1 Introduction
With the development of the World Wide Web and mobile technologies, electronic commerce (e-commerce) has become the main driver of the digital economy. In 2017, the e-commerce market achieved US$409.2 million revenue in the U.S. [130]. In Europe, 324 million online shoppers generated €329.6 billion e-commerce revenue in 2017 [34]. Despite these figures, the full potential of e-commerce has not yet been reached. In 2017 half of the European adult population did not shop online [34]. Therefore, an investigation of the factors that may help e-commerce to reach its full potential would be a useful and relevant exercise.
E-commerce generates extensive flows of information that include, but are not limited to, names, credit card details, and email and shipping addresses. Together with the benefits and reduced costs for vendors, e-commerce implies risks for consumers that range from nearly harmless to significantly harmful, including the tracking of online behavior and location, intrusive marketing, and data breaches. As a result, online shopping often triggers privacy concerns, which in turn negatively affect the behavioral intention of some consumers [32], [136]. The failure to address privacy concerns has inhibited online shopping acceptance [48] and has led to multi-million-dollar losses in online sales [105].
Often the risks and unfair data use practices cannot be detected beforehand, and sometimes even after the transaction has happened. Hence, engagement in economic exchanges requires trust [141]. According to social exchange theory, trust is one of the main business assets [155], [94]. Because e-commerce involves virtual buyer-seller interactions rather than real interactions, trust plays an even more crucial role in the online shopping context than in actual stores, and has therefore become an important factor driving online purchasing intentions [11]-[13], [26], [30], [46], [52], [65], [74], [77], [116], [135]. A lack of trust often prevents customers from completing e-commerce transactions [74], [78]. In contrast, consumers are more likely to accept the perception of vulnerability when the website is trustworthy [112]. A high level of trust propensity increases customer satisfaction and positively influences their willingness to re-purchase [21], which may further improve online sales. The provision of privacy-friendly services may contribute to the development of a good reputation and trust as one of the core elements mitigating the concerns related to online shopping [27], [28]. Because users often judge the trustworthiness of a commercial website based on an inspection of its surface elements [76], it is important to understand the cues that influence a user’s beliefs about the credibility of a company, and how these beliefs affect their willingness to buy from the vendor’s website.
The aim of this study was to investigate how consumer perceptions of company trustworthiness have developed with respect to privacy and the impact of these perceptions on subsequent purchasing intentions. We present a model that maps the influence of various website attributes and business practices on consumer perception of company trustworthiness with respect to privacy, and on consumer purchasing intentions. In contrast to other studies, we focused on trust in the particular domain of online information privacy rather than general trust in the company. Using focus groups, we calibrated a model and then empirically tested it in an online survey of 117 adult participants. We found that privacy (including awareness, information collection, and control practices), security, and reputation (including the company background and consumer feedback) have a strong effect on trust and willingness to buy, while website quality plays only a marginal role. Although the perception of trustworthiness and purchasing intention were positively correlated, in some cases participants were willing to purchase from websites that they considered to be untrustworthy. Moreover, we determined which factors, website attributes, and individual characteristics had the strongest effect on hindering or advancing trust and willingness to buy among consumers. Finally, we considered the mechanisms, behavioral biases, and cognitive heuristics, through which the proposed factors influence trust, to better understand how to de-bias the decision-making process and improve the accuracy of user judgments.
The paper is organized as follows. Section 2 reviews the related literature, and presents a research model and hypotheses. Section 3 describes the methodology. Section 4 provides an analysis of the results and a test of the hypotheses. Section 5 discusses the results, limitations, and need for future work, and section 6 summarizes the findings and provides a conclusion.
2 Previous Studies and Proposed Research Model
In this section, we present the main definitions and concepts used in the study, review previous work, and propose our research model and hypotheses.
2.1 Definitions and Concepts
In this study, we focused on business-to-consumer e-commerce, which is defined as electronic business transactions conducted by a company electronically through its website directly to the consumer [24]. Specifically, we considered online retailers, which represent the storefronts of independent merchants (i.e., online versions of traditional stores) [121], rather than on e-marketplaces, which aggregate the products from multiple sellers [59]. This enabled us to avoid the potential confounder between the perception of trustworthiness toward a product manufacturer and a website selling their product. We defined the perception of trustworthiness with respect to privacy as a consumer’s beliefs about the characteristics of a company and its website that indicate the level of trust in an online vendor that is not engaged in opportunistic behavior such as selling, sharing with third parties without consent, or other misuse of a consumer’s personal information. Our definition of the perception of trustworthiness was similar to the notion of privacy assurance in [91], based on [76], [124]. They define privacy assurance as an “attitude that reflects how strongly a customer feels that their private information will be kept private by a website with which the customer is interacting” [91] p. 756. Trust is expected to positively influence an individual’s intention to conduct online transactions [118]. Online purchase intention is defined as a situation where a consumer is willing and intends to make an online transaction [110]. Although one may argue that willingness to buy a product does not always translate into an actual purchase, the theory of reasoned action [7], [38] and theory of planned behavior [5], [6] states that transaction intentions are positively correlated with actual transaction behavior. Therefore, we believe that purchasing intention is an acceptable and reliable measurement of behavioral intent in our study.
2.2 Research Model and Hypotheses
A number of models have been developed to understand what influences a user’s online trust [11], [26]. However, most models view trust as a general concept, while our study focused on the privacy-related context of trust. The model most relevant to the scope of our study is the privacy-trust-behavioral intention model used in [90]. The empirical tests of this model showed that privacy has a strong impact on a user’s trust in e-commerce, which in turn influences their behavioral intentions. However, our model differs from the one in [90] in several ways. First, we extended the number of privacy dimensions by including information collection, control, and awareness [95] instead of following the categorization of Fair Information Practices [45]. Second, we separated security and privacy features. Third, we included website quality and company reputation, both of which have also been shown to predict consumer trust. Finally, we used willingness to make a purchase as a behavioral intention measurement, because it has the most direct economic impact compared to website visits, recommendations, or positive remarks about a website, which were used in [90].
