Mattila Anssi
HOW PERCEIVED SECURITY APPEARS IN THE COMMERCIALIZATION OF INTERNET
INNOVATION
ABSTRACT
Security has been widely
recognized as one of the main barriers of the adoption of Internet innovation.
Many studies suggest that firms operating on the Internet must first convince
their customers about the security of Internet as a medium. This paper presents
empirical evidence that Finnish Internet customers do not consider Internet
banking nor electronic grocery shopping so unsecured than past literature
suggests. In fact, our research findings suggest that Finnish Internet banking
and electronic grocery shopping services are considered secured in all our
target groups, which present a vast sample of today’s Finnish Internet
customers. Our empirical data consisted of 1167 individual Finnish bank and
1210 grocery shopping customers’ survey responses and 50 in-depth interviews
including both Internet users and non-users.
Keywords: security, innovation, Internet, consumer behavior
INTRODUCTION
Security is a very important aspect in the discussion of the challenges of Internet’s commercialization. It has been defined in numerous researches that the greatest challenge for the electronic banking sector will be the win of consumers’ trust in the security and confidentiality issues (Runge et al., 1997; Furnell et al., 1999; Bestavros, 2000; Mannessis et al., 2000; Potter, 2000). Adam et al. (1999) continue that ensuring security and confidentiality are the fundamental prequisites before any commercial activities involving sensitive information can be taken place. Security is recognised as the leading barrier to widespread electronic business on the Internet. The rapid developments in the technology have made significant contributions to securing the Internet for electronic business. There are still many challenges in this area between service providers and sceptical consumers.
Security is of paramount importance to Internet users. According to the study made by Gervey et al. (2000) the Internet users are aware that cookies are placed on their computers without their permission and their movements on the Internet are tracked. Respondents were afraid to give their financial information to Internet, and they were also reluctant to do their banking over the Internet. The key way to reduce this concern is to cultivate brand equity. Brand equity appears to play a major role in decisions about product and service (e.g. banking service) purchases over the Internet. Not only the cultivation of brand equity will move consumers online. According to Furnell et al. (1999) consumers with a greater awareness of security will be more likely to use Internet based services such as shopping and banking. Their results say that awareness is key to increase consumer confidence.
The security technology is already here and in use, the question to be addressed today is only: how to convince consumers of the security of the Internet. For example, Gesner (1996) argues that security is becoming a non-issue as the answers to the security and confidentiality problems become available. He continues that there are three main developments taken place in the area. First, the Web browsers are incorporating 128 bit RSA encryption key technology that allows customer information and request to remain private as the data flows across the Internet. Second, the use of digital certificates have made the identification easier and cheaper. Third, the firewalls ensure that “bad guys can’t gain unauthorised access to both customer information and backoffice systems are improving daily”. About the improvements in the Web technology he argues that the Internet will soon be the most secured way of doing business. The education of the customers is of key importance. No one will benefit if customers’ don’t trust the banks to deliver security.
SECURITY FRAMEWORK FOR ELECTRONIC BUSINESS
The importance of trust has been a burning issue for many years in electronic commerce. Consumers see the Internet as a global public network, so the issue of trust is of a paramount importance between customer and seller in the Internet. According to Ratnasingham (1998) the relationship between customer and seller need to be complete trustworthy. In order to achieve this kind of relationship, at least three security requirements must be satisfied:
§ if the other party is not known directly, then there needs to be the additional involvement of someone else known to both sides (a third party),
§ data need to be secured at all stages (see table 1), and
§ common rules need to be established or, failing that, at least a known and acceptable legal environment.
The security requirements have already been recognised within the Internet, and a number of technologies have been developed to secured electronic transactions. The most common approach used to secured current online transactions is the Secured Socket Layer (SSL) protocol, which is a general cryptographic protocol used at the transport of the TCP/IP suite for securing bi-directional communication channels (Gritzalis et al., 2001). SSL consists of a two-phase handshake protocol for server and client authentication using public key certificates. Once the connection is established, the SSL protocol can be used to transfer data in all forms (Adam et al., 1999).
The Internet Engineering Task Force is currently trying to use SSL 3.0 as a basis for a proposed open standard called transport layer security TLS, which is supported by most major Web server vendors. Although the vendors will not be obligated to implement it, should TLS to be made an Internet standard, there would be a standard for secure transactions to serve as the basis of comparison for other protocols (Desmarais, 2001).
