Skip to main content
SpringerLink
Log in

E-commerce: protecting purchaser privacy to enforce trust

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

It has been well documented that lack of trust between commercial entities and purchasers can restrict the potential of e-commerce. This may be because the purchaser is required to provide personal information to the commercial entity, which may then be abused, or because the purchaser may be suspicious that after payment has been processed, the goods purchased will not arrive. The challenge for the researcher is to determine the e-commerce model which maximizes the trust a purchaser has when shopping online.

In this paper, we focus on the personal information which must be revealed by the purchaser when purchasing online and we present the first comprehensive analysis of personal information distributed in an e-commerce setting from the point of view of the purchaser and his perception of trust in an online transaction. We introduce a measure of trust based on the information distributed to the parties in the transaction and isolate the instances which maximize trust for the purchaser relative to the personal information revealed. This leads us to the establishment of a theoretical framework on which to compare e-commerce protocols and to the development of four new models, all of which, as we demonstrate, are better in concrete ways than the traditional e-commerce model based on secure e-payment protocols. While the overall cost of implementation to the parties remains the same as in the traditional protocols, there is a slight overall decrease in cost to the seller but a slight increase in cost to the deliverer. However, the small additional costs to the deliverer are mitigated by the opportunity for new capabilities and business. Implementation of our work is likely to improve consumer trust and therefore lead to an increase in on-line commerce, especially in countries where privacy recognition is not strong.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx: Microsoft Security Bulletin MS01-017: Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard: Last Access: 2009.

  2. Ackerman, M. S., Cranor, L. F., & Reagle, J. (1999). Privacy in e-commerce: examining user scenarios and privacy preferences (pp. 1–8). New York: ACM Press.

    Google Scholar 

  3. Amit, B., & Steve, M. (2003). Authentication in e-commerce. Communications of the ACM, 46, 159–166.

    Article  Google Scholar 

  4. Anderson, B. B., Hansen, J. V., Lowry, P. B., & Summers, S. L. (2006). The application of model checking for securing e-commerce transactions. Communications of the ACM, 49, 97–101.

    Article  Google Scholar 

  5. Antoniou, G., Batten, L., & Parampalli, U. (2008). Designing information systems which manage or avoid privacy incidents (pp. 131–142). Berlin: Springer.

    Google Scholar 

  6. Antoniou, G., Batten, L., & Parampalli, U. (2008). A trusted approach to e-commerce. In W. Jonker & M. Petkovic (Eds.), SDM 2008 (Vol. 5159, pp. 119–132).

    Google Scholar 

  7. Asami, T., Kikuchi, T., Rikitake, K., Nagata, H., Hamai, T., & Hatori, Y. (2002). A taxonomy of spam and a protection method for enterprise networks. In Information networking: wireless communications technologies and network applications (pp. 442–452).

    Chapter  Google Scholar 

  8. Ashrafi, M. Z., & Ng, S. K. (2008). Enabling privacy-preserving e-payment processing. In Lecture notes in computer science (vol. 4947, p. 596).

    Article  Google Scholar 

  9. Ashrafi, M. Z., & Ng, S. K. (2009). Privacy-preserving e-payments using one-time payment details. Computer Standards & Interfaces, 31, 321–328.

    Article  Google Scholar 

  10. Barnard, L., & Wesson, J. (2004). A trust model for e-commerce in South Africa. In Proceedings of the 2004 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries (pp. 23–32).

    Google Scholar 

  11. Berendt, B., Günther, O., & Spiekermann, S. (2005). Privacy in e-commerce: stated preferences vs. actual behavior. Communications of the ACM, 48, 101–106.

    Article  Google Scholar 

  12. Bhargav-Spantzel, A., Woo, J., & Bertino, E. (2007). Receipt management—Transaction history based trust establishment. In Proceedings of the 2007 ACM workshop on digital identity management (pp. 82–91).

