IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000

395

Perils of Internet Fraud: An Empirical Investigation of Deception and Trust with Experienced Internet Consumers Stefano Grazioli and Sirkka L. Jarvenpaa

Abstract—How well can experienced Internet shoppers detect new forms of seller deception on the Internet? This study examines consumer evaluations of a real commercial web site and a fraudulent site that imitates it. The forged site contains malicious manipulations designed to increase trust in the site, decrease perceived risk, and ultimately increase the likelihood that visitors would buy from it. Besides measuring the consumer’s willingness to buy from the site, this study recorded the actual ordering of a laptop. Results show that most subjects failed to detect the fraud manipulations, albeit a few succeeded. The fraud has the effect of increasing the consumers’ reliance in assurance mechanisms and trust mechanisms, which in turn decrease perceived risk and increase trust in the store. The study confirms hypothesized relationships between purchase behavior, willingness to buy, attitudes toward the store, risk, and trust that are consistent with other trust models found in the literature. Past research is augmented by showing that perceived risk and trust interact in their effects on consumer attitudes, by distinguishing between the notions of assurance and trust, and by identifying the effects of perceived deception on risk and trust. Overall, the study sheds light on consumers’ vulnerability to attack by hackers posing as a legitimate site.

I. INTRODUCTION

I

MAGINE: you are on the Internet, shopping for a particular good or looking for information on a topic of interest. As you browse, you find a link that bears either a familiar company name, or perhaps the description of exactly what you were looking for. As you click it, the link diverts you away from the site you are seeking and brings you into a “parallel web,” one where the sites are not what they purport to be, but are faithful reproductions of the original sites. These reproductions are created by hackers to observe your behaviors, steal information about you, and damage the reputation of the original sites by inserting inappropriate content and by not executing purchase orders placed through the cloned sites. You might not even notice that you’re not where you believe you are. After a while, you are ported back to the “true” web, completely unaware of what has happened. Science fiction? Think again. This Internet fraud scheme, called “page-jacking,” is estimated to have affected 25 million

Manuscript received November 11, 1999; revised March 22, 2000. This paper was recommended by Associate Editor C. Hsu. S. Grazioli is with the Department of Management Science and Information Systems, University of Texas at Austin, TX 78712-1175 USA (e-mail: [email protected]). S. L. Jarvenpaa is with the Center for Business, Technology, and Law, Department of Management Science and Information Systems, University of Texas at Austin, TX 78712-1175 USA (e-mail: s[email protected]). Publisher Item Identifier S 1083-4427(00)05145-6.

pages, or 2% of the total pages on the web [47]. There are signs that the occurrence and damage of consumer deception is increasing with the growth of Internet commerce. The public sensitivity to the issues of Internet business misconduct is on the rise [57]. The Internet Fraud Watch, a site sponsored by a consumer league with ties to the U.S. government, receives an average of 1000 fraud reports per month [30]. Examples of deception include purchasing defective or nonexisting goods [62], investing in underperforming securities [59], and paying in advance for services that will never be rendered [50]. Security technologies, such as encryption and digital certificates, are designed to avoid third-party tampering and eavesdropping and help protect the privacy and integrity of the communications between parties. However, these technologies are not the only area that requires the attention of practitioners and researchers interested in e-commerce. To an extent, the Internet security technologies may even create a false sense of safety, since on-line consumers may have 100% secure communications with a dishonest merchant. Internet consumer deception—a term that includes the narrower legal concept of “consumer fraud”—is defined as the malicious manipulation of information presented on the Internet for the purpose of inducing on-line consumers to act in ways that unfairly benefit the provider of the manipulated information (i.e., the seller). The key word in the definition is “unfairly”—emphasizing that consumers are subject to harm or injury without counterbalancing benefits. The specific nature of Internet technology makes it difficult to evaluate the trustworthiness of a merchant because it lowers the cost of sending market signals and levels their quality. On the surface, an untrustworthy site may look just as glitzy and just as legitimate as Microsoft’s or IBM’s. The consumer’s inability to discriminate a fraudulent site from a legitimate site is a serious problem for the sustained viability of Internet commerce. The damage done by even a minority of opportunistic merchants may have far-reaching consequences. The Internet might become the next “lemons market”: in an environment where it is difficult to tell the difference between good and bad products, the bad ones poison the market and drive away the good products and eventually the consumers [1]. Alternatively, the increase in the occurrence of reported cases of fraud might encourage governmental regulation and oversight mechanisms which may in turn increase the cost of doing business online and decrease the channel’s competitiveness. Furthermore, an increase in the occurrence of consumer deception might increase the entry barriers to new businesses. Less well-known businesses may be

1083–4427/00$10.00 © 2000 IEEE

396

IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000

perceived as riskier, more deceptive, and less trustworthy, which will result in conferring an advantage to incumbent companies and possibly decreasing competition in the channel. This paper explores the following research question: Are experienced Internet consumers able to detect Internet deceptions? More specifically: Are they able to detect manipulations that are somewhat unique to the Internet and are aimed at increasing the level of consumer trust and assurance in the site even if they introduce strong internal inconsistencies as well? What are some of the mechanisms by which these manipulations affect perceived risk and trust in the site? Trust is defined here as the expectation that the promise of another can be relied upon and that, in unforeseen circumstances, the other will act in the spirit of goodwill and in a benign fashion toward the trustor [28]. By contrast, assurance exists when the seller will not cheat because of the fear of penalty [61]. The next section develops the conceptual background, the model, and the hypotheses that we developed to investigate the research question. The methodology designed to test the hypotheses (a lab experiment) and the statistical analysis of the data is discussed in the Section III. A discussion of the results and their limitations follows. II. CONCEPTUAL BACKGROUND This section begins by reviewing Cosmides and Tooby ’s “Social Exchange” theory [10]. Social Exchange Theory focuses on how individuals detect forms of ‘cheating’ in social interactions and is used here to provide conceptual underpinnings for understanding how consumers may detect instances of deception that are found in Internet commerce. Next, we highlight a few instances of Internet deception, including Internet “page-jacking.” Lastly, we introduce a model of Internet consumer behavior that relates the concepts of perceived deception, trust, and risk. A. Deception and Social Exchange Theory Cosmides and Tooby’s Social Exchange Theory is rooted in a growing body of research that argues that human information processing is tuned to the demands that originate from social interactions (e.g., [66]; [10]; [12]; [6]; [8]; [40]). Examples of these demands include the need to predict the intentions of adversaries ([64]; [29]; [16]; [31]), and the need to reason about permissions, obligations [8], and social exchanges [11]. Social Exchange Theory focuses on the detection of “cheating” in ‘”ocial exchanges.” A social exchange is broadly defined as an interaction in which one party is obligated to satisfy a requirement of some kind, usually at some cost, in order to receive a benefit from some other party. “Cheating” is the violation of the social contract and consists of taking the benefit without satisfying the requirement. The structure of social exchange encourages individuals to develop knowledge that allows for detecting efficiently and effectively whether someone is “cheating” them [10]. A series of laboratory experiments (e.g., [27]; [12]) have found that this detection knowledge can be general enough to enable efficient detection of instances of cheating that are unfamiliar, or that have not been encountered before by the detector.

In general, deception is hard to detect [21]. It has been argued that the likelihood of successful detection is dependent on its frequency of occurrence: the more frequent the occurrence of a deceit, the more likely the victims are to learn how to circumvent it ([45]; [1]). Yet, successful detection has been observed even in domains where the frequency of occurrence of the detection of deception is low [36]. To explain this success in unfamiliar or novel situations, it has been proposed that individuals apply to novel situations what they have learned about deception in the course of their daily lives [7]. From exposure to a variety of instances of deception and its detection across domains and experiences, individuals extract a small number of schemata1 describing general tactics for deceiving others, as well as a corresponding set of schemata describing general ways to detect that one or more of the tactics are used by others against them. Work by Dennett [16] and Johnson et al. [35] has proposed that potential victims solve the problem of detecting deception by identifying anomalies in the environment that has been manipulated by the deceiver, and by interpreting these anomalies in the light of the deceiver’s adversarial goals the deceiver’s possible actions. The diffusion of Internet transactions has opened a new forum for performing social exchanges as well as new opportunities to cheat. As the agents involved in Internet transactions do not have established psychological histories, we can expect that they will attempt to fall back to what they know from previous experiences with similar transactions, and in particular the physical counterparts of these transactions. Accordingly, we expect to observe Internet variation of well-known deception schemes, such as pyramid schemes, phony IPO’s, scholarship scams, deceptive travel programs, false weight-loss claims, questionable business opportunities, work-at-home schemes, prizes and sweepstakes, and credit card offers [23] More interestingly, however, the intrinsic nature of the Internet medium seems also to enable novel forms of deception, which were previously virtually impossible to execute. Pagejacking—the focus of this study—is a fraudulent scheme that does not have an obvious equivalent in traditional channels. Page-jacking consists of redirecting a browser from the target location intended by the user, to another location determined by the deceiver. A particularly pernicious form of page-jacking occurs when the unsuspecting user is redirected to a location difficult to distinguish from the intended site. Users who believe that they are interacting with a friendly site, not the one to which they are actually connected, may behave in ways that are rather inappropriate. For instance, a user might believe that she is accessing her bank account on her bank web site, while in fact, she is revealing her username and password to a hacker site that is posing as her bank. In addition, if, after stealing the information, the site simulates a system glitch, reconnects the user to the true 1Readers more familiar with traditional attribution theory and the work by Kelley may find similarities between the schemata describing the deception tactics and the “causal schemata” described by Kelley [41]. Kelley’s schemata are abstractions from experience that we extract to interpret the environment, inclusive of other agents and ourselves. According to his theory, schemata are particularly useful when available information is insufficient, unclear or derived from an infrequently occurring event [25], which is the case when a potential victim attempts to explain an identified anomaly that results from the deceit.

GRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD

site, asks her to re-enter username and password, and therefore establishes a true session with the bank, there is a good chance that she will never know about the theft. Page-jacking is an innovative scheme because the Internet medium makes it relatively easy and inexpensive to simulate web sites owned by others (a “mimicking” tactic [35]), which was virtually impossible (or at least much harder) to implement in the physical world. According to the arguments proposed above, one might suspect that consumers will be particularly susceptible to be victimized by page-jacking. Its relative novelty implies that consumers cannot tap into previous (non-Internet) experiences with similar schemes. The lack of similar experiences means that there is little or no basis for learning how to detect it, which lead us to hypothesize that even relatively Internet-savvy consumers will have a high average rate of failure at detecting this specific form of deception. We also hypothesize that frauds designed to engender trust in the malicious merchant, and mask his/her opportunism by giving a sense of normality (“business as usual,” acceptable risk) are most difficult to detect. That is, Internet deception is most perilous when the deceiver has constructed an environment (e.g., website) that engenders trust and assurance in the relationship between the consumer and the deceiver. The next subsection will examine the concepts of trust and risk and describe a model of consumer behavior that relates perceived deception, risk, and trust. B. Trust and Trust Building Kramer [44] defines trust as “a state of perceived vulnerability or risk that is derived from individual’s uncertainty regarding the motives, intentions, and prospective actions of others on whom they depend.” Although acknowledging that trust can include affective and social components, we shall focus on the cognitive processes of trust and view trust as a choice process. Choice can depend on a calculative rationale or can be based on heuristics (e.g., “everything is in proper order”) when interpreting motives and actions of other individuals. In particular, trust in a target is expected to be high when there is an expectation that the target behaves as expected without the presence of any monitoring or surveillance [5]. Mayer et al. [51] proposed a general model of trust as a dyadic relationship between trustor and trustee. Although this model assumes that the target of trust is an individual, other researchers have argued that individuals can also hold expectations about the motives and behavior of a group or an organization [69]. In this paper, we consider a situation where the trustor is a consumer who reaches a web store about which he/she has no prior knowledge; the trustee is a website that sells goods and services on the web. The consumer has neither prior knowledge about any of the store’s characteristics, nor has visited the site before or has had the opportunity to observe directly the seller’s behavior in terms of order confirmation, delivery, after sales support, and so forth. Rather, the consumer is making a judgment of the merchant’s trustworthiness based on the situational information that he/she gathers from the web site. Zucker [70] presented three different modes that produce trust. The first mode pertains to the characteristics of the trustor (buyer) and trustee (seller). The characteristics of the trustor (buyer) are general dispositions. That is, we assume

397

that individuals have deep-seated tendencies with which they are born or to which they are socialized early in life and that make them either trust or not trust others. The characteristics of the trustee (seller) refer to the buyer’s beliefs in the integrity, ability, and benevolence of the seller. The second mode is the process mode and relates to the trustor’s experience and direct interactions with the trustee. Trust increases over time as the trustor accumulates information about the seller through repeated encounters. The third mode is called the institutional mode and relates to established guidelines, either legislative or unwritten, and the expectation that if the trust is violated, penalties are forthcoming. McKnight et al. [52] developed a model of initial trust formation and emphasized that in new relationships there is no interaction with which to support the process mode. In first-time encounters, trust is largely based on the characteristics of the trustor, assumptions made about the traits of the trustee, and the institutional factors. C. Perceived Risk and Uncertainty Risk refers to a consumer’s perceptions of uncertainty and adverse consequences of engaging in an activity [20]; [44]. When risk is present, trust is needed before a buyer is willing to transact with a seller. The greater the negative consequences that a buyer faces from the seller’s failure to act trustworthily (i.e., the higher the risk), the higher the need for trust. Conversely, if there is nothing to risk, there is no possibility for exploitation, and consequently there is no need for trust [42]. Risk presents a “test of trust” (Dasgupta, 1988). Perceptions of risk have been found to be higher when consumers purchase products through direct rather than in-store channels [58]. This is because the consumers lose the ability to engage in direct observation of the seller behavior. More generally, the specific characteristics of the Internet arguably increase both perceived and substantive risk via a variety of mechanisms: for instance, the Internet reduces and in many cases eliminates face-to-face interactions between sellers and consumers; lowers the market costs of new entrants, possibly increasing the number of fly-by-night operations and making it harder to separate legitimate businesses from con men. In addition, the Internet allows firms from different legal and regulatory environments to present their offerings without a strong international legal and consumer protection system. The possibility that a seller withholds information about the quality of a product or service, or about the performance of a company, is a source of risk for potential buyers. Yamagishi et al. [67] refer to this situation as “social uncertainty.” Social uncertainty exists when 1) the seller has an incentive to act in a way that imposes costs (or harm) on the consumer; and 2) the buyer does not have enough information to predict if the seller will in fact act in such a way. Uncertainty increases when the buyer cannot observe the quality of the product or the performance and is therefore dependent on information that is provided by the seller. These conditions characterize many service and product transactions on the Internet and can lead to the classic lemon problem [1]. Buyers cannot tell the real quality of the merchandise displayed on a website. Furthermore, the seller has an incentive to act dishonestly because the buyers’ knowledge

398

IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000

Fig. 1. Model of Interent consumer behavior.

of the possibility of getting a lemon depresses their price offerings, hence reducing the incentive for the seller to sell quality merchandise and providing an incentive to sell lower quality merchandise (i.e., the lemons). In situations where the sellers have incentives to act dishonestly, the less information the buyer has about the seller’s real intentions, the higher the need for the buyer to trust the seller. Kollock [43] examined trust in exchange relationships with varying levels of uncertainty. He found that people in the “high uncertainty” condition rated their trading partners’ trustworthiness higher on average than did people in the low uncertainty conditions (“certain” condition). Moreover, people in the high uncertainty condition rated their best trading partner exceptionally high on trust, much higher than those in the certainty condition. Overall, it was found that high social uncertainty is conductive of exchange relations only with the most trusted parties. D. Consequences of Trust The importance of trust in exchange relationships has long been noted by marketing researchers (e.g., [26]). In consumer product channels of distribution, trust has been found to impact attitudes, purchase intentions, and purchase behavior ([13]; [26]; [53]). One of the most valuable consequences of trust is the spontaneity in forming new exchange relationships [44]. Trust “plays the role of a booster rocket that helps one to take off the secure ground of committed relationships” [68]. Trust is the social lubricant that facilitates the meeting of consumers and unfamiliar firms on the Internet. Web stores that engender trust not only can improve the consumers’ attitude toward shopping at the store, they can also moderate the relationship between risk and attitudinal orientation of

the consumer toward the website. That is, the effect of risk on attitudes toward a seller is mitigated because trust generates confidence that a consumer can deal with the seller successfully regardless of the potential negative consequences [14]. This happens because trust creates confidence in the buyer and this confidence might allow a consumer favorably consider a high-risk purchase situation. When trust is high, risk considerations have less of an impact on the formation of attitudes about the site. Positive attitudes are expected to promote both purchase behavior and reported willingness to shop. Fig. 1 presents a model of consumer behavior that relates deception, risk and trust. We do not expect the fraud to directly affect the consumer purchase behavior or the declared willingness to buy. Rather, we draw from the Theory of Reasoned Action [24], and assume that the buyers’ beliefs about a site affect the buyers’ attitudes toward the site. Attitudes are either favorable or unfavorable evaluations of the site. Attitudes toward the site in turn influence behavioral intention (i.e., willingness to buy), and behavior (i.e., actual purchase). Hence, we formally hypothesize that purchase from a web store depends on the consumer’s attitude toward the web store (hypothesis H1a). Also, willingness to buy from a web store depends on the consumer’s attitude toward the web store (hypothesis H1b). In turn, consumers’ attitude is determined by trust (hypothesis H2a) and perceived risk (H2b). Finally, trust moderates the relationship between risk and attitude (H2c). E. Assurance Mechanisms and Deception Assurance mechanisms are designed to reduce the seller’s incentive for opportunism. In a sense, assurance mechanisms allow the consumers to give up control without losing control

GRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD

[61]. Assurance mechanisms deal with conditions that reduce the probability of deceitful behavior or increase the penalty for detected opportunistic behavior. Here we examine four forms of assurance mechanism: seals, warranties, news clips, and physical location. The use of third-party seals is a form of structural assurance. An Internet seal is a means of authenticating the identity of a site and of assuring that the site possesses some desirable property (e.g., high security standards) that has been verified by a trusted third-party. For instance, the “CPA WebTrust” Seal issued by the American Institute of CPA symbolizes that a CPA firm has audited the web site and that the outcome of the audit has been satisfactory. AICPA Internet audits are performed at regular intervals of time (as short as 90 days) and cover business practices, accounting controls, and information privacy protection. Another example is the seal made available by the Bureau of Better Business. The “BBBOnLine” seal attests that the company owning the site has been in operation for at least a year, has agreed to BBB advertising standards, and is a BBB member. In addition, information on the company and complaints raised against it can be easily obtained at the BBB site. Other examples include the “SureServer” seal by Wells Fargo and the “SecureSite” seal by Verisign. These seals indicate that the site displaying it adopts up-to-date security technology and is registered with either the bank or the Internet Company. Seals are based on digital certificate technology. A seal assures consumers of their expectations regarding the other party’s behavior. Theoretically, seals should allow the seal-sponsoring organizations (certificate authority) to act as “go-betweens” in new relationships between the consumer and seller. A consumer should be able to transfer the confidence they have in the seal-sponsoring organization to the seller [18]. McKnight et al. [52] noted that structural assurances can also be effective from a cognitive consistency perspective. The consumer can infer that the seller will probably act in conformance with the seal because the site has gone through the trouble of obtaining and displaying the seal. Marketing researchers have studied the impact of third-party certification seals since 1950. Taylor [63] found no effect, but Parkinson [56] found a strong effect, suggesting that seals’ longevity of exposure might have an effect. Moreover, Parkinson found that consumers attributed a great deal more meaning to the presence of seals than what was justified (e.g., consumers incorrectly believe that certain seals mean that the endorsed products had been laboratory tested). Studies in later years found that seals had a positive effect on the reputation of new companies that were unfamiliar to consumers [46] or dealt with products unfamiliar to the consumers [38]. A positive impact was found if the sponsoring organization was a professional organization or an independent testing organization rather than a government ([60], [49], [9], [38]). Although several studies report that seals are considered believable, they also seem to report a decline in the comprehension of seals. Recent work by Beltramini and Stafford [4] found that consumers do not know what seals represent and do not use them in assessing the believability of advertising claims. The fundamental problem identified by Beltramini and Stafford was that the seal-sponsoring organizations had no readily

399

accessible mechanisms to inform the public what the seals meant. Something that is relatively easy to do on the Internet. Warranties are another form of safeguard or safety net. Warranties can be legally enforced. In certain industries, such as computer manufacturing, warranties are expected by the consumers. Companies are expected to stand behind their products. Potential harm on a company’s reputation or court litigation should reduce the incentive to act dishonestly with respect to warranties. Research reports mixed effects of the warranties on product attitudes—some providing positive effects on reliability and quality ([39], [65]) and other reporting no effects on product attitudes, risk, and intention to buy ([19], [22]). News clips are also a form of a structural assurance like seals and warranties. News clips provide third-party endorsement albeit less independent than seals. Consumers use news services and trade magazines as “second-hand” knowledge on others with whom they interact. The assurance effect of news clips is, however, less straightforward than seals and warranties. Many publications are known to be partial and tend to make only partial disclosures of what is paid advertisement and what is independent review. Moreover, the effect of the news clips is likely to depend on the reader’s association with the magazine itself. Finally, news clips provide less of a legal recourse than seals and warranties. Still, sellers might be expected to try to live-up to the descriptions in the news magazine out of fear of getting a bad reputation or public sanction. Physical location also provides structural assurance. Physical presence refers to investments in physical buildings, facilities, and personnel. Greater resource investments might be interpreted to mean more stable relationships and business with other consumers and greater commitment by the seller to their current business. Commitment in turn should provide assurance to the consumer that the retailer will stay in business for some time. Physical location conveys what McKnight et al. [52 ] call “situational normality.” Situational normality involves a properly ordered setting that appears likely to facilitate a successful interaction. A building helps convey professional appearance, prosperity, and security. These attributes can assure customer of the reduced risk in engaging in a transaction. Assurance mechanisms are a form of control mechanism that reduces the likelihood of the seller taking advantage of the consumer and are therefore expected to reduce the level of risk perceived by the consumer. Hence, we hypothesize that the level of perceived risk is determined by the presence of assurance mechanisms (seals, warranties, news clips, and physical location) (hypothesis H3a [see Fig. 1]). However, if a consumer suspects that the assurance mechanisms themselves have been maliciously manipulated, we expect that the influence of these mechanisms on perceived risk will be increased. That is, we expect that the perceived deceptiveness of the web store moderates the relationship between assurance mechanisms and risk (H3c). Furthermore, we expect that this perception of deception directly influences the perceived risk of the web store (H3b). We expect that perceived deception increases the strength of the relationship between assurance mechanism and reduced risk. This is explained by the confirmation bias that suggests that people tend to heed information that is consistent with their prior beliefs (Fiske and Taylor, 1984). Experienced Internet shop-

400

IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000

pers are expected to have relatively strong beliefs of the general safety of shopping on the Internet. A high level of perceived deception will cause people to pay more attention to assurance mechanisms. The greater attention to structural safeguards will make them more convinced of any validating information that the site is secure to do business with. Hence, we expect perceived deception to result in consumers seeking cues about safeguards. Finding validating information on assurances and penalties will confirm their beliefs and will help people assure themselves that “things are okay.” Even a slight effort at confirmation has been found to over inflate one’s confidence that reduced risk is warranted [52]. F. Trust Mechanisms and Deception Trust mechanisms convey benign and goodwill intent by the seller. That is, trust mechanisms engender a belief that a seller will act in the interest of the consumer and hence make the consumer willing to be vulnerable to the actions by the seller. We examined three forms of trust mechanisms: seller reputation, customer testimonials, and seller size. Reputation is the extent to which buyers believe a seller is honest and concerned about its customers [18]. Reputation conveys information about the seller’s past performance with other buyers. To establish a good reputation, the seller is assumed to have refrained from questionable behavior in the past. Reputation captures the estimation of the seller’s willingness and ability to perform an activity in a consistent fashion [48]. Firms with good reputation are known to be reluctant to jeopardize their reputation assets. Hence, reputation helps to estimate the motives of the merchant in future exchanges and hence should build consumer trust in the seller. Customers testimonials similarly can help convey to the consumer the seller’s concern for the consumers in general and the seller’s willingness and ability to transact in a trustworthy manner. Customer testimonials might also promote trust building based on stereotyping. According to McKnight et al. [52], people tend to infer a stereotype from one or two positive attributes of the target and carry it over to other attributes of the target, including trust. Positive stereotyping can quickly form positive trusting beliefs about other individuals. Positive statements by other customers on factors other than trust tend to color other perceptions and inferences about the other site characteristics such as trustworthiness, particularly early in the interaction with the web site. Customer testimonials can be seen as a form of consensus information, a topic that has been examined by researchers in social cognition [25]. Research in this field has shown that when information about an issue is poor or ambiguous, people are especially susceptible to social influence, albeit the results of studies on consensus typically show that people use consensus information in complex ways [25]. For instance, testimonials that that are detrimental to a product might influence individuals more than positive information about the product. Large organizational size suggests that other buyers trust the organization and conduct business successfully with it. Large size also signals that the seller has made investments in customer services [18]. Larger stores might also be considered by customers to have been around longer. That is, the larger the

store, the longer it is perceived to have consistently fulfilled its promises and more likely it is to do so in the future. Hence, trust mechanisms are expected to increase the level of trust perceived by the consumer. We hypothesize that the level of trust is determined by the presence of trust mechanisms (reputation, customer testimonials, and size) (hypothesis H4a—see Fig. 1). As we argued above for perceived risk, we also speculate that trust is affected by the perceived deceptiveness of the site (H4b) and that perceived deceptiveness moderates the relationship between trust mechanisms and risk (H4c). We expect perceived deception to reduce the strength of the relationship between trust mechanisms and trust (H4c) because the suspicion that the trust mechanisms may have been intentionally manipulated is likely to decrease the reliance on them. Many have noted the fragile nature of trust ([3], [54], [52]). “Trust is easier to destroy than create” [44]. Trust erodes when it is clear that the other party has multiple, particularly adversarial, motives [17]. According to McKnight et al. [52], trust will be fragile at the start of any exchange relationship because trust at that point is based less on evidence of trustworthy behavior than on lack of contrary evidence. As behavioral evidence cumulates, it quickly replaces the illusions of indirectly obtained information. When the other party is a seller previously unknown to the consumer, suspicion of other motives might be triggered by forewarnings that a party might be untrustworthy or by situational cues that suggest that the seller might have ulterior motives. This might suggest that even small contradictions or inconsistencies in the seller’s claims should reduce the effect of trust mechanisms on the consumer trust in a seller. Finally, we expect that the fraud will have the effect of increasing the credibility of the assurance mechanisms (H5a) and the trust mechanisms (H5b). This is because attributes of the fraudulent site are deliberately manipulated to increase the perceived presence of the assurance and trust mechanisms. The greater presence is expected to result in individuals to notice, study, and believe these mechanisms. III. METHOD The hypotheses described above were evaluated by means of a laboratory experiment. This section introduces and discusses the subject sample, the experimental design, the measures, and the models used to test them. A. Subjects Eighty MBA students from sections of an IT class taught at a major U.S. university participated in the experiment (58 males and 22 females). Subjects were volunteers. As an incentive for their participation, each received a 5% chance of winning $100 and the opportunity to share the research results with the authors in a restricted-attendance meeting. All subjects—with one exception—owned a laptop (an academic requirement at the research site) with advanced networking capabilities. On average, the subjects have been using the Internet for about four and a half years; 97.5% of them have bought on-line at last an item and 41.1% buy over the net at least once a month.

GRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD

B. Experimental Task All subjects were asked to assume that a friend of theirs (“Tom Dexter”) has decided to buy a used laptop because the one he owns is broken. Tom has identified a web site that sells used laptops, and has selected one machine that suits well his needs (a Compaq 5100). He has made up his mind about the laptop he wants, but not about buying it on-line. So, he is asking the subject for a “second opinion” on the site. If the subject feels comfortable with the site, he/she is also asked to purchase the laptop by using Tom’s credit card and personal information. The full text of the scenario is presented in Appendix A. The subjects visited the site using their own laptops. If they felt comfortable, they also purchased the laptop using the site’s secure on-line order entry facility. After that, the subjects were instructed to minimize their browser windows and to perform four additional steps: 1) fill out the first part of a questionnaire; 2) go back to the site, purchase the laptop if they had not done so already; 3) examine five specific features of the site (seals, news clips, etc.), if they had not done so already;and 4) fill out the rest of the questionnaire. The task was performed at the University, under the supervision of the researchers. No time limits were imposed on completion. In general, the task took about one and a half hours to perform. Network connections were fast and reliable. The scenario and task used in the experiment have several properties that make it attractive in terms of experimental realism: 1) The site is a real commercial site that agreed to collaborate in the study. The Compaq 5100 laptop mentioned in the scenario was actually in their inventory. The site agreed to process the entry of the orders placed on behalf of Tom Dexter as any other order. 2) The purchase price is significant enough to plausibly warrant the need for a second opinion, given that the site does not enjoy a well-known name; 3) Subjects are familiar with the purchased merchandise. They own laptops and they use them professionally on a daily basis. More than half of the subjects have purchased three or more computers in their lifetime. Almost all subjects purchased their current laptop on line. 4) At the research site, several instances of broken or stolen laptops have occurred. C. Design and Manipulations Participants were randomly assigned to one of two conditions. Half of the subjects accessed the real commercial site, and the other half accessed a copy of the site forged by the experimenters2 . The forged site is hosted on a different server and contains several malicious manipulations designed to increase 2In either conditions, the students accessed the same url using their own browsers. For the subjects in the ‘forged site’ condition, the browser requests were systematically diverted to another server, hosting the forged site. The mechanism was transparent to the users. Access time to the real and forged site was fast and virtually undistinguishable.

401

trust and decrease perceived risk of the site, and ultimately increase the likelihood that visitors would buy from it. The forged site was built from a copy of the original site. Six modifications were made to the real site for the purpose of including a variety of assurance and trust-building mechanisms. The specific modifications were developed from either previous research (Jarvenpaa et al., 1999; Jarvenpaa and Tractinsky, 1999), from official documents (e.g., Federal Trade Commission releases) and practitioner press. 1) Seal: a well-known third-party seal (Bureau of Better Business) was accurately reproduced and inserted in the home page of the fraudulent site. The third-party seal was linked to a faithfully reproduced report by the BBB that stated that the company’s business record is satisfactory. The forged URL of the report suggested that the report was stored on a BBB server. The report was itself linked to a variety of authentic BBB resources. 2) Warranty: the warranty offered by the store was modified so as to make it extreme (e.g., complete refund, no question asked, no time limit). 3) News clips: False quotes from professional magazines were created. The quotes stated that the site was excellent both by itself and by comparison with the competition. The quotes had links to the actual web sites of the quoted magazines. For instance: “Used Laptops.com ranked above Laptopcloseout.com, Innovative computers,... and Laptops for Le$$ www.getadeal.com Mobile computing magazine, May 1998—www.mobilecomputing.com “Used Laptops.com prices are ‘rock bottom’.” Computer Shopper, Jan. 1997—computershopper.zdnet.com 4) Physical location: a generic picture of a store was inserted in the site with a caption that identified it as the company’s store, together with a randomly selected Seattle address. The real company has no physical store. 5) Size: the site size and sales were grossly exaggerated (by one order of magnitude): “Our company has been in business over 5 years, serving over twenty-five thousand customers.” [The words in boldface here were in boldface and in high-contrast color] 6) Customer Testimonials: Existing endorsements from customers were substantively inflated by adding hyperboles and taking out negative comments. Made-up names and domiciles (city) were added when missing or incomplete in the original site. “We did receive the two laptops on 1-21-99 in great shape: they looked brand new! Thank you again for the extraordinary service and care in sending these laptops to us. It was much appreciated. If we need anything else we will call on you again. Pam Allman, Paris, PA”

402

IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000

TABLE I DESCRIPTIVE STATISTICS FOR THE MAIN CONSTRUCTS

D. Detectability of the Deception The fraud could have been detected by identifying one or more of the following inconsistencies: 1) Seal: exploration of the BBB site leads to their searchable database. Searching for the name of the company reveals that the company is not registered with the BBB and there is no report on them. 2) News clips: following the links to the magazines and searching the databases of article reveals that the quoted articles do not exist. 3) Testimonials: one person (same name and address) is quoted twice. 4) Size: based on the information presented above the stores should be selling approximately fourteen computers a day, 356 days a year. The store current inventory includes only five computers. 5) Physical location: The picture does not contain any identifiable sign. The store address is in Seattle, WA while the store phone number has a California area code. 6) Warranty: the warranty is simply too good to be true. For instance, no expiration date is specified. E. Measures A questionnaire using 7-point scales was employed to collect measures for the main constructs and several control variables. Whenever possible, items from previous published research were employed. Occasionally, the items were modified to adapt them to the specific experimental context. Appendix B contains the final items used for the constructs. Table I presents the main constructs in the study, descriptive statistics and a measure of reliability (Cronbach’s alpha). No alpha was less than 0.85 for the main constructs and 0.63 for the control variables. Factor analyzes were conducted to verify that the items included in each construct load in a consistent fashion and without strong cross loading. The values for the constructs

and the control variables were computed as the mean of the ratings assigned to the items associated with each construct. Purchase behavior was measured by asking the subjects whether they had placed the order for the laptop (yes/no answer). Measures of willingness to buy from the store were derived from Jarvenpaa et al. (1999) and Jarvenpaa and Tractinsky (1999). Four items asked to evaluate the likelihood that the subject would “consider” buying from the store; the likelihood to “buy,” to “return” to the store, and the likelihood to “tell a friend about the store”. A fifth item, asking to evaluate the likelihood of making “a good bargain” was dropped because of inconsistent loading. Measures of positive attitude toward shopping at the store were culled from Jarvenpaa et al. (1999) and Jarvenpaa and Tractinsky (1999). Subject were asked to agree that they “like” the idea of shopping at the web store, and that is an “appealing” or “good idea” (three items). The questionnaire included nine measures of trust, taken from Jarvenpaa et al. (1999) and Jarvenpaa and Tractinsky (1999). Subjects were asked to agree with the statement that the store is “trustworthy,” “keeps its promises and commitments,” “keeps its customers’ best interest in mind,” and “can be relied upon.” Three items (the store “has good intentions,” “cares about doing things right,” and “will do a good job at handing any problems that might arise”) were dropped as they aligned to form a second factor, possibly due to method bias (the three items were the last three of a list of 20). Finally, two items: “I find it necessary to be cautious with this store” and “this store might not keep its promises and expectations” were dropped because they cross-loaded with measures of perceived risk. Risk perception was measured by three items as found in Jarvenpaa et al. (1999) and Jarvenpaa and Tractinsky (1999). Risk items asked subjects to characterize the decision to buy at the store as either an “opportunity” or a “risk,” a “high potential for loss” or a “gain,” and a “positive situation” or a “negative situation.” The last item cross-loaded with attitudes toward the store and was dropped. Examination of the loadings also suggested to include an item dropped from another construct: “I feel that ordering the laptop is risky.”

GRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD

Perceived deception was measured by asking the subject to evaluate the extent in which they felt that the quality of information about the store is “accurate” versus “misleading,” “truthful’ versus “deceptive,” and “factual” versus “distorted” (three items). These measures were found in [55]. As with other items, responses to these items were summed to form a single measure of perceived deception where higher scores indicate greater levels of perceived deception. Perceived reliance on assurance mechanisms was measured by scales that asked subject to evaluate how “believable,” “convincing,” and “impartial” were the third-party seals and items), and how the news clips provided by the site ( “believable,” “convincing,” and “fair” (three items) were the warranties. The items were adapted from [4]. In addition, two items asked whether the store had a physical presence (two items). Physical presence items were constructed for this study and are presented in Appendix B. Perceived reliance on trust-building mechanisms was measured by asking subject to evaluate how “convincing,” “believable,” and “biased” (three items) was the information about company size, and how “convincing,” “believable,’” and “impartial” were the customer testimonials (three items), and to assess the “good reputation,” of the store (two items), how “well known” it is, and whether is has a “good name.” These items were adapted from [4]. Control variables include attitude toward computers, toward web shopping in general, and attitude toward risk. Positive attitude toward computers was measured by asking the level of agreement with statement describing how subjects “enjoy” computer use as “fun,” and “interesting” (Jarvenpaa et al., 1999; Jarvenpaa and Tractinsky, 1999). Attitude to trust Internet stores was measured by asking the subjects to agree with statement that “most sites” are “honest,” “can be counted on,” and “tell the truth.” These items were constructed for this study. Positive attitude toward Internet safety was the target of three items measuring the level of agreement with feeling “safe completing commercial transactions over the Internet,” with the statement “the Internet is secure,” and “it is best to avoid shopping from the Internet” (reversed scale). Positive attitude toward virtual stores was measured by assessing agreement that “buying from web-only stores is more risky’” (reversed scale), “may cause more problems than buying from sites that do have a physical store,” and it is “risky” (both reversed scales). These items were specifically developed for this study. A variety of demographic information were also collected. The main analysis was conducted by means of linear regressions, specified by the model presented in Fig. 1. The sample makes the use of structural equation modeling size techniques not viable (Kline, 1998). IV. RESULTS The order of presentation of the results corresponds to the order in which the hypotheses are discussed in the theory section. We begin by presenting evidence that most of our subjects were not able to detect the page-jacking fraud. We then present results on the determinants of their purchasing behavior. We expect to find that the consumers’ attitude toward shopping at the

403

store affects their purchase behavior and their willingness to buy. Risk and trust are expected to affect the attitudes toward shopping at the web store, with trust moderating the effect of risk on attitudes. Perceived deception is expected to affect trust and risk, and to moderate the relationship between trust and the trust mechanisms, and risk and the assurance mechanisms. Trust mechanisms included in the deceptive manipulation are expected to increase consumers’ trust in the web store, and assurance mechanisms are expected to reduce the consumer’s perceived risk of buying from it (see Fig. 1). A. Detection Success The data suggest that most of the subjects were not able to detect the page-jacking deception. Only eight individuals out of a sample of eighty believed that they were visiting a fraudulent site. Of these eight cases, seven are correct detections (i.e., rating the forged site as highly deceptive), and one is a false alarm (i.e., rating the legitimate site as highly deceptive). This high ratio of successes to false alarms suggests that the subjects were not simply guessing the deceptiveness of the site (chi square test ), and that detection is possible, albeit infrequent. At the same time, 33 individuals out of the forty who examined the fraudulent site (82%), did not detect the deception. Furthermore, 25 of these 33 (76%) actually ordered the computer from the forged site. The observation of such a widespread failure to detect is consistent with other studies of deception detection (e.g., Johnson et al., 1992) and the prediction from social exchange theory. As expected, on average the fraud does not have a direct im) or pact on either the purchase behavior (chi square: ). This the consumer’s willingness to buy (ANOVA: is consistent with the notion of a widespread failure to detect, and justifies the need to explore in more details the relationships contained in the model of consumer behavior depicted in Fig. 1. B. Purchase, Willingness to Buy and Attitude We have hypothesized that purchase behavior (H1a) and willingness to buy from the store (H1b) depend on the attitude toward the web store. Both hypotheses were accepted with . Given the dichotomous nature of purchase behavior as dependent variable, hypothesis H1a was tested by means of logistic regression. Hypotheses H1b and all other hypotheses were tested by means of linear regressions. The results of these analyzes are summarized in Table II. Since willingness to buy was not normally distributed, a transformation was applied (tangent) to restore normality. One case was excluded from the analysis as an outlier3 . Among the control variables, only general attitudes toward the web had a sigin the linear regression, and nificant coefficient none is significant in the logistic regression. The logistic model correctly predicts 83% of the observed purchase behavior. The linear model explains 75% of the observed variability in the willingness to buy. As a validity check, we asked the subjects whether they would recommend the site to a friend. One-way ANOVA’s confirmed 3The

observation was more than three standard deviations from the mean.

404

IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000

that those who ordered the laptop had higher willingness to buy mean than those who did not mean . The same applies for those who would recommend the and ). site to a friend, (mean The second regression tested whether positive attitude toward the specific store depended on trust (H2a) and perceived risk (H2b), and whether there are moderating effects of trust on risk , but (H2c). Trust and risk are correlated distinct constructs. Exploratory factor analysis identified two separate factors (no cross-loading above 0.350). As before, the dependent variable was transformed to restore normality, and a set of control variables was included in the regression equation. One case was identified as an outlier and excluded from the regression (see footnote 2). All three hypotheses were accepted. The standardized coand efficients of trust and risk were significant ( , respectively), relatively large, and with the expected sign. Among the control variables, only attitude toward Internet on the attitude security had a significant impact toward the specific store. A two-step procedure was employed to test whether trust has a moderating effect on risk. First, a dummy variable (HITRUST) was created. HITRUST is equal to 1 if trust is above its mean (3.60), and 0 otherwise. Then, for each subject, the value of risk was multiplied by HITRUST. The resulting variable, RISK BY HITRUST, assumes the value of risk when trust is high, and zero otherwise. Ignoring for simplicity the other variables included in the model, the resulting regression equation is ATTITUDE

constant RISK RISK BY HITRUST

(1)

or, equivalently ATTITUDE

constant RISK

when trust is low

(2)

and ATTITUDE

constant RISK when trust is high (3)

can be interpreted The coefficient of RISK BY HITRUST as the change in the impact of risk on attitudes that occurs when trust is high. We expect the coefficient to be positive in sign, i.e., to reduce the negative slope of the relationship between risk and attitude, which correspond to the intuitive notion that when trust is high, risk considerations have less effect on the formation of attitudes. The test of the coefficient of RISK BY HITRUST confirms the . The coefficient of perceived risk is reintuition duced to about half when the level of trust is high. Overall, risk, trust and the control variables in the second regression explain 71% of the observed variability of the positive attitude toward the store. A plot of the residuals of the regression suggests that a significant variable might been left out from the specification of the equation. Several attempts were made to identify the missing variable, without success.

C. Risk, Assurance Mechanisms and Perceived Deception The third regression tested whether the assurance mechanisms present in the web site have an effect on risk (H3a), and whether perceived deception affects risk (H3b) and has a moderating effect on the relationship between assurance mechanisms and risk (H3c). H3c was tested using the same technique illustrated above [(1)–(3)]. All three hypotheses were accepted. Assurance mechanisms have the expected negative impact on risk . Per: ceived deception has the expected impact on risk the higher the perceived deception, the higher the risk. Also as expected, the level of perceived deception moderates the relationship between assurance mechanisms and risk. When the perceived deceptiveness of a site is high, the impact of assurance , which cormechanisms on risk becomes stronger respond to the intuitive notion that subjects seek more assurance when they perceive that the information about the site might have been maliciously manipulated. Altogether, the deception and assurance mechanisms explain 52% of the observed variability of risk. D. Effects of the Fraud ANOVA shows that the fraud treatment has a significant effect on the perceived reliance on the assurance mechanisms . On average, the effect of the fraud was to increase the perception of assurance, which again suggests that most subjects did not detect it. Four additional analyzes—more exploratory in nature—were conducted to identify the effect of the treatment (fraud) on each individual assurance mechanism. The first analysis examined the third-party seal as an assurance mechanism. Marginally significant results suggest that more subjects in the fraud condition heeded the BBB seal than subjects in the control condition . Seal credibility has the efheeded a no-name seal and fect of decreasing perceived risk . overall deceptiveness of the site Since warranties were provided in both the fraudulent and legitimate site, no significant difference was expected in the number of subjects that heeded warranty information in either condition. In fact, none was found. Subjects in the fraud treatment judged the manipulated warranties more assuring than the . In turn, the perceived degree original warranties of assurance of the warranties was significantly correlated to the and overall deceptiveperceived risk . ness of the site Subjects in the fraud condition heeded more the forged news , but did not found them on average more clips , than subjects in the control condition. assuring Qualitative analysis suggests that this result might be explained by the higher dispersion of the responses in the fraud condition: the forged clip elicited both higher assurance and lower assurance judgments, leaving the mean statistically unaffected. The assurance of the news clips was significantly correlated to both , and risk and deceptiveness of the site ( , respectively). The experimental manipulation designed to elicit the perception that the site had a physical presence (a picture of the ‘store,’

GRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD

405

TABLE II REGRESSION RESULTS

with an address) did not reach significance. The belief that the site had a physical presence was not significantly correlated with either perception of risk or deception, albeit both approached significance. As a precaution, we computed the reliability of the two items that measured the “physical presence” construct, . This result is inwhich resulted satisfactory alpha teresting because it suggests that experienced users might have started relying less on sources of assurance that are learned from traditional commercial transactions. Overall, these four exploratory analyzes help clarify how the assurance mechanisms that were included in the fraudulent site affect the formation of perceptions of risk and deception. E. Trust, Trust Mechanisms, and Deception The fourth regression tested the effects of trust-building mechanisms and perceived deception on trust (H4a, H4b), as well as whether deception moderates the relationship between the two constructs (H4c). The results of the fourth regression analysis are presented in Table II. The data support the conclusion that both perceived deception and presence of trust-building mechanisms have a strong and significant effect on trust in the specific store

