Академический Документы
Профессиональный Документы
Культура Документы
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide
range of content in a trusted digital archive. We use information technology and tools to increase productivity and
facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org.
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at
http://about.jstor.org/terms
This content downloaded from 14.139.224.146 on Fri, 11 May 2018 16:04:04 UTC
All use subject to http://about.jstor.org/terms
Internet Privacy and Security: An Examination of Online
Retailer Disclosures
The Federal Trade Commission has declared the privacy and security of consumer informa-
tion to be two major issues that stem from the rapid growth in e-commerce, particularly in
terms of consumer-related commerce on the Internet. Although prior studies have assessed
online retailer responses to privacy and security concerns with respect to retailers' disclo-
sure of their practices, these studies have been fairly general in their approaches and have
not explored the potential for such disclosures to affect consumers. The authors examine
online retailer disclosures of various privacy- and security-related practices for 17 product
categories. They also compare the prevalence of disclosures to a subset of data from a con-
sumer survey to evaluate potential relationships between online retailer practices and con-
sumer perceptions of risk and purchase intentions across product categories.
Consumers have little privacy protection on the Internet. store regarding not only consumer characteristics but also
- Federal Trade Commission Press Release, June 4, 1998
actual shopping behavior. Because most features of online
marketing transactions can be recorded electronically for
The Federal Trade Commission today told a House Committee future use by marketers, the amount of data gathered by
that business on the Internet could explode-from $2.6 billion in marketers is growing at constantly accelerating rates.
1996 to $220 billion in 2001--but if the trend is to continue, con-
Unfortunately, this burgeoning reservoir of information is
sumers must feel confident that the Internet is safe from fraud.
accompanied by technologically enhanced versions of two
- Federal Trade Commission Press Release, June 25, 1998
previously studied database issues, namely, the privacy and
The past decade has witnessed rapid escalation of the security of accumulated consumer data. These issues are of
diffusion of the Internet as a source of consumer enter- interest to policymakers with respect to both protecting con-
tainment, education, and marketplace exchange.' The sumers' rights regarding the privacy and security of their
growth of online retailing in particular has been well docu- personal and financial information and facilitating the con-
mented, and estimates of annual revenues have reached $13 tinued growth of e-commerce and the benefits it brings to
billion for 1998 (Holstein, Thomas, and Vogelstein 1998). consumers and businesses (e.g., enhanced efficiencies of
For example, the National Retail Federation reports that 26% information exchange and targeted communication).
of retailers had Internet sites in 1998, compared with only 8% Because many retailer practices have implications for pri-
in 1996 (Holstein, Thomas, and Vogelstein 1998; for similar vacy- and security-related issues, a key element of proposed
figures, see Ernst & Young 1999). Consumer patronage of legislation in this area involves the online disclosure of such
such sites also continues to grow. According to America practices. As discussed subsequently, these online disclo-
Online, currently the largest Internet service provider, 48% sures may be helpful in preventing and/or reducing con-
of its 14 million subscribers had purchased goods online as sumer concerns regarding Internet privacy and security.
of December 1998 (Holstein, Thomas, and Vogelstein 1998). Although several prior academic and industry studies have
In conjunction with this surge in e-commerce is a related evaluated commercial Web sites for privacy- and security-
increase in the amount of information marketers collect and related disclosures, most have taken a general approach and
have not examined how such disclosures may affect con-
sumer behavior. We assess disclosures of online retailers at
IAlthough the Internet includes various modes of information exchange,
such as directed communication (e.g., e-mail), posted communication (e.g., a more detailed level by delineating the various levels of
Usenet groups), real-time communication (e.g., Internet Relay Chat), and retailer response to several privacy and security concerns.
file transfer systems (e.g., File Transfer Protocol), our focus is the use of We then compare the prevalence of privacy- and security-
the World Wide Web (e,g., homepages, Web sites) as a main or alternative
storefront that allows for interactive consumer-initiated information
related disclosures with a subset of risk perception and
exchange (see Hoffman and Novak 1996). This information exchange may online purchase intention data from a consumer survey.
range from basic communications regarding products and physical retail Finally, we discuss implications for online retailing.
outlets to completely automated purchase and shipment procedures.
