & RiskPeople need to be confident of the identity of the person sending electronic messages, to be sure that they have not been tampered with, and that they have been kept confidential.Senders would want to be able to identify the recipients of the messages, to ensure that they will not land on the hands of the unauthorized.Secure electronic transactions can be provided through the use of encryption technologies and certification authorities.FrameworkConclusionWeb SitesQuestions
18Establishing a secure E- Commerce Environment IntroductionTrust & RiskApproachesSecuritySecure Socket LayerS-HTTP, s/MIMEIdentificationChallenge-Response SystemAuthenticationSecure Electronic Transaction (SET)Secure Electronic Payment Protocol (SEPP)Secure Transaction Technology (STT)PKI/Digital CertificatesAuthorizationOpen Profiling Standard for Authorization and Single Sign-On (OPS)FrameworkConclusionWeb SitesQuestions
19Establishing a secure E- Commerce Environment IntroductionEstablishing a secure E- Commerce EnvironmentTrust & RiskRisk is unavoidable, but doing E-Business is perceived to have greater risks.Some banks impose higher transactional fees for online payments (risk premium)E-Merchants are required a fixed term (e.g. six month) deposit to cover possible charge backs arising from online transactions.Approach: Risk Assessment and ProfilingFrameworkConclusionWeb SitesQuestions
20Building Confidence in E-Business IntroductionTrust & RiskE-Commerce brings about new markets, more customers and global reach.Businesses are hesitant to exploit opportunity which can be accompanied with an increased risk of network fault, online fraud and crime.Businesses also worry about capital investment that might become outdated through rapid technological obsolescence.Approach: Introducing E-Commerce Insurance & UnderwritersFrameworkConclusionWeb SitesQuestions
21Building Confidence in E-Business IntroductionTrust & RiskWhen a credit card fraud occurs, the e- business will lose its good, be charged for the costs and have to pay the issuing bank a charge-back feeOnline consumers also face the risk that they may not receive the goods, the goods that arrived are not what they had ordered or the goods are damaged upon receipt and even DOA (dead on arrival).Approach: Escrow Services
22Building Confidence in E-Business IntroductionTrust & RiskThere will be potential e-disputes when doing business online, thus there is a need for an alternative dispute resolution process to allow businesses and consumers to have access to an independent and efficient way of resolving complaints.Approach: Alternative Dispute Resolution (ADR) MechanismsFrameworkConclusionWeb SitesQuestions
23Building User Confidence in E-Commerce Transactions IntroductionTrust & RiskFor consumers to transact on the Internet, they must have trust that the site keeps information private and offers a secure site for them to purchase productsConsumers fear the risk of financial losses due to theft or fraudulent use of credit cards, or orders that disappear and products that never arrive.Approach: Trust MarksFrameworkConclusionWeb SitesQuestions
24Building User Confidence in EC Transactions - WebTrust IntroductionTrust & RiskVerisign has developed and is promoting a set of principles and criteria (On-Line Privacy, Security, Business Practices and Transaction Integrity, Availability, WebTrust for Certification Authorities)Independent auditing can provide assurance services to evaluate and test whether a particular E-Commerce site meets these principles and criteriaThe WebTrust seal of assurance can be displayed on the E-Commerce site if it meets these principles and criteriaExample site: eBay, Commonwealth BankFrameworkConclusionWeb SitesQuestions
26Building User Confidence in EC Transactions - BBBOnline IntroductionTrust & RiskReliability Seal ProgramMakes a commitment to high levels of ethical business practices and customer satisfaction.Has been in business for more than a year.Has a satisfactory record with the Better Business Bureau.Commits to work with its customers and the Better Business Bureau to resolve disputes that might arise.Privacy Seal ProgramThe BBBOnLine Privacy program was developed specifically to help business web sites address this key concern of online shoppers.Example site: Dell ComputerFrameworkConclusionWeb SitesQuestions
28Building User Confidence in EC Transactions - TRUSTe IntroductionTrust & RiskDeals with privacy concerns of users. Its goal is to provide:Online consumers with control over their personal informationInternet publishers with a standardized, cost-effective solution for both satisfying the business model of their site and addressing consumers’ anxiety over sharing personal information onlineTRUSTe seal will take users directly to a company’s privacy statementExample site: MSNFrameworkConclusionWeb SitesQuestions
30Building User Confidence in EC Transactions - TRUSTe IntroductionTrust & RiskMinimum requirements of the TRUSTe privacy statement:What personal information is being gatheredWho is collecting the informationHow the information will b usedWith whom the info will be shared withThe choices available to users regarding collection, use, and distribution of their infoThe security procedures in place to protect personal info from loss misuse, or alternationHow users can update or correct inaccuracies in their pertinent infoConclusionWeb SitesQuestions
31Building User Confidence in EC Transactions - TRUSTe IntroductionTrust & RiskTRUSTe Oversight:Initial and Periodic ReviewReview website for adherence to the TRUSTe principles, privacy statement requirements and trustmark usage.SeedingTRUSTe submits unique user information and monitor results for any wrongdoingOnline Community MonitoringThe ability of the community at-large to report violations by establishing online Watchdog reporting form for users. Licensee privacy statement must also display the TRUSTe “click to verify seal” which links to a verification page located on TRUSTe’s secure server.FrameworkWeb Sites
