In an online world full of Adware, Browser Hijackers, Dialers, Trojans, Drive-by Downloading, Viruses, Worms, Spam, and Phishers credibility is increasingly difficult to develop and maintain. Consider our current situation:
- Spyware was found on the computers of 80 percent of participants in a study conducted by America Online Inc. and the National Cyber Security Alliance.
- Since EarthLink Inc. began offering free anti-spyware tools each scan has found an average of six spyware programs.
- Microsoft officials blame unwanted software for up to one-third of application crashes on Windows XP computers.
- AOL estimates that just three spyware programs together cause some 300,000 Internet disconnections per day.
- Forrester Research said a spyware-related support call can cost $15 to $45, and companies may lose business as a result.
- Dell says spyware now affects about 90% of computers. Spyware-related phone calls now make up as much as 20% of all help calls at Dell, compared with just 1-2% in August 2003.
- "Fail to properly address spyware”, Ari Schwartz (associate director of the Center for Democracy and Technology) warned, and "users will not want to use the Internet for commerce, for government services, for interaction with other people. We'll lose the great potential of the Internet."
In this environment, the few Web credibility guidelines in existence often recommend visual design, specific content inclusion, and efficient quality assurance testing for building trust. The most widely known of these, the Stanford Web Credibility Guidelines, exemplify this approach:
- Design your site so it looks professional (or is appropriate for your purpose).
- Avoid errors of all types, no matter how small they seem.
- Highlight the expertise in your organization and in the content and services you provide.
While this method may build surface credibility, it only takes a few encounters with visually “accurate” spoof emails or spyware installers for distrust to set in. According to analyst firm Gartner, “the greatest security risk facing large companies and individual Internet users over the next 10 years will be the increasingly sophisticated use of social engineering to bypass IT security defenses.” As a result, the security efforts of most technology companies consist of educational materials to help “protect” consumers. But education often isn’t enough.
“Congress is working on a ban, and industry groups have launched efforts to educate consumers and fight back with technology. Experts believe a solution will ultimately involve a combination of law enforcement, education and engineering.”
Web usability advocate Jakob Nielsen has recently argued “Internet scams cannot be thwarted by placing the burden on users to defend themselves at all times. Beleaguered users need protection, and the technology must change to provide this.” As evidence, though an estimated 80-90 percent of personal computers are infected with spyware, “77 percent of 326 adults in 12 states assured researchers in a telephone poll they were safe from online threats. Nearly as many people felt confident they were already protected specifically from viruses and hackers.”
To address these needs, companies and research groups are applying tools and processes to help enable security online:
- According to a 2004 Pew Internet & American Life Project report “twenty-six percent of adult internet users in the U.S. have rated a product, service, or person using an online rating system. That amounts to more than 33 million people.” These systems, can harness the power of many to provide accurate credibility assessments.
- AOL has begun to offer “AOL PassCode, a new premium service that offers members a second level of AOL account protection through the use of a keychain-sized device that generates and displays a unique six-digit numeric code every 60 seconds.”
- eBay, the most trusted company according to a study conducted by the Ponemon Institute and TRUSTe, offers the eBay Toolbar with Account Guard, a feature that “warns you when you are on a fraudulent (spoof) Web site. It also lets you report such sites to eBay.”
- John Clippinger at the Berkman Center for Internet & Society at Harvard Law School “has been engaged in the design of networked based organizations whereby decision rights are distributed to the edge of the organization and control is achieved through transparency, trust, and reputation.”
- Glen Urban at the MIT Sloan School of Management and Intel are trying to improve e-commerce trust with a new online system called WebTrust methodology (PDF). "The WebTrust methodology has enabled us to generate superior trust between our Web site and our customers," said Bryan Rhoads, Web Strategist for Intel.