Abstract
It has been well documented that lack of trust between commercial entities and purchasers can restrict the potential of e-commerce. This may be because the purchaser is required to provide personal information to the commercial entity, which may then be abused, or because the purchaser may be suspicious that after payment has been processed, the goods purchased will not arrive. The challenge for the researcher is to determine the e-commerce model which maximizes the trust a purchaser has when shopping online.
In this paper, we focus on the personal information which must be revealed by the purchaser when purchasing online and we present the first comprehensive analysis of personal information distributed in an e-commerce setting from the point of view of the purchaser and his perception of trust in an online transaction. We introduce a measure of trust based on the information distributed to the parties in the transaction and isolate the instances which maximize trust for the purchaser relative to the personal information revealed. This leads us to the establishment of a theoretical framework on which to compare e-commerce protocols and to the development of four new models, all of which, as we demonstrate, are better in concrete ways than the traditional e-commerce model based on secure e-payment protocols. While the overall cost of implementation to the parties remains the same as in the traditional protocols, there is a slight overall decrease in cost to the seller but a slight increase in cost to the deliverer. However, the small additional costs to the deliverer are mitigated by the opportunity for new capabilities and business. Implementation of our work is likely to improve consumer trust and therefore lead to an increase in on-line commerce, especially in countries where privacy recognition is not strong.
Similar content being viewed by others
References
http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx: Microsoft Security Bulletin MS01-017: Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard: Last Access: 2009.
Ackerman, M. S., Cranor, L. F., & Reagle, J. (1999). Privacy in e-commerce: examining user scenarios and privacy preferences (pp. 1–8). New York: ACM Press.
Amit, B., & Steve, M. (2003). Authentication in e-commerce. Communications of the ACM, 46, 159–166.
Anderson, B. B., Hansen, J. V., Lowry, P. B., & Summers, S. L. (2006). The application of model checking for securing e-commerce transactions. Communications of the ACM, 49, 97–101.
Antoniou, G., Batten, L., & Parampalli, U. (2008). Designing information systems which manage or avoid privacy incidents (pp. 131–142). Berlin: Springer.
Antoniou, G., Batten, L., & Parampalli, U. (2008). A trusted approach to e-commerce. In W. Jonker & M. Petkovic (Eds.), SDM 2008 (Vol. 5159, pp. 119–132).
Asami, T., Kikuchi, T., Rikitake, K., Nagata, H., Hamai, T., & Hatori, Y. (2002). A taxonomy of spam and a protection method for enterprise networks. In Information networking: wireless communications technologies and network applications (pp. 442–452).
Ashrafi, M. Z., & Ng, S. K. (2008). Enabling privacy-preserving e-payment processing. In Lecture notes in computer science (vol. 4947, p. 596).
Ashrafi, M. Z., & Ng, S. K. (2009). Privacy-preserving e-payments using one-time payment details. Computer Standards & Interfaces, 31, 321–328.
Barnard, L., & Wesson, J. (2004). A trust model for e-commerce in South Africa. In Proceedings of the 2004 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries (pp. 23–32).
Berendt, B., Günther, O., & Spiekermann, S. (2005). Privacy in e-commerce: stated preferences vs. actual behavior. Communications of the ACM, 48, 101–106.
Bhargav-Spantzel, A., Woo, J., & Bertino, E. (2007). Receipt management—Transaction history based trust establishment. In Proceedings of the 2007 ACM workshop on digital identity management (pp. 82–91).
Birnhack, M. D. (2008). The EU data protection directive: an engine of a global regime. Computer Law & Security Report, 24, 508–520.
Blomer, J., & Seifert, J. P. (2003). Fault based cryptanalysis of the advanced encryption standard (AES). In Lecture notes in computer science (pp. 162–181).
Burns, S. (2002). Unique characteristics of e-commerce technologies and their effects upon payment systems. GSEC (GIAC Security Essentials Certification)–Version 1.
Camenisch, J., Shelat, A., Sommer, D., Fischer-Hubner, S., Hansen, M., Krasemann, H., Lacoste, G., Leenes, R., & Tseng, J. (2005). Privacy and identity management for everyone. In DIM’05 (pp. 20–27). New York: ACM.
Carbonell, M., Torres, J., Izquierdo, A., & Suarez, D. (2008). New e-payment scenarios in an extended version of the traditional model. In Computational science and its applications—ICCSA 2008 (pp. 514–525).
http://www.scmagazineus.com/EU-Commission-says-payment-fraud-moving-to-the-internet/article/109505/: EU Commission says payment fraud moving to the Internet: Last Access: 02/02/2009.