Public key infrastructure PKI has been used for electronic commerce applications. Particularly large firms want to use it to protect their networks to ensure that only authorized users get on the network. The efforts to implement PKIe are moving very slowly because of the cost and complexity as well as the lack of standards (Desmarais, 2001). With secure electronic transactions SET, credit card companies are enabled to authenticate the credit card holder on the Internet. SET uses digital certificates to verify the identities of both the consumer and the merchant. The used credit card will be selected from an online wallet, which resides on the hard drive of the consumer’s personal computer (Hopwood, 2000).
The security requirements of electronic commerce can be drawn together as follows (Furnell et al., 1999):
Take in Table I.
There are several requirements to creating a secured environment for electronic business. The security framework involves five topics (Adam et al., 1999):
1. Authentication
2. Authorization
3. Confidentiality
4. Integrity
5. Nonrepudiation of origin
The principles
of security for electronic commerce over an open network are based on these
five requirements mentioned above. Furthermore, these requirements rely heavily
on each other. Authentication
involves the ability of individual, organization, or computer to prove its
identity. In a basic stage, authentication is the ability to be sure of the
origin of the message. (Wilson, 1997; Wilson, 1999).
Some common methods of network security systems used to accomplish
authentication include usernames, passwords, personal identification numbers (PINs), digital signatures and certificates. Adam et al
(1999, p.126) stated that authorization
involves the control of access to particular information once identity has been
verified. The main point in authorization is that certain transactions need to
be partly accessible to certain parties, while other transactions are not. The third topic in the framework, confidentiality, involves the security
of data and / or information, and the protection of such information from
unauthorized access.
SECURITY ISSUES IN INTERNET PURCHASING
At the present there is little consumer protection on the Internet. Consumers must basically trust that the company they are dealing with is actually who it claims to be, is located where it claims to be, and will provide the product and after-sales service it commits to (Damanpour, 2001; Badamas, 2001).
Especially in the middle of the nineties as the Internet began to grow in an enormous speed electronic business was facing a huge amount of critics. Cipparone (1996), for example, argues that any successful payment system will be subject to intense attacks, especially the Internet payment systems. He adds that anyone with a “superficial knowledge of electronics can tap communications by connecting on the cable somewhere on its way to the customer.” He continues that security will have to be provided by protecting the message itself, not the communications line. He concluded that only element what is missing in the Internet is the safety payment systems. Nowadays one could argue that this critic towards electronic business has vanished as the technology has developed.
Empirical studies have found out that “consumers are often reluctant to share personal information for fear that their financial life will become an open book to the Internet universe” (Bestavros, 2000; see also Bhimani, 1996; Furnell et al., 1999). Also Salisbury et al. (2001) state that it is clear that customers will shop on the World Wide Web only if they feel that their credit card numbers and other sensitive information are safe. Udo (2001) goes even further in suggesting that for every three Internet shoppers today, there are seven others who are too concerned to shop on the Internet.
Service providers operating on the Internet have made major developments, for example, in the payment methods available in the Internet. Consumers can nowadays choose between many modes of payment. If one does not feel comfortable in giving his credit card number via the Internet, he can choose other way to pay. Many electronic shopping places have made agreements with banks operating on the Internet so consumers can pay their shopping also as a debit payment charged from their bank account.
According to
Guru et al. (2000) consumer confidence is the biggest obstacle for provision of
Internet banking. According to the their results
Internet banking “is still not available
to Malaysian bank customers at present due to lack of adequate legal framework
and security concerns.” According to many other researchers electronic
banking will be the most secured financial system in the banking business (Nehmzow, 1997 ; Furnell et al., 1999). For example in
METHODOLOGY
In order to secure some empirical evidence of
perceived security among Internet customers, we developed data from several
sources. First, we conducted a survey of the innovators, adopters, and laggards
of the customer base of the Nordea Bank in
RESULTS
The questionnaires of the two consumer surveys consisted of total 80 questions. This paper examines questions concerning consumers’ opinion about the security of Internet usage. The demographic profiles of the respondents are outlined in tables II and III.
Take in Table II.
Take in Table III.
Respondents were asked to choose adjectives outlined in table IV to rate the best kind of mode of payment. Figure 1 shows that speed was considered as the most important adjective for payment system with 17 percent share of total answers. Security was considered as second significant with 16.7 percent share. Ease-of-use and inexpensiveness were next important. Playfulness was seen as very unimportant in payments.
