Perils of Internet Fraud: An Empirical Investigation of Deception and Trust with Experienced Internet Consumers
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000 395
Perils of Internet Fraud: An Empirical Investigation
of Deception and Trust with Experienced Internet
Consumers
Stefano Grazioli and Sirkka L. Jarvenpaa
Abstract—How well can experienced Internet shoppers detect pages, or 2% of the total pages on the web [47]. There are
new forms of seller deception on the Internet? This study examines signs that the occurrence and damage of consumer deception is
consumer evaluations of a real commercial web site and a fraudu- increasing with the growth of Internet commerce. The public
lent site that imitates it. The forged site contains malicious manip-
ulations designed to increase trust in the site, decrease perceived sensitivity to the issues of Internet business misconduct is on
risk, and ultimately increase the likelihood that visitors would buy the rise [57]. The Internet Fraud Watch, a site sponsored by
from it. Besides measuring the consumer’s willingness to buy from a consumer league with ties to the U.S. government, receives
the site, this study recorded the actual ordering of a laptop. Re- an average of 1000 fraud reports per month [30]. Examples of
sults show that most subjects failed to detect the fraud manipula- deception include purchasing defective or nonexisting goods
tions, albeit a few succeeded. The fraud has the effect of increasing
the consumers’ reliance in assurance mechanisms and trust mech- [62], investing in underperforming securities [59], and paying
anisms, which in turn decrease perceived risk and increase trust in in advance for services that will never be rendered [50].
the store. The study confirms hypothesized relationships between Security technologies, such as encryption and digital certifi-
purchase behavior, willingness to buy, attitudes toward the store, cates, are designed to avoid third-party tampering and eaves-
risk, and trust that are consistent with other trust models found dropping and help protect the privacy and integrity of the com-
in the literature. Past research is augmented by showing that per-
ceived risk and trust interact in their effects on consumer attitudes, munications between parties. However, these technologies are
by distinguishing between the notions of assurance and trust, and not the only area that requires the attention of practitioners and
by identifying the effects of perceived deception on risk and trust. researchers interested in e-commerce. To an extent, the Internet
Overall, the study sheds light on consumers’ vulnerability to attack security technologies may even create a false sense of safety,
by hackers posing as a legitimate site. since on-line consumers may have 100% secure communica-
tions with a dishonest merchant.
I. INTRODUCTION Internet consumer deception—a term that includes the nar-
rower legal concept of “consumer fraud”—is defined as the ma-
I MAGINE: you are on the Internet, shopping for a particular
good or looking for information on a topic of interest. As
you browse, you find a link that bears either a familiar com-
licious manipulation of information presented on the Internet
for the purpose of inducing on-line consumers to act in ways
pany name, or perhaps the description of exactly what you were that unfairly benefit the provider of the manipulated informa-
looking for. As you click it, the link diverts you away from the tion (i.e., the seller). The key word in the definition is “un-
site you are seeking and brings you into a “parallel web,” one fairly”—emphasizing that consumers are subject to harm or in-
where the sites are not what they purport to be, but are faithful jury without counterbalancing benefits.
reproductions of the original sites. These reproductions are cre- The specific nature of Internet technology makes it difficult
ated by hackers to observe your behaviors, steal information to evaluate the trustworthiness of a merchant because it lowers
about you, and damage the reputation of the original sites by the cost of sending market signals and levels their quality. On
inserting inappropriate content and by not executing purchase the surface, an untrustworthy site may look just as glitzy and just
orders placed through the cloned sites. You might not even no- as legitimate as Microsoft’s or IBM’s. The consumer’s inability
tice that you’re not where you believe you are. After a while, to discriminate a fraudulent site from a legitimate site is a se-
you are ported back to the “true” web, completely unaware of rious problem for the sustained viability of Internet commerce.
what has happened. The damage done by even a minority of opportunistic merchants
Science fiction? Think again. This Internet fraud scheme, may have far-reaching consequences. The Internet might be-
called “page-jacking,” is estimated to have affected 25 million come the next “lemons market”: in an environment where it is
difficult to tell the difference between good and bad products,
the bad ones poison the market and drive away the good products
Manuscript received November 11, 1999; revised March 22, 2000. This paper and eventually the consumers [1]. Alternatively, the increase in
was recommended by Associate Editor C. Hsu. the occurrence of reported cases of fraud might encourage gov-
S. Grazioli is with the Department of Management Science and Informa-
tion Systems, University of Texas at Austin, TX 78712-1175 USA (e-mail: ernmental regulation and oversight mechanisms which may in
grazioli@mail.utexas.edu). turn increase the cost of doing business online and decrease the
S. L. Jarvenpaa is with the Center for Business, Technology, and Law, Depart- channel’s competitiveness. Furthermore, an increase in the oc-
ment of Management Science and Information Systems, University of Texas at
Austin, TX 78712-1175 USA (e-mail: sjarvenpaa@mail.utexas.edu). currence of consumer deception might increase the entry bar-
Publisher Item Identifier S 1083-4427(00)05145-6. riers to new businesses. Less well-known businesses may be
1083–4427/00$10.00 © 2000 IEEE396 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000
perceived as riskier, more deceptive, and less trustworthy, which In general, deception is hard to detect [21]. It has been argued
will result in conferring an advantage to incumbent companies that the likelihood of successful detection is dependent on its
and possibly decreasing competition in the channel. frequency of occurrence: the more frequent the occurrence of a
This paper explores the following research question: Are ex- deceit, the more likely the victims are to learn how to circumvent
perienced Internet consumers able to detect Internet deceptions? it ([45]; [1]). Yet, successful detection has been observed even
More specifically: Are they able to detect manipulations that are in domains where the frequency of occurrence of the detection
somewhat unique to the Internet and are aimed at increasing of deception is low [36]. To explain this success in unfamiliar
the level of consumer trust and assurance in the site even if or novel situations, it has been proposed that individuals apply
they introduce strong internal inconsistencies as well? What are to novel situations what they have learned about deception in
some of the mechanisms by which these manipulations affect the course of their daily lives [7]. From exposure to a variety
perceived risk and trust in the site? Trust is defined here as the of instances of deception and its detection across domains and
expectation that the promise of another can be relied upon and experiences, individuals extract a small number of schemata1
that, in unforeseen circumstances, the other will act in the spirit describing general tactics for deceiving others, as well as a cor-
of goodwill and in a benign fashion toward the trustor [28]. By responding set of schemata describing general ways to detect
contrast, assurance exists when the seller will not cheat because that one or more of the tactics are used by others against them.