(beta , and beta , respectively). The data does not support the hypothesis that deception moderates the effects of the trust-building mechanisms . Overall, the regression explains 64% of on trust the observed variability of trust in the store. F. Effects of the Fraud An ANOVA shows that the fraud increases the perceived be, which is furlievability of the trust mechanisms ther indication that most subjects were affected by—but did not detect - the fraud. As before, we run additional exploratory analyzes to evaluate the impacts of individual trust-building mechanism separately. We began with the customer testimonials. Since the treatment involved exaggerating the tone of the testimonials (as opposed to creating new ones), we did not expect that the proportion of subjects who heeded them in either experimental condition would be significantly different from the other. The . Unexpectedly, the data support the expectation subjects’ assessment of the testimonials was not significantly and different across treatment conditions ( for fraud and prompt for fraud, respectively). This result is consistent with the theoretical consideration that individuals might

406

IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000

be more prone to be influenced by negative consensus information than positive consensus information, which suggests that making the testimonials more positive does not affect much the consumers’ judgment. The perceived credibility of the testimonials was significantly correlated with both deception and trust . Only a small number or subjects heeded the information on the size of the site (nine out of 80). The experimental manipulation of the site’s size added emphasis and detail to the information that was present in the original site. Nevertheless, subjects in the fraud condition heeded that information more than sub. The fraud condition jects in the control condition has the effect of increasing the credibility of the information . Size is corabout the site’s size for these subjects , but not with deceprelated with trust tion. Lastly, the fraud has the effect of significantly increasing the . Perceived reputation is site’s perceived reputation , and perceived decorrelated with trust . Reputation appears to be the ception main trust-building mechanism. For all regressions, plots of the residuals were examined for anomalies. Except when explicitly reported, none was found. V. LIMITATIONS A first limitation of this study is that subjects did not purchase a laptop for themselves, using their own money. Subjects were motivated by monetary incentives (described above) as well as personal interest in the study. However, having more at stake might have prompted deeper inspection of the site and perhaps higher level of detection. The amount of time spent in examining the site, and verbal reports during the post experimental debriefing suggest however that this threat to the validity of the experiment might not be strong. A second limitation is the concern about whether the experimental task affords success, i.e., whether it is possible to detect the fraud at all. We have proposed evidence that supports the conclusion that it is possible to detect the fraud in our experiment. About ten percent of the subjects did become suspicious about the forged site. Almost all of them did not buy from it. Thirdly, as discussed above, subjects in our study are experienced Internet shoppers. They shop frequently and have done it for a relatively long time. Generalizations to the larger public of Internet shopper should be done carefully, if at all. That said, it should be noted that the logic of our argument is based on studying subjects that are arguably well equipped to detect Internet deceptions. If they can easily be victimized by page-jacking, then the public at large is at an even larger risk. It is not clear whether the results on page-jacking extend to other forms of consumer deception. Social exchange theory would predict a much better ability to detect when consumers can apply what they have learned about detecting deception in traditional business transactions, and that our results extend only to forms of deception that are somewhat novel or unique to the Internet. Research is needed to identify more such forms of consumer deception and provide better estimates of their frequency and detectability than currently available.

Our results might also contain a cultural bias. U.S. individuals have a high general disposition to trust strangers [68]. Cognitive inertia also promotes people to a “set effect.” That is, people are accustomed to established transaction routines and can continue to trust another even in face of perceived deception. Finally, our results are likely to apply more readily to Internet frauds involving merchants with whom the consumers are not familiar and for items in a medium-to-high price range. For these products, the protection granted by credit card companies to web purchases is less than complete (What if the computer breaks after the transaction has occurred? What about the hassle of dealing with a fraudulent merchant and the credit card company? What about the theft of personal information?). These characteristics of the transaction are likely to spur a more deliberate process of evaluation of the site. Furthermore, our investigation focused at the cognitive phenomena underlying a decision to buy form the site, and largely neglected affects. VI. DISCUSSION AND CONCLUSIONS We have argued that the specific nature of Internet technology makes Internet fraud particularly pernicious. Dean Clark—the Dean of Harvard Business School—has recently observed that the Internet “has lowered the cost of evil.” [2]. It is relatively easy for unscrupulous individuals to pose as somebody they are not. This work has moved beyond the frequent anecdotal evidence found in the practitioner and popular press about one particular type of fraud (page-jacking) and has offered laboratory evidence that Internet shoppers are highly vulnerable to it, despite the presence of fairly strong internal inconsistencies in the forged site. This is consistent with the notion that Internet shoppers have not yet adapted to the novel forms of social exchange that occur over the Internet. This result is compounded by the fact that our sample of subjects is comprised of relatively experienced individuals, knowledgeable about the purchased item and certainly not new to Internet shopping. If these advanced shoppers fell for the deception, it is not unlikely that more inexperienced, novice shoppers will do, too. The perils of Internet fraud are real. At the same time, we have shown that detection of Internet deception is not impossible; some individuals were able to identify inconsistencies in the site and correctly interpret them as symptoms of a deceptive manipulation. Most of these individuals did not purchase at the web store. We have shown that fraudulent manipulations can increase the visibility and credibility of assurance and trust building mechanisms. These mechanisms are the information that individuals process to assess risk and trust in a web store. In particular, seals, warranties, and news clips (but not physical presence) correlate significantly with perceived risk, while size and reputation (but not testimonials) correlate significantly with trust. We have also discovered that fraud does not seem to have on average a direct impact on purchase behavior, or on the reported willingness to buy. This finding is consistent with the widespread failure to detect and the fact that not all subject heeded all manipulated items. Model has elucidated the complex relation-

GRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD

ships among assurance and trust mechanisms, perceived deception, risk, trust and attitude toward the store, which is the best predictor of purchase behavior and willingness to buy. Existing models of Internet consumer behavior were confirmed by results showing that risk and trust have a strong and significant impact on the attitude toward the web store. We have refined these models in three ways: first, we have showed that trust moderates perceived risk. A high level of trust makes the consumers less sensitive to risk considerations. Secondly, we have introduced a theoretically sound distinction between assurance and trust-building mechanisms as determinant of trust and risk. Lastly, we have explored the relationship between deception, risk and trust. Specifically we have found that perceived deception has a significant impact on both trust and perceived risk, and that perceived deception moderates the relation between assurance and risk: the higher the perception of deception, the stronger the reliance on these mechanisms to quench perceived risk. Altogether, perceived deception, assurance, and trust-building mechanisms explain more than half of the observed variability in both perceived risk of purchasing from the store and trust in the store. The findings of this work have several implication for public policy, as well as research in information systems. First, they point at the need to better educate the public about the perils of the Internet. Such process of educating the public should include countering the false sense of safety induced by security technology and the credit card companies promise of limited liability arising from Internet transactions. It is at this point unclear what would it take to enable shoppers to detect the occurrence of frauds. More research is needed to understand the determinants of successful detection. In addition, the results of the study suggest to look at Internet consumer behavior not in terms of irrational fears of the new technology, but—more interestingly—in terms of a rational response to their inability to effectively process features of the social exchanges that occur in the internet, such as the uncertainty about the identity of the merchant. Finally, our results suggest that web design does matter, albeit in an indirect way. Our model has established a theoretically meaningful chain of relationships that goes from specific web site design features to perceived risk and trust in the store, hence to attitude toward the web store, and actual purchases. As a result, this investigation has highlighted the complexities of the cognitive phenomena that underlie Internet shopping, and some of the perils of Internet consumer deception.

APPENDIX A EXPERIMENTAL SCENARIO Assume that Tom Dexter is a friend of yours. Tom’s laptop was stolen, and he has recently decided to buy a used laptop. Tom has found on the web a company that sells used laptops (usedlaptops.com). He has browsed their listings and has set his heart on a specific machine (a Compaq LTE 5100 with a 90 Mhz Pentium, on sale for $625). Tom is sure that the Compaq LTE 5100 is the laptop he wants: it has the right features and the right price. However, Tom is not completely comfortable with the idea of buying on-line. So, Tom is requesting your help. He values your judgment and

407

is seeking a second opinion from you on his decision to buy on-line from this site. Since Tom currently does not have a networked machine, he is also asking you to enter the order for the laptop on his behalf. He has made clear to you that he needs a laptop with some urgency. Without a laptop he is falling behind with his work. At the same time, Tom is willing to accept your decision not to enter the order, if you do not feel comfortable with the site. To summarize: Tom needs a laptop. He has found one that he likes, but he is having second thoughts about buying it on line. He would like you first to take a look at the site and, if you feel comfortable with the site, he would like you to enter the order for the laptop. PLEASE CONNECT TO http://usedlaptops.com HAVE A CLOSE LOOK AT THE SITE AND, IF YOU ARE COMFORTABLE WITH THE SITE, PURCHASE THE LAPTOP FOR TOM These are Tom’s personal data, to enter in the order: Tom Dexter; 101 Ellery Street, Austin TX, 78 731 [email protected] Tom's Visa is 4128 0031 9118 2677 exp. 5/02 The customer service number for the card is 1-800-950-5114. Ship to the same address. Fed Ex the order. Phone: (512)-354-1258 (work)

APPENDIX B ITEMS USED IN THE STUDY (Scales were reversed where appropriate) Purchase behavior Did you order the laptop for your friend from this store (YES/NO)? Willingness to buy For this purchase, how likely is it that you will buy from this store? (1–7) How likely is it that you would return to this store’s web store? What is the likelihood of your considering buying from this Internet store? How likely is that you would tell a friend about this store? Attitude toward the store The following items are answered on a 1–7 scale of strongly disagree to strongly agree. I like the idea to shop from this store. The idea of shopping from this store is appealing. Shopping from this store is a good idea. Trust The following items are answered on a 1–7 scale of strongly disagree to strongly agree. This store is trustworthy. This store keeps its promises and commitments. This store keeps customers’ best interests in mind. The store can be relied upon.