Take in Figure 1.
Non-users were somewhat sceptical about the security of Internet banking. This may be explained mainly with their demographic profile. In our sample non-users were older people, not so educated, and had a very little past computer experience. These factors have a major influence on the attitude towards Internet banking (Karjaluoto et al., 2001).
”If the hackers can get to Pentagon, image
what they would do with my account.” Non-user, female 64
years, metropolitan area.
Consumers had to rate the security of Internet usage on a scale from very minor barrier for adoption (-3) to very important barrier for adoption (3). Figure 2 suggests that 26.4 percent of the respondents define the security of Internet usage as a very important barrier for adoption, and 9.9 percent define security as a quite important barrier. However, large amount of non-users regarded Internet banking also very secured (18.2%) or quite secured (9.9%). A new aspect provided was that non-users did not find the Internet banking so unsecured than past literature suggested.
“I have not once suspected the security when paying my bills via ATM.” Non-user, female 67 years, rural area.
Take in Figure 2.
To be more precise, we conducted ANOVA tests in order to gain more insight into security concerns among non-users. Three demographic characteristics were chosen for the analysis: age, household income, and education. ANOVA test results are presented in table IV. This question was asked on a seven-point scale (-3 strongly disagree to 3 strongly agree). The results may not be very reliable, because of the total amount of responses received for this particular question was relatively low.
”That (shopping through the Internet) is so unsafe! I’d never give my credit card number to anybody over the Internet not to mention transfer real money over it. Frauds are happening all the time. Like the one that happened to one of my family members.” Non-user, female 65 years, metropolitan area.
Age seems to have no significant impact on attitude towards security. Respondents under 24 considered Internet banking most secured with mean score –0.80. Further, household income impacts security concerns: the more household income was the less respondents were concerned of security. Education seemed also has some influence, higher rate of education seemed to create more positive attitudes towards Internet banks’ security. Further, students find Internet banking quite secured.
Take in Table IV.
”I pay my bills at a branch office because I
want it to happen in real time. And I also want to know immediately that the
bill was actually paid. How could I know this for sure if I’d use Internet
banking?” Non-user, female 43 years, metropolitan area.
Compared to the Non-users, the Internet users find using Internet very secured. Also the Users were asked to rate the security of their banking and shopping on a scale from very unsecured (-3) to very secured (3). Total amount of 84.4 percent of the respondents considered using Internet very secured, and 10.5 percent quite secured. Only 0.6 percent rated the security of Internet usage –1 or below (see figure 3).
Take in Figure 3.
Figure 3 shows also responses to question how important respondents see the security of banking in general. As expected, secured modes of payments were considered as one of the most important aspects of banking as 82.5 percent of the respondents regarded security in usage very important.
”I guess it’s safe. I’ve never heard anything bad to happen.” Old user, male 40 years, rural area.
CONCLUSION
This paper examined security
requirements Internet usage is facing. First, we introduced security from
service provider’s side, and saw that secured Internet
technologies are already developed and in use. Second, we argued that consumers
are quite sceptical about the security of the Internet, especially people with
little past experience of Internet and on its use. Non-users find Internet
banking not so trustworthy and secured as Internet
banking users. However, our research findings suggest that Internet banking is
considered more secured also among the Non-users than earlier studies indicate.
Technologies that secured Internet banking and electronic commerce have already been built. Now its time for Internet companies to convince the consumers of the secured and trustworthy new electronic market place. Firms should develop strategies to convince people who do not trust the electronic commerce. To sum up, security seems to be important issue in Internet usage. The more consumers get familiar with using Internet, the less security issues will be discussed as barriers.
REFERENCES
Adam, N., Dogramaci, O.,
Gangopadhyay, A. and Yesha,
Y. (1999), Electronic Commerce, Technical, Business, and Legal Issues,
Badamas, M. (2001) “
Barefoot, J. (1999) “Privacy under scrutiny”, Banking Strategies, Vol. 75 No. 6, pp. 6-14.
Bestavros, A. (2000) “Banking Industry Walks ‘Tightrope’ in Personalization of Web Services”, Bank Systems & Technology, Vol. 37 No. 1, pp. 54-56.
Bhimani, A. (1996) “Securing the Commercial Internet”, Communications of the ACM, Vol. 39 No. 6, pp. 29-36.