    Chapter  Google Scholar 

  13. Birnhack, M. D. (2008). The EU data protection directive: an engine of a global regime. Computer Law & Security Report, 24, 508–520.

    Article  Google Scholar 

  14. Blomer, J., & Seifert, J. P. (2003). Fault based cryptanalysis of the advanced encryption standard (AES). In Lecture notes in computer science (pp. 162–181).

    Google Scholar 

  15. Burns, S. (2002). Unique characteristics of e-commerce technologies and their effects upon payment systems. GSEC (GIAC Security Essentials Certification)–Version 1.

  16. Camenisch, J., Shelat, A., Sommer, D., Fischer-Hubner, S., Hansen, M., Krasemann, H., Lacoste, G., Leenes, R., & Tseng, J. (2005). Privacy and identity management for everyone. In DIM’05 (pp. 20–27). New York: ACM.

    Google Scholar 

  17. Carbonell, M., Torres, J., Izquierdo, A., & Suarez, D. (2008). New e-payment scenarios in an extended version of the traditional model. In Computational science and its applications—ICCSA 2008 (pp. 514–525).

    Chapter  Google Scholar 

  18. http://www.scmagazineus.com/EU-Commission-says-payment-fraud-moving-to-the-internet/article/109505/: EU Commission says payment fraud moving to the Internet: Last Access: 02/02/2009.

  19. Castañeda, J., & Montoro, F. (2007). The effect of Internet general privacy concern on customer behavior. Electronic Commerce Research, 7, 117–141.

    Article  Google Scholar 

  20. Chang, E., Dillon, T., & Hussain, F. (2006). Trust and reputation for service-oriented environments. New York: Wiley.

    Book  Google Scholar 

  21. Chau, P. Y. K., Hu, P. J. H., Lee, B. L. P., & Au, A. K. K. (2007). Examining customers’ trust in online vendors and their dropout decisions: an empirical study. Electronic Commerce Research and Applications, 6, 171–182.

    Article  Google Scholar 

  22. Claessens, J., Preneel, B., & Vandewalle, J. (1999). Anonymity controlled electronic payment systems. In Proceedings of the 20th symposium on information theory in the Benelux (pp. 109–116).

    Google Scholar 

  23. Cohen, M. I. (2008). PyFlag—an advanced network forensic framework. Digital Investigation, 5, S112–S120.

    Article  Google Scholar 

  24. Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., & Reagle, J. (2002). The platform for privacy preferences 1.0 (P3P1. 0). Specification 16.

  25. Doherty, S. (2001). Keeping data private. Network Computing, 12, 83–91.

    Google Scholar 

  26. Dolev, D., & Yao, A. (1983). On the security of public key protocols. Information Theory, IEEE Transactions on 29, 198–208.

    Article  Google Scholar 

  27. Doney, P. M., & Cannon, J. P. (1997). An examination of the nature of trust in buyer–seller relationships. Journal of Marketing, 61, 35–51.

    Article  Google Scholar 

  28. Ellison, C. M., Frantz, B., Lampson, B., Rivest, R., Thomas, B. M., & Ylonen, T. (1999). Simple public key certificate theory. Available at www.ietf.org/rfc/rfc2693.txt.

  29. Fomenko, V. (2006). Generating virtual reality shops for e-commerce. Dissertation, Vrije Universiteit Brussel.

  30. http://www.ecommercetimes.com/story/65918.html: Heartland Bleeds Data, Potential Victims Could Number Millions.

  31. Hinde, S. (2005). Identity theft: theft, loss and giveaways. Computer Fraud & Security, 18–20.

  32. Jaeger, P. T., Bertot, J. C., & McClure, C. R. (2003). The impact of the USA Patriot Act on collection and analysis of personal information under the Foreign Intelligence Surveillance Act. Government Information Quarterly, 20, 295–314.

    Article  Google Scholar 

  33. Jakobsson, M., Mraihi, D., Tsiounis, Y., & Yung, M. (1999). Electronic payments: where do we go from here. In CQRE (pp. 43–63).