of the fear of penalty [61]. Work by Dennett [16] and Johnson et al. [35] has proposed that
The next section develops the conceptual background, the potential victims solve the problem of detecting deception by
model, and the hypotheses that we developed to investigate the identifying anomalies in the environment that has been manipu-
research question. The methodology designed to test the hy- lated by the deceiver, and by interpreting these anomalies in the
potheses (a lab experiment) and the statistical analysis of the light of the deceiver’s adversarial goals the deceiver’s possible
data is discussed in the Section III. A discussion of the results actions.
and their limitations follows. The diffusion of Internet transactions has opened a new
forum for performing social exchanges as well as new opportu-
nities to cheat. As the agents involved in Internet transactions
II. CONCEPTUAL BACKGROUND do not have established psychological histories, we can expect
This section begins by reviewing Cosmides and Tooby ’s “So- that they will attempt to fall back to what they know from
cial Exchange” theory [10]. Social Exchange Theory focuses on previous experiences with similar transactions, and in particular
how individuals detect forms of ‘cheating’ in social interactions the physical counterparts of these transactions. Accordingly, we
and is used here to provide conceptual underpinnings for under- expect to observe Internet variation of well-known deception
standing how consumers may detect instances of deception that schemes, such as pyramid schemes, phony IPO’s, scholarship
are found in Internet commerce. Next, we highlight a few in- scams, deceptive travel programs, false weight-loss claims,
stances of Internet deception, including Internet “page-jacking.” questionable business opportunities, work-at-home schemes,
Lastly, we introduce a model of Internet consumer behavior that prizes and sweepstakes, and credit card offers [23]
relates the concepts of perceived deception, trust, and risk. More interestingly, however, the intrinsic nature of the In-
ternet medium seems also to enable novel forms of deception,
A. Deception and Social Exchange Theory which were previously virtually impossible to execute. Page-
jacking—the focus of this study—is a fraudulent scheme that
Cosmides and Tooby’s Social Exchange Theory is rooted in does not have an obvious equivalent in traditional channels.
a growing body of research that argues that human information Page-jacking consists of redirecting a browser from the target
processing is tuned to the demands that originate from social location intended by the user, to another location determined by
interactions (e.g., [66]; [10]; [12]; [6]; [8]; [40]). Examples of the deceiver.
these demands include the need to predict the intentions of ad- A particularly pernicious form of page-jacking occurs when
versaries ([64]; [29]; [16]; [31]), and the need to reason about the unsuspecting user is redirected to a location difficult to dis-
permissions, obligations [8], and social exchanges [11]. tinguish from the intended site. Users who believe that they are
Social Exchange Theory focuses on the detection of interacting with a friendly site, not the one to which they are
“cheating” in ‘”ocial exchanges.” A social exchange is broadly actually connected, may behave in ways that are rather inappro-
defined as an interaction in which one party is obligated to priate. For instance, a user might believe that she is accessing
satisfy a requirement of some kind, usually at some cost, in her bank account on her bank web site, while in fact, she is re-
order to receive a benefit from some other party. “Cheating” is vealing her username and password to a hacker site that is posing
the violation of the social contract and consists of taking the as her bank. In addition, if, after stealing the information, the
benefit without satisfying the requirement. site simulates a system glitch, reconnects the user to the true
The structure of social exchange encourages individuals to
1Readers more familiar with traditional attribution theory and the work by
develop knowledge that allows for detecting efficiently and ef-
Kelley may find similarities between the schemata describing the deception tac-
fectively whether someone is “cheating” them [10]. A series of tics and the “causal schemata” described by Kelley [41]. Kelley’s schemata are
laboratory experiments (e.g., [27]; [12]) have found that this de- abstractions from experience that we extract to interpret the environment, inclu-
tection knowledge can be general enough to enable efficient de- sive of other agents and ourselves. According to his theory, schemata are partic-
ularly useful when available information is insufficient, unclear or derived from
tection of instances of cheating that are unfamiliar, or that have an infrequently occurring event [25], which is the case when a potential victim
not been encountered before by the detector. attempts to explain an identified anomaly that results from the deceit.GRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD 397
site, asks her to re-enter username and password, and therefore that individuals have deep-seated tendencies with which they
establishes a true session with the bank, there is a good chance are born or to which they are socialized early in life and that
that she will never know about the theft. Page-jacking is an inno- make them either trust or not trust others. The characteristics of
vative scheme because the Internet medium makes it relatively the trustee (seller) refer to the buyer’s beliefs in the integrity,
easy and inexpensive to simulate web sites owned by others (a ability, and benevolence of the seller. The second mode is
“mimicking” tactic [35]), which was virtually impossible (or at the process mode and relates to the trustor’s experience and
least much harder) to implement in the physical world. direct interactions with the trustee. Trust increases over time
According to the arguments proposed above, one might sus- as the trustor accumulates information about the seller through
pect that consumers will be particularly susceptible to be victim- repeated encounters. The third mode is called the institutional
ized by page-jacking. Its relative novelty implies that consumers mode and relates to established guidelines, either legislative
cannot tap into previous (non-Internet) experiences with similar or unwritten, and the expectation that if the trust is violated,
schemes. The lack of similar experiences means that there is penalties are forthcoming. McKnight et al. [52] developed a
little or no basis for learning how to detect it, which lead us to model of initial trust formation and emphasized that in new
hypothesize that even relatively Internet-savvy consumers will relationships there is no interaction with which to support the
have a high average rate of failure at detecting this specific form process mode. In first-time encounters, trust is largely based on
of deception. We also hypothesize that frauds designed to en- the characteristics of the trustor, assumptions made about the
gender trust in the malicious merchant, and mask his/her op- traits of the trustee, and the institutional factors.