Vol. 19 (1)
54 Journal of Public Policy & Marketing Spring 2000, 54-61
This content downloaded from 14.139.224.146 on Fri, 11 May 2018 16:04:04 UTC
All use subject to http://about.jstor.org/terms
Journal of Public Policy & Marketing 55
This content downloaded from 14.139.224.146 on Fri, 11 May 2018 16:04:04 UTC
All use subject to http://about.jstor.org/terms
56 Internet Privacy and Security
This content downloaded from 14.139.224.146 on Fri, 11 May 2018 16:04:04 UTC
All use subject to http://about.jstor.org/terms
Journal of Public Policy & Marketing 57
as the percentage
and financial information. Consumer concerns of offline purchase transactions increases.
regarding
Thus, although security
this issue are highlighted because of publicized this practice may reduce consumer concern,
breaches of online retailer database information,
it may also reduce such as purchasing.
actual online
Hallmark's discovery that consumers' personal electronic
Privacy
greeting card messages (on what was likely and Security
thought of as Disclosures
a and Consumer
Behavior
secure site) were actually available to anyone using the
site's search engine (CNN 1999). Given that the presence
Although of
efforts to implement mandatory disclosure of the
online security concerns may curtail purchase behavior,
previous issues and the
practices are based on a consumer pri-
alleviation of these concerns would seem to
vacybeperspective,
a key focus the disclosure of privacy and security
of online retailers. We now discuss three information
potential may online
also be useful from a marketing strategy
communication practices presumably designed toSpecifically,
perspective. reduce if concerns about privacy and
consumers' security concerns. security issues tend to raise risk perceptions and lower pur-
chase likelihoods, higher levels of privacy- and security-
Secure Transactions
related disclosure may be useful in stemming such concerns.
The protection of the online transaction of information This, in turn, would be expected to result in lower consumer
risk perceptions and higher purchase likelihoods. Thus, it is
(whether personal or financial) is a technological issue. Yet
Internet security advocates suggest that retailers provide expected that the percentage of Web sites with (1) privacy-
consumers with information regarding the safeguarding related
of statements and (2) security-related statements for a
transactions, either with clearly labeled "secure servers" particular
or shopping category will be negatively related to
prominent links to security policies (Consumer Reports consumer risk perceptions regarding online shopping in that
Online 1998; FTC 1998a). Thus, in addition to the actual category and would be positively related to consumer online
provision of secure transaction technology (e.g., secure purchase intentions in that category.
servers, secure sockets layer encryption), online retailers
have been counseled to assuage the concerns of consumers Method and Results
by communicating the security of their online information
systems. Examination of Web Sites
Web sites for 381 commercial enterprises based in the United
Online Credit Card Security Guarantees States and targeting U.S. consumers were visited in the first
To diminish consumer security concerns (see National two months of 1999 and were examined with respect to the
Consumers League 1999) even further, some online retailers privacy and security issues raised previously. The Web sites
have implemented consumer guarantees against credit card were randomly sampled from three popular shopping portals
fraud that may occur as a result of online divulgence of credit (excite.com, yahoo.com, and netscape.com), and each site
card information (e.g., Amazon.com's safe shopping guar- was placed into one of 17 shopping categories that appeared
antee or Wal-mart's online security guarantee). These guar- to be the main emphasis of each site's sales efforts at that
antees, which sometimes reference the Fair Credit Billing time. The 17 categories were fairly common across the por-
Act (15 U.S.C. 1601-67), typically pledge reimbursement tal sites and represent a broad array of goods. (A list of spe-
of unauthorized charges made to a credit card if such charges cific Web sites is available upon request from the authors.)