    Google Scholar 

  34. Jarvenpaa, S. L., Tractinsky, N., & Vitale, M. (2000). Consumer trust in an Internet store. Information Technology and Management, 1, 45–71.

    Article  Google Scholar 

  35. Katsikas, S. K., Lopez, J., & Pernul, G. (2005). Trust, privacy and security in e-business: Requirements and solutions. In Proc. of the 10th panhellenic conference on informatics (PCI’2005) (pp. 548–558).

    Google Scholar 

  36. Komiak, S. X., & Benbasat, I. (2004). Understanding customer trust in agent-mediated electronic commerce, web-mediated electronic commerce, and traditional commerce. Information Technology and Management, 5, 181–207.

    Article  Google Scholar 

  37. Konar, D., & Mazumdar, C. (2006). An improved e-commerce protocol for fair exchange. In LNCS: Vol. 4317. ICDCIT 2006. Berlin: Springer.

    Google Scholar 

  38. Kumaraguru, P., & Cranor, L. (2005). Privacy in India: attitudes and awareness. In Proceedings of the 2005 workshop on privacy enhancing technologies (PET2005) (Vol. 30).

    Google Scholar 

  39. Lacohee, H., Phippen, A. D., & Furnell, S. M. (2006). Risk and restitution: assessing how users establish online trust. Computers & Security, 25, 486–493.

    Article  Google Scholar 

  40. Laudon, K. C., & Traver, C. G. (2005). E-commerce: business–technology–society (p. 377). New York: Prentice Hall.

    Google Scholar 

  41. Lim, B., Lee, H., & Kurnia, S. (2007). Exploring the reasons for a failure of electronic payment systems: a case study of an Australian company. Journal of Research and Practice in Information Technology, 39, 231–243.

    Google Scholar 

  42. Lorrie Faith, C., & Brian, A. L. (1998). Spam! Communications of the ACM, 41, 74–83.

    Google Scholar 

  43. Luo, H., Fang, B., & Yun, X. (2006). A counting-based method for massive spam mail classification. Lecture Notes in Computer Science (vol. 3903, p. 45).

    Article  Google Scholar 

  44. Marshalla, A. M., & Tompsett, B. C. (2005). Identity theft in an online world. Computer Law & Security Report, 21, 128–137.

    Article  Google Scholar 

  45. Mary, J. C., & Pamela, K. A. (1999). Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation. Organization Science, 10, 104–115.

    Article  Google Scholar 

  46. http://www.securecomputing.net.au/News/126871,hackers-attack-forensics-tools.aspx: Hackers attack forensics tools: Last Access: 02/02/2009.

  47. McCormick, J. (2009). Look out for fraudulent Microsoft digital certificates.

  48. McKnight, D. H., Choudhury, V., & Kacmar, C. (2003). Developing and validating trust measures for e-commerce: an integrative typology. Information Systems Research, 13, 334–359.

    Article  Google Scholar 

  49. Merkle, R. C. (1989). A certified digital signature (pp. 218–238). London: Springer.

    Google Scholar 

  50. Miyazaki, A. D., & Fernandez, A. N. A. (2001). Consumer perceptions of privacy and security risks for online shopping. Journal of Consumer Affairs, 35, 27–44.

    Article  Google Scholar 

  51. Molloy, I., Li, J., & Li, N. (2007). Dynamic virtual credit card numbers. In S. Dietrich & R. Dhamija (Eds.), LNCS: Vol. 4886. FC 2007 and USEC 2007 (pp. 208–223). Berlin: Springer.

    Google Scholar 

  52. Moores, T. (2005). Do consumers understand the role of privacy seals in e-commerce? Communications of the ACM, 48, 86–91.

    Article  Google Scholar 

  53. http://www.ecommercetimes.com/story/65568.html: Credit Card Firms Wail, Gnash Teeth Over New Consumer-Friendly Rules: Last Access: 02/02/2009.