Castañeda, J., & Montoro, F. (2007). The effect of Internet general privacy concern on customer behavior. Electronic Commerce Research, 7, 117–141.
Chang, E., Dillon, T., & Hussain, F. (2006). Trust and reputation for service-oriented environments. New York: Wiley.
Chau, P. Y. K., Hu, P. J. H., Lee, B. L. P., & Au, A. K. K. (2007). Examining customers’ trust in online vendors and their dropout decisions: an empirical study. Electronic Commerce Research and Applications, 6, 171–182.
Claessens, J., Preneel, B., & Vandewalle, J. (1999). Anonymity controlled electronic payment systems. In Proceedings of the 20th symposium on information theory in the Benelux (pp. 109–116).
Cohen, M. I. (2008). PyFlag—an advanced network forensic framework. Digital Investigation, 5, S112–S120.
Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., & Reagle, J. (2002). The platform for privacy preferences 1.0 (P3P1. 0). Specification 16.
Doherty, S. (2001). Keeping data private. Network Computing, 12, 83–91.
Dolev, D., & Yao, A. (1983). On the security of public key protocols. Information Theory, IEEE Transactions on 29, 198–208.
Doney, P. M., & Cannon, J. P. (1997). An examination of the nature of trust in buyer–seller relationships. Journal of Marketing, 61, 35–51.
Ellison, C. M., Frantz, B., Lampson, B., Rivest, R., Thomas, B. M., & Ylonen, T. (1999). Simple public key certificate theory. Available at www.ietf.org/rfc/rfc2693.txt.
Fomenko, V. (2006). Generating virtual reality shops for e-commerce. Dissertation, Vrije Universiteit Brussel.
http://www.ecommercetimes.com/story/65918.html: Heartland Bleeds Data, Potential Victims Could Number Millions.
Hinde, S. (2005). Identity theft: theft, loss and giveaways. Computer Fraud & Security, 18–20.
Jaeger, P. T., Bertot, J. C., & McClure, C. R. (2003). The impact of the USA Patriot Act on collection and analysis of personal information under the Foreign Intelligence Surveillance Act. Government Information Quarterly, 20, 295–314.
Jakobsson, M., Mraihi, D., Tsiounis, Y., & Yung, M. (1999). Electronic payments: where do we go from here. In CQRE (pp. 43–63).
Jarvenpaa, S. L., Tractinsky, N., & Vitale, M. (2000). Consumer trust in an Internet store. Information Technology and Management, 1, 45–71.
Katsikas, S. K., Lopez, J., & Pernul, G. (2005). Trust, privacy and security in e-business: Requirements and solutions. In Proc. of the 10th panhellenic conference on informatics (PCI’2005) (pp. 548–558).
Komiak, S. X., & Benbasat, I. (2004). Understanding customer trust in agent-mediated electronic commerce, web-mediated electronic commerce, and traditional commerce. Information Technology and Management, 5, 181–207.
Konar, D., & Mazumdar, C. (2006). An improved e-commerce protocol for fair exchange. In LNCS: Vol. 4317. ICDCIT 2006. Berlin: Springer.
Kumaraguru, P., & Cranor, L. (2005). Privacy in India: attitudes and awareness. In Proceedings of the 2005 workshop on privacy enhancing technologies (PET2005) (Vol. 30).
Lacohee, H., Phippen, A. D., & Furnell, S. M. (2006). Risk and restitution: assessing how users establish online trust. Computers & Security, 25, 486–493.
Laudon, K. C., & Traver, C. G. (2005). E-commerce: business–technology–society (p. 377). New York: Prentice Hall.
Lim, B., Lee, H., & Kurnia, S. (2007). Exploring the reasons for a failure of electronic payment systems: a case study of an Australian company. Journal of Research and Practice in Information Technology, 39, 231–243.
Lorrie Faith, C., & Brian, A. L. (1998). Spam! Communications of the ACM, 41, 74–83.
Luo, H., Fang, B., & Yun, X. (2006). A counting-based method for massive spam mail classification. Lecture Notes in Computer Science (vol. 3903, p. 45).
Marshalla, A. M., & Tompsett, B. C. (2005). Identity theft in an online world. Computer Law & Security Report, 21, 128–137.