To estimate the trustworthiness of transactional partners, individuals rely on three main criteria: reputation, performance, and appearance [133]. Reputation is viewed as a retrospective of past behavior, performance as an overview of actual practices and present conduct, and appearance as self-presentation. Following this taxonomy, we included the four dimensions of antecedents of trust in our model: privacy, security (performance criterion), website quality (visual appearance criterion), and reputation (reputation criterion). We hypothesized that these factors, moderated by individual characteristics, influence the perceived privacy trustworthiness of the websites and the willingness of consumers to purchase from such websites. Figure 1 shows our research model. We will describe each of the factors and sub-constructs that comprise them in the next section. We will also discuss the related hypotheses.
2.2.1 Construct Level
Appendix A presents the list of questionnaire items that we used in our model to construct the factors that affected perceived privacy trustworthiness (T) and purchasing intentions (P). We describe those factors below. (In the abbreviations of constructs the first letter represents the factor. For instance, Q stands for Quality, A stands for Awareness), and the second letter represents whether the impact of this factor was assessed with respect to perceived trustworthiness (T) or purchasing intention (P) based on the survey questions. See details in section 3.2.)
Privacy Most trust models comprise privacy and security as the main cogwheels of online shopping acceptance [73], antecedents of trust [74], [116], and the establishment of a reliable long-term loyal relationship between companies and customers. For example, privacy assurances decrease privacy concerns and increase trust [86], [89], [90], [98], [109], [154] and behavioral intentions [63], [99], [113], [139]. However, some studies have shown an insignificant [103], [148] and occasionally even negative [9] effect of privacy policies on trust. Bansal et al. [10] attribute the contradictory nature of the empirical evidence to the lack of attention given to the level of privacy concerns as a factor mediating the effectiveness of privacy assurance statements. In our model, we included a measure of the general level of privacy concerns as a control variable. We predicted a significant influence of privacy-related practices on the perception of trustworthiness and purchasing intention:
H1a: Privacy-related practices have a significant effect on the perceived trustworthiness.
H1b: Privacy-related practices have a significant effect on purchasing intention.
In the categorization of privacy factors, we followed the dimensions of the Internet Users’ Information Privacy Concerns (IUIPC) scale [95], and therefore included collection, control, and awareness sub-constructs in the privacy construct. Collection considers the extent to which an individual is concerned about the amount of their personal data in the possession of others in relation to the perceived benefits and values of such sharing. Control is related to a consumer’s freedom of choice and ability to actively control (e.g., approve, modify, opt-out, delete) their personal information [18]. Finally, awareness indicates passive control over personal information through an understanding and awareness of privacy-related organizational practices. It is related to transparency in the collection, storage, use, and sharing of the information.
Security Security perceptions indicate the extent of an individual’s beliefs in a website’s reliability against security threats [102]. Some studies include security features in the notion of privacy [90] or even use privacy and security interchangeably [122]. However, Bélanger et al. [12] found that security features had a greater effect on trust than privacy because security is a more concrete concept, which is easier to understand for users. Carlos Roca et al. [17] argued that due to their better familiarity with security technologies, relative ease of recognition of key features (e.g., certificates, encryption keys, password-composition requirements), and the inclusion of some privacy guarantees in security assurance, the perception of privacy has a smaller impact on the trust of experienced users compared to inexperienced users. Therefore, in our study we separated the impact of privacy from the impact of security features, and controlled for the technical and Internet experience of the participants.
Security issues are a serious concern among online shoppers [120], [140]. A number of studies have included security system assurances as antecedents of trust perception [137], [116] and purchasing intention [102].
H2a: Security features have a significant effect on the perceived trustworthiness.
H2b: Security features have a significant effect on purchasing intention.
Website quality Although privacy and security policies, and seals are designed to directly influence privacy perceptions, they have been shown to be more effective when combined with other, more peripheral, cues, such as brand image and website quality [91], [98]. The appeal of a website’s design is related to the visual presentation and structure of the website [10], which is indicative of website quality [152] and company expertise and professionalism, and develops trusting beliefs [31], [96], [146]. Egger [36] assumed that a consumer’s trust in online business starts to form even before any online interaction has taken place. Trusting beliefs are positively correlated with the absence of errors on a website [11], accurate, current, and complete information [75], and correct spelling, grammar, and syntax [80]. Because users tend to believe that online advertising follows the norms of the websites containing a particular advert [131], we included the presence of suspicious banner adverts as a factor influencing the assessment of website quality.
Another reason why cues demonstrating website quality are important antecedents of the perception of trustworthiness is explained by signaling theory. Poor website quality or slow performance does not enforce a user’s belief that the company behind that website will do any better in privacy and security protection, or in delivering services to customers [10], [127]. On the other hand, positive beliefs about a company’s reliability, integrity, and professionalism are also related to the amount of time, effort, and money that the company has invested in the development and maintenance of a high-quality website, which is expected to impact other organizational practices including those related to privacy and security [33], [122], [125]. Therefore, we predicted that:
H3a: Low website’s quality will negatively affect the user’s perceived trustworthiness.
H3b: Low website’s quality will negatively affect the user’s purchasing intention.
Firm’s reputation Reputation (or vendor image), as a result of social evaluation and judgment, is a significant factor influencing the perception of a website’s trustworthiness [111], [128], [137], [74], [101] and purchasing intention [145]. The reputation of the company may serve as heuristic, signaling the reliability [46], [52] and quality [33] of the firm.
H4a: A good reputation will positively affect the user’s perceived trustworthiness.
H4b: A good reputation will positively affect the user’s purchasing intention.
In our study, the reputation construct was comprised of two sub-constructs: a firm’s background, and consumer feedback about the company and its products. We included the background aspects in the model because brand image and familiarity are important conditions of trust in e-commerce [13], [126], [92]. They reduce uncertainty [46] and concerns [53], and increase perceived security control [122]. Displaying information about the company on the website, especially related to its offline presence (e.g., physical address, contact details), reduces the uncertainty regarding the otherwise faceless e-commerce activity [76], [96], [83], [10]. We included the feedback aspects in the model, because customer reviews [80], [93], third-party assessments (e.g., rating services [138]), perceptions of social presence [47], [29], [57], and, in particular, word-of-mouth within social networks [83] have been shown to increase trust.
