Available online at www.sciencedirect.

com
Int. J. Human-Computer Studies 70 (2012) 364376
When do online shoppers appreciate security enhancement efforts?
Effects of nancial risk and security level on evaluations of
customer authentication
Jong-Eun Roselyn Lee
a,n
, Shailendra Rao
b
, Clifford Nass
c
, Karin Forssell
d
, Jae Min John
e
a
Department of Communication, Hope College, 257 Columbia Ave, Holland, MI 49423, USA
b
Motorola Mobility, Sunnyvale, CA 94089, USA
c
Department of Communication, Stanford University, Stanford, CA 94305, USA
d
School of Education, Stanford University, Stanford, CA 94305, USA
e
Oracle Corp., 500 Oracle Pkwy, Redwood City, CA 94065, USA
Received 15 November 2009; received in revised form 18 November 2011; accepted 16 December 2011
Communicated by A. Cockburn
Available online 20 January 2012
Abstract
As the popularity of online shopping grows, concerns about identity theft and fraud are increasing. While stronger customer
authentication procedures may provide greater protection and thus benet customers and retailers, security is often traded off against
convenience. To provide insight into this security-convenience trade-off in customer authentication, we experimentally investigated how
levels of authentication security and nancial risk factors affect perception and evaluation of authentication systems in two contexts:
security questions (Experiment 1) and card security codes (Experiment 2). Experiment 1, which examined the effects of security level and
product price as a nancial risk factor, showed that authentication procedures based on higher-level security tended to be perceived as
signicantly less convenient and more frustrating. Interestingly, participants rated the higher-level security system (i.e., asking more
demanding challenge questions) as less convenient and more frustrating when the amount involved in the transactions was higher.
Experiment 2, which introduced consumer liability for fraudulent activities as an additional nancial risk factor, showed that
participants gave more positive ratings of the higher-level security system under full liability than under zero liability. Taken together,
the present research suggests that patterns of security-convenience trade-offs reecting consumers perception and appreciation of
authentication technologies may vary depending on the characteristics of nancial risk factors involved in the transaction process.
& 2011 Elsevier Ltd. All rights reserved.
Keywords: Online shopping; Electronic commerce; Online security; Authentication; Securityconvenience trade-off
1. Introduction
Online shopping spaces are becoming increasingly attractive
to consumers, offering numerous conveniences including 24/7
availability (Hofacker, 2001), time-saving benets (Childers
et al., 2001), and increased product and price research capa-
bilities (Jefferson, 2006). The conveniences of online shopping,
however, are accompanied by security threats such as identity
theft and fraud (Leggatt, 2009). According to the Pew Internet
& American Life Project Report on online shopping
(Horrigan, 2008), while 78% of Internet users agree that
online shopping is convenient for them, 75% of Internet users
also expressed high levels of discomfort about disclosing
personal information or payment card information online.
Research on consumer behavior has demonstrated that
purchase behaviors are largely determined by the trade-
offs between what one gives up and what one gains from it
(Dodds et al., 1991; Yadav and Monroe, 1993). In online
shopping, such trade-offs tend to occur between security
and convenience, as can be witnessed in password access
www.elsevier.com/locate/ijhcs
1071-5819/$ - see front matter & 2011 Elsevier Ltd. All rights reserved.
doi:10.1016/j.ijhcs.2011.12.002
n
Corresponding author. Tel.: 1 616 395 7361; fax: 1 616 395 7937.
E-mail addresses: jroselyn@stanfordalumni.org (J.-E.R. Lee),
shailo@stanford.edu (S. Rao), nass@stanford.edu (C. Nass),
forssell@stanford.edu (K. Forssell),
jaemin.john@oracle.com (J.M. John).
systems. For instance, one way to prevent an unauthorized
individual from easily guessing or cracking a password
would be to make the password itself more complicated by
requiring users to create a long password (Keith et al.,
2007), use system-generated passwords (Adams and Sasse,
1999), or combine numbers or special characters with
letters (Nowak et al., 2009). While these measures allow
the password system to offer stronger protection against
unauthorized access, users frequently nd such passwords
difcult to remember and inconvenient to use (Nowak
et al., 2009).
The dilemma caused by security-convenience trade-offs in
online shopping can be even more acute when it comes to
customer authentication. To minimize losses for customers
and for themselves, many online retailers employ measures
for authenticating customer identity. These measures are
designed to verify that the person making the purchase is
an authorized user of the payment method (Cline, 2004).