Mary, J. C., & Pamela, K. A. (1999). Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation. Organization Science, 10, 104–115.
http://www.securecomputing.net.au/News/126871,hackers-attack-forensics-tools.aspx: Hackers attack forensics tools: Last Access: 02/02/2009.
McCormick, J. (2009). Look out for fraudulent Microsoft digital certificates.
McKnight, D. H., Choudhury, V., & Kacmar, C. (2003). Developing and validating trust measures for e-commerce: an integrative typology. Information Systems Research, 13, 334–359.
Merkle, R. C. (1989). A certified digital signature (pp. 218–238). London: Springer.
Miyazaki, A. D., & Fernandez, A. N. A. (2001). Consumer perceptions of privacy and security risks for online shopping. Journal of Consumer Affairs, 35, 27–44.
Molloy, I., Li, J., & Li, N. (2007). Dynamic virtual credit card numbers. In S. Dietrich & R. Dhamija (Eds.), LNCS: Vol. 4886. FC 2007 and USEC 2007 (pp. 208–223). Berlin: Springer.
Moores, T. (2005). Do consumers understand the role of privacy seals in e-commerce? Communications of the ACM, 48, 86–91.
http://www.ecommercetimes.com/story/65568.html: Credit Card Firms Wail, Gnash Teeth Over New Consumer-Friendly Rules: Last Access: 02/02/2009.
Pan, Y., & Zinkhan, G. M. (2006). Exploring the impact of online privacy disclosures on consumer trust. Journal of Retailing, 82, 331–338.
Rajaraman, V. (2001). Electronic commerce. Resonance, 6, 6–13.
Ray, I. (2002). Fair exchange in e-commerce. ACM SIGecom Exchanges, 3, 9–17.
Ray, I., & Zhang, H. (2008). Experiences in developing a fair-exchange e-commerce protocol using common off-the-shelf components. Electronic Commerce Research and Applications, 7, 247–259.
Rivest, R. L., & Lampson, B. (1996). SDSI—a simple distributed security infrastructure. Manuscript.
Schneier, B. (1995) Blowfish. Applied Cryptography 336–339.
Seigneur, J. M., & Jensen, C. D. (2004). Trust enhanced ubiquitous payment without too much privacy loss. In Proceedings of the 2004 ACM symposium on applied computing, 1593–1599.
Senicar, V., Jerman-Blažic, B., & Klobucar, T. (2003). Privacy-enhancing technologies—approaches and development. Computer Standards & Interfaces, 25, 147–158.
Shu, Y., & Kanliang, W. (2009). The influence of information sensitivity compensation on privacy concern and behavioral intention. SIGMIS Database, 40, 38–51.
Smith, L. M., & Smith, J. L. (2006). Cyber crimes aimed at publicly traded companies: is stock price affected? American Accounting Association Southwest Region, Oklahoma City.
Spiekermann, S., Grossklags, J., & Berendt, B. (2001). E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior (pp. 38–47). New York: ACM.
Tan, H., & Guo, J. (2005). Some methods to depress the risks of the online transactions. In Proceedings of the 7th international conference on electronic commerce (pp. 217–220).
Teo, T. S. H., & Liu, J. (2007). Consumer trust in e-commerce in the United States, Singapore and China. Omega, 35, 22–38.
Thomas, P. V. D., Vishal, M., & Hamid, N. (2007). The effect of consumer privacy empowerment on trust and privacy concerns in e-commerce. Electronic Markets, 17, 68–81.
Ureche, O., & Plamondon, R. (2000). Digital payment systems for Internet commerce: the state of the art. World Wide Web, 3, 1–11.
Viganò, L. (2006). Automated security protocol analysis with the AVISPA tool. Electronic Notes in Theoretical Computer Science, 155, 61–86.
Vlastos, E., & Patel, A. (2007). An open source forensic tool to visualize digital evidence. Computer Standards & Interfaces, 29, 614–625.
Xie, M., Yin, H., & Wang, H. (2006). An effective defense against email spam laundering (pp. 179–190). New York: ACM.
Yun, Y., Yong, H., & Juhua, C. (2005). A web trust-inducing model for e-commerce and empirical research. In Proceedings of the 7th international conference on electronic commerce. Xi’an: ACM.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Antoniou, G., Batten, L. E-commerce: protecting purchaser privacy to enforce trust. Electron Commer Res 11, 421–456 (2011). https://doi.org/10.1007/s10660-011-9083-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-011-9083-3