portunism by giving a sense of normality (“business as usual,”
acceptable risk) are most difficult to detect. That is, Internet de- C. Perceived Risk and Uncertainty
ception is most perilous when the deceiver has constructed an Risk refers to a consumer’s perceptions of uncertainty and
environment (e.g., website) that engenders trust and assurance adverse consequences of engaging in an activity [20]; [44].
in the relationship between the consumer and the deceiver. The When risk is present, trust is needed before a buyer is willing
next subsection will examine the concepts of trust and risk and to transact with a seller. The greater the negative consequences
describe a model of consumer behavior that relates perceived that a buyer faces from the seller’s failure to act trustworthily
deception, risk, and trust. (i.e., the higher the risk), the higher the need for trust. Con-
versely, if there is nothing to risk, there is no possibility for
B. Trust and Trust Building exploitation, and consequently there is no need for trust [42].
Kramer [44] defines trust as “a state of perceived vulner- Risk presents a “test of trust” (Dasgupta, 1988).
ability or risk that is derived from individual’s uncertainty Perceptions of risk have been found to be higher when con-
regarding the motives, intentions, and prospective actions of sumers purchase products through direct rather than in-store
others on whom they depend.” Although acknowledging that channels [58]. This is because the consumers lose the ability to
trust can include affective and social components, we shall engage in direct observation of the seller behavior. More gener-
focus on the cognitive processes of trust and view trust as a ally, the specific characteristics of the Internet arguably increase
choice process. Choice can depend on a calculative rationale or both perceived and substantive risk via a variety of mechanisms:
can be based on heuristics (e.g., “everything is in proper order”) for instance, the Internet reduces and in many cases eliminates
when interpreting motives and actions of other individuals. In face-to-face interactions between sellers and consumers; lowers
particular, trust in a target is expected to be high when there is the market costs of new entrants, possibly increasing the number
an expectation that the target behaves as expected without the of fly-by-night operations and making it harder to separate le-
presence of any monitoring or surveillance [5]. gitimate businesses from con men. In addition, the Internet al-
Mayer et al. [51] proposed a general model of trust as a dyadic lows firms from different legal and regulatory environments to
relationship between trustor and trustee. Although this model present their offerings without a strong international legal and
assumes that the target of trust is an individual, other researchers consumer protection system.
have argued that individuals can also hold expectations about the The possibility that a seller withholds information about the
motives and behavior of a group or an organization [69]. In this quality of a product or service, or about the performance of a
paper, we consider a situation where the trustor is a consumer company, is a source of risk for potential buyers. Yamagishi et
who reaches a web store about which he/she has no prior knowl- al. [67] refer to this situation as “social uncertainty.” Social un-
edge; the trustee is a website that sells goods and services on the certainty exists when 1) the seller has an incentive to act in a way
web. The consumer has neither prior knowledge about any of the that imposes costs (or harm) on the consumer; and 2) the buyer
store’s characteristics, nor has visited the site before or has had does not have enough information to predict if the seller will
the opportunity to observe directly the seller’s behavior in terms in fact act in such a way. Uncertainty increases when the buyer
of order confirmation, delivery, after sales support, and so forth. cannot observe the quality of the product or the performance
Rather, the consumer is making a judgment of the merchant’s and is therefore dependent on information that is provided by
trustworthiness based on the situational information that he/she the seller.
gathers from the web site. These conditions characterize many service and product
Zucker [70] presented three different modes that produce transactions on the Internet and can lead to the classic lemon
trust. The first mode pertains to the characteristics of the problem [1]. Buyers cannot tell the real quality of the mer-
trustor (buyer) and trustee (seller). The characteristics of the chandise displayed on a website. Furthermore, the seller has
trustor (buyer) are general dispositions. That is, we assume an incentive to act dishonestly because the buyers’ knowledge398 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000
Fig. 1. Model of Interent consumer behavior.
of the possibility of getting a lemon depresses their price the consumer toward the website. That is, the effect of risk on
offerings, hence reducing the incentive for the seller to sell attitudes toward a seller is mitigated because trust generates con-
quality merchandise and providing an incentive to sell lower fidence that a consumer can deal with the seller successfully re-
quality merchandise (i.e., the lemons). gardless of the potential negative consequences [14]. This hap-
In situations where the sellers have incentives to act dishon- pens because trust creates confidence in the buyer and this con-
estly, the less information the buyer has about the seller’s real in- fidence might allow a consumer favorably consider a high-risk
tentions, the higher the need for the buyer to trust the seller. Kol- purchase situation. When trust is high, risk considerations have
lock [43] examined trust in exchange relationships with varying less of an impact on the formation of attitudes about the site.
levels of uncertainty. He found that people in the “high uncer- Positive attitudes are expected to promote both purchase be-
tainty” condition rated their trading partners’ trustworthiness havior and reported willingness to shop.
higher on average than did people in the low uncertainty con- Fig. 1 presents a model of consumer behavior that relates de-
ditions (“certain” condition). Moreover, people in the high un- ception, risk and trust. We do not expect the fraud to directly
certainty condition rated their best trading partner exceptionally affect the consumer purchase behavior or the declared willing-
high on trust, much higher than those in the certainty condition. ness to buy. Rather, we draw from the Theory of Reasoned Ac-
Overall, it was found that high social uncertainty is conductive tion [24], and assume that the buyers’ beliefs about a site affect
of exchange relations only with the most trusted parties. the buyers’ attitudes toward the site. Attitudes are either favor-
able or unfavorable evaluations of the site. Attitudes toward the
D. Consequences of Trust site in turn influence behavioral intention (i.e., willingness to
The importance of trust in exchange relationships has long buy), and behavior (i.e., actual purchase). Hence, we formally
been noted by marketing researchers (e.g., [26]). In consumer hypothesize that purchase from a web store depends on the con-
product channels of distribution, trust has been found to im- sumer’s attitude toward the web store (hypothesis H1a). Also,
pact attitudes, purchase intentions, and purchase behavior ([13]; willingness to buy from a web store depends on the consumer’s
[26]; [53]). One of the most valuable consequences of trust is the attitude toward the web store (hypothesis H1b). In turn, con-
spontaneity in forming new exchange relationships [44]. Trust sumers’ attitude is determined by trust (hypothesis H2a) and
“plays the role of a booster rocket that helps one to take off the perceived risk (H2b). Finally, trust moderates the relationship
secure ground of committed relationships” [68]. Trust is the so- between risk and attitude (H2c).