Cipparone, M. (1996) “Internet Banking Services vs. Proprietary Solutions: Why the Internet is deemed to succeed”, Journal of Internet Banking and Commerce, Vol. 1 No. 2, Available:www.arraydev.com/commerce/JIBC/articles.htm
Damanpour, F. (2001) “E-business e-commerce evolution: perspective and strategy”, Managerial Finance, Vol. 27 No. 7, pp. 16-33.
Desmarais, N. (2001) “Body language, security and e-commerce”, Library Hi Tech, Vol. 18 No 1, pp. 61-74.
Furnell, S. and Karweni, M. (1999) “Security Implications of Electronic Commerce: A Survey of Consumers and Business”, Internet Research: Electronic Networking Applications and Policy, Vol. 9 No. 5, pp. 372-382.
Gervey, B. and Lin, J. (2000) “Obstacles on the Internet”, Advertising Age, Vol. 71 No. 16, pp. 13-22.
Gesner, S. (1996) “
Gritzalis, S. and Gritzalis, D. (2001) “A digital seal solution for deploying trust on commercial transactions”, Information Management & Computer Security, Vol 9 No. 2, pp. 71-79.
Guru, B.,
Krishnan, S., Vaithilingam, N. and Rajendra, P. (2000) “Electronic Banking in
Hopwood, W. (2000) “Security in a web-based environment”, Managerial Finance, Vol. 26 No 11, pp. 42-54.
Karjaluoto, H., Mattila, M. and Pento, T. (2001) “Factors underlying attitude formation toward Internet banking”, Under review for European Journal of Marketing.
Mannessis, T. and Orfei, S. (2000) “Protecting online retail transactions calls for proactive input from banks”, Bank Systems & Technology, Vol. 37 No. 5, pp. 62-63.
Mattila, M. (2001), Essays on Customers in the Dawn of Interactive Banking,
Nehmzow, C. (1997) “The Internet Will Shake Banking’s Medieval Foundations”, Journal of Internet Banking and Commerce, Vol. 2 No. 2, Available: http://www.arraydev.com/commerce/JIBC/articles.htm
Potter, M. (2000) “ Internet banking & fraud: Making business less risky”, Community Banker, Vol. 9 No. 7, pp. 42-43.
Ratnasingham, P. (1998). “The importance of trust in electronic commerce.” Internet Research, 8, 4, 313-321.
Runge, A., and Zimmermann, H-D. (1997) “Internet-Banking und –Payment in der Schweiz, Eine Bestandesaufnahme” Neue Zürcher Zeitung, Vol. 6/97 No. 17.6. Available: http://www.nzz.ch/online
Udo, G. (2001) “Privacy and security concerns as major barriers for e-commerce: a survey study”, Information Management & Computer Security, Vol. 9 No 4, pp. 165-174.
Requirement |
Typical considerations |
Security at the user side |
Physical access control to the machine User authentication and authorisation |
Security during transport
of data |
Confidentiality Data integrity |
Security at the merchant
side |
Secured storage of user information User’s privacy protection Authentication of parties involved |
TABLE II. Demographic profile of electronic banking survey respondents
All respondents |
Electronic Banking Users |
|||
Gender |
n |
% |
n |
% |
Male |
601 |
51.5 |
359 |
55.4 |
Female |
564 |
48.3 |
288 |
44.5 |
Missing |
2 |
0.2 |
1 |
0.1 |
Age |
|
|
|
|
Under 18 |
1 |
0.0008 |
1 |
0.002 |
18-24 |
9 |
0.008 |
4 |
0.006 |
25-34 |
118 |
10.1 |
97 |
15.0 |
35-49 |
459 |
39.3 |
323 |
50.0 |
50-64 |
