This article was downloaded by: [Akdeniz Universitesi]

On: 23 December 2014, At: 15:33

Publisher: Routledge
Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered
office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

Journal of Internet Commerce

Publication details, including instructions for authors and
subscription information:
http://www.tandfonline.com/loi/wico20

Security Perceptions of e-Commerce

Users
a a a b
Mark B. Schmidt , Jim Q. Chen , Dien D. Phan & Kirk P. Arnett
a
G. R. Herberger College of Business, St. Cloud State University ,
St. Cloud, Minnesota, USA
b
Mississippi State University , Mississippi State, Mississippi, USA
Published online: 11 Nov 2009.

To cite this article: Mark B. Schmidt , Jim Q. Chen , Dien D. Phan & Kirk P. Arnett (2009)
Security Perceptions of e-Commerce Users, Journal of Internet Commerce, 8:1-2, 44-57, DOI:
10.1080/15332860903341307

To link to this article: http://dx.doi.org/10.1080/15332860903341307

PLEASE SCROLL DOWN FOR ARTICLE

Taylor & Francis makes every effort to ensure the accuracy of all the information (the
“Content”) contained in the publications on our platform. However, Taylor & Francis,
our agents, and our licensors make no representations or warranties whatsoever as to
the accuracy, completeness, or suitability for any purpose of the Content. Any opinions
and views expressed in this publication are the opinions and views of the authors,
and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content
should not be relied upon and should be independently verified with primary sources
of information. Taylor and Francis shall not be liable for any losses, actions, claims,
proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or
howsoever caused arising directly or indirectly in connection with, in relation to or arising
out of the use of the Content.

This article may be used for research, teaching, and private study purposes. Any
substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,
systematic supply, or distribution in any form to anyone is expressly forbidden. Terms &
Conditions of access and use can be found at http://www.tandfonline.com/page/terms-
and-conditions
 Journal of Internet Commerce, 8:44–57, 2009
Copyright # Taylor & Francis Group, LLC
ISSN: 1533-2861 print=1553-287X online
DOI: 10.1080/15332860903341307

Security Perceptions of e-Commerce Users

MARK B. SCHMIDT, JIM Q. CHEN, and DIEN D. PHAN

G. R. Herberger College of Business, St. Cloud State University, St. Cloud, Minnesota, USA

KIRK P. ARNETT
Mississippi State University, Mississippi State, Mississippi, USA
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

In today’s computer security paradigm, e-commerce participants

are faced with many types of malware. Spyware and viruses are
two such examples that continue to threaten secure e-business.
Despite the best efforts of information security professionals to
lessen the frequency and impact of the infections, these infections
show no sign of abatement. Because typical users are vulnerable to
malware and security breaches, increasing education and aware-
ness is a necessary step in efforts to mitigate the malware threat.
However, prior to implementing an effective education program,
user behavior toward malware and the awareness levels must be
assessed. To this end, the efforts described herein are to assess both
familiarity and knowledge of respondents from two universities
relative to malware. Based on data from approximately 200
information technology (IT) users, it was found that there are
differences in security awareness and perceptions between light
and heavy e-commerce users.

KEYWORDS e-commerce, factor analysis, malware, security,

trust

INTRODUCTION

Many businesses are beginning to take computer security more seriously.

Specifically, they are becoming more concerned as the stakes become higher
and as notification laws have the potential to require companies to notify
consumers if their personal information is compromised. Indeed, computer
security professionals have made tremendous strides over the past 30 years

Address correspondence to Mark B. Schmidt, PhD, G. R. Herberger College of Business,

St. Cloud State University, St. Cloud, MN 56301, USA. E-mail: [email protected]

44
 Security Perceptions of e-Commerce Users 45

although malware problems remain evident. During the same period,

hackers, virus writers, and others with malicious intent have made similar
strides with their tools and techniques (Vaughn 2003).
In a major survey conducted in 2005 by Computer Security Institute and
the Federal Bureau of Investigation (www.gocsi.com), the respondents
reported that virus attacks continue to be the cause of the greatest financial
losses. Unauthorized access to information and theft of proprietary infor-
mation showed a significant increase in average loss per respondent, even
though the total dollar amount of financial losses resulting from security
breaches is decreasing. The survey also reveals that the percentage of
businesses reporting computer intrusions has continued its multiyear decline
because of the concern for negative publicity, cited as the key reason for not
reporting.
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

In a survey conducted by Forrester Research, almost two-thirds of

respondents reported that they opted not to buy products online due to
concerns about the security of their personal information (Portz et al.
2000). This presents a unique problem to businesses as, on the whole, the
compound annual growth rate of e-commerce in the United States in the last
five years is 25 percent (Mientka 2006), and in 2005 U.S. e-commerce sales
totaled $86.3 billion (Scheleur, King, and Shimberg 2006), an increase of
24.6 percent. These factors present a paradox as many users want the conve-
nience of purchasing on the Web but at the same time are reluctant to do so
due to security concerns. Some argue that the concerns are worsening as the
public becomes more aware of the information risks involved in Internet
shopping (Perez 2005).
Security concerns and trust are not the only factors that determine con-
sumers’ online purchasing decisions. Two influential theories have been
used to study consumers’ technology adoption: Theory of Planned Behavior
(TPB; Ajzen 1991) and Technology Acceptance Model (Davis 1989). TPB pre-
dicates on the theory that attitude, subjective norms, and perceived behavior
control determine the intention that leads to the behavior.
A consumer’s attitude captures his or her overall evaluation of engaging
in an e-commerce activity, which can be measured by trust, perceived use-
fulness, ease of purchasing, and so on. The subjective norm refers to a
person’s perception of how important others perceive the behavior to be.
The perceived behavior Control refers to the person’s degree of control over
resources and protection of private information as well as skills of conducting
the behavior (Pavlou and Fygenson 2006).
Studies on small business adoption of e-commerce strategy indicate that
ignorance or lack of understanding of technology and security issues could
contribute to the avoidance of e-commerce adoption (Fillis, Johansson,
and Wagner 2004; Ramsey and McCole 2005). Although much research has
been done in e-commerce adoption, there is little research focusing on
differing perceptions of e-commerce risk, awareness of malware, security
 46 M. B. Schmidt et al.

practices, and e-commerce trust between light and heavy Internet users. This
study investigates the differences in perceptions between light and heavy
Internet users in relation to 10 security constructs developed utilizing factor
analysis. An overview on e-commerce security threats, malware, and trust is
provided in the next two sections. Then the research methodology is dis-
cussed, followed by discussion of the study results. The article concludes
with a summary and suggestions for future research.

e-COMMERCE SECURITY THREATS AND MALWARE

According to Furnell and Karweni (1999), e-commerce security threats exist

at the user side, during transport of data, and at the merchant side. The user
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

side security includes physical access control, user authentication, and

authorization. Data transport security refers to data confidentiality and data
integrity. Data security at the merchant side includes secure storage of custo-
mer information and customer privacy protection.
As the computer technology advances, we are facing emerging new
security challenges such as malware and hackers with sophisticated hacking
techniques and tools. Malware poses serious threats at both the user and the
merchant sides. Hacking can occur during the data transport, on the client
machine, and on the merchant’s Web site.
There are several examples of programmed malware, including com-
puter viruses, spyware, Trojan horses, logic bombs, spam, and adware. These
programs can cause great harm and financial losses in today’s interconnected
system environment. A computer virus is a software unit that can multiply
and regenerate itself. When infected, data and programs stored on a compu-
ter can be damaged or altered.
Spyware secretly collects users’ personal information and sends it to its
owner or a third party such as advertisers. Both viruses and spyware can hide
behind useful programs or files, known as Trojan horses. When the user runs
the programs or opens the files, the viruses and spyware are installed and
activated on the user’s computer.
In addition to malware threats, phishing, unauthorized data access by
‘‘insiders,’’ and identity theft also pose serious security concerns for
e-commerce users. Phishing e-mails are sent out by hackers—posing as legit-
imate business with which the user has a business relationship, such as a
bank—to gather user IDs and passwords. Unhappy or ill-willed employees
can easily launch attacks from within the organization with legitimate access
privileges. It was estimated that 80 to 95 percent of the total number of secur-
ity breaches are from ‘‘inside attackers’’ (Bernstein et al. 1996), while other
less known, but equally as dangerous, malware such as rootkits (Johnston
et al. 2007) and even blended threats can facilitate total control of a system
by a hacker (Schmidt, Johnston, and Arnett 2006).
 Security Perceptions of e-Commerce Users 47

Trust
A successful e-commerce transaction is based on trust among the
participants. E-commerce security is the basis for building the trust.
According to Ratnasingam and Phan (2003) trust is the psychological trait
found in trading partners who are willing to pursue relationships and=or
interdependencies. Common factors that influence e-commerce trust include
trading partners’ financial status, reputation, competence, benevolence,
reliability, understandability, security in payment, business culture, consumer
protection, law and social sanctions, successes, and peer referrals.
Ratnasingam and Phan also classify trust based on three perspectives:
economic and organizational, technological, and behavioral.
From the economic and organizational perspectives, the three principal
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

forms of business trust are as follows:

1. Deterrence-based trust refers to trading parties relying on the threat of

punishment by social institutions to conduct exchanges.
2. Knowledge-based trust refers to the knowledge of other trading partners
that allows one trading partner to predict and understand the behavior of
the other trading partner.
3. Identification-based trust refers to empathy and common values of other
trading partners that causes one trading partner to trust and act as an agent
for the other.

From the technological perspective, trust relies on technical safeguards,

protective measures, and control mechanisms that aim to provide reliable
transactions with timely, accurate, and complete data transmission. Major
technological issues include authentication, authorization, privacy, auditing,
integrity, availability of resources, and nonrepudiation.
Finally, from the behavioral perspective, trust gradually develops from
one stage to another with competence trust first, leading to predictability
trust, and goodwill trust as the highest form of trust (Ratnasingam and Phan
2003).

1. Competence trust emphasizes reliance on trading partners’ soft capa-

bilities such as financial strength, skills, technical knowledge, honesty,
and ability to operate business-to-business e-commerce applications
correctly.
2. Predictability trust emphasizes belief in trading partners’ consistent beha-
viors that provide sufficient knowledge for other trading partners to make
predictions and judgments based on prior experiences.
3. Goodwill trust emphasizes reliance on trading partners’ care, concern,
honesty, and benevolence that allows trading partners to further invest
in their relationship.
 48 M. B. Schmidt et al.

METHODOLOGY

Observed from a very rudimentary level, all security threats fall into two
types: technical and nontechnical. In a technical attack, software and knowl-
edge are used to make attacks. These attacks include denial of services and
malicious code such as viruses, worms, Trojan horses, and spyware.
Non-technical attacks exploit the weaknesses in human behavior such as
trust, greed, and fear to gain access to computer systems using social
engineering methods used in phishing, e-mail messages with malicious
attachments, and Nigerian scams. Because the success of social engineering
depends on the vulnerable behaviors of the victims, in order to combat social
engineering Damle (2002) proposed education and training for users, poli-
cies and procedures, and penetration testing using white hat hackers.
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

Based on a survey instrument first used to gauge user familiarity with

viruses (Jones et al. 1993) and then spyware (Schmidt and Arnett 2005),
205 IT users in a university setting were asked to report their level of
familiarity with viruses, spyware, and other malware and their levels of
e-commerce use, as well as information related to other security issues.
The original survey was further refined to measure the users’ familiarity with
and usage levels of e-commerce. The survey utilized 6-point Likert scale
responses (1 ¼ Strongly Disagree, 3 ¼ Neutral, 6 ¼ Strongly Agree) to facilitate
self-reported measures of familiarity among respondents. Appendix A
presents the questions that were used to obtain the data for factor analysis.
Several additional items were included that were specific to characteristics
of the threats and served as the knowledge metric. These answers relative
to respondents’ use of e-commerce were used to differentiate between secur-
ity perceptions of light and heavy e-commerce users.

RESULTS

Respondents were asked 38 questions regarding security and trust issues in

e-commerce. In efforts to simplify data analysis and to reduce the probabil-
ity of type I error, factor analysis was used to reduce the number of items
for analysis. SPSS version 13.0 for Windows was employed to conduct a
factor analysis. The following procedures, as outlined by Garson (2005),
were used in the factor analysis. Bartlett’s Test of Sphericity indicated
highly significant results (4,067 with p < .000). The Kaiser-Meyer-Olkin
Measure of Sampling Adequacy was .815. Based on Kaiser’s work, a mea-
surement of .80 or above can be thought of as ‘‘meritorious’’ (Hair et al.
1998). Table 1 presents the factor loadings. Appendix B presents the total
variance explained.
As can be seen in Table 1, items with factor loadings above .5 form 10
factors with no significant cross loadings. In interpreting cross loadings there
 Security Perceptions of e-Commerce Users 49

TABLE 1 Rotated Component Matrixa

Component

1 2 3 4 5 6 7 8 9 10

V6 .071 .752 .003 .079 .095 .055 .163 .020 .192 .055
V7 .035 .856 .050 .046 .013 .097 .109 .004 .190 .006
V8 .010 .821 .026 .053 .009 .072 .089 .018 .134 .001
V9 .055 .870 .024 .064 .017 1.7E-005 .096 .065 .043 .050
V10 .064 .796 .023 .104 .009 .054 .054 .004 .098 .039
V11 .070 .731 .121 .078 .137 .037 .262 .004 .158 .024
V12 .048 .679 .078 .017 .040 .008 .264 .042 .262 .042
V13 .428 .114 .077 .001 .187 .089 .050 .230 .511 .309
V14 .272 .011 .081 .052 .056 .036 .151 .142 .761 .037
V15 .657 .049 .135 .092 .055 .003 .175 .393 .069 .069
V16 .846 .040 .010 .079 .107 .144 .062 .016 .011 .111
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

V17 .898 .029 .007 .026 .016 .140 .010 .053 .024 .067
V18 .826 .067 .035 .014 .184 .081 .048 .084 .115 .111
V19 .811 .003 .101 .026 .188 .097 .126 .018 .069 .044
V20 .705 .103 .061 .021 .187 .088 .071 .122 .072 .131
V21 .734 .075 .067 .062 .195 .069 .204 .008 .134 .021
V22 .724 .031 .020 .114 .139 .033 .198 .115 .059 .138
V23 .150 .050 .073 .095 .141 .740 .111 .120 .003 .064
V24 .180 .026 .051 .150 .097 .694 .001 .262 .036 .141
V25 .317 .088 .008 .065 .046 .568 .268 .211 .027 .081
V26 .143 .007 .083 .102 .141 .185 .707 .041 .277 .005
V27 .091 .024 .098 .028 .138 .004 .776 .112 .066 .024
V28 .040 .078 .024 .020 .074 .700 .090 .092 .121 .125
V29 .120 .086 .036 .068 .002 .001 .147 .759 .116 .016
V30 .232 .017 .106 .004 .194 .185 .048 .101 .078 .734
V31 .409 .005 .098 .010 .690 .079 .047 .075 .083 .103
V32 .331 .039 .030 .086 .780 .037 .236 .085 .119 .014
V33 .327 .014 .035 .062 .792 .069 .184 .134 .095 .026
V34 .070 .169 .381 .024 .131 .460 .125 .239 .026 .225
V35 .082 .131 .131 .024 .154 .178 .067 .276 .134 .619
V36 .049 .124 .126 .124 .418 .026 .028 .581 .124 .180
V37 .065 .008 .756 .063 .053 .002 .036 .052 .209 .050
V38 .017 .114 .786 .141 .042 .079 .118 .060 .108 .009
V39 .020 .002 .843 .021 .056 .066 .074 .077 .020 .034
V40 .029 .071 .779 .213 .018 .053 .083 .027 .171 .050
V41 .036 .049 .091 .910 .012 .070 .071 .083 .024 .004
V42 .041 .046 .090 .929 .050 .021 .034 .019 .074 .008
V43 .036 .065 .082 .945 .021 .045 .011 .056 .002 .012

Note. aRotation converged in 7 iterations. Extraction Method: Principal Component Analysis. Rotation
Method: Varimax with Kaiser Normalization.

are varying acceptable procedures. This study utilized the techniques as

presented in Dillon and Goldstein (1984) and Hair et al. (2006). Specifically,
‘‘Adopting the rule that at least 25 percent of a variable’s variance should be
accounted for by a factor,’’ (Dillon & Goldstein, p. 70) was considered. Addi-
tionally, Hair and colleagues suggest, ‘‘Although factor loadings of
.30 to

.40 are minimally acceptable, values greater than
.50 are generally
 50 M. B. Schmidt et al.

considered necessary for practical significance’’ (p. 129). The identified

constructs were termed risk awareness, e-commerce trust, malware detection
and removal, helpdesk responsibilities, virus awareness, password practices,
e-commerce practices, malware effect, phishing awareness, and virus trans-
mittal, respectively. After the factors were identified, SPSS was used to create
summated factor scores for each respondent.
With summated factor scores in place, the next step was to conduct an
analysis of light and heavy Internet users. For the purposes of this study,

TABLE 2 ANOVA

Sum of squares df Mean square F Sig.

Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

REGR factor score 1 for analysis 1

Between groups 7.835 1 7.835 8.181 .005
Within groups 192.505 201 .958
Total 200.340 202
REGR factor score 2 for analysis 1
Between groups .537 1 .537 .532 .467
Within groups 202.793 201 1.009
Total 203.330 202
REGR factor score 3 for analysis 1
Between groups .703 1 .703 .695 .405
Within groups 203.189 201 1.011
Total 203.892 202
REGR factor score 4 for analysis 1
Between groups .057 1 .057 .056 .813
Within groups 203.901 201 1.014
Total 203.958 202
REGR factor score 5 for analysis 1
Between groups 3.225 1 3.225 3.246 .073
Within groups 199.704 201 .994
Total 202.929 202
REGR factor score 6 for analysis 1
Between groups 7.200 1 7.200 7.357 .007
Within groups 196.730 201 .979
Total 203.931 202
REGR factor score 7 for analysis 1
Between groups .090 1 .090 .090 .765
Within groups 201.844 201 1.004
Total 201.934 202
REGR factor score 8 for analysis 1
Between groups 6.754 1 6.754 6.883 .009
Within groups 197.241 201 .981
Total 203.995 202
REGR factor score 9 for analysis l
Between groups 5.937 1 5.937 6.037 .015
Within groups 197.676 201 .983
Total 203.613 202
REGR factor score 10 for analysis 1
Between groups 3.984 1 3.984 4.059 .045
Within groups 197.300 201 .982
Total 201.284 202
 Security Perceptions of e-Commerce Users 51

TABLE 3 Hypotheses

Hypothesis Result

H1: Light and heavy Internet users will have differing perceptions Supported
of risk awareness.
H2: Light and heavy Internet users will have differing perceptions Not supported
of e-commerce trust.
H3: Light and heavy Internet users will have differing perceptions Not supported
of malware detection and removal.
H4: Light and heavy Internet users will have differing perceptions Not supported
of helpdesk responsibilities.
H5: Light and heavy Internet users will have differing perceptions Not supported
of virus awareness.
H6: Light and heavy Internet users will have differing perceptions Supported
of password practices.
H7: Light and heavy Internet users will have differing perceptions Not supported
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

of e-commerce practices.
H8: Light and heavy Internet users will have differing perceptions Supported
of malware effect.
H9: Light and heavy Internet users will have differing perceptions Supported
of phishing awareness.
H10: Light and heavy Internet users will have differing perceptions Supported
of virus transmittal.

a light user is defined as a user who on average uses less than 15 hours per
week; a heavy user uses the Internet more than 15 hours per week. In total
there were 127 light and 76 heavy Internet users. It is hypothesized that
heavy and light users will have differing perspectives in regard to the 10 iden-
tified constructs. Table 2 presents the ANOVA comparisons that provide the
statistical evidence to support 5 of the 10 hypotheses. A summary of the
hypotheses can be seen in Table 3.

TABLE 4 Means

Risk e-Commerce Malware detection Helpdesk Virus

Level of use awareness trust and removal responsibilities awareness

Light
Mean .1469640 .0420976 .0437527 .0118603 .1000432
n 127 127 127 127 127
Std. Deviation 0.93274350 1.04508374 1.02130467 0.96928146 1.08193922
Heavy
Mean .2589853 .0641275 .0778098 .0226887 .99822521
n 76 76 76 76 76
Std. Deviation 1.05124394 0.93220799 0.97818471 1.06785439 0.83434369
Total
Mean .0050170 .0023286 .0017584 .0010743 .0025431
N 203 203 203 203 203
Std. Deviation 0.99588341 1.00328567 1.00467222 1.00483498 1.00229713
 52 M. B. Schmidt et al.

TABLE 5 Means

Password e-Commerce Malware Phishing Virus

Level of use practices practices effect awareness transmittal

Light
Mean .1453013 .0098513 .1409652 .1307163 .0995452
n 127 127 127 127 127
Std. Deviation 0.97362844 0.95374498 0.80481377 0.96725813 1.03289200
Heavy
Mean .2438461 .0336741 .2359235 .2226409 .1899211
n 76 76 76 76 76
Std. Deviation 1.01514128 1.07846089 1.24165284 1.03145358 0.91560210
Total
Mean .0003894 .0064439 .0001360 .0015751 .0088264
N 203 203 203 203 203
Std. Deviation 1.00476750 0.99983720 1.00492548 1.00398493 0.99822521
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

It is interesting to note the direction of the differences between light and

heavy Internet users. Tables 4 and 5 present the means for each of the 10
factor scores for both light and heavy Internet users.
Significant differences between light and heavy users were found in the
constructs of risk awareness, password practices, malware effect, phishing
awareness, and virus transmittal. In terms of risk awareness, heavy users
appear to be more informed. This would appear to be intuitive, perhaps
based on the fact that heavy users are online more and, as such, they might
be more familiar with the various risks posed by malware.
Counter to what might be expected, light users score higher in terms of
password practices. Although speculative, a reason might be that light users
are in general more cautious with systems and sites that require passwords.
In regard to malware effect, heavy users score higher. This is expected as
heavy users are likely more aware of the effects and ramifications of
malware. Another construct where differences were found was phishing
awareness. Again, heavy users scored higher in this construct. It is not sur-
prising that heavy users would be more aware of phishing than light users.
The last significant difference was found in the area of virus transmittal.
Heavy users appear to have better practices in terms of updating their
antivirus software. Updating antivirus software might be more important to
heavy users as they are, by the simple nature of their heavy use, exposed
to a higher probability of virus exposure.

CONCLUSIONS AND FUTURE RESEARCH

Two hundred and five users were surveyed in regard to their e-commerce
use and security perceptions. Factor analysis reveals that data from the res-
pondents form 10 factors. Further analysis reveals that there are differences
 Security Perceptions of e-Commerce Users 53

in perceptions between light and heavy e-commerce users. Future research

is needed to further utilize this questionnaire in more specific areas of
e-commerce and computer security research. Specifically, this research could
be continued in the context of adopters and nonadopters with regard to the
wireless security paradigm and with mobile commerce.

REFERENCES

Ajzen, I. 1991. The theory of planned behavior. Organizational Behavior & Human
Decision Processes 50:179–211.
Bernstein, T., A. Bhimani, E. Schultz, and C. Siegel. 1996. Internet security for
business. New York: Wiley.
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

Damle, P. 2002. Social engineering: A tip of the iceberg. http://www.isaca.org/Template.

cfm?Section=Home&CONTENTID=17032&TEMPLATE=/ContentManagement/
ContentDisplay.cfm (accessed July 25, 2009).
Davis, F. D. 1989. Perceived usefulness, perceived ease of use and user acceptance
of information technology. MIS Quarterly 13 (3): 319–340.
Dillon, W. R., and M. Goldstein. 1984. Multivariate analysis. New York: Wiley.
Fillis, I., U. Johansson, and B. Wagner. 2004. A qualitative investigation of smaller
firm e-business development. Journal of Small Business and Enterprise
Development 11 (3): 349–361.
Furnell, S. M., and T. Karweni. 1999. Security implications of electronic commerce: A
survey of consumers and businesses. Internet Research: Electronic Networking
Applications and Policy 9 (5): 372–382.
Garson, G. D. 2005. Factor analysis [electronic version]. http://www2.chass.
ncsu.edu/garson/pa765/garson.htm (accessed November 11, 2005).
Hair, J. H., Jr., R. E. Anderson, R. L. Tatham, and W. C. Black. 1998. Multivariate data
analysis. 5th ed. Upper Saddle River, NJ: Prentice Hall.
Hair, J. H., Jr., W. C. Black, B. J. Babin, R. E. Anderson, and R. L. Tatham. 2006.
Multivariate data analysis. 6th ed. Upper Saddle River, NJ: Prentice Hall.
Johnston, A. C., M. B. Schmidt, K. P. Arnett, and J. Thomas. 2007. Getting to the root
of the problem. Journal of Internet Commerce 6:1–12.
Jones, M. C., K. P. Arnett, J. T. E. Tang, and N. S. Chen. 1993. Perceptions of
computer viruses: A cross-cultural assessment. Computers and Security
12:191–197.
Mientka, M. 2006. Behavioral biometrics to improve e-commerce security. AFP
Exchange, January=February.
Pavlou, P. A., and M. Fygenson. 2006. Understanding and predicting electronic
commerce adoption: An extension of the theory of planned behavior. MIS
Quarterly 30 (1): 115–143.
Perez, J. C. 2005. Gartner: Security concerns to stunt e-commerce growth. Computer-
World, June 24.
Portz, K., J. M. Strong, B. Busta, and K. Schneider. 2000. Do consumers understand
what WebTrust means? CPA Journal 70 (10): 47.
Ramsey, E., and P. McCole. 2005. E-business in professional SMEs: The case of New
Zealand. Journal of Small Business and Enterprise Development 12 (4): 528–545.
 54 M. B. Schmidt et al.

Ratnasingam, P., and D. Phan. Summer 2003. Inter-organizational trust in B2B

e-commerce participation: A case study at Cisco New Zealand. Information
Systems Management 20 (3): 39–50.
Scheleur, S., C. King, and M. Shimberg. 2006. Quarterly retail e-commerce sales 4th
quarter 2005, U.S. Census Bureau, The U.S. Census Bureau News (E-Commerce
Sales), No. 2172006.
Schmidt, M. B., and K. P. Arnett. 2005. Spyware: A little knowledge is a wonderful
thing. Communications of the ACM 48 (8): 67–70.
Schmidt, M. B., A. C. Johnston, and K. P. Arnett. 2006. An empirical investigation of
rootkit awareness. Business Research Yearbook 13:153–158.
Vaughn, R. B. 2003. Advances in the provision of system and software security—
Thirty years of progress. Vol. 58, Advances in Computers, ed. Marvin V. Zelkowtiz,
287–340. San Diego, CA: Elsevier.
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

APPENDIX A Survey Questions that Yielded the Data Used in Factor Analysis (Please mark
the response that best reflects your beliefs with respect to e-commerce security between 1 and
6 ( ¼ strongly disagree ¼ strongly agree).

Strongly Strongly
disagree Neutral agree

1 I generally trust e-commerce sites.

2 The Internet has enough safeguards to
make me feel comfortable engaging in
e-commerce.
3 I feel assured that legal structures
adequately protect me from problems
when engaging in e-commerce activities.
4 I feel assured that technological structures
adequately protect me from problems
when engaging in e-commerce activities.
5 In general, the Internet is a safe
environment for e-commerce activities.
6 I think companies that provide online
services have sufficient expertise in
computer security to protect customer
personal information.
7 I think online businesses are serious about
their privacy policy.
8 I am aware of online phishing.
9 I often receive phishing e-mails.
10 I am aware of the risk of identity theft.
11 I am aware of the risk of data theft during
network transmission.
12 I am aware of the risk of hacking on
e-commerce Web sites.
13 I am aware of the risk of fraudulent online
companies.
14 I am aware of the risk of unauthorized data
access inside the companies.
15 I am aware of spyware that may steal my
personal data.

(Continued )
 Security Perceptions of e-Commerce Users 55

APPENDIX A Continued

Strongly Strongly
disagree Neutral agree

16 I am aware of the risk of spamming

resulting from my online transactions.
17 I am aware of the risk of viruses.
18 I change my password after a reasonable
period of time such as every six months.
19 My passwords are pretty difficult for a
hacker to crack.
20 I am careful when I provide personal data.
21 I only shop on well-known e-commerce
sites.
22 I seldom shop on little known Web sites.
23 I read privacy policy before I provide my
Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

personal information.
24 I trade my personal data for free stuff
online.
25 I frequently update my antivirus software.
26 Computer viruses and other malware can
be obtained by sharing disks.
27 Computer viruses and other malware can
be obtained by e-mail.
28 Computer viruses and other malware can
be obtained via the Internet.
29 Damage to computer systems from virus
and other malware is irreversible.
30 Viruses and other malware are typically
transmitted by accident.
31 Damage to computer systems from virus
and other malware has a minimal effect
on the workplace.
32 Viruses are difficult to detect.
33 Viruses are difficult to remove.
34 Spyware is difficult to detect.
35 Spyware is difficult to remove.
36 Computer staff such as the helpdesk should
be responsible for the detection of viruses
and other malware.
37 Computer staff such as the helpdesk should
be responsible for the removal of viruses
and other malware.
38 Computer staff such as the helpdesk should
be responsible for the detection and
removal of viruses and other malware.
 Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

APPENDIX B Total Variance Explained

Initial eigenvalues Extraction sums of squared loadings Rotation sums of squared loadings

Component Total % of Variance Cumulative % Total % of Variance Cumulative % Total % of Variance Cumulative %

1 7.411 19.504 19.504 7.411 19.504 19.504 5.794 15.247 15.247

56
2 4.858 12.785 32.289 4.858 12.785 32.289 4.512 11.875 27.122
3 3.118 8.206 40.495 3.118 8.206 40.495 2.832 7.454 34.575
4 2.358 6.206 46.701 2.358 6.206 46.701 2.801 7.372 41.948
5 2.019 5.313 52.014 2.019 5.313 52.014 2.297 6.044 47.991
6 1.794 4.721 56.735 1.794 4.721 56.735 2.288 6.020 54.011
7 1.520 4.001 60.736 1.520 4.001 60.736 1.727 4.544 58.556
8 1.213 3.192 63.928 1.213 3.192 63.928 1.534 4.036 62.592
9 1.084 2.852 66.780 1.084 2.852 66.780 1.360 3.578 66.170
10 1.017 2.675 69.455 1.017 2.675 69.455 1.248 3.285 69.455
11 .934 2.458 71.912
12 .875 2.303 74.216
13 .772 2.032 76.247
14 .738 1.943 78.191
15 .704 1.852 80.042
16 .639 1.682 81.725
17 .581 1.530 83.254
18 .549 1.446 84.700
19 .518 1.364 86.064
 Downloaded by [Akdeniz Universitesi] at 15:33 23 December 2014

20 .476 1.253 87.318

21 .458 1.205 88.523
22 .442 1.164 89.687
23 .405 1.067 90.754
24 .399 1.050 91.803
25 .374 .984 92.787
26 .348 .915 93.702
27 .312 .821 94.524
28 .304 .799 95.323
29 .285 .749 96.072
30 .259 .681 96.753
31 .192 .505 97.258
32 .190 .499 97.757
33 .182 .479 98.237
34 .178 .469 98.705
35 .160 .420 99.125
36 .127 .335 99.460
37 .117 .309 99.768

57
38 .088 .232 100.000

Note. Extraction Method: Principal Component Analysis.