408

IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000

Risk Answer the following with regard to how you feel about ordering a laptop for your friend (regardless of whether or not you completed ordering the laptop). The following items are answered on a 1–7 scale of strongly disagree to strongly agree. I feel ordering the laptop is risky. How would you characterize the decision of whether to buy a product from this web retailer? Significant opportunity—Opportunity—Slight opportunity—Undecided—Slight risk—Risk—Significant risk High potential for loss—Potential for loss—Slight Potential for loss—Undecided—Slight potential for gain—Potential for gain—High potential for gain Perceived deception Please evaluate the quality of information on the store. To what extent do you believe that the information provided by the store is: Accurate Misleading Truthful Deceptive Factual Distorted Assurance Mechanisms: Seals How convincing are the seals? Convincing Unconvincing How believable are the seals? Believable Not believable How impartial are the seals? Impartial Partial Assurance Mechanisms: News Clips How convincing are the news clips? Convincing Unconvincing How believable are the news clips? Believable Not believable How impartial are the news clips? Impartial Partial Assurance Mechanisms: Warranties How convincing are the warranties? Convincing Unconvincing How believable are the warranties? Believable Not believable How fair are the warranties? Fair Unfair Assurance Mechanisms: Physical Presence The following items are answered on a 1–7 scale of strongly disagree to strongly agree. This store only exists on the web. The store has a physical presence.

Trust Mechanisms: Size The following items are answered on a 1-7 scale of strongly disagree to strongly agree. This store is a small player in the market. This store is a very large company. This store is one of the biggest used laptop stores on the web. Trust Mechanisms: Customer Testimonials How convincing are the customer testimonials? Convincing Unconvincing How believable are the customer testimonials? Believable Not believable How impartial are the customer testimonials? Impartial Partial Trust Mechanisms: Reputation This store has a good reputation. This store has a bad reputation in the market. This store has a good name. CONTROL VARIABLES Attitude toward computers The following items are answered on a 1–7 scale of strongly disagree to strongly agree. I enjoy using computers. Computers make work more interesting. Attitude to trusting web stores The following items are answered on a 1–7 scale of strongly disagree to strongly agree. Most Internet sites tell the truth about their abilities and experiences. Most Internet sites can be counted on to do what they say they will do. Most sites are honest in describing their customers’ experiences. Attitude toward Internet safety The following items are answered on a 1-7 scale of strongly disagree to strongly agree. I would feel safe completing commercial transactions over the Internet. The Internet is secure for transactions. If possible, it is best to avoid shopping from the Internet. Attitude toward the web The following items are answered on a 1-7 scale of strongly disagree to strongly agree. Buying from Internet sites that do not have a physical store may cause more problems than buying from sites that do have a physical store. Buying from a web-only store is more risky than buying from a web store that has a physical counterpart. Buying on the WWW is risky.

REFERENCES [1] G. A. Akerlof, “The market for lemons: Qualitative uncertainty and the market mechanism,” Q. J. Economics, vol. 84, pp. 488–500, 1970. [2] G. Anthes, Computerworld, vol. 33, no. 28, p. 49, July 12, 1999. [3] B. Barber, The Logic and Limits of Trust, New Brunswick: Rutgers Univ. Press, 1983. [4] R. F. Beltramini and E. R. Stafford, “Comprehension and perceived believability of seals of approval information in advertising,” J. Advertising, vol. XXII, no. 3, pp. 3–31, Sept. 1993.

GRAZIOLI AND JARVENPAA: PERILS OF INTERNET FRAUD

[5] J. Brockner, P. A. Siegel, J. P. Daly, T. Tyler, and C. Martin, “When trust matters: The moderating effect of outcome favorability,” Admin. Sci. Quarterly, vol. 42, pp. 558–583, 1997. [6] R. W. Byrne and A. Whiten, Machiavellian Intelligence: Social Expertise and the Evolution of Intellect in Monkeys, Apes, and Humans. London, U.K.: Oxford Univ.Press, 1988. [7] S. J. Ceci, M. D. Leichtman, and M. E. Putnick, Cognitive and Social Factors in Early Deception. Hillsdale, NJ: Lawrence Erlbaum Assoc., 1992. [8] P. W. Cheng and K. J. Holyoak, “Pragmatic reasoning schemas,” Cognitive Psych., vol. 17, pp. 391–416, 1985. [9] K. A. Coney and R. F. Beltramini, “Believability in advertising: The ‘too good to be true’ phenomenon,” in Proc. American Marketing Association Winter Educators’ Conf., 1985, pp. 135–139. [10] L. Cosmides and J. Tooby, “Cognitive adaptations for social exchange,” in The Adapted Mind: Evolutionary Psychology and the Evolution of Culture, J. Barkow, L. Cosmides, and J. Tooby, Eds. London, U.K.: Oxford Univ.Press, 1992, pp. 163–228. [11] L. Cosmides, dissertation, Harvard Univ., Cambridge, MA, 1985. , “The logic of social exchange: Has natural selection shaped how [12] humans reason? Studies with the wason selection task,” Cognition, vol. 31, pp. 187–276, 1989. [13] L. A. Crosby, K. R. Evans, and D. Cowles, “Relationship quality in services selling: An interpersonal influence perspective,” J. Marketing, vol. 53, pp. 68–81, July 1990. [14] T. K. Das and B. S. Teng, “Between trust and control: Developing confidence in partner cooperation in alliances,” Academy of Management Review, vol. 23, no. 3, pp. 491–512, 1998. [15] P. Dasgupta, “Trust as a commodity,” in Trust: Making and Breaking Cooperative Relations, D. Gambetta, Ed. Oxford, U.K.: Blackwell, 1998, pp. 47–72. [16] D. C. Dennett, The Intentional Stance. Cambridge, MA: The MIT Press, 1987. [17] M. Deutch, “Trust and suspicion,” J. Conflict Resolution, vol. 29, no. 2, pp. 265–279, 1958. [18] P. M. Doney and J. P. Cannon, “An examination of the nature of trust in buyer-seller relationships,” J. Marketing, vol. 61, pp. 35–51, Apr. 1997. [19] G. R. Dowling, “The effectiveness of advertising explicit warranties,” J. Public Policy and Marketing, vol. 4, pp. 142–152, 1985. [20] G. R. Dowling and R. Staelin, “A model of perceived risk and intended risk-handling activity,” J. Consumer Research, vol. 21, pp. 119–134, June 1994. [21] P. Ekman, Telling Lies: Clues to Deceit in the Marketplace, Politics, and Marriage. New York: Norton, 1992. [22] S. Erevelles, “The price-warranty contract and product attitudes,” J. Business Research, vol. 27, no. 2, pp. 171–181, June 1993. [23] “Prepared Statement of the FTC on Fraudulent, Marketing Schemas,” Federal Trade Commission, U.S. Senate, Feb. 5, 1998. before the Subcommittee on Commerce, Justice, State, and the Judiciary of the Senate Appropriations Committee. [24] M. Fishbein and I. Ajzen, Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research. Reading, MA: Addison-Wesley, 1975. [25] S. T. Fiske and S. E. Taylor, Social Cognition. New York: McGrawHill, 1991, pp. 32–41. [26] S. Ganesan, “Determinants of long-term orientation in buyer-seller relationships,” J. Marketing, vol. 58, no. 2, pp. 1–19, Apr. 1994. [27] G. Gigerenzer and K. Hug, “Domain-specific reasoning: Social contracts, cheating, and perspective change,” Cognition, vol. 43, pp. 127–171, 1992. [28] J. M. Hagen and S. Choe, “Trust in Japanese interfirm relations: Institutional sanctions matter,” Academy of Management Review, vol. 23, no. 3, pp. 589–600, 1998. [29] A. H. Harcourt, “Alliances in contests and social intelligence,” in Machiavellian Intelligence: Social Expertise and the Evolution of Intellect in Monkeys, Apes, and Humans, R. W. Byrne and A Whiten, Eds. London, U.K.: Oxford Univ. Press, 1988. [30] S. Higginbotham, “Online Bidders Beware,” Business Week, no. 3642, p. 6, Aug. 16, 1999. [31] N. K. Humphrey, “The social function of intellect,” in Growing Points in Ethology, P. P. G. Bateson and R. A. Hinde, Eds. Cambridge, MA: Cambridge Univ. Press, 1976. [32] S. L. Jarvenpaa and S. Grazioli, “Surfing among sharks: How to gain trust in cyberspace,” Financial Times, Mastering Information Technology Section, pp. 2–3, Mar. Monday 15, 1999.