32Building User Confidence in EC Transactions - TRUSTe IntroductionTrust & RiskTRUTEe Resolution ProcessRequest users to contact website directly before filing a report with TRUSTeIf there is no satisfactory response, TRUSTe steps in as the liaison between the consumer and website to resolve the issue.If the website is in violation and is verified by TRUSTe’s official auditors, TRUSTe will advise and guide the licensee on the steps to remedy the problemIf no action taken, then it will result in revocation of the TRUSTe trustmarkWeb SitesQuestions
33Building User Confidence in EC Transactions - TRUSTe IntroductionIssuesNarrow FocusWeb only, what about and other channels?Potential conflict of interestDepends on corporate sponsors which are also users of TRUSTeSelf violationAllowed a third party – thecounter.com – to track visitors to its web site through a collection of personally identifiable informationFrameworkWeb Sites
34Building User Confidence in E-Commerce Transactions IntroductionTrust & RiskThe ease with which personal information can be disseminated with the proliferation of IT has raised privacy concerns worldwide.Approaches: Addressing privacy concerns- Policy for Cookies should be made known to the users- Policies regarding any practices that involve using record of user accesses for statistics generation and/or debugging, should also made known to the users- Platform for Privacy Preferences Project (P3P)FrameworkQuestions
35Building User Confidence in E-Commerce Transactions IntroductionTrust & RiskP3P (W3C’s Platform for Privacy Preferences Project): A framework for informed Internet interactions. The goal of P3P is to enable Internet sites to express their privacy practices and users to exercise preferences over those practicesApproach: Each Internet site has a proposal for privacy policies. If a proposal matches the user’s preference via WWW user-agents, then accept. Otherwise, reject. Sites can use P3P to increase the level of confidenceWeb Sites
36Educating and Increasing Awareness of the Benefits of E- Commerce IntroductionTrust & RiskApproaches: The government introduces initiatives to help educate and increase awareness of E-Commerce for the businesses and consumers.Encouraging the fostering of an e- lifestyle amongst the peopleCreating E-Commerce awareness through seminars targeting at businessesPublicly awarding businesses that adopted E-Commerce successfullyProfileConclusion
37Best Practices for E-Businesses to Increase Trust IntroductionTrust & RiskSeals of Approval: Re-assure the consumers that security has been establishedBrand: The E-Merchant’s promise to deliver specific attributes and its credibility based on reputation & consumers’ previous experienceNavigation: Ease of finding what the consumers wantFulfillment: Clearly indicates how orders will be processed, and provides information on how to seek recourse if there are problemsPresentation: Design attributes that exhibit quality and professionalismTechnology: State of the art even it is expensive and difficult to useFrameworkConclusionWeb SitesQuestions
38Putting all the key strategic thrusts together IntroductionPutting all the key strategic thrusts togetherTo build a framework of trustGartner Article (Lost Sales)Trust & RiskStrategic ThrustsConclusionWeb SitesQuestions
40A Framework of Online Trust IntroductionTechnology DimensionSecurity, Authentication, Identification, AuthorizationNon-repudiationConfidentiality of TransactionsToolsPKI/Digital CertificatesChallenge ResponseSSL, S/MIMESET, SEPP, STT, OPSKey Strategic Thrust: To establish a secure E-Commerce EnvironmentTrust & RiskStrategic ThrustsConclusionWeb SitesQuestions
41A Framework of Online Trust IntroductionMarket Place DimensionPrivacy Services (e.g. P3P)Alternative Dispute Resolution (ADR) MechanismsE-Commerce Insurance & UnderwritersEscrow ServicesCredit Bureau ServicesTrust MarksKey Strategic Thrusts:To build confidence in ECTo build user confidence in EC TransactionsBest PracticesStrategic ThrustsConclusionWeb Sites
42A Framework of Online Trust IntroductionMarket Participant DimensionRisk Assessment & ProfilingFostering e-commerce lifestyle, e-commerce seminars for consumers, etc.Brand, Effective Navigation, Fulfillment & PresentationKey Strategic Thrusts:To establish a secure E-Commerce Environment,To build confidence in ECTo build user confidence in EC TransactionsTo educate and Increasing Awareness of the Benefits of E-CommerceBest practicesConclusionWeb Sites
43A Legal Framework Consistent Legal Framework is important IntroductionConsistent Legal Framework is importantCountry specific but EC is globalConflicting views create confusion and friction in the E-CommerceA sound global legal framework plays a vital role in restoring confidence in the mind of customers.Approach: United Nation’s Committee on International Trade and Law (UNCITRAL) should take initiative to find a global acceptable solution for the legal frameworkWeb SitesQuestions
44A detailed Online Trust Framework IntroductionTrust & RiskStrategic ThrustsConclusionWeb SitesQuestionsThe Internet is an open network and there are various risk elements faced by both business users and consumers. To address these risks and instil a higher level of trust in doing online transactions, the adoption of PKI will provide higher level of security on the Internet.However, there are many obstacles in adopting PKI, including a lack of demand from users, lack of applications supporting PKI, system complexity, difficulty of use and costs.Government can set guidance and also promote cross-certification efforts with other countries
45Web 2.0 – YOU as the new dimension Going beyond commerce, who do you trust?Consider this mapNext week….