However, authentication procedures that make the payment
process complicated and demanding for stronger fraud
protection may hinder users from fully enjoying the conve-
nience of online shopping (Bhatnagar and Ghose, 2004).
Hence, increasing levels of security in customer authentica-
tion may lead consumers to form a negative perception of the
online shopping interface (Odekerken-Schroder and Wetzels,
2003) and may potentially lower their willingness to make
purchases.
The present research aims to provide insight into the
security-convenience trade-offs concerning customer authen-
tication procedures in online shopping. In particular, we test
possible moderation by factors associated with nancial risk,
investigating whether and how the effects of security levels
instantiated by authentication technologies on consumers
evaluation of the systems would depend upon perceived
nancial risk. In so doing, we examine two different types of
authentication procedures: challenge questions (Experiment
1) and card verication codes (Experiment 2).
2. Customer authentication as a humancomputer
interaction process
Although it may not always seem obvious to consumers,
online customer authentication procedures are based on
communication and collaboration between human users
and computer technology underlying the authentication
system. However simple or sophisticated, the process can
be broken down into the following ve key steps: (1) some
information (e.g., answers to security questions, personal
identication codes, or credit card verication codes) is
shared between the authentication system and the customer
(Szabo , 2003); (2) when performing a transaction, the
customer is asked by the system to provide the information
to complete the purchase; (3) the customer responds to the
systems request by providing the solicited information; (4)
the system veries the information provided by the customer;
and nally, (5) when the verication is complete, the
customer nalizes the transaction. In the process of customer
authentication, unless both partiesthe customer and the
authentication systemcollaborate with each other, the
transaction cannot be completed successfully. Hence, authen-
tication processes may be viewed as an important form of
humancomputer collaboration.
Authentication procedures demand varying degrees of
user effort and inconveniences. Some authentication proce-
dures are relatively simple and thus require minimal effort
on the consumers end, while other procedures involve more
complicated and demanding processes, which customers
might nd burdensome. The latter procedures, intended
for higher security levels of anti-fraud protection, may be
benecial to consumers. The problem, however, is that such
high-level security procedures may not always be appre-
ciated by consumers because the potential benet to be
gained from higher levels of security can be overshadowed
by the lack of convenience. Research has demonstrated
that customers are far from being willing to trade usability
and convenience for perceived increases in security when it
comes to authentication (Weir et al., 2009).
Under what conditions would consumers show more
negative reaction to, or show greater appreciation of, more
demanding authentication procedures oriented toward
high-level security and protection? Research conducted on
development of novel authentication procedures has been
illuminating (e.g., De Angeli et al., 2005; Kuber and Yu,
2010), but relatively little research has identied factors that
shape the security-convenience trade-offs in online custo-
mer authentication. As an initial effort, we propose to
examine factors associated with nancial risk, which play a
key role in consumers decision-making in the context of
online shopping (Liebermann and Stashevsky, 2002).
3. The role of nancial risk
Financial risk, dened as ones subjective beliefs about
suffering a monetary loss while pursuing an outcome one
desires (Forsythe and Shi, 2003; Ko et al., 2004; Pavlou,
2003), is considered one of the key elements of perceived
risk in electronic commerce (Tan, 1999). Research has
shown that perceived nancial risk is negatively associated
with consumers intention to engage in online shopping
(Kim, 2007; Pavlou, 2003), and this tendency has been
found among both novice and experienced consumers
(Liang and Jin-Shiang, 1998), particularly when it comes
to perceived nancial risk that can potentially result in
monetary losses (Keating et al., 2009; Ko et al., 2004;
Liebermann and Stashevsky, 2002).
In the context of Internet-based commercial transactions,
nancial risk entails possibilities that ones payment informa-
tion may be used fraudulently by another (Forsythe and Shi,
2003). Given that authentication systems with higher levels of
security tend to be more complicated and are thereby more
demanding (or require greater effort) on the consumers^ end,
the extent to which consumers appreciate (and in turn
willingly collaborate with) a complicated and demanding
authentication system may depend on the extent to which
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 365
they perceive the system to have the potential for relieving
such risk (Tan, 1999). Hence, we propose to examine whether
consumers evaluation of the levels of security imposed by
authentication systems would depend on nancial risk factors
involved in online transactions. Specically, we test whether
perceived nancial risk, which may motivate consumers to
protect themselves against a potential loss, will lead consu-
mers to perceive the higher levels of security protection
provided by authentication systems to be an effective risk
reliever (Roselius, 1971; Tan, 1999) and thereby show greater
appreciation of the security-enhancing efforts.