  54. Pan, Y., & Zinkhan, G. M. (2006). Exploring the impact of online privacy disclosures on consumer trust. Journal of Retailing, 82, 331–338.

    Article  Google Scholar 

  55. Rajaraman, V. (2001). Electronic commerce. Resonance, 6, 6–13.

    Article  Google Scholar 

  56. Ray, I. (2002). Fair exchange in e-commerce. ACM SIGecom Exchanges, 3, 9–17.

    Article  Google Scholar 

  57. Ray, I., & Zhang, H. (2008). Experiences in developing a fair-exchange e-commerce protocol using common off-the-shelf components. Electronic Commerce Research and Applications, 7, 247–259.

    Article  Google Scholar 

  58. Rivest, R. L., & Lampson, B. (1996). SDSI—a simple distributed security infrastructure. Manuscript.

  59. Schneier, B. (1995) Blowfish. Applied Cryptography 336–339.

  60. Seigneur, J. M., & Jensen, C. D. (2004). Trust enhanced ubiquitous payment without too much privacy loss. In Proceedings of the 2004 ACM symposium on applied computing, 1593–1599.

    Chapter  Google Scholar 

  61. Senicar, V., Jerman-Blažic, B., & Klobucar, T. (2003). Privacy-enhancing technologies—approaches and development. Computer Standards & Interfaces, 25, 147–158.

    Article  Google Scholar 

  62. Shu, Y., & Kanliang, W. (2009). The influence of information sensitivity compensation on privacy concern and behavioral intention. SIGMIS Database, 40, 38–51.

    Article  Google Scholar 

  63. Smith, L. M., & Smith, J. L. (2006). Cyber crimes aimed at publicly traded companies: is stock price affected? American Accounting Association Southwest Region, Oklahoma City.

  64. Spiekermann, S., Grossklags, J., & Berendt, B. (2001). E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior (pp. 38–47). New York: ACM.

    Google Scholar 

  65. Tan, H., & Guo, J. (2005). Some methods to depress the risks of the online transactions. In Proceedings of the 7th international conference on electronic commerce (pp. 217–220).

    Google Scholar 

  66. Teo, T. S. H., & Liu, J. (2007). Consumer trust in e-commerce in the United States, Singapore and China. Omega, 35, 22–38.

    Article  Google Scholar 

  67. Thomas, P. V. D., Vishal, M., & Hamid, N. (2007). The effect of consumer privacy empowerment on trust and privacy concerns in e-commerce. Electronic Markets, 17, 68–81.

    Article  Google Scholar 

  68. Ureche, O., & Plamondon, R. (2000). Digital payment systems for Internet commerce: the state of the art. World Wide Web, 3, 1–11.

    Article  Google Scholar 

  69. Viganò, L. (2006). Automated security protocol analysis with the AVISPA tool. Electronic Notes in Theoretical Computer Science, 155, 61–86.

    Article  Google Scholar 

  70. Vlastos, E., & Patel, A. (2007). An open source forensic tool to visualize digital evidence. Computer Standards & Interfaces, 29, 614–625.

    Article  Google Scholar 

  71. Xie, M., Yin, H., & Wang, H. (2006). An effective defense against email spam laundering (pp. 179–190). New York: ACM.

    Google Scholar 

  72. Yun, Y., Yong, H., & Juhua, C. (2005). A web trust-inducing model for e-commerce and empirical research. In Proceedings of the 7th international conference on electronic commerce. Xi’an: ACM.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing & Information Systems, The Philips College, Nicosia, Cyprus

    Giannakis Antoniou

  2. School of Information Technology, Deakin University, Melbourne, Australia

    Lynn Batten

Authors
  1. Giannakis Antoniou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lynn Batten
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Giannakis Antoniou.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Antoniou, G., Batten, L. E-commerce: protecting purchaser privacy to enforce trust. Electron Commer Res 11, 421–456 (2011). https://doi.org/10.1007/s10660-011-9083-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-011-9083-3

Keywords

Search

Navigation