2.2.2 Item Level
In addition to measuring the impact of the main constructs on the perception of trustworthiness and purchasing intention, we were interested in testing the subtle differences between closely related aspects, e.g., between online vs. offline sources of a company’s ranking, or between publishing customer reviews on the company’s own website vs. publishing on an independent website. We explored the differences between the following groups of related items: consumer feedback (Feedback items 1, 2, and 5), ranking source (Feedback items 3 and 4), access conditions (Collection items 4 and 5), source of information for recommendations (Collection items 2 and 3), tracking (Collection items 1 and 3), and application permissions (Control items 4 and 5) (appendix A).
Consumer feedback Online review credibility is positively related to the quality of argument made in reviews [22]. Because unbiased pieces of information are more likely to be trusted [127], we predicted that:
H5a: Customer feedback on independent websites has a stronger impact on the perceived trustworthiness and purchasing intention than user reviews on the company’s own website.
About 30% of favorable reviews are fraudulent [88] and the authors of such manipulated opinions are often paid to promote companies and their products [61], [62], [81], [97], [143]. Consumers, being aware of opinion fraud, may suspect that overly positive reviews are fraudulent. Therefore, as proof of their objectivity, a moderate amount of negative information in consumer reviews increases their credibility [67]. Such two-sidedness of exposure to both positive and negative aspects may lead to a belief change, inducing fewer counterarguments and decreasing source derogation [72]. However, in judgment and decision-making tasks individuals tend to rely more on negative than positive information [39], [56], [104], [150], possibly because negative information is perceived as more instructive and useful than positive information [4]. Negative reviews have a greater impact on the intent to purchase [151]. Therefore, we predicted that:
H5b: Mixed (both positive and negative) customer feedback has less impact on the perceived trustworthiness and purchasing intention than solely positive reviews on the company’s own website.
Ranking source When a source of information is perceived as reliable and shows expertise on a topic, consumers tend to give a higher level of credibility to its content [117], [79]. The ability of online media to aggregate information enhances its credibility [70], [42], [104]. However, the “authority heuristic” [58], [132] suggests that users may perceive traditional (offline) sources of information as primary or official, and therefore develop a higher level of trust toward them compared to online sources. Traditional sources of information are more unbiased and accurate due to the established professional standards and social pressure [40], while website content is not always subject to editorial review and factual verification [41]. Hence, given the similar content in both sources, offline sources of information may have a higher level of reliability and credibility than online sources.
H5c: A high rating of a firm in the traditional media has a stronger positive effect on the perceived trustworthiness and purchasing intention than a high rating in online sources.
Access conditions Because take-it-or-leave-it offers do not allow consumers to access or use the services without the provision of personal information, some users provide false personal data [114] or abandon the website [37]. Hence, users are expected to dislike take-it-or-leave-it offers more than situations in which they have freedom to choose the level of information disclosure.
H5d: Users have a higher perceived trustworthiness and purchasing intention toward websites that allow access to content without having to input personal information compared to websites that do not grant such permission.
Source of information for recommendations Tracking through cookies and browser history induces privacy concerns [147]. The perceived risk of online behavioral tracking may negatively affect the long-term relationships between online sellers and buyers [64], especially when consumers are uninformed about such practices [142]. Aguirre et al. [3] found that click-through-rates (CTR) are lower when data for personalized online advertising is collected in a covert (as opposed to overt) manner. Therefore, due to the high sense of vulnerability we expected users to generally dislike covert information collection practices more than proactive information provision.
H5e: Websites that explicitly ask users to share information about their tastes and preferences receive a higher perceived trustworthiness and purchasing intention than those that implicitly collect such information using tracking technologies.
Tracking The majority of users consider targeted adverts based on third-party tracking harmful, annoying, and pushy, while the degree of trust is higher toward first-party tracking practices [100]. Therefore, we predicted that:
H5f: Third-party tracking has a more negative effect on the perceived trustworthiness and purchasing intention than first-party tracking.
Application permissions Aguirre et al. [3] found that the CTR dropped once users realized that personal information was collected without consent. This observation provides evidence of the importance of user control over data and awareness about practices involving the processing of personal information. Taylor et al. [136] argued that the level of control over personal information does not have a significant effect on trust, but mediates the negative relationship between privacy concerns and behavioral intentions.
H5g: The perceived trustworthiness and willingness to purchase from websites that grant control over the extent of personal information collection are higher than for the websites that do not provide such control.
Intercorrelations Chen and Barnes [20] showed that the perceived usefulness, privacy, and security trigger initial online trust, which then determines the intent to purchase. A similar relationship between trust and behavioral intent was found in [90]. Therefore, we expected that users that developed a perception of trust toward a company would be more willing to purchase a product or service from its website.
H6: The perceived trustworthiness is positively correlated with purchasing intention.
We discuss the methodology for testing the model in the next section.
3 Methodology
Based on the relevant literature, we made a preliminary selection of key attributes and discussed them during two focus group sessions. A focus group is an exploratory technique widely used in market research, which uses a moderated discussion to collect qualitative data from a small group of people regarding their opinions, beliefs, perceptions, and attitudes about a certain topic. The least prominent factors were screened out. Then we surveyed 117 participants from the Mobile Territorial Lab (MTL) community. The MTL community was created by the Telecom Italia SKIL Laboratory, which is used as an experimental environment for human-behavior analysis and interaction studies. The survey was sent to all 128 members of the MTL community. Eventually, 117 out of 128 people (91,4%) completed the survey in full. We asked them to read a list of 32 statements about the characteristics of firms and various aspects of their websites (hereinafter, items), and rate their perception of trustworthiness and purchasing intention. The main advantage of using the MTL community for the survey was its wide demographic profile compared to the use of students, in terms of age, education level, employment status, and income. Moreover, this method has a relatively low cost of recruitment because community members are paid a flat rate on a monthly basis and are ready to participate in studies at any time. As a result, in contrast to most academic studies conducted with students, we recruited survey respondents among adult Italian Internet users, who were representative of the general population. Our sample was also representative of the European online shopper population [123]. Appendix B summarizes their demographics and responses to the final questionnaire. Sixty-three percent of the participants were females, 89% were 36+ years old, half had at least a bachelor’s degree, while one third had a high school diploma or less, and 67% had a full-time job.
