Section 5.5. Trust Designs

5.5. Trust Designs

There are some examples available of successful designs that have promoted trust in online users. For example, gambling over the Internet using an off-shore, unregulated casino is an act that requires a great deal of trust. Such sites require that the gambler trust the casino operator to provide fair odds and to handle money securely and properly. Shelat and Egger examined factors that online gamblers use when deciding to trust Internet gambling sites.^[53] Conducted within the framework of the MoTEC model, the study revealed that:

^[53] B. Shelat and Florian Egger, "What Makes People Trust Online Gambling Sites?" Proceedings of the Conference on Human Factors in Computing Systems, 2002 Extended Abstracts (2002), 852853.

• Informational content was the most important factor. People were most trusting when they could easily find information about the casino, its staff, and its policies.

• The second most important factor was relationship management, and trust-building attributes were an ability to contact the casino and rapid, high-quality responses and payments.

• The third most important factor was interface properties, which included usability and the ease of finding information.

• Pre-interactional factors were the least important, with a positive attitude toward gambling being the most important determinant of trust in this category.

As noted earlier, one of the greatest success stories in terms of designing trust into a system is eBay. A number of trust design factors have been identified by Boyd,^[54] including those listed next.

^[54] J. Boyd, "In Community We Trust: Online Security Communication at eBay," Journal of Computer-Mediated Communication 7:3 (2002); http://www.ascusc.org/jcmc/vol7/issue3/boyd.html.

• The use of a simple reputation system in which buyers and sellers give feedback about each other regarding issues such as promptness of payment.

• The use of bulletin boards to reinforce the sense of community and to police undesired behavior.

• A clear status system that relates not only to feedback but also to longevity with the vendor. This is reinforced with the use of icons such as the prestigious "shooting star"an icon posted next to the usernames of people with a feedback rating of more than 10,000.

Reputation systems are in operation in many sites, but Boyd notes that such design elements are cleverly worked into the community elements of eBay to reinforce the sense that its members genuinely help to build the company and are part of an "in group" of people engaged in an exciting venture.

Another example of a trusted design is the study that investigated the factors that lead to trust in online health advice.^[55] This study examined the design factors that led a group of menopausal women to place their trust in sites that offered advice regarding hormone replacement therapy (HRT). The researchers found that most of the women preferred sites that were run by reputable organizations or had a medical or expert feel about them. They trusted the information on such web sites, especially when the credentials of the site and its authors were made explicit. Sites that indicated that the advice originated from a similar individual were also well received. Most participants showed some distrust of the advice and information on web sites sponsored by pharmaceutical companies or those explicitly selling products. One of the most trusted sites was "Project Aware"a "web site by women for women." This site is split into menopause stage-specific areas, covers a wide variety of relevant topics, and provides links to original research materials. The language is clear and simple, and the layout is easy on the eye. Most importantly, however, the site establishes clear social identity signals, similar to those described for eBay, that tell readers that they are members of a community and part of the in group.

^[55] Sillence et al.

One point worth making about successful trust designs, however, is that they are only as trustworthy as the people who use them, and trusted people can fail to be trustworthy, particularly when interacting with supposedly secure systems.^[56] Trust design features do not in themselves guarantee a trustworthy system, and no amount of design work can compensate for a careless or malicious user. The phishing examples described at the beginning of this chapter provide food for thoughtthese attacks capitalize on our willingness to trust messages adorned with familiar and seemingly secure logos. Orgill et al. describe such "social engineering" attacks and argue that ultimately user education will provide the best defense.^[57] Certainly, few users seem to fully evaluate the trustworthiness of different systems, even though they are influenced by the design factors described earlier.

^[56] Gregory L. Orgill, Gordon W. Romney, Michael G. Bailey, and Paul M. Orgill, "The Urgency for Effective User Privacy-Education to Counter Social Engineering Attacks on Secure Computer Systems," Proceedings of the 5th Conference on Information Technology Education (2004), 177181.

^[57] Ibid.