cial lubricant that facilitates the meeting of consumers and un-
familiar firms on the Internet. E. Assurance Mechanisms and Deception
Web stores that engender trust not only can improve the con- Assurance mechanisms are designed to reduce the seller’s
sumers’ attitude toward shopping at the store, they can also mod- incentive for opportunism. In a sense, assurance mechanisms
erate the relationship between risk and attitudinal orientation of allow the consumers to give up control without losing controlGRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD 399 [61]. Assurance mechanisms deal with conditions that reduce accessible mechanisms to inform the public what the seals the probability of deceitful behavior or increase the penalty for meant. Something that is relatively easy to do on the Internet. detected opportunistic behavior. Here we examine four forms of Warranties are another form of safeguard or safety net. War- assurance mechanism: seals, warranties, news clips, and phys- ranties can be legally enforced. In certain industries, such as ical location. computer manufacturing, warranties are expected by the con- The use of third-party seals is a form of structural assurance. sumers. Companies are expected to stand behind their products. An Internet seal is a means of authenticating the identity of a site Potential harm on a company’s reputation or court litigation and of assuring that the site possesses some desirable property should reduce the incentive to act dishonestly with respect to (e.g., high security standards) that has been verified by a trusted warranties. Research reports mixed effects of the warranties on third-party. For instance, the “CPA WebTrust” Seal issued by product attitudes—some providing positive effects on reliability the American Institute of CPA symbolizes that a CPA firm has and quality ([39], [65]) and other reporting no effects on product audited the web site and that the outcome of the audit has been attitudes, risk, and intention to buy ([19], [22]). satisfactory. AICPA Internet audits are performed at regular in- News clips are also a form of a structural assurance like seals tervals of time (as short as 90 days) and cover business prac- and warranties. News clips provide third-party endorsement al- tices, accounting controls, and information privacy protection. beit less independent than seals. Consumers use news services Another example is the seal made available by the Bureau of and trade magazines as “second-hand” knowledge on others Better Business. The “BBBOnLine” seal attests that the com- with whom they interact. The assurance effect of news clips is, pany owning the site has been in operation for at least a year, however, less straightforward than seals and warranties. Many has agreed to BBB advertising standards, and is a BBB member. publications are known to be partial and tend to make only par- In addition, information on the company and complaints raised tial disclosures of what is paid advertisement and what is inde- against it can be easily obtained at the BBB site. Other exam- pendent review. Moreover, the effect of the news clips is likely ples include the “SureServer” seal by Wells Fargo and the “Se- to depend on the reader’s association with the magazine itself. cureSite” seal by Verisign. These seals indicate that the site dis- Finally, news clips provide less of a legal recourse than seals playing it adopts up-to-date security technology and is regis- and warranties. Still, sellers might be expected to try to live-up tered with either the bank or the Internet Company. Seals are to the descriptions in the news magazine out of fear of getting a based on digital certificate technology. bad reputation or public sanction. A seal assures consumers of their expectations regarding the Physical location also provides structural assurance. Phys- other party’s behavior. Theoretically, seals should allow the ical presence refers to investments in physical buildings, facil- seal-sponsoring organizations (certificate authority) to act as ities, and personnel. Greater resource investments might be in- “go-betweens” in new relationships between the consumer and terpreted to mean more stable relationships and business with seller. A consumer should be able to transfer the confidence other consumers and greater commitment by the seller to their they have in the seal-sponsoring organization to the seller current business. Commitment in turn should provide assurance [18]. McKnight et al. [52] noted that structural assurances to the consumer that the retailer will stay in business for some can also be effective from a cognitive consistency perspective. time. Physical location conveys what McKnight et al. [52 ] call The consumer can infer that the seller will probably act in “situational normality.” Situational normality involves a prop- conformance with the seal because the site has gone through erly ordered setting that appears likely to facilitate a successful the trouble of obtaining and displaying the seal. interaction. A building helps convey professional appearance, Marketing researchers have studied the impact of third-party prosperity, and security. These attributes can assure customer of certification seals since 1950. Taylor [63] found no effect, the reduced risk in engaging in a transaction. but Parkinson [56] found a strong effect, suggesting that Assurance mechanisms are a form of control mechanism that seals’ longevity of exposure might have an effect. Moreover, reduces the likelihood of the seller taking advantage of the con- Parkinson found that consumers attributed a great deal more sumer and are therefore expected to reduce the level of risk per- meaning to the presence of seals than what was justified (e.g., ceived by the consumer. Hence, we hypothesize that the level consumers incorrectly believe that certain seals mean that the of perceived risk is determined by the presence of assurance endorsed products had been laboratory tested). Studies in later mechanisms (seals, warranties, news clips, and physical loca- years found that seals had a positive effect on the reputation tion) (hypothesis H3a [see Fig. 1]). However, if a consumer of new companies that were unfamiliar to consumers [46] suspects that the assurance mechanisms themselves have been or dealt with products unfamiliar to the consumers [38]. A maliciously manipulated, we expect that the influence of these positive impact was found if the sponsoring organization was a mechanisms on perceived risk will be increased. That is, we ex- professional organization or an independent testing organiza- pect that the perceived deceptiveness of the web store moder- tion rather than a government ([60], [49], [9], [38]). Although ates the relationship between assurance mechanisms and risk several studies report that seals are considered believable, (H3c). Furthermore, we expect that this perception of deception they also seem to report a decline in the comprehension of directly influences the perceived risk of the web store (H3b). seals. Recent work by Beltramini and Stafford [4] found that We expect that perceived deception increases the strength consumers do not know what seals represent and do not use of the relationship between assurance mechanism and reduced them in assessing the believability of advertising claims. The risk. This is explained by the confirmation bias that suggests that fundamental problem identified by Beltramini and Stafford people tend to heed information that is consistent with their prior was that the seal-sponsoring organizations had no readily beliefs (Fiske and Taylor, 1984). Experienced Internet shop-
400 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000
pers are expected to have relatively strong beliefs of the general store, the longer it is perceived to have consistently fulfilled its
safety of shopping on the Internet. A high level of perceived promises and more likely it is to do so in the future.