3.1 Focus Group
Two focus group sessions were conducted in December 2014 in the Cognitive and Experimental Economics Laboratory at the University of Trento, Italy. During these approximately one-hour sessions, groups of 6 and 7 students, respectively, were asked in an interactive setting about their perceptions, opinions, beliefs, attitudes, concerns, and habits towards e-commerce and online privacy. Participants were free to express their opinion and talk with other members. Following the rules and principles of the focus group technique, a moderator and an assistant administrated the discussion. We chose not to conduct focus groups with MTL members to avoid a priming effect and potential bias in their responses to the main survey. Therefore, for the focus groups we invited students, who were easy, fast, and cheap to recruit, and are commonly used in such research. The focus groups only played an auxiliary role to calibrate the list of statements for the survey. We did not base our conclusions or the results of model validation on these observations.
Participants expressed fairly high level of privacy concerns, including the statement, I’m not famous, but I’m concerned about my personal life and information. Although one participant said: Who cares about privacy nowadays! others found the topic relevant and one of the most important, fundamental, and central issues affecting Internet use. In general, participants were quite pessimistic about the current state of privacy and referred to it as a utopian and disappearing concept.
In reaction to instances of online privacy violations, the majority of participants described their discomfort, anger, irritation, fear, anxiety, and embarrassment, while a few admitted their preparedness for such consequences (I would not be surprised, One should expect that). Few participants felt they had the control and ability to protect their data from such violations (It would be partially my fault, I should have protected my privacy). As barriers to the acceptance of online shopping, respondents indicated the potential hazard of fraud, fishing, identity theft, data misuse, and a general absence of trust.
After the discussion, several statements were added to the list, e.g., about password creation requirements (Security item 2), and social network widgets were incorporated into the website’s design (Feedback item 6). Some statements were corrected and clarified. For example, the discussion of positive customer reviews considered their source and nature. Participants were skeptical about companies that only received positive feedback, suspecting that it was a falsification of reviews or that unpleasant reviews had been deleted. Thus, we included three different items based on this feedback: positive reviews on the company’s own website (Feedback item 5), and both positive and negative reviews on the company’s own website (Feedback item 2) and on independent websites and forums (Feedback item 1). The qualitative results obtained in the focus groups confirmed the relevance of the topic, while discrepancies among participant opinions and attitudes confirmed the need for an in-depth investigation of the issue.
3.2 Survey
Attitudes toward privacy are heterogeneous and context-dependent [1]. Therefore, in this study, instead of asking for personal opinions, we surveyed more durable socially held judgments to better understand what is the common knowledge regarding the types of cues that trigger the perception of trustworthiness rather than individual preferences. Therefore, we used an incentivized elicitation method [82], in which participants were explicitly informed that the best strategy was to answer what they believe the majority of participants would choose rather than express their personal opinions, because more accurate guesses would be rewarded. Due to the incentivizing of choices this method was expected to elicit accurate decisions.
Subjects were asked to read a list of items describing the attributes of hypothetical firms operating in the online market and their websites (appendix A). Firms were assumed to be retailers of homogeneous products and services. The order of items was randomized across the participants. Participants were told that each item described the company completely, so that no other characteristics should be considered beyond the description provided. This enabled the level of credibility attributed to each aspect to be assessed separately, avoiding any potential interaction effects. After reading each statement, participants answered two questions on a 12-point Likert scale. The response categories were sorted into six groups as shown in Table
We surveyed the participants to determine their demographics, prior Internet experience, acceptance of online shopping, technological literacy, privacy attitudes, concerns, and trust disposition through an exit questionnaire (appendix B) and used them as control variables in a statistical analysis.
After collection of the responses one statement and a related question were selected at random. The score and category chosen by the majority of survey respondents were determined. Participants who chose the most popular response for the selected item entered the raffle and 10 winners were picked at random. They received a USB flash drive of 32 or 16 Gb (with a market price of 20 and 13 Euro, respectively) depending on whether they assigned the exact same score as the majority of respondents or only the same category, but with a slightly different score.
4 Results
The highest evaluations of the perception of trustworthiness and purchasing intention were assigned to the items that ensured privacy and the adoption of security practices, third-party certificates, and high ratings in the media, together with company’s reputation, background, and variety of secure payment options (appendix C). The lowest scores were assigned to the hypothetical websites that had a low quality of content and design, actively encouraged users to connect various accounts with the company’s website, stored users’ personal details without consent, offered recommendations based on personal information about the user, and were involved in third-party data sharing.
4.1 Statistical Analysis
We used two-step structural equation modeling (SEM) to test our research model. In the first stage, we developed the measurement model, while in the second stage we evaluated the full structural model [49]. First, we ran SEM estimations on groups of items as endogenous observed variables and predicted the indices for sub-constructs as latent variables. Then we ran SEM estimations using the predicted values of sub-constructs as endogenous observed variables, and surveyed demographic characteristics and other covariates as exogenous observed variables. Finally, we predicted the indices for perceived trustworthiness (T) and purchasing intention (P) as latent variables. Appendix E summarizes the details of SEM path estimation and shows that the reliability of the measurement model was sufficient for all constructs and sub-constructs, except website quality. For the assessment of reliability we conducted a confirmatory factor analysis with Varimax rotation (appendix D). Using the Kaiser extraction criterion we retained only factors with an eigenvalue of more than 1 for each construct. The resulting factor loadings were high (0.54-0.91) and the degree of uniqueness was within an acceptable level of less than 0.6 (0.18-0.6), for all items except LT1, QT1, QP1, QT3, and QP3. The internal consistency of the resulting indices was good, Cronbach’s α > 0.7 (0.84-0.93), except for the website quality. Appendix F shows that the research model achieved a satisfactory level of goodness of fit. Discriminant validity defines the extent to which an item diverges from other items that theoretically should not be related. Discriminant validity exists if the AVE exceeds the shared variance measured as a squared correlation for each pair of constructs and sub-constructs [44], [54], [14]. All constructs except the index of website quality (QT) satisfied the convergent validity criteria, but the discriminant validity criteria were not satisfied for all pairs of constructs and sub-constructs (appendices E and G). Moreover, privacy, security, and reputation indices, including feedback and awareness, are often strongly correlated. Therefore, we included the covariance between them in the path estimation model.