resulted from purchasing through the online retailer's secure Trained researchers accessed each Web page; searched
system. Because the maximum retailer liability for such a for any information pertaining to privacy and security
guarantee would typically be $50 and because cases of issues; and printed the pages on which this information was
online credit card fraud from security breaches are reported found, pages with links to such information, and the site
as very infrequent, this retail practice would likely serve as a home page (i.e., initial starting page). Each Web site was
reasonable method of allaying consumer concerns. then coded (see Table 1) by the authors with respect to its
information regarding (1) customer identification (including
Alternative Payment Options the use of cookies), (2) customer contact, and (3) informa-
A key consumer concern of online shopping is the intercep- tion sharing. The sites were also coded according to the
tion of credit card information (National Consumers League presence or absence of written information regarding (I)
1999). A viable retailer response would be the provision of secure transaction systems, (2) credit card fraud guarantees,
alternative payment (or ordering) options that enable the and (3) alternative ordering methods.4 Initial coding agree-
online customer to shift certain components of the transac- ment was high (93% across all variables), and disagree-
tion to the Internet (e.g., information acquisition, ordering) ments were resolved by discussion. Although the general
while still conducting more vulnerable components (e.g., approach used here is comparable to that reported by one of
actual payment) offline. Several online retailers offer con- the FTC's (1998d) recent studies on e-commerce, the cur-
sumers the opportunity to complete and submit orders rent research reports not only the presence of information
through the Internet, combined with telephone or facsimile privacy and/or security disclosure but also the type and level
transmission of credit card information. Some Web sites also of disclosure.
suggest mailing, faxing, telephoning, or e-mailing both the
order and the payment if the consumer has concerns over a
4Third-party endorsements (e.g., seals of approval such as VeriSign,
complete Web site transaction. Offering alternative payment TRUSTe, and CPA WebTrust) were not examined in this study, nor was the
methods is not seen as an ideal retailer response, because the activation of secure link icons (i.e., a locked padlock or unbroken key),
efficiencies of Internet ordering and payment are sacrificed which appear on popular Web browsers.
This content downloaded from 14.139.224.146 on Fri, 11 May 2018 16:04:04 UTC
All use subject to http://about.jstor.org/terms
58 Internet Privacy and Security
Consumer
aAll numbers for privacy and security information are percentages of sites within a particular category
and so forth) to consumers regarding the privacy or security issue in question.
bRisk and purchase likelihood numbers represent aggregated means from the consumer survey.
Descriptive Results The sharing of information with other companies was dis-
closed by only 112 (29.4%) of the examined online retailers.
The general results show that the disclosure of online pri-
With respect to privacy protection levels, 65 sites (17.1%)
vacy practices has risen since the March 1998 FTC (1998e)
reported no sharing of consumer information; 2 (.5%)
survey and is comparable to the March 1999 survey (Culnan
shared information only if requested by the customer (an
1999a). Although the 1998 FTC study indicates that 14% of
opt-in procedure); 19 (5.0%) carefully shared information
commercial Web sites made mention of practices related to
but provided an opt-out alternative, whereas 16 (4.2%)
consumer information privacy and Culnan (1999a) reports a
65.9% disclosure rate in March 1999, our data merely provided the opt-out alternative; 3 (.8%) agreed to
share carefully but had no opt-out procedure; and 7 (1.8%)
(January/February 1999) show overall disclosure (i.e., the
merely shared information without further notification. The
presence of any type of privacy statement) to be 41.5%.
remaining 269 sites (70.6%) had no such privacy statement.
(Note that direct comparisons across these studies are not
Online customer identification procedures had the lowest
feasible because of differences in the samples used.) We
disclosure rates: Only 88 sites (23.1%) offered this type of
present the results from the study in Table 2.
statement. Nineteen sites (5.0%) explicitly stated that they
For individual types of privacy concerns, disclosure of never identified customers who access the site, 12 (3.1%)
practices related to unsolicited customer contact constituted
provided an opt-in alternative, 18 (4.7%) provided an opt-
33.6% (n = 128) of the current sample. Regarding the vari-
out alternative, and 39 (10.2%) stated that they identified
ous levels of privacy protection, 19 (5.0%) promised no
customers but did not provide any opt-out alternatives.