deception will cause people to pay more attention to assurance Hence, trust mechanisms are expected to increase the level of
mechanisms. The greater attention to structural safeguards will trust perceived by the consumer. We hypothesize that the level
make them more convinced of any validating information that of trust is determined by the presence of trust mechanisms (rep-
the site is secure to do business with. Hence, we expect per- utation, customer testimonials, and size) (hypothesis H4a—see
ceived deception to result in consumers seeking cues about safe- Fig. 1). As we argued above for perceived risk, we also specu-
guards. Finding validating information on assurances and penal- late that trust is affected by the perceived deceptiveness of the
ties will confirm their beliefs and will help people assure them- site (H4b) and that perceived deceptiveness moderates the rela-
selves that “things are okay.” Even a slight effort at confirmation tionship between trust mechanisms and risk (H4c).
has been found to over inflate one’s confidence that reduced risk We expect perceived deception to reduce the strength of the
is warranted [52]. relationship between trust mechanisms and trust (H4c) because
the suspicion that the trust mechanisms may have been inten-
F. Trust Mechanisms and Deception tionally manipulated is likely to decrease the reliance on them.
Trust mechanisms convey benign and goodwill intent by the Many have noted the fragile nature of trust ([3], [54], [52]).
seller. That is, trust mechanisms engender a belief that a seller “Trust is easier to destroy than create” [44]. Trust erodes when it
will act in the interest of the consumer and hence make the con- is clear that the other party has multiple, particularly adversarial,
sumer willing to be vulnerable to the actions by the seller. We motives [17]. According to McKnight et al. [52], trust will be
examined three forms of trust mechanisms: seller reputation, fragile at the start of any exchange relationship because trust at
customer testimonials, and seller size. that point is based less on evidence of trustworthy behavior than
Reputation is the extent to which buyers believe a seller is on lack of contrary evidence. As behavioral evidence cumulates,
honest and concerned about its customers [18]. Reputation con- it quickly replaces the illusions of indirectly obtained informa-
veys information about the seller’s past performance with other tion. When the other party is a seller previously unknown to
buyers. To establish a good reputation, the seller is assumed the consumer, suspicion of other motives might be triggered by
to have refrained from questionable behavior in the past. Rep- forewarnings that a party might be untrustworthy or by situa-
utation captures the estimation of the seller’s willingness and tional cues that suggest that the seller might have ulterior mo-
ability to perform an activity in a consistent fashion [48]. Firms tives. This might suggest that even small contradictions or in-
with good reputation are known to be reluctant to jeopardize consistencies in the seller’s claims should reduce the effect of
their reputation assets. Hence, reputation helps to estimate the trust mechanisms on the consumer trust in a seller.
motives of the merchant in future exchanges and hence should Finally, we expect that the fraud will have the effect of in-
build consumer trust in the seller. creasing the credibility of the assurance mechanisms (H5a) and
Customers testimonials similarly can help convey to the the trust mechanisms (H5b). This is because attributes of the
consumer the seller’s concern for the consumers in general and fraudulent site are deliberately manipulated to increase the per-
the seller’s willingness and ability to transact in a trustworthy ceived presence of the assurance and trust mechanisms. The
manner. Customer testimonials might also promote trust greater presence is expected to result in individuals to notice,
building based on stereotyping. According to McKnight et al. study, and believe these mechanisms.
[52], people tend to infer a stereotype from one or two positive
attributes of the target and carry it over to other attributes of
the target, including trust. Positive stereotyping can quickly III. METHOD
form positive trusting beliefs about other individuals. Positive The hypotheses described above were evaluated by means of
statements by other customers on factors other than trust tend a laboratory experiment. This section introduces and discusses
to color other perceptions and inferences about the other site the subject sample, the experimental design, the measures, and
characteristics such as trustworthiness, particularly early in the the models used to test them.
interaction with the web site.
Customer testimonials can be seen as a form of consensus
A. Subjects
information, a topic that has been examined by researchers in
social cognition [25]. Research in this field has shown that when Eighty MBA students from sections of an IT class taught at a
information about an issue is poor or ambiguous, people are major U.S. university participated in the experiment (58 males
especially susceptible to social influence, albeit the results of and 22 females). Subjects were volunteers. As an incentive for
studies on consensus typically show that people use consensus their participation, each received a 5% chance of winning $100
information in complex ways [25]. For instance, testimonials and the opportunity to share the research results with the authors
that that are detrimental to a product might influence individuals in a restricted-attendance meeting.
more than positive information about the product. All subjects—with one exception—owned a laptop (an
Large organizational size suggests that other buyers trust the academic requirement at the research site) with advanced
organization and conduct business successfully with it. Large networking capabilities. On average, the subjects have been
size also signals that the seller has made investments in cus- using the Internet for about four and a half years; 97.5% of
tomer services [18]. Larger stores might also be considered by them have bought on-line at last an item and 41.1% buy over
customers to have been around longer. That is, the larger the the net at least once a month.GRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD 401
B. Experimental Task trust and decrease perceived risk of the site, and ultimately in-
All subjects were asked to assume that a friend of theirs crease the likelihood that visitors would buy from it.
