Sure, You Can Trust Us
E-commerce promises consumers a great deal, but it also poses new risks. Because transactions are not face to face, people have to accept on faith that their credit-card numbers are safe from hackers, that their personal information won't be sold without their permission, and even that the goods they order will actually fit the online descriptions when they are delivered. Sometimes that faith is misplaced, and if companies are to persuade the masses to hit the “confirm order” button with any degree of regularity, they must reassure consumers on those counts.
A recent study of the practices at online auction house eBay indicates some of the possibilities and pitfalls for companies hoping to generate online sales. The study's authors looked specifically at how eBay handles matters involving privacy, security and the integrity of the marketplace. Their findings hold lessons for all kinds of online operations.
Integrity. No business can function unless buyers, to put it bluntly, get what they pay for. Likewise, in the case of auctions, sellers must be confident that they will receive payment for their wares.
EBay has several ways of trying to ensure the integrity of its auctions. Its well-known feedback forum allows the buyer and seller in any transaction to rate the experience; a negative rating may lead other auction participants to steer clear in the future. EBay also has an insurance program designed to protect buyers who send money but do not receive the goods. Such methods aren't perfect — the insurance program caps payouts at $200, and frauds have found ways to trick the rating system — but they may be enough to allay the fears of many online-auction participants.
Security. Clearly, any e-business must have sophisticated security systems to combat hackers bent on thievery. Companies may face a bigger security problem, however, in the form of viruses and denial-of-service attacks.
EBay suffered such an attack in the summer of 2000. The real risk to eBay in such situations is that its sellers, who are in effect the company's suppliers, will move on to find a more secure environment. The authors of the study did not have access to eBay's security configuration, but they do recommend ways for companies to counter external threats. Among them: Establish an emergency-response team that knows how to protect key records and systems, build redundancy into the network infrastructure, and place servers in separate locations so that they can't all be damaged in one blow.
Privacy. For many consumers, privacy concerns trump fears about security—as well they should. Consider the authors' comment that although eBay has a privacy policy, it could be summarized by saying “there is no privacy on the Internet.” EBay collects the names, e-mail addresses, phone numbers, home addresses of buyers and sellers, and much more. It passes the information to telemarketers unless users make it to the “preferences” section of the site and deselect the item under “telemar-keters” that asks if they want to receive calls on behalf of eBay regarding eBay-related products and services. The fact that eBay's collection and use of information is in line with that of other companies may be of little comfort to consumers. The way e-businesses use customer information is probably the reason why 92% of survey respondents (in a different study) indicated that they do not trust companies to keep their information private — even when they promise to do so.
What are the study's lessons for managers? First, they have to think rigorously about the rules that guarantee integrity; the concerns of buyers, sellers and the company itself must be carefully balanced. Second, it is necessary but not sufficient to have the latest security technology; companies also need contingency plans and systems to deal with attacks that disrupt service. Finally, companies have to be clear and upfront about privacy policies — at a minimum, they should only collect information that customers have explicitly granted them permission to collect.
The title of the study is “Control and Assurance in E-Commerce: Privacy, Integrity and Security at eBay,” by Rong-Ruey Duh of National Taiwan University, Karim Jamal of the University of Alberta at Edmonton, and Shyam Sunder of the Yale School of Management.