unsolicited contacts, 38 (10.0%) contacted only if requested,
With respect to methods of responding to security con-
60 (15.7%) provided an opt-out alternative, and 11 (2.9%)
cerns, 250 sites (65.6%) disclosed at least one of the three
stated that contacts would occur but did not give an opt-out
security-related practices described previously. Specifically,
alternative. The remaining 253 (66.4%) sites provided no
193 (50.7%) indicated that transactions were secure, but
information regarding unsolicited consumer contacts.5
I
50Of the 381 commercial Web sites in the sample, 88 did not allow a full Of the 293 sites allowing credit card transactions, 146 (49.8%) had some
purchase transaction-including payment by credit card-to be made over type of privacy statement. Disclosure figures for the individual types of pri-
the Internet. However, many of the sites stil allowed nonpayment communi- vacy concerns were 118 (40.3%) for unsolicited customer contacts, 102
cation of personal information, such as asking questions, joining mailing (34.8%) for customer information distribution, and 82 (28%) for online
lists, stating product preferences, and even online ordering with preshipment,
customer identification. Regarding security-related statements, 230
postshipment, or COD bil ing. Because these sites stil collect personal and
(78.5%) had some type of security statement, 192 (65.5%) communicated
some financial consumer information, many privacy advocates contend that the presence of secure transaction systems, 22 (7.5%) had online security
the online retailers should stil disclose privacy and security practices. guarantees, and 161 (54.9%) explicitly disclosed alternative payment
methods.
Nevertheless, we present in this footnote the aggregate privacy and security
figures for only those Web sites that allowed credit card transactions.
This content downloaded from 14.139.224.146 on Fri, 11 May 2018 16:04:04 UTC
All use subject to http://about.jstor.org/terms
Journal of Public Policy & Marketing 59
The Relationship Between E-Retailer Responses Limitations and Future Research Directions
and Consumer Perceptions Although the examination presented here is helpful for
To examine whether the prevalence of privacy and security understanding disclosure practices of online retailers, sev-
disclosures relates to consumer perceptions, we compared eral limitations should be addressed in further research.
the Web site examination detailed previously with a subset First, the rapid growth of the Internet and online shopping
of data from a March 1999 investigation of 160 Internet practices makes published research such as this dated by the
users.6 The data are from a pencil-and-paper survey used to time of publication. The examination of online disclosure
explore consumers' Internet usage activities and their per- practices should be an ongoing research effort, particularly
ceptions regarding online shopping. Among other items not with respect to how such practices may affect consumer per-
examined here, the questionnaire included purchase likeli- ceptions. A second limitation involves the measure of per-
hood and risk perception measures for 17 categories of ceived risk used in the consumer survey. More-specific
goods sold online at the time of the study; these categories measures of perceived risk would aid in understanding how
matched those used for the Web site examination. Purchase consumers perceive the various dimensions of risk with
likelihood for each category was measured with a seven- respect to online shopping. For example, various risk
point response item that asked how likely respondents were dimensions may be more salient depending on the product
to make Internet purchases for each shopping category and category that is being considered for online purchase.
was anchored with "very unlikely" (1) and "very likely" (7). Finally, instead of examining only perceived risk toward
Risk perception was assessed by asking how risky online general online shopping, specific assessments of risk regard-
purchases are in each category on a scale anchored with "not ing privacy, online retailer fraud, and the security of online
risky" (1) and "risky" (7). transaction systems would be helpful for understanding
To assess the expected relationships, the percentages of those aspects that may be influenced by online disclosures.