(“Tom Dexter”) has decided to buy a used laptop because the The forged site was built from a copy of the original site.
one he owns is broken. Tom has identified a web site that sells Six modifications were made to the real site for the purpose
used laptops, and has selected one machine that suits well his of including a variety of assurance and trust-building mech-
needs (a Compaq 5100). He has made up his mind about the anisms. The specific modifications were developed from
laptop he wants, but not about buying it on-line. So, he is asking either previous research (Jarvenpaa et al., 1999; Jarvenpaa and
the subject for a “second opinion” on the site. If the subject Tractinsky, 1999), from official documents (e.g., Federal Trade
feels comfortable with the site, he/she is also asked to purchase Commission releases) and practitioner press.
the laptop by using Tom’s credit card and personal information. 1) Seal: a well-known third-party seal (Bureau of Better
The full text of the scenario is presented in Appendix A. Business) was accurately reproduced and inserted in the
The subjects visited the site using their own laptops. If they home page of the fraudulent site. The third-party seal was
felt comfortable, they also purchased the laptop using the site’s linked to a faithfully reproduced report by the BBB that
secure on-line order entry facility. After that, the subjects were stated that the company’s business record is satisfactory.
instructed to minimize their browser windows and to perform The forged URL of the report suggested that the report
four additional steps: was stored on a BBB server. The report was itself linked
1) fill out the first part of a questionnaire; to a variety of authentic BBB resources.
2) go back to the site, purchase the laptop if they had not 2) Warranty: the warranty offered by the store was modi-
done so already; fied so as to make it extreme (e.g., complete refund, no
3) examine five specific features of the site (seals, news question asked, no time limit).
clips, etc.), if they had not done so already;and 3) News clips: False quotes from professional magazines
4) fill out the rest of the questionnaire. were created. The quotes stated that the site was excel-
The task was performed at the University, under the supervi- lent both by itself and by comparison with the competi-
sion of the researchers. No time limits were imposed on com- tion. The quotes had links to the actual web sites of the
pletion. In general, the task took about one and a half hours to quoted magazines. For instance:
perform. Network connections were fast and reliable. “Used Laptops.com ranked above Laptopcloseout.com,
The scenario and task used in the experiment have several Innovative computers,... and Laptops for Le$$
properties that make it attractive in terms of experimental re- www.getadeal.com
alism:
Mobile computing magazine,
1) The site is a real commercial site that agreed to collab- May 1998—www.mobilecomputing.com
orate in the study. The Compaq 5100 laptop mentioned
in the scenario was actually in their inventory. The site “Used Laptops.com prices are ‘rock bottom’.”
agreed to process the entry of the orders placed on behalf Computer Shopper,
of Tom Dexter as any other order. Jan. 1997—computershopper.zdnet.com
2) The purchase price is significant enough to plausibly war- 4) Physical location: a generic picture of a store was
rant the need for a second opinion, given that the site does inserted in the site with a caption that identified it as
not enjoy a well-known name; the company’s store, together with a randomly selected
3) Subjects are familiar with the purchased merchandise. Seattle address. The real company has no physical store.
They own laptops and they use them professionally on a 5) Size: the site size and sales were grossly exaggerated (by
daily basis. More than half of the subjects have purchased one order of magnitude):
three or more computers in their lifetime. Almost all sub-
jects purchased their current laptop on line. “Our company has been in business over 5 years,
4) At the research site, several instances of broken or stolen serving over twenty-five thousand customers.” [The
laptops have occurred. words in boldface here were in boldface and in high-con-
trast color]
C. Design and Manipulations 6) Customer Testimonials: Existing endorsements from
customers were substantively inflated by adding hy-
Participants were randomly assigned to one of two condi-
perboles and taking out negative comments. Made-up
tions. Half of the subjects accessed the real commercial site,
names and domiciles (city) were added when missing or
and the other half accessed a copy of the site forged by the ex-
incomplete in the original site.
perimenters2 . The forged site is hosted on a different server and
contains several malicious manipulations designed to increase “We did receive the two laptops on 1-21-99 in great
shape: they looked brand new! Thank you again for the ex-
2In either conditions, the students accessed the same url using their own traordinary service and care in sending these laptops to us.
browsers. For the subjects in the ‘forged site’ condition, the browser requests It was much appreciated. If we need anything else we will
were systematically diverted to another server, hosting the forged site. The call on you again.
mechanism was transparent to the users. Access time to the real and forged site
was fast and virtually undistinguishable. Pam Allman, Paris, PA”402 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000
TABLE I
DESCRIPTIVE STATISTICS FOR THE MAIN CONSTRUCTS
D. Detectability of the Deception and the control variables were computed as the mean of the rat-
ings assigned to the items associated with each construct.
The fraud could have been detected by identifying one or Purchase behavior was measured by asking the subjects
more of the following inconsistencies: whether they had placed the order for the laptop (yes/no
1) Seal: exploration of the BBB site leads to their searchable answer). Measures of willingness to buy from the store
database. Searching for the name of the company reveals were derived from Jarvenpaa et al. (1999) and Jarvenpaa and
that the company is not registered with the BBB and there Tractinsky (1999). Four items asked to evaluate the likelihood
is no report on them. that the subject would “consider” buying from the store; the
2) News clips: following the links to the magazines and likelihood to “buy,” to “return” to the store, and the likelihood
searching the databases of article reveals that the quoted to “tell a friend about the store”. A fifth item, asking to evaluate
articles do not exist. the likelihood of making “a good bargain” was dropped because
3) Testimonials: one person (same name and address) is of inconsistent loading. Measures of positive attitude toward
quoted twice. shopping at the store were culled from Jarvenpaa et al. (1999)
4) Size: based on the information presented above the stores and Jarvenpaa and Tractinsky (1999). Subject were asked to
should be selling approximately fourteen computers a agree that they “like” the idea of shopping at the web store, and
day, 356 days a year. The store current inventory includes that is an “appealing” or “good idea” (three items).