369 |
31.6 |
174 |
26.9 |
Over 65 |
210 |
18.0 |
48 |
7.4 |
Missing |
1 |
0.0008 |
1 |
0.002 |
Marital
status |
|
|
|
|
Married |
680 |
58.3 |
415 |
64.2 |
Cohabitation |
139 |
11.9 |
89 |
13.8 |
Single |
136 |
11.7 |
64 |
10.0 |
Other |
207 |
17.8 |
77 |
11.9 |
Missing |
5 |
0.4 |
1 |
0.1 |
Education |
|
|
|
|
Basic school |
275 |
23.6 |
71 |
11.0 |
Secondary level |
457 |
39.2 |
267 |
41.3 |
University level |
284 |
24.3 |
224 |
34.6 |
Other |
146 |
12.5 |
83 |
12.8 |
Missing |
5 |
0.4 |
2 |
0.3 |
Household income |
|
|
|
|
Less than 16819e |
206 |
17.7 |
39 |
6.0 |
16820- 33642e |
201 |
17.2 |
77 |
11.9 |
33642-50463e |
231 |
19.8 |
127 |
19.6 |
More than 50463e |
491 |
42.1 |
393 |
60.7 |
Missing |
38 |
3.2 |
11 |
1.8 |
Profession |
|
|
||
Blue-collar worker |
196 |
16.8 |
88 |
13.6 |
White-collar worker |
565 |
48.4 |
437 |
67.4 |
Unemployed |
76 |
6.5 |
27 |
4.2 |
Other Missing |
326 4 |
27.9 0.4 |
94 2 |
14.5 7.3 |
TABLE III. Demographic profile of the electronic grocery shopping survey respondents
All respondents |
Electronic Grocery
Shoppers |
|||
Gender |
n |
% |
n |
% |
Male |
335 |
27.7 |
51 |
25.8 |
Female |
869 |
71.8 |
147 |
74.2 |
Missing |
6 |
0.5 |
0 |
|
Age |
|
|
|
|
Under 18 |
3 |
0.2 |
0 |
0 |
18-24 |
41 |
3.4 |
4 |
2.0 |
25-34 |
333 |
27.5 |
58 |
29.3 |
35-49 |
578 |
47.8 |
113 |
57.1 |
50-64 |
208 |
17.2 |
19 |
9.6 |
Over 65 |
43 |
3.6 |
3 |
1.5 |
Missing |
4 |
0.3 |
1 |
0.5 |
Marital
status |
|
|
|
|
Married |
730 |
60.3 |
133 |
67.5 |
Cohabitation |
217 |
17.9 |
29 |
14.6 |
Single |
128 |
10.6 |
19 |
9.6 |
Other |
108 |
9.4 |
16 |
8.1 |
Missing |
22 |
1.8 |
1 |
0.5 |
Education |
|
|
|
|
Basic school |
331 |
27.3 |
45 |
22.7 |
Secondary level |
544 |
45.0 |
99 |
50.0 |
University level |
283 |
23.4 |
53 |
26.8 |
Other |
44 |
3.6 |
1 |
0.5 |
Missing |
8 |
0.7 |
0 |
0 |
Household income |
|
|
|
|
Less than 16819e |
60 |
5.0 |
4 |
2.0 |
16820- 33642e |
274 |
22.6 |
32 |
16.2 |
33642-50463e |
327 |
27.0 |
40 |
20.2 |
More than 50463e |
519 |
42.9 |
117 |
59.0 |
Missing |
30 |
2.5 |
5 |
2.5 |
Profession (multiple responses) |
|
|
||
Blue-collar worker |
326 |
18.7 |
26 |
9.2 |
White-collar worker |
1148 |
65.8 |
229 |
80.6 |
Unemployed |
44 |
2.5 |
7 |
2.5 |
Other |
226 |
13.0 |
22 |
7.8 |
Figure 1. Best kind of mode of payment
3 = Strongly
agree
-3 = Strongly disagree
Figure 2. Non-users opinion about Internet security
TABLE IV. ANOVA results about security concerns (non-users)
Using Internet is unsecured |
N |
Mean |
F Value |
|
Age |
|
|
|
|
18-24 |
5 |
-0,80 |
0,709 |
|
25-34 |
5 |
0,80 |
|
|
35-49 |
33 |
0,00 |
|
|
50-64 |
47 |
0,34 |
|
|
Over 65 |
31 |
0,68 |
|
|
Household
Income |
|
|
|
|
Less than 16819e |
30 |
0,50 |
0,998 |
|
16820- 33642e |
38 |
0,71 |
|
|
33642-50463e |
26 |
0,20 |
|
|
More than 50463e |
21 |
-0,32 |
|
|
Education |
|
|
|
|
Basic school |
32 |
0,51 |
0,620 |
|
Technical school |
10 |
0,90 |
|
|
Business school |
13 |
0,23 |
|
|
Student |
12 |
-0,83 |
|
|
University degree |
19 |
0,16 |
|
|
Other |
30 |
0,46 |
|
Figure 3. The Internet users’ opinion about security of Internet usage
EUROOPAN UNIONI