4.2 Relationship between Perceived Trustworthiness and Purchasing Intention
The correlation and covariance coefficients (appendix G) indicated a significant positive relationship between the perceived trustworthiness and purchasing intention, at the aggregate level (i.e., between T and P) and at the sub-construct level (i.e., between ST and SP, QT and QP, etc.): pairwise correlation coefficients for each item were also positive and significant at the 0.01 level and varied between 0.59 and 0.88, with an average of 0.74. This finding supports H6, regarding the positive relationship between the perceived trustworthiness and purchasing intention.
The positive correlation indicated that participants were generally more likely to purchase from a trustworthy website and less likely to purchase from an untrustworthy website (Figure 2). However, in some cases, the perception of trustworthiness and behavioral intentions were misaligned by the participants. Specifically, in 14.3% of all cases, the participants reported a positive intention to buy from privacy untrustworthy websites. The presence of famous brands, widgets for social network websites, a social login (i.e., the ability to access the vendor’s website using a social network account), a request for permission to access geographical location, a request for information about tastes and preferences, inferences about such information using tracking technologies, and remembering the user’s address for future deliveries had no or a negative effect on the perception of trustworthiness; however, these features positively affected purchase intention. On the other hand, in 2.83% of all cases, the participants reported negative intentions to buy from a website regardless of its trustworthiness, for example, when a company’s website demonstrated a privacy policy and imposed password-composition requirements. We discuss the potential interpretations of this observed misalignment in section 5.
4.3 Factors Influencing Perceived Trustworthiness and Purchasing Intention
In this section, we report the results on the relation between different factors, perceived trustworthiness and purchasing intention.
4.3.1 Construct Level
Standardized path coefficients (Table 7) suggest that all sub-constructs had a significant effect on the perception of trustworthiness and purchasing intention at the 0.001 level, except for the quality of website. QT had the smallest effect on trust, although it was significant at the 0.05 level. QP did not significantly influence purchasing intention. Therefore, our findings provided support for H1, H2, and H4 for both the perception of trustworthiness and purchasing intention, and for H3 regarding the effect on trust. As shown in appendix C, a website’s compliance with security regulations resulted in the highest positive perception of trustworthiness and purchasing intention, followed by awareness about the privacy practices employed, company background, and customer feedback. Poor website quality resulted in the lowest negative perception of trustworthiness and purchasing intention, followed by the collection and control of personal information.
Companies with positive feedback and a strong background were considered to be more trustworthy, leading to a greater willingness to purchase from their websites. Moreover, ensuring consumer awareness about security and privacy protection, by providing informational notices (e.g., about the use of cookies or practices related to the collection, storage, sharing, and use of personal data), demonstrating proof of compliance with privacy and security protection standards and regulations approved by independent authorities (such as an Extended Validation (EV) certificate and privacy seals), and enforcing password-composition requirements further improved the perception of trustworthiness and purchasing intention. However, invasive practices of data collection and providing users with limited control over this information (or poor communication of the opportunities for such control) led to a negative assessment of trustworthiness and a subsequent low purchasing intention. Although insufficient investment of time, money, and effort in website design and lack of attention to the quality of content did not have a significant direct impact on the willingness to purchase, it may have an indirect effect through a negative influence on the perception of trustworthiness because of the correlation between trust and purchase intention demonstrated earlier.
In line with the low discriminant validity and high correlation indices, the covariance between some pairs of sub-constructs in our model was also significant (Table 8). A company or website collecting users’ personal information was perceived to be more trustworthy if it had a positive reputation, including both a positive background and feedback from other consumers, and provides users with control over the information collected. Similarly, practices involving the collection of personal information (e.g., for feeding the recommendation system, credit card details, and shipping addresses for future orders and transactions) would increase purchasing intention when accompanied by control over the information collected. Such control may further enhance the positive effect of consumer feedback on the perception of trustworthiness and willingness to purchase.
4.3.2 Item Level
We tested the differences between different factors on item level (Table 2).
Consumer feedback. Although one might find the presence of solely positive feedback about a company on its website (FT5 and FP5) subjective or indicative of fake reviews, on average participants assigned a higher rating for trustworthiness and purchasing intention to such companies than to firms that had both positive and negative feedback. For the firms woth both positive and negative feedback, having reviews on the company’s own website (FT2 and FP2) was not statistically different from such reviews on independent websites or forums (FT1 and FP1).
Therefore, regardless of the fact that solely positive feedback is often fraudulent, subjects tended to trust it more than a mixture of positive and negative reviews. Although it is easier for companies to manipulate reviews on their own websites than on independent forums, the study participants did not trust the independent websites more. Hence, our results support H5b but not H5a.
Ranking source. The source of information about the company was important when determining purchasing intention, but not for the perception of trustworthiness. A respondent’s willingness to purchase tended to rely on the use of traditional media, such as TV and radio (FT3 and FP3) as the source of information about a company’s ratings and reputation rather than on online channels (FT4 and FP4) This may be because website users are more experienced and familiar with traditional media, and feel more confident in relying on those sources, and the content published in traditional media is more likely to go through editorial review and approval [70]. Hence, H5c was supported for purchasing intention but not for the perception of trustworthiness.
Access conditions. Average scores for both the perception of trustworthiness and purchasing intention for websites with restricted access conditions (LT5 and LP5) did not significantly differ from those of websites employing more privacy-friendly practices (LT4 and LP4), providing no support for H5d. This might be because the restriction of access conditions is now a common practice, and thus does not raise strong concerns. Some online vendors require customers to create accounts on their websites. Such accounts not only help sellers to monitor customer activity, but also allow consumers to keep track of their own transactions, save and compare products in the shopping cart, and save personal information for future transactions. Therefore, consumers may perceive benefits from registering on a certain website that sometimes outweigh the corresponding privacy concerns.