privacy- and security-related statements from the Web site There are several directions that future policy-related
examination (Columns 5 and 9 of Table 2) were compared marketing research can take to advance knowledge that will
with the risk perceptions and purchase likelihoods from the be beneficial to both consumers and businesses. For exam-
consumer survey at -the shopping category level. ple, much of the proposed legislation is targeted toward
Spearman's rank correlations were calculated for each pair mandatory disclosures of online retailers' collection, use,
of variables. and dissemination of consumer data. These disclosures are
Although the prevalence of privacy and security state- often seen by policymakers as necessary information tools
ments was expected to be negatively correlated with risk so that consumers can operate with more complete knowl-
perceptions, analyses showed no relationship for either pri- edge of retailer practices (Andrews 1998). The same disclo-
vacy (rs = -.06, n.s.) or security (rs = -.01, n.s.). However, sures may be seen by retailers as an opportunity to reduce
the percentage of privacy statements in a category was pos- consumer concerns regarding privacy issues. An approach
itively related (as expected) to category-level online pur- suggested by Milne and Boza (1999) uses concepts from
chase likelihoods (rs = .65, p < .01). Likewise, the percent- relationship marketing to focus online retailer responses to
age of security statements in a category was positively privacy and security issues so that these responses empha-
related to online purchase likelihoods (rs = .44, p < .05).7 size the development and improvement of trust between
marketers and consumers. Thus, instead of focusing on con-
Discussion cerns, the focus shifts to trust, which Milne and Boza
describe as a distinct approach to managing potential pri-
In addition to providing a comparison point with FTC-
related research, the present examination of commercialvacy issues regarding database management (cf. Milne and
Gordon 1993). Because the method or format of information
disclosures can affect consumer perceptions and behavior
(e.g., Sprott, Hardesty, and Miyazaki 1998), research that
examines how such approaches can satisfy new legislative
6Respondents were randomly solicited in a major international airport of
requirements would be helpful. Consumers would receive
a large U.S. city (the effective response rate was 84.7%). See Miyazaki and
Fernandez (2000) for survey details, including sample characteristics.
7In support of our previous suggestion that alternative ordering methods 8Although the prevalence of privacy- and security-related disclosures
may not be as effective in increasing online ordering as the other security was not found to be related to category-level risk perceptions, this may
information disclosures, the Spearman's rank correlation between alterna- have been an artifact of the diversity in the dimensions of risk that each
tive ordering methods and purchase likelihoods was nonsignificant (rs = product category may invoke. Considering that our one-item risk percep-
.06), whereas the correlation between the rate that either of the other secu- tion measure was generic, any such variance in the dimension of risk con-
rity statements appeared and purchase likelihoods was significant (r, = .65, sidered by consumers when responding to each category could have hin-
p <.01). dered the findings.
This content downloaded from 14.139.224.146 on Fri, 11 May 2018 16:04:04 UTC
All use subject to http://about.jstor.org/terms
60 Internet Privacy and Security
Bloom, Paul N., George R. Milne, and Robert Adler (1994), Folkers, Richard (1998), "Jimmying the Internet: Why the U.S.
"Avoiding Misuse of New Information Technologies: Legal and Encryption Standard Is Very Vulnerable," U.S. News & World
Societal Considerations," Journal of Marketing, 58 (January), Report, (September 14), 45-46.
98-110.
Foxman, Ellen R. and Paula Kilcoyne (1993), "Information
Brinkley, Joel (1998), "F.T.C. Surfs the Web and Gears Up to Technology, Marketing Practice, and Consumer Privacy: Ethical
Demand Privacy Protection," New York Times, (September 21), Issues," Journal of Public Policy & Marketing, 12 (Spring),
1,4. 106-19.
Briones, Maricris G. (1998), "Internet Innovations-and Privacy Goodwin, Cathy (1991), "Privacy: Recognition of a Consumer
Issues-Remain Marketing's Biggest Story," Marketing News, Right," Journal of Public Policy & Marketing, 19 (Spring),
(December 7), 1, 16. 149-66.
This content downloaded from 14.139.224.146 on Fri, 11 May 2018 16:04:04 UTC
All use subject to http://about.jstor.org/terms
Journal of Public Policy & Marketing 61
- and Mary Ellen Gordon (1993), "Direct Mail Privacy-Sprott, David E., David M. Hardesty, and Anthony D. Miyazaki
(1998), "Disclosure of Odds Information: An Experimental
Efficiency Trade-Offs Within an Implied Social Contract
Investigation of Odds Format and Numeric Complexity,"
Framework," Journal of Public Policy & Marketing, 12 (Fall),
206-13. Journal of Public Policy & Marketing, 17 (Spring), 11-23.
This content downloaded from 14.139.224.146 on Fri, 11 May 2018 16:04:04 UTC
All use subject to http://about.jstor.org/terms