only five computers. The questionnaire included nine measures of trust, taken
5) Physical location: The picture does not contain any iden- from Jarvenpaa et al. (1999) and Jarvenpaa and Tractinsky
tifiable sign. The store address is in Seattle, WA while the (1999). Subjects were asked to agree with the statement that the
store phone number has a California area code. store is “trustworthy,” “keeps its promises and commitments,”
6) Warranty: the warranty is simply too good to be true. For “keeps its customers’ best interest in mind,” and “can be relied
instance, no expiration date is specified. upon.” Three items (the store “has good intentions,” “cares
about doing things right,” and “will do a good job at handing
any problems that might arise”) were dropped as they aligned
E. Measures to form a second factor, possibly due to method bias (the three
items were the last three of a list of 20). Finally, two items: “I
A questionnaire using 7-point scales was employed to col- find it necessary to be cautious with this store” and “this store
lect measures for the main constructs and several control vari- might not keep its promises and expectations” were dropped
ables. Whenever possible, items from previous published re- because they cross-loaded with measures of perceived risk.
search were employed. Occasionally, the items were modified Risk perception was measured by three items as found in Jar-
to adapt them to the specific experimental context. Appendix B venpaa et al. (1999) and Jarvenpaa and Tractinsky (1999). Risk
contains the final items used for the constructs. items asked subjects to characterize the decision to buy at the
Table I presents the main constructs in the study, descriptive store as either an “opportunity” or a “risk,” a “high potential for
statistics and a measure of reliability (Cronbach’s alpha). No loss” or a “gain,” and a “positive situation” or a “negative situa-
alpha was less than 0.85 for the main constructs and 0.63 for the tion.” The last item cross-loaded with attitudes toward the store
control variables. Factor analyzes were conducted to verify that and was dropped. Examination of the loadings also suggested
the items included in each construct load in a consistent fashion to include an item dropped from another construct: “I feel that
and without strong cross loading. The values for the constructs ordering the laptop is risky.”GRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD 403
Perceived deception was measured by asking the subject to store affects their purchase behavior and their willingness to
evaluate the extent in which they felt that the quality of in- buy. Risk and trust are expected to affect the attitudes toward
formation about the store is “accurate” versus “misleading,” shopping at the web store, with trust moderating the effect of
“truthful’ versus “deceptive,” and “factual” versus “distorted” risk on attitudes. Perceived deception is expected to affect trust
(three items). These measures were found in [55]. As with other and risk, and to moderate the relationship between trust and
items, responses to these items were summed to form a single the trust mechanisms, and risk and the assurance mechanisms.
measure of perceived deception where higher scores indicate Trust mechanisms included in the deceptive manipulation are
greater levels of perceived deception. expected to increase consumers’ trust in the web store, and as-
Perceived reliance on assurance mechanisms was measured surance mechanisms are expected to reduce the consumer’s per-
by scales that asked subject to evaluate how “believable,” ceived risk of buying from it (see Fig. 1).
“convincing,” and “impartial” were the third-party seals and
the news clips provided by the site ( items), and how A. Detection Success
“believable,” “convincing,” and “fair” (three items) were the The data suggest that most of the subjects were not able to
warranties. The items were adapted from [4]. In addition, two detect the page-jacking deception. Only eight individuals out
items asked whether the store had a physical presence (two of a sample of eighty believed that they were visiting a fraudu-
items). Physical presence items were constructed for this study lent site. Of these eight cases, seven are correct detections (i.e.,
and are presented in Appendix B. rating the forged site as highly deceptive), and one is a false
Perceived reliance on trust-building mechanisms was mea- alarm (i.e., rating the legitimate site as highly deceptive). This
sured by asking subject to evaluate how “convincing,” “believ- high ratio of successes to false alarms suggests that the sub-
able,” and “biased” (three items) was the information about jects were not simply guessing the deceptiveness of the site (chi
company size, and how “convincing,” “believable,’” and “im- square test ), and that detection is possible, albeit in-
partial” were the customer testimonials (three items), and to as- frequent.
sess the “good reputation,” of the store (two items), how “well At the same time, 33 individuals out of the forty who ex-
known” it is, and whether is has a “good name.” These items amined the fraudulent site (82%), did not detect the deception.
were adapted from [4]. Furthermore, 25 of these 33 (76%) actually ordered the com-
Control variables include attitude toward computers, toward puter from the forged site. The observation of such a widespread
web shopping in general, and attitude toward risk. Positive at- failure to detect is consistent with other studies of deception de-
titude toward computers was measured by asking the level of tection (e.g., Johnson et al., 1992) and the prediction from social
agreement with statement describing how subjects “enjoy” com- exchange theory.
puter use as “fun,” and “interesting” (Jarvenpaa et al., 1999; Jar- As expected, on average the fraud does not have a direct im-
venpaa and Tractinsky, 1999). Attitude to trust Internet stores pact on either the purchase behavior (chi square: ) or
was measured by asking the subjects to agree with statement the consumer’s willingness to buy (ANOVA: ). This
that “most sites” are “honest,” “can be counted on,” and “tell is consistent with the notion of a widespread failure to detect,
the truth.” These items were constructed for this study. and justifies the need to explore in more details the relationships
Positive attitude toward Internet safety was the target of contained in the model of consumer behavior depicted in Fig. 1.
three items measuring the level of agreement with feeling “safe
completing commercial transactions over the Internet,” with B. Purchase, Willingness to Buy and Attitude
the statement “the Internet is secure,” and “it is best to avoid
shopping from the Internet” (reversed scale). Positive attitude We have hypothesized that purchase behavior (H1a) and will-
toward virtual stores was measured by assessing agreement that ingness to buy from the store (H1b) depend on the attitude to-
“buying from web-only stores is more risky’” (reversed scale), ward the web store. Both hypotheses were accepted with
“may cause more problems than buying from sites that do have . Given the dichotomous nature of purchase behavior as
a physical store,” and it is “risky” (both reversed scales). These dependent variable, hypothesis H1a was tested by means of lo-
items were specifically developed for this study. A variety of gistic regression. Hypotheses H1b and all other hypotheses were
demographic information were also collected. tested by means of linear regressions. The results of these ana-
The main analysis was conducted by means of linear regres- lyzes are summarized in Table II.