4. Experiment 1
Customer authentication with high-level security for pre-
venting fraudulent activities in the context of online shopping
often translates into requiring consumers to go through
seemingly cumbersome identity checks, resulting in a slower
and seemingly less efcient shopping experience. This is
particularly true for authentication procedures based on
challenge questions. In this experiment, we performed an
exploratory investigation regarding how the security levels of
authentication systems based on challenge questions affect
consumers perception of the systems and whether perceived
nancial risk factor would moderate the effects. One key
element of nancial risk in the context of online shopping is
product price (Grewal et al., 1994): one may experience a
greater sense of perceived nancial risk when attempting to
purchase expensive goods than when purchasing low-priced
items. Considering this, we introduced product price as a
perceived nancial risk factor in the present experiment.
4.1. Design and participants
We conducted a web-based experiment based on a 3
(Security level: 1-Click vs. What You Know vs. What You
Have) 2(Price Level: Low vs. High) within-participants
design. Participants were asked to make simulated
purchasesone item from each of 12 anonymous retailers
(i.e., no company names or logos were displayed). A total of
21 undergraduate students (10 female, 11 male, M
age
21.58,
SD
age
1.84) attending a university in the United States were
recruited. These students, enrolled in a Communication
course, received course credit for their participation.
4.2. Manipulations
Security level. For the simulated online shopping, partici-
pants had to use one of three types of procedures: 1-Click,
What You Know, and What You Have. The 1-Click
procedure was the least secure but the most convenient
procedure. To make the purchase with this security proce-
dure, participants simply clicked on Buy now with 1-Click.
This procedure was modeled after the 1-Click purcha-
sing option found on online retailers such as Amazon.com,
which is intended to streamline the purchasing process for
customers.
The What You Know authentication procedure presented
a set of two challenge questions that required participants
to provide information they could easily recall from memory
(e.g., participants middle name, current city/state/zip code).
This security procedure is similar to common challenge-
response questions in which personal information is pro-
vided by a user at one point in time and the information is
later requested by the website for identity verication
(Szabo , 2003).
The What You Have authentication procedure was con-
ceived as the most demanding challenge-question procedure
that provides maximum protection for customers. This
procedure presented a set of two challenge questions that
required participants to physically look up the requested
information on their payment card when answering the
questions (e.g., the last six digits of the customer service
telephone number; the 20th word of card property
statement).
Price level. The price levels of the items used for the
simulated online shopping were set to be appropriate for
college students budgets in the United States. Low-priced
items fell in the range of $15 to $35 (toss pillow and throw
set, lamp, coat rack, bud vase, trash can, and towel set).
High-priced items ranged from $135 to $165 (tree oor
lamp, stair cubby bookcase, full mattress, wall mirror,
food processor, and cutlery set).
4.3. Procedure
An invitation was sent via class e-mailing lists and directed
participants to the experiment website. Participants were
allowed to participate in the experiment at their convenience,
but were required to complete the task in one sitting.
Upon providing consent, participants read a cover story
that they would be purchasing 12 items to furnish a new
apartment. These items consisted of two items representing
each of the six combinations of the security (with 3 levels)
and price (with 2 levels) variables. The cover story informed
participants that each of the retailers used their own unique
security procedures for customer authentication and already
had customers personal and payment-related information
on le. After reading the cover story, participants were
presented with the 12 items for purchasing, one item at a
time. On the online shopping page, the product name,
image, brief description, and price information were pre-
sented (see Fig. 1 for a sample screen shot of the experiment
interface). After each transaction, participants responded to
a questionnaire concerning the simulated purchase process.
The questionnaire contained the dependent measures and a
manipulation check item.
4.4. Measures
All of the measurement items were assessed on 10-point
Likert scales. For assessing participants evaluations of the
authentication procedures, we measured perceived conveni-
ence of and frustration with the authentication procedures
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 366
using self-report measures. Perceived convenience was mea-
sured with the question, How would you rate the conve-
nience of this purchase process for this product? (Very
inconvenient 1 to Very convenient10). Frustration
was measured with the question, How frustrating was the
security process? (Not at all frustrating 1 to Very
frustrