The Security Issues In Ecommerce Information Technology Essay
Security is a consistent barrier to the adoption and implementation of e-commerce for customers and organisations (Hawkins et al., 2000; Antón & Earp, 2000; Daskapan, 2001; Kesh et al., 2002; Labuschagnce & Eloff, 2002; Jarupunpho & Mitchel, 2002; Albuquerque & Belchior, 2002; Suh & Han, 2003; Katsikas et al., 2005, Allahawiah et al. 2010). Within Arab countries, according to Aladwani (2003), Internet security was ranked the first concern for customers and business managers with respect to e-commerce usage. Most of the existing research that has been conducted in Jordan confirms the security concerns in e-commerce and Internet banking, but without exploring the issue in depth (Sahawneh, 2003; Alsmadi, 2004; Al-Sukkar, 2005; Titi, 2005; Siam (2006; Al-Qirim, 2007; Allahawiah et al. 2010). This barrier (i.e. security) makes Jordanian organisations and customers alike hesitant to participate in e-commerce, thus restricting the growth of e-commerce. Very few research has addressed the security issue in Jordan from customer and organisational perspectives; a field in which there is a current lack of empirical research.
As the target of this investigation is Jordan, it can be said that Jordan has made valuable progress in the ICT sector, but in regard to e-commerce, adoption and growth are still hindered by factors which notably include security. Therefore, once sufficient security is provided and perceived to be in place, the adoption of e-commerce should improve. In Jordan, no previous research has considered e-commerce security from both the customer and organisational perspectives. This research investigates the adoption of e-commerce from a security viewpoint, because it is an important and consistently influential factor in its success.
The remaining of this paper is organized as follows: the next section reviews the key e-commerce research previously carried out in Jordan, Section 3 presents the research methodology and Section 4 presents the key issues emerged from the empirical results. Section 5 presents the summary of research findings and Section 6 provides a conclusion and future research.
Literature review: previous e-commerce studies in Jordan
According to Aladwani (2003), Internet security was ranked the first concern of customers and business managers in Arab counties, such as Jordan in regard to the use of e-commerce. In Jordan, no specific survey has been completed with regard to security perceptions in e-commerce, but other related studies include that conducted by Alsmadi (2004) to investigate the attitude of 500 Jordanian customers toward online shopping. He found that the issue of security of online transactions was a major factor limiting their willingness to make greater use of online shopping. The following studies of e-commerce and e-banking adoption are of particular relevance to Jordan.
A study, conducted by Sahawneh (2003) among 31 organisations using survey method, found that many factors hinder e-commerce success in Jordan, based on the viewpoint of the participant’s organizations. The first is cultural resistance, which prevents the consumer from using the Internet for trade with unknown and/or unseen parties. Other influencing factors include trust, risk and security. He states there is an absence of security and legal mechanisms to protect transactions and consumers from deceit. In addition, there is a lack of awareness in organisations of e-commerce benefits. However, this study was conducted in 2002, and e-commerce has progressed substantially in the subsequent eight years since the study. For example, many websites now support two languages, especially those that are initiated from Jordan and other Arab countries.
In contrast, another study was carried out by Alsmadi (2004) to investigate the attitude of Jordanian customers towards using the Internet for online shopping. It had two important results: firstly, most Jordanian consumers are likely to have enough knowledge and skills to use such Internet services. Secondly, the issue of the security of online transactions was a key factor limiting people’s willingness to make greater use of online shopping.
Al-Sukkar (2005) conducted research into the adoption of Internet banking in Jordan; he found that among the main concerns of customers and banks were security and privacy. Siam (2006) also reports that the majority of banks in Jordan that had introduced online services agreed that confidentiality and privacy were necessary for the success of the electronic banking business.
Titi (2005) conducted empirical research to investigate the adoption of e-commerce by Small Medium Enterprises (SMEs) within Jordan. He found that most of the major barriers were concerned with government regulations, such as concerns about privacy and data security, and the lack of legal and business laws regulating e-commerce. Privacy and security issues were found to be among the main barriers to the success of e-commerce, besides other factors such as customers’ readiness, awareness and knowledge, which influenced the adoption of e-commerce. Titi reports that most of the respondents agreed that ensuring security would help in the adoption of e-commerce and influence their decision to do so. However, the study did not specify whether the nature of security was considered in terms of perceptions, of security technology and infrastructure, or of something else.
Al-Qirim (2007) conducted a single case study to explore the adoption of e-commerce in a Non-Governmental Organisation (NGO), the Jordan Chamber of Commerce (JCC). The interviewed staff of JCC reported as stating that the concept of e-commerce is not yet widespread in Jordan. In respect to security, they mentioned some incidences of misuse of the Internet among the organisation’s employees, introducing harmful viruses to the network. The study indicated that there was no web security service in Jordan covering e-commerce infrastructure. Where establishing SSL in Jordan would require huge investments; the JCC is reported to deal with the VeriSign certification authority in order to have the SSL feature in its payment gateway. Al-Qirim (2007) states that the current unavailability of an e-payment gateway in Jordan was a barrier to successful e-commerce. While the study provides useful information for NGOs and explores useful issues regarding e-commerce, the researcher believes that it has some weakness. Firstly, the case study is unrepresentative, not merely in terms of population and sample, but in regard to the subject of the adoption and diffusion of e-commerce in Jordan. NGOs and non-profit organisations have different objectives and considerations from commercial firms, while the basis of e-commerce for buying and selling services and products entails profit and competition. Finally, all interviewees were JCC employees, while the customers’ viewpoints were not investigated.
A recent research, using a survey of 100 firms with around 500 respondents, by Allahawiah et al. (2010) found that security concerns of payments barriers were the major factor affecting the adoption of e-commerce in the business in Jordan. However, this research has not investigated this factor in depth and has not provided insights about security concerns from customer’s side.
Security is a consistent barrier to the adoption and implementation of e-commerce for customers and organisations. Therefore, this research aims to facilitate the adoption of e-commerce by exploring the nature of these security concerns, both guiding by previous literature approaches and by exploration of fieldwork.
Research Methodology
A qualitative research method has been adopted in this research in order to explore the perceptions of customers and of businesses and IT personnel on e-commerce security. This research, which is qualitative and subjective in nature, involves examining and identifying the meanings of security from the participants in order to gain an understanding of the phenomenon under study. Qualitative research enabled the researcher to understand the phenomenon in depth without being limited to certain predetermined hypothesis and factors that are defined from literature, so that issues are allowed to emerge from the natural setting of the context (i.e. Jordan). Semi-structured interviews were used as the main research tool to achieve this purpose, which are open in nature. 27 participants were involved in this study. Specifically, 15 participants are involved who are educated and experienced of Internet services, and some of them familiar with online transactions. In addition, 12 participants from several organisations, including managerial and IT staff from several business and IT companies. The author only presents and discusses the interpretations and implications extracted from the gathered data into issues as presented in the following section.
Results of empirical research
Several issues and implications for e-commerce and security can be drawn from the empirical results; these have been organised into seven issues as follows:
Issue 1: Tangible features do not totally guarantee security
The organisational staff pointed out that there is no way to judge whether a website is secure or not. The justification for this doubt is that while tangible security features (e.g. SSL or security certificates, https) of the website may mean that its operator has an honest stance towards its customers, that their data is encrypted for transmission, that the website’s identity is authenticated by a third party and that this, as reported by one participant, means that they do not deceive their customers and that the website undertakes to provide secure transactions, none of this means that the company is able to guarantee totally that it will not be hacked or its security breached. In other words, as another participant stated, it is difficult for even well-known websites to guarantee total security. However, this leads to a reasonable enquiry: if there are no dependable criteria for distinguishing a secure website from an insecure one, what should the customer depend on to purchase online securely? In essence, this shows how such a significant role is played here by the intangible indicators of security such as the fame or reputation of the website, which is a high priority for many customers in deciding whether to buy online, since this assures him that the website’s operators undertake the responsibility to protect his data. This is what was asserted by the organisation’s view that customers’ concerns are about the reputation of the website, how well known it is, and how it scores on rating schemes, for example. It may be concluded that tangible and intangible security features are both important and both need to be considered by customers.
Issue 2: Security insurance in e-commerce websites and the profits returned (economic perspective)
In order to provide a secure channel for online payments, a commercial enterprise has to find an IT provider to integrate the Electronic Payment Gateway (EPG) with the website, which costs money and so reduces the company’s profits. One participant assessed this loss as being likely to exceed the profit generated, so that if the security insurance for a certain website involved more cost than the total profit that the company would make from providing the services on the website, then it would not be feasible to do business online. The participant stated that if a certain item is sold in a shop for 50 JD, the shopkeeper would expect a profit of 5-10% on the item, while if he wanted to sell the same item over the Internet then part of that profit would go to pay the EPG provider; and in some cases the whole profit might be needed. Thus, the expenditure on e-commerce security should be less than the profit returned by the company. This economic approach to security that has appeared here is also highlighted by another participant when he pointed out that “some websites in order to reduce expenditure do not get a security certificate from VeriSign, just to save $500.
Issue 3: Physical security as a requirement for e-commerce security
Physical security means that physical goods (not digitized products) should be delivered to the customer with a guarantee of certain conditions. These conditions include the time of delivery and the conditional state of the purchased items. As reported by some customers, their concerns are around whether the items will be delivered or not, and whether the item is the right one or not. Physical security here has a different meaning from physical security (accessibility to both the computers and servers, or safety from such equipment suffering damage, such as through a fire) stated by Kesh et al., (2002). The notion here is that the concept of security is expanded to encompass the safety of goods delivered to the customer. Logical security includes, for example, security of transmitted data between customer and merchant, such as credit card details, which are encrypted and guaranteed by a third party such as VeriSign. However, the argument in this issue is neither logical security nor physical security (Kesh et al., 2002) is fully sufficient, rather physical security, as defined earlier, is another aspect that should be ensured. Similarly, as there are third party institutions guaranteeing logical security (VeriSign provides security certificates), there is a need for third parties to guarantee physical security through a secure delivery company. Thus, the customer is able to check whether the website is guaranteed by a third party before they order any items; for example, a reference number can be used, or certificates provided, by reputable shipping company.
Issue 4: Security awareness, risk and time
Time is an important factor in customers’ awareness of security. This does not come suddenly but gradually, step by step, as indicated by those participants who suggested that it would take 3 to 5 years for e-commerce to become accepted as an ordinary purchasing phenomenon in Jordan, with customers feeling that it is secure. One customer indicated that such a perception comes with experience over time, not at once. The first difficulties that the new e-customer faces are how to deal with new technology, how to overcome the problem of the digital divide; then he can start dealing with promotional and service websites where he is required to provide data such as his name, address, telephone number and email address. At this point the customer begins to perceive some risks accompanying this activity, then when he starts to order products and pay by credit card or to engage in other online transactions, where the real risk becomes greater, his need to feel secure increases; so his perceptions change at each stage. Therefore, enhancing the customer’s perception of security involves a sequence of time, given that the customer does not understand the risk completely at once, but step by step, and as the volume of risk and the need for security awareness are differs at each stage.
Issue 5: E-government is a prerequisite for successful e-commerce
It is arguable that e-government is a phenomenon which increases the awareness of participation in e-commerce and not the reverse. In essence, this is a greater issue in countries new to e-commerce where e-commerce is still in its infancy and where every citizen who wishes to perform online certain traditional routine transactions such as paying bills or fees finds that there is no other way to do this than via the government’s website. If payment is by a national electronic payment gateway that is secure and similar to that provided by the e-government website, then it is easy and feasible for customers to buy online, at least from any national business website which enables payment via a method similar to that provided by the e-government portal, because they have already experienced the latter. One participant pointed out that not all customers/users are familiar with international electronic payment systems such as paypal or 2Checkout. Providing national EPG would also enable businesses to use it on their websites as an interface similar to that provided by the e-government portal, consequently enabling them to engage effectively in e-commerce, performing electronic transactions securely and at low cost. Therefore, the initial success of e-commerce in Jordan correlates with the initial success of e-government, both being accepted by customers and business with positive feelings concerning matters of security and trust on common EPG.
Issue 6: Actions toward the psychological aspects of security
There is a need to change the way that customers think and to reduce the effects on them of the psychological aspects of security. This can be achieved by raising consciousness among users of what they should understand about websites and of which security issues need to be checked and practised in order to reduce the feeling of fear; and by changing the misconceptions regarding the use of e-commerce. For example, the psychological feelings that affect the user as a result of the nature of e-commerce, related to anonymity and the absence of face-to-face interaction, can be reduced by the physical company in a number of ways. It can encourage its customers to buy online by offering discounts or vouchers and by telling them that the security of the website is insured, so that if a customer has a problem then he can make a claim, especially if he tries to buy something that he has already seen or touched in the company’s physical premises. This accords with the responses of some customers who said that if they want to buy online they prefer to deal with a nationally known Jordanian company which has a physical presence in the marketplace. So-called click-and-mortar websites, which conduct their business both online and offline, are deemed credible by such users.
Issue 7: Cooperative responsibility drives the effectiveness of e-commerce security
Cooperative responsibility, which emerges as a core issue in this research, means that the success of e-commerce in respect of security, involves the responsibility of different entities which are complementary to each other; not a single responsibility. For example, is where the organisation fulfils its responsibility to apply the best security technology and the customers are aware of security practices on e-commerce websites, but the organisation uses customers’ private data in an illegitimate way. In such a case, security is violated by the organisation, in failing to fulfil its responsibility to protect customer data. The support of the government in providing a secure EPG for national businesses is a complementary responsibility and supportive of the effectiveness of e-commerce security. The mutual cooperation by banks and Jordan Visa as financial institutions with other entities like EPG developers, facilitating the use of credit/debit cards for online payment, is another form of responsibility. Banks have a significant role in promoting the culture of using credit cards to shop online, and this role so far is still inactive in Jordan. For example, one participant pointed out that the bank officer warned him from using his credit card for online shopping. Therefore, there is a need to ensure the correct consciousness is in bank staff, in order to promote the culture of using credit cards and not frightening people in their use. Warnings from the banks, in the use of credit cards for online shopping, are aggravating the psychological state of security. In essence, the need for mutual responsibility is evident, where to establish e-commerce as a purchasing phenomenon at a national level involves the integration of the efforts of all parties.
Conclusion and Future research
Many prior researches have asserted that security is the main concern of both customers and businesses involved in e-commerce and a challenge to its success, particularly in Jordan. This study therefore investigated the current perceptions and viewpoints in respect of e-commerce security, seeking to identify the nature of security concerns from both of these perspectives. The research resulted a set of issues which provides organisations with insights that would guide them to the implementation of effective strategies to deal with the issues emerged and discussed in previous sections. This research concerns itself within the Jordanian context; a statement by a participant from an organisation, believes that the trust between a customer and merchant is as nonexistent as it is between a customer and the Arabic Governments. This raises the question: is the approach for trustable e-commerce culturally dependent? Is there a global solution that will work in all cultural contexts? As globalization is in huge growth, at current time, this is an issue worthy of exploration. The findings of this study were based on Jordan context and therefore it is not sure whether they are also similar elsewhere. Hence, a comparative study of two developing countries, where new and further insight might be expected to emerge and contribute to extending the body of knowledge.
Order Now