Beyond Surface Credibility Online

by Luke Wroblewski November 5, 2004

In an online world full of Adware, Browser Hijackers, Dialers, Trojans, Drive-by Downloading, Viruses, Worms, Spam, and Phishers credibility is increasingly difficult to develop and maintain. Consider our current situation:

In this environment, the few Web credibility guidelines in existence often recommend visual design, specific content inclusion, and efficient quality assurance testing for building trust. The most widely known of these, the Stanford Web Credibility Guidelines, exemplify this approach:

  • Design your site so it looks professional (or is appropriate for your purpose).
  • Avoid errors of all types, no matter how small they seem.
  • Highlight the expertise in your organization and in the content and services you provide.

While this method may build surface credibility, it only takes a few encounters with visually “accurate” spoof emails or spyware installers for distrust to set in. According to analyst firm Gartner, “the greatest security risk facing large companies and individual Internet users over the next 10 years will be the increasingly sophisticated use of social engineering to bypass IT security defenses.” As a result, the security efforts of most technology companies consist of educational materials to help “protect” consumers. But education often isn’t enough.

“Congress is working on a ban, and industry groups have launched efforts to educate consumers and fight back with technology. Experts believe a solution will ultimately involve a combination of law enforcement, education and engineering.”

Web usability advocate Jakob Nielsen has recently argued “Internet scams cannot be thwarted by placing the burden on users to defend themselves at all times. Beleaguered users need protection, and the technology must change to provide this.” As evidence, though an estimated 80-90 percent of personal computers are infected with spyware, “77 percent of 326 adults in 12 states assured researchers in a telephone poll they were safe from online threats. Nearly as many people felt confident they were already protected specifically from viruses and hackers.”

To address these needs, companies and research groups are applying tools and processes to help enable security online:

  • According to a 2004 Pew Internet & American Life Project report “twenty-six percent of adult internet users in the U.S. have rated a product, service, or person using an online rating system. That amounts to more than 33 million people.” These systems, can harness the power of many to provide accurate credibility assessments.
  • AOL has begun to offer “AOL PassCode, a new premium service that offers members a second level of AOL account protection through the use of a keychain-sized device that generates and displays a unique six-digit numeric code every 60 seconds.”
  • eBay, the most trusted company according to a study conducted by the Ponemon Institute and TRUSTe, offers the eBay Toolbar with Account Guard, a feature that “warns you when you are on a fraudulent (spoof) Web site. It also lets you report such sites to eBay.”
  • John Clippinger at the Berkman Center for Internet & Society at Harvard Law School “has been engaged in the design of networked based organizations whereby decision rights are distributed to the edge of the organization and control is achieved through transparency, trust, and reputation.”
  • Glen Urban at the MIT Sloan School of Management and Intel are trying to improve e-commerce trust with a new online system called WebTrust methodology (PDF). "The WebTrust methodology has enabled us to generate superior trust between our Web site and our customers," said Bryan Rhoads, Web Strategist for Intel.