sions, specified by the model presented in Fig. 1. The sample Since willingness to buy was not normally distributed, a trans-
size makes the use of structural equation modeling formation was applied (tangent) to restore normality. One case
techniques not viable (Kline, 1998). was excluded from the analysis as an outlier3 . Among the con-
trol variables, only general attitudes toward the web had a sig-
nificant coefficient in the linear regression, and
IV. RESULTS none is significant in the logistic regression. The logistic model
correctly predicts 83% of the observed purchase behavior. The
The order of presentation of the results corresponds to the
linear model explains 75% of the observed variability in the
order in which the hypotheses are discussed in the theory sec-
willingness to buy.
tion. We begin by presenting evidence that most of our subjects
As a validity check, we asked the subjects whether they would
were not able to detect the page-jacking fraud. We then present
recommend the site to a friend. One-way ANOVA’s confirmed
results on the determinants of their purchasing behavior. We ex-
pect to find that the consumers’ attitude toward shopping at the 3The observation was more than three standard deviations from the mean.404 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000
that those who ordered the laptop had higher willingness to buy C. Risk, Assurance Mechanisms and Perceived Deception
mean than those who did not mean
The third regression tested whether the assurance mech-
. The same applies for those who would recommend the
anisms present in the web site have an effect on risk (H3a),
site to a friend, (mean and ).
and whether perceived deception affects risk (H3b) and has
The second regression tested whether positive attitude toward
a moderating effect on the relationship between assurance
the specific store depended on trust (H2a) and perceived risk
mechanisms and risk (H3c). H3c was tested using the same
(H2b), and whether there are moderating effects of trust on risk
technique illustrated above [(1)–(3)].
(H2c). Trust and risk are correlated , but
All three hypotheses were accepted. Assurance mechanisms
distinct constructs. Exploratory factor analysis identified two
have the expected negative impact on risk . Per-
separate factors (no cross-loading above 0.350). As before, the
ceived deception has the expected impact on risk :
dependent variable was transformed to restore normality, and a
the higher the perceived deception, the higher the risk. Also as
set of control variables was included in the regression equation.
expected, the level of perceived deception moderates the rela-
One case was identified as an outlier and excluded from the
tionship between assurance mechanisms and risk. When the per-
regression (see footnote 2).
ceived deceptiveness of a site is high, the impact of assurance
All three hypotheses were accepted. The standardized co-
mechanisms on risk becomes stronger , which cor-
efficients of trust and risk were significant ( and
respond to the intuitive notion that subjects seek more assurance
, respectively), relatively large, and with the expected
when they perceive that the information about the site might
sign. Among the control variables, only attitude toward Internet
have been maliciously manipulated. Altogether, the deception
security had a significant impact on the attitude
and assurance mechanisms explain 52% of the observed vari-
toward the specific store.
ability of risk.
A two-step procedure was employed to test whether trust
has a moderating effect on risk. First, a dummy variable
(HITRUST) was created. HITRUST is equal to 1 if trust is D. Effects of the Fraud
above its mean (3.60), and 0 otherwise. Then, for each subject, ANOVA shows that the fraud treatment has a significant ef-
the value of risk was multiplied by HITRUST. The resulting fect on the perceived reliance on the assurance mechanisms
variable, RISK BY HITRUST, assumes the value of risk when . On average, the effect of the fraud was to increase
trust is high, and zero otherwise. Ignoring for simplicity the the perception of assurance, which again suggests that most sub-
other variables included in the model, the resulting regression jects did not detect it.
equation is Four additional analyzes—more exploratory in nature—were
conducted to identify the effect of the treatment (fraud) on each
ATTITUDE constant RISK individual assurance mechanism. The first analysis examined
RISK BY HITRUST (1) the third-party seal as an assurance mechanism. Marginally sig-
nificant results suggest that more subjects in the fraud condi-
or, equivalently tion heeded the BBB seal than subjects in the control condition
ATTITUDE constant heeded a no-name seal . Seal credibility has the ef-
fect of decreasing perceived risk and
RISK when trust is low (2) overall deceptiveness of the site .
and Since warranties were provided in both the fraudulent and
legitimate site, no significant difference was expected in the
ATTITUDE constant number of subjects that heeded warranty information in either
RISK when trust is high (3) condition. In fact, none was found. Subjects in the fraud treat-
ment judged the manipulated warranties more assuring than the
The coefficient of RISK BY HITRUST can be interpreted original warranties . In turn, the perceived degree
as the change in the impact of risk on attitudes that occurs when of assurance of the warranties was significantly correlated to the
trust is high. We expect the coefficient to be positive in sign, i.e., perceived risk and overall deceptive-
to reduce the negative slope of the relationship between risk and ness of the site .
attitude, which correspond to the intuitive notion that when trust Subjects in the fraud condition heeded more the forged news
is high, risk considerations have less effect on the formation of clips , but did not found them on average more
attitudes. assuring , than subjects in the control condition.
The test of the coefficient of RISK BY HITRUST confirms the Qualitative analysis suggests that this result might be explained
intuition . The coefficient of perceived risk is re- by the higher dispersion of the responses in the fraud condition:
duced to about half when the level of trust is high. Overall, risk, the forged clip elicited both higher assurance and lower assur-
trust and the control variables in the second regression explain ance judgments, leaving the mean statistically unaffected. The
71% of the observed variability of the positive attitude toward assurance of the news clips was significantly correlated to both
the store. A plot of the residuals of the regression suggests that a risk and deceptiveness of the site ( , and
significant variable might been left out from the specification of , respectively).
the equation. Several attempts were made to identify the missing The experimental manipulation designed to elicit the percep-
variable, without success. tion that the site had a physical presence (a picture of the ‘store,’You can also read