Sources of information for recommendations. Explicitly asking people about their preferences (LT2 and LP2) did not result in different trustworthiness and purchasing intention scores than the use of obscure tracking technologies to gather such information about users (LT3 and LP3), providing no support for H5e. Because the scores of perception of trustworthiness were negative for both items, we concluded that respondents disliked both the implicit and explicit collection of information about their tastes and preferences.
Application permissions. In support of H5g, providing an opportunity to at least partially edit the list of permissions before installation of a company’s mobile application (NT5 and NP5) significantly improved both the perception of trustworthiness and purchasing intention compared to a take-it-or-leave-it offer (NT4 and NP4). While respondents were unlikely to purchase from an application that inevitably accessed their personal data, the opportunity to edit the access permissions resulted in a willingness to make a purchase. Therefore, companies may benefit from enforcing privacy-friendly policies, not only on their websites but also in their mobile applications.
Appendix H summarizes the results of hypothesis testing. Our findings suggest that companies should pay close attention to the way they design and implement their practices. For example, to build trustworthy relationships with customers and positively affect purchasing intention, companies should avoid negative feedback, not through the manipulation of reviews and fraud but through service improvement and by satisfying the needs of consumers. Both independent forums and branded websites are effective in building trust. Firms should also enhance a user’s privacy and provide control over their personal information, e.g., by introducing privacy-friendly policies and editable lists of access permissions, and by limiting the collection of the user’s personal data. Although Internet media is gaining power, overtaking, and sometimes even substituting for, offline channels in their ability to build reputation and trust, companies should not forget to sustain and promote their image in traditional media, which still has a strong influence on purchasing intentions according to our results.
4.4 Robustness Check
We introduced the individual characteristics of the surveyed respondents as observed exogenous covariates in the second stage of the SEM estimation. We found that females and older subjects tended to have a lower perception of trustworthiness. Those who used real names instead of pseudonyms on Facebook were more disposed to trust, while the number of connections (friends) on Facebook was negatively correlated with T and P. The use of a real identity and a large number of connections in online social networks were signals of low privacy concerns and a high general disposition toward trust.
The number of years that a subject had used the Internet positively influenced both the perception of trustworthiness and purchasing intention, in line with [25]. Carlos Roca et al. [17] explained that experienced Internet users may be more familiar with security technologies and therefore feel more comfortable about trusting online shopping websites.
Subjects without full-time employment and concerned about privacy tended to have a lower perception of trustworthiness and purchasing intention. This finding further supported our claim about the important relationship between privacy, trust, and purchasing intentions, suggesting that companies pay rigorous attention to customer concerns and ensure protection of their personal data.
We observed that although almost half of the respondents recognized the EV certificate as a symbol of website compliance, only 72% of them understood correctly what this certificate means. (Because participants had access to various sources of information during the survey and had an opportunity to locate the correct explanation, the rate of correct answers indicated a lower bound). This misalignment may indicate potential misconceptions and misbeliefs about privacy and security signals. A qualitative analysis of the responses shows that some subjects wrongly believed that a website with a green padlock in the URL address bar will require registration for access or will constantly guard the privacy of users. Moreover, familiarity with privacy seal authorities, recognition of the EV certificates green padlock, and the actual understanding of its meaning did not significantly affect T and P. These findings are in line with previous studies, which show that websites possessing independent certificates are actually more likely to be untrustworthy than uncertified websites [35]. Thus, users tend to follow heuristics and shortcuts in relying on these assurances, without verification of authenticity and not always understanding the meaning of certification [124], [85], or directly rely on cues [125], [134] even when they are not credible or interpretable [33], [119], [122].
Similarly, 41% of the participants misunderstood the concept of web cookies, calling them informative windows, user feedback sent to the website to guarantee monitoring of use, files that permit a faster access to the Internet, some form of advertising, or simply treats and sweets. One of the respondents correctly drew the connection between cookies and the subsequent receipt of targeted advertising, but erroneously concluded that one must enable cookies to avoid privacy invasion.
These findings suggest that the level of privacy literacy and awareness is relatively low and consumer education is required. Misunderstandings may lead to the distortion of consumer expectations and the subsequent exploitation of such beliefs for fraudulent or malicious purposes. The improvement of the communication of privacy- and security-related information to consumers is important not only for policy makers and privacy advocates, but is also beneficial for the business because it enhances the perception of trustworthiness and contributes to an increase in purchase intention.
5 Discussion, Limitations, and Future Work
In this section we provide interpretation of the results, discuss the limitations, and propose the directions for future work.
5.1 Behavioral Interpretation
Consumers initially engage in e-commerce with the primary goal of purchasing a product or service, not of protecting their personal information. Customer activity on an e-commerce website is built around choosing a product and the check-out process, with activity buttons and filters enabling navigation through products and prices, while privacy-related information is often limited to a long document written in legal language, which is difficult to understand for a person without an appropriate educational level, and tends to be hidden in one of the secondary sections of the website. Moreover, in uncertain situations people tend to rely on contextual cues [2], [69]. Websites are usually in control of such cues, e.g., the website design, architecture, and content, and the structure of the information presented to the user. Because a website’s primary goals are business-oriented, they may highlight shopping benefits, and draw less attention to (or even deliberately drive it away from) the potential privacy concerns and issues. Therefore, according to the prominence-interpretation theory [43], a lower salience of privacy-related factors compared to shopping-related factors may trigger the dominance of privacy-related factors at the moment of the purchasing decision.
The trust relationship between online vendors (trustees) and consumers (trustors) is often asymmetric. Such a relationship typically takes the form of a take-it-or-leave-it offer. In a more heterogeneous market, consumers could deny access to their personal data and choose another company that provides similar services without the requirement to reveal extensive amounts of personal information. However, the proliferation and acceptance of invasive permission settings as a common business practice often leaves consumers without a choice. This has created a user-website asymmetry, in which consumers are more dependent on the conditions created by the website than the company are dependent on consumer choices. With an increase in the dependency of trustors on trustees, the trustors decrease their cognitive effort and search for information that is required for an accurate credibility assessment. The trustor positively judges ambiguous information and is inclined to engage in an initial level of trust [149], discounting some concerns that may accompany such a decision.