409

[33] S. L. Jarvenpaa, M. Tractinsky, and M. Vitale, “Consumer trust in an Internet store,” Information Technology and Management Special Issue on Electronic Commerce, vol. 1, no. 1–2, pp. 45–71, 2000. [34] S. L. Jarvenpaa and M. Tractinsky, Consumer trust in an Internet store: A cross-cultural validation, in Journal of Computer-Mediated Communication, 2000. forthcoming. [35] P. E. Johnson, S. Grazioli, and K. Jamal, “Fraud detection: Intentionality and deception in cognition,” Accounting, Organization and Society, vol. 18, no. 5, pp. 467–488, 1993. [36] P. E. Johnson, S. Grazioli, K. Jamal, and I. A. Zualkernan, “Success and failure in expert reasoning,” Organizational Behavior and Human Decision Processes, vol. 53, no. 2, pp. 173–203, 1992b. [37] P. E. Johnson, K. Jamal, S. Grazioli, and R. G. Berryman, Fraud detection: Sources of error in a low base-rate world, in Draft Submitted to Cognitive Science, 1999. [38] M. A. Kamina and L. J. Marks, “The perception of kosher as a third-party certification claim in advertising for familiar and unfamiliar brands,” J. Academy of Marketing Science, vol. 19, no. 3, pp. 177–185, 1991. [39] C. A. Kelley, “An investigation of consumer product warranties as market signals of product reliability,” J. Academy of Marketing Science, vol. 16, no. 2, pp. 72–78, Summer 1988. [40] H. H. Kelley, “Attribution theory in social psychology,” in Nebraska Symp.Motivation, D. Levine, Ed. Lincoln, NE: Univ. Nebraska Press, 1967, pp. 192–240. , “Causal schemata and the attribution process,” in Attribution: Per[41] ceiving the Causes of Behavior, E. E. Jones, Ed. Morristown, NJ: General Learning Press, 1972, pp. 151–174. [42] H. H. Kelley and J. W. Thibaut, Interpersonal Relations: A Theory of Interdependence. New York: Wiley, 1978. [43] P. Kollock, “The emergence of exchange structures: An experimental study of uncertainty, commitment, and trust,” Amer. J. Sociology, vol. 100, pp. 313–345, 1994. [44] R. M. Kramer, “Trust and distrust in organizations: Emerging perspectives, enduring questions,” Ann. Rev. Psych., vol. 50, pp. 569–598, 1999. [45] R. Kraut, “Humans as lie detectors: Some second thoughts,” J. Commun., vol. 30, pp. 209–216, 1980. [46] P. A. LaBarbera, “Overcoming a no-reputation liability through documentaion and advertising regulation,” J. Marketing Research, vol. 19, pp. 223–228, May 1982. [47] S. Labaton, “Net sites co-opted by pornographers,” New York Times, p. 1, Sept. 23, 1999. [48] S. Landon and C. E. Smith, “The use of quality and reputation indicators by consumers: The case of Bordeaux wine,” J. Consumer Policy, vol. 20, pp. 289–323, 1997. [49] S. I. Lirtzman and A. Shuv Ami, “Credibility of sources of communication on products’ safety hazards,” Psycol. Reports, vol. 58, no. 3, pp. 707–718, 1986. [50] F. Martin, “Are internet fraud fears overblown ?,” Credit Card Management, vol. 9, no. 2, pp. 46–52, May 1996. [51] R. J. Mayer, J. H. Davis, and F. D. Schoorman, “An integrative model of organizational trust,” Academy of Management Review, vol. 20, pp. 709–734, 1995. [52] D. H. McKnight, L. L. Cummings, and N. L. Chervany, “Initial trust formation in new organizational relationships,” Academy of Management Review, vol. 23, no. 3, pp. 473–490, 1998. [53] G. Macintosh and L. W. Lockshin, “Retail relationships and store loyalty: A multi-level perspective,” Int. J. Research in Marketing, vol. 14, no. 5, pp. 487–497, Dec. 1997. [54] D. Meyerson, K. E. Weick, and R. M. Kramer, “Swift trust and temporary groups,” in Trust in Organizations: Frontiers of Theory and Research, R. M. Kramer and T. R. Tyler, Eds. Beverly Hills, CA: Sage, 1996, pp. 166–195. [55] S. J. Newell, R. E. Goldsmith, and E. J. Banzhaf, “The effect of misleading environmental claims on consumer perceptions of advertisements,” J. Marketing Theory and Practice, vol. 6, no. 2, pp. 48–60, 1998. [56] T. L. Parkinson, “The role of seals and certifications of approval in consumer decision-making,” J. Consumer Affairs, vol. 9, pp. 1–14, Summer 1975. [57] R. D. Petty, “Interactive marketing and the law: The future rise of unfairness,” J. Interactive Marketing, vol. 12, no. 3, pp. 21–31, 1998. [58] R. A. Peterson, G. Albaum, and N. M. Ridgway, “Consumers who buy from direct sales companies,” J. Retailing, vol. 65, no. 2, pp. 273–286, Summer 1989. [59] “SEC v. Yum Soo Oh Park AKA Tokyo Joe and Tokyo Joe Societe Anonyme,” Securities and Exchange Commission, SEC Litigation Release no. 16 399, Jan. 5, 2000.

410

IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 30, NO. 4, JULY 2000

[60] M. J. Sheffet, “An experimental investigation of the documentation of advertising claims,” J. Advertising, vol. 12, no. 1, pp. 19–29, 1983. [61] G. M. Spreitzer and A. K. Mishra, “Giving up control without losing control,” Group and Organization Management, vol. 24, no. 2, pp. 155–187, 1999. [62] “Critics of on-line auctioneer E-bay say: Let bidders beware,” Star Tribune, Jan. 3, 1999. Metro edition. [63] D. A. Taylor, “Certification marks—Success or failure,” J. Marketing, vol. 22, no. 1, pp. 39–46, 1958. [64] P. Thagard, “Adversarial problem solving: Modeling an opponent using explanatory coherence,” Cognitive Sci., vol. 16, pp. 123–149, 1992. [65] H. B. Thorelli, J. S. Lim, and J. Ye, “Relative importance of country of origin, warranty and retail store image on product evaluations,” Int. Marketing Review, vol. 6, no. 1, pp. 35–46, 1989. [66] R. P. Worden, “Primate social intelligence,” Cognitive Sciences, vol. 20, pp. 579–616, 1996. [67] T. Yamagishi, K. S. Cook, and M. Watabe, “Uncertainty, trust and commitment formation in the United States and Japan,” Amer. J. Psych., vol. 104, pp. 165–194, July 1998. [68] T. Yamagishi and M. Yamagishi, “Trust and commitment in the United States and Japan,” Motivation and Emotion, vol. 18, no. 2, pp. 129–165, 1994.

[69] A. Zaheer, B. McEvily, and V. Perrone, “Does trust matter? Exploring the effects of interorganizational and interpersonal trust on performance,” Organization Sci., vol. 9, pp. 141–159, 1998. [70] L. G. Zucker, “Production of trust: Institutional sources of economic structure 1840–1920,” in Research in Organizational Behavior, B. M. Staw and L. L. Cummings, Eds. Greenwich, CT: JAI Press, 1986, vol. 8, pp. 53–111.

Stefano Grazioli is an Assistant Professor of Management Information Systems at the Graduate School of Business, University of Texas at Austin.

Sirkka L. Jarvenpaa is the Bayless/Pierce Rauscher Refsnes Chairholder in Business Administration at the Graduate School of Business, University of Texas at Austin.

Perils of internet fraud: an empirical investigation of ...

ated by hackers to observe your behaviors, steal information about you, and ... Security technologies, such as encryption and digital certifi- cates, are designed to .... questionable business opportunities, work-at-home schemes, prizes and ...

167KB Sizes 1 Downloads 102 Views

Recommend Documents

Empirical Evaluation of Brief Group Therapy Through an Internet ...
Empirical Evaluation of Brief Group Therapy Through an Int... file:///Users/mala/Desktop/11.11.15/cherapy.htm. 3 of 7 11/11/2015, 3:02 PM. Page 3 of 7. Empirical Evaluation of Brief Group Therapy Through an Internet Chat Room.pdf. Empirical Evaluatio

Empirical Evaluation of Brief Group Therapy Through an Internet ...
bulletin board ads that offered free group therapy to interested. individuals. ... Empirical Evaluation of Brief Group Therapy Through an Internet Chat Room.pdf.

An Empirical Investigation Robert J. Hodrick
Jul 22, 2007 - investigation uses quarterly data from the postwar U.S. economy. .... Autocorrelations. Order 1 .80 .84 .87 .94. Order 2 .48 .57 .65 .84. Order 3 .15 .27 .41 .73. Order 4. -. 14. -.01 .17 .61. Order 5. -.32. -.20 .OO .52. Order 6 ... m

Breaking the norm: An empirical investigation into the ...
The IFPRI Mobile Experimental Economics Laboratory (IMEEL) ..... Situated in the valley of the Chancay river, the Huaral area is one of Lima's main providers of.

An empirical study of the efficiency of learning ... - Semantic Scholar
An empirical study of the efficiency of learning boolean functions using a Cartesian Genetic ... The nodes represent any operation on the data seen at its inputs.

An empirical study of the efficiency of learning ... - Semantic Scholar
School of Computing. Napier University ... the sense that the method considers a grid of nodes that ... described. A very large amount of computer processing.

An Investigation of the Relationships between Lines of ...
We measure software in order to better understand its ... the objectives of software metrics. ... For example, top 10% of the largest program account for about.