The credibility people tend to give to expected costs against expected benefits can be implied by the decision to trust [133]. A similar calculative approach has been used in the privacy domain and is described as “privacy calculus” [28], [32], [87]. However, people often fail to perform such calculations, for example due to immediate gratification (or present) bias, which refers to an individual’s preference for a short-term return [8], [106], and the discounting of future costs and benefits [107], [66]. A website remembers personal details for future transactions or to recommend products based on behavioral tracking, with the goal of speeding up and facilitating the shopping experience. Moreover, the outcome of a purchasing transaction occurs immediately, while the outcomes of the risk taken in relation to privacy are uncertain in magnitude, value, probability, and time [68]. Therefore, people may be willing to buy from websites where privacy cannot be assured at the cost of privacy risks, if these websites offer services that facilitate the online shopping process in general.
Finally, a combination of various factors is a tradeoff per sé. In our experiment we asked subjects to consider each factor independently, but real-life decisions are influenced by the simultaneous impact of multiple factors and their interactions. Consider, for example, a website that requests some personal information to create an account and remembers credit card details for future transactions, but imposes strict password-composition requirements, ensures compliance with privacy regulations, and demonstrates security certificates. The request for personal information may create a privacy concern, but compliance with the privacy regulations and strict password-composition requirements mitigate them, assuring consumers that their information will be processed securely. Similarly, the presence of security certificates mitigates security concerns and assures consumers that the credit card details they provide will be stored securely and are protected from unauthorized access or use. Therefore, the final decision to purchase depends on the outcome of the interaction between negative and positive aspects.
5.2 The Effects of Cognitive Heuristics and Biases
Although some of the factors investigated have similar effects, the underlying mechanisms leading to these results may differ. To better understand the decision-making process behind the assessment of trustworthiness, we analyzed it through the lens of cognitive science and considered what behavioral heuristics drive certain effects in our study. The theory of bounded rationality [129] has a great potential to explain the process that brings various factors into action to change online trustworthiness perceptions. The notion of bounded rationality refers to the limitations imposed by the nature of the human mind and exogenous conditions, and claims that individuals are constrained to make a decision using limited computational resources and time [50]. This argument is further supported by the limited capacity model [84] and prominence-interpretation theory of online credibility [43]. Due to their finite cognitive capacity individuals select only salient attributes for processing messages, which require an optimal level of cognitive effort to achieve a sufficiently efficient outcome [115]. To reach a balance and make an adaptive choice people often employ cognitive heuristics [58], [104], [132]. Although such mental shortcuts and rules-of-thumb sometimes result in biased decisions [144], more cognitively demanding information-processing strategies have been shown to be equally or even less effective when attempting to make a perfectly rational decision due their complexity [50], [51].
First, the expectancy violation heuristic arises in situations where a website’s content does not conform to user expectations [104] and as consequence of arousal, distraction, and increased attention to the violation [16] the perceived trustworthiness of that website is reduced. In our study, the effect of this heuristic was illustrated by the situation in which: 1) website quality and design did not match the standards and norms (e.g., if orthographic and typographic errors, broken links, or suspicious banners were present); 2) the website provided unsolicited information or services (which is also aligned with the intrusiveness heuristic [132]); 3) the company’s products appeared on unrelated websites or notifications about the use of cookies popped up unexpectedly’ or 4) when a company presented third-party website links, offered social network recommendations, or tracked a user’s activities on the web, and remembered their personal information, e.g., address, credit card details, login and passwords.
Second, the reputation heuristic is based on a consumer’s tendency to rely on familiar sources and alternatives rather than on unrecognized ones [50]. In our study, people driven by this heuristic attributed a higher level of trustworthiness to websites that carried products with reputable names and to companies that had operated for many years and had a description of their history on the websites. This indirectly enhances the effect of the presence of names and photos of key staff members on the company’s website, providing proof of the existence of real people behind the intangible web interface. The reputation heuristic itself may be a product of the authority heuristic, which suggests that the degree of being an official authority or an information source is an important criterion in a credibility assessment [58], [132]. In our study, the effect of the authority heuristic was triggered by the presence of independent third-party seals and security features.
Third, the endorsement heuristic [58] or conferred credibility [42], is related to confirmation bias and consensus [19] or the bandwagon heuristic [132], under which people perceive a source of information as trustworthy without scrutinizing the content if others already trust it. In our study, reliance on consumer feedback, reviews, online and offline ratings, and recommendations from friends in online social networks influenced credibility perceptions through the endorsement heuristic. The impact of recommendations from friends is additionally supported by the liking/agreement heuristic [19], which suggests that individuals are likely to believe that people they like possess correct beliefs and tend to agree with their opinions.
The group of heuristics, which includes reputation, authority, endorsement, and agreement, is generally related to the notion of social proof [23] or social confirmation, which suggests that if other users trust, use, and recommend a particular website, then one can rely on their opinions and perceive the website as trustworthy. However, such a strategy is not perfect, because it may lead to a misconception between credibility and popularity [104], and in certain cases, to an erroneous reliance on fraudulent information from manipulated opinions and fake reviews [61], [62]. Therefore, it is important to assess the reliability of user-generated information, e.g., through cross-validation mechanisms. Similar information from various sources will additionally trigger the consistency heuristic [104] and potentially further improve the effectiveness of feedback, e.g., if reviews on a company’s website and independent forums coincide with online and offline ratings.
To build trust and improve the purchasing intention of potential customers, companies should pay more attention to the way they present information about their reputation, including the company background, customer feedback and reviews, privacy- and security-related practices, and means of protection. Moreover, they need to ensure the quality of this information is satisfactory, together with the content of the website and its visual appeal. Firms should grant users more control over their information, including traditional forms of consent or permission management and the ability to modify/delete private data or deny access to personal information. They should also provide a choice of alternative ways to access the website content (e.g., not only in exchange for personal information but also on a freemium or subscription basis for a small fee that allows avoiding private data collection).
5.3 Limitations and Future Work
This study has some limitations. First, it was based on self-reported answers to questions about hypothetical companies. However, the results of goodness of fit and validity tests demonstrate that the survey successfully captured the difference between participants’ opinions necessary for model validation. Therefore, our study provides useful empirical insight into the factors influencing perceived trustworthiness and purchasing intentions. Future laboratory or field experiments that observe user behavior on actual e-commerce websites will allow testing the external validity and the interaction effects among various factors. Second, we used the willingness to buy as a measurement of behavioral intention. Future studies should analyze the effect of our proposed factors on behavioral metrics, such as actual website visits, purchasing behavior, and repeat purchases. Third, replications of the study need to be performed in other countries to account for potential cross-cultural differences. Fourth, the structured equation modeling technique was susceptible to a number of limitations, such as multicollinearity and the assumption of multivariate normality. However, our dataset did not have univariate or multivariate outliers, the determinant of the covariance matrix did not indicate multicollinearity, and the residuals of the covariance did not deviate substantially from zero. Finally, because we used self-reported data, our study may be affected by common method variance. As a procedural remedy, we randomized the order of items across respondents and included positively and negatively worded statements. We also attempted to avoid any social desirability bias in our wording, and applied statistical techniques to control for it ex-post. The use of the marker variable method revealed between 0 and 2% shared variance with the main model constructs, while less than 50% of the variance was explained by a common latent factor. The indicators were close to, but did not exceed, the critical level. The study could be replicated in the future using a larger sample of respondents, introducing variability in anchor description of the scales, or running a longitudinal survey to reduce the common method bias.
6 Conclusion
Based on previous research and the results of two focus groups we created a list of website attributes and tested their impact on users’ purchasing intentions and perceptions of trustworthiness with respect to privacy via a survey of 117 adults.
First, we found that privacy, security, and reputation strongly affected the perception of trustworthiness and purchasing intention, while website quality played a smaller role in building trust and has no effect on the willingness to buy. On average, websites with enhanced security, transparency regarding consumer privacy, and with a positive company background and feedback received a positive perception of trustworthiness and purchasing intention scores.
Second, we found a positive relationship between trust and purchasing intention. Generally participants were more likely to purchase from a trustworthy website and less likely to purchase from an untrustworthy website. However, in some cases participants that rated a company as untrustworthy were still likely to purchase from their website. This misalignment may be related to the tendency for the expected benefits to outweigh the potential privacy costs. When the website offered a functionality that improved or facilitated the online shopping process, but at the same time raised privacy concerns, a user’s decision to trust and make a purchase from the website was dependent on the eventual tradeoff between benefits and costs. Because individuals tend to discount future outcomes and prefer short-term returns, the immediate and evident benefits of an improved shopping experience (which is also the main goal of engaging in e-commerce) may outweigh the uncertainty of potential future privacy costs (which is a by-product of online interactions rather than a primary component). Moreover, privacy-related aspects may be presented on the website in a less salient way than the shopping-related features, further enhancing an underestimation of the weighting of privacy components in the decision-making process. Finally, the asymmetric structure of the relationship between online seller and buyer put the customer in the position where they are required to engage in a degree of initial trust and accept some risks to conduct a transaction. Such situations may force consumers to accept take-it-or-leave-it offers, despite the concerns over such decisions.
Our findings suggest that leveraging the factors that positively influence the perception of trustworthiness would help companies to build trust, which would in turn affect a customer’s purchasing intention. First, companies should ensure the security of their websites and communicate the level of security to the customers, for example by introducing strong password-composition requirements, safe payment options, and demonstrating compliance with security standards. Second, companies should pay great attention to privacy-related issues; limit the collection of user data to within the scope of well-defined and user-friendly activities; be transparent about the collection, storage, use, and sharing of this data; and give users control over their personal data. The form of this control should also evolve and improve over time together with the development of related technology and legislation. Companies should make an effort to create a positive reputation, including a presentation of information about the company’s background and the actual people behind the website, and also respond to customers’ concerns and questions. Firms, especially not well-known businesses, should invest time, money, and effort to create a good-quality website that contains accurate and up-to-date information, because in situations of uncertainty visual appeal plays an important role, whereas the quality of the content signals the quality of the company itself and its products.
Third, we found that participants trust and are more likely to purchase from the websites of companies that receive only positive feedback rather than mixed (both positive and negative) reviews, regardless of whether they were published on the company’s own website or on independent forums. Therefore, companies should pay attention to any negative feedback from customers and respond to them publicly to maintain their reputation. Participants trusted online and offline sources of company rankings; however, the traditional sources appeared to have a greater impact on willingness to purchase. Therefore, companies should not forget to maintain their reputation in the traditional media, even though online sources of information have now gained a wider popularity. Our results suggest that first-party and especially third-party tracking of customers should be limited or avoided. Moving away from take-it-or-leave-it offers and granting consumers more control and choice will benefit trust relationships and increase purchasing intention.
Finally, we found that people, who use their real name on Facebook instead of a pseudonym and are experienced at using the Internet generally tended to trust websites more than the average user, while females, older subjects, people with less independent sources of income (i.e. without full-time employment), higher levels of privacy concerns, and a larger number of connections (friends) on Facebook were less inclined to trust. Similarly, less independent sources of income, privacy concerns, and a lower number of Facebook connections negatively affected purchasing intention, while Internet experience had a positive effect. Therefore, to establish trust-building strategies companies should be especially attentive to the above-mentioned target groups that currently do not have a disposition to trust. We also observed a relatively low level of privacy literacy among our respondents. About one third of participants demonstrated a misunderstanding of the basic privacy and security concepts. Such misconceptions may distort a user’s expectations, lead to inefficient communication of the information, and cause economic or psychological harm. For example, a website that saliently presented a notification about the use of cookies may be perceived as less trustworthy than a website that hid such details or covertly collected information. Users that think cookies are essential for faster access to the Internet, as one of our subjects claimed, may enable cookie storage without a full understanding of the consequences that it will have on their privacy. The improvement of the communication of privacy- and security-related information to the consumers is important not only for policy makers and privacy advocates but is also beneficial for the business because enhanced levels of trust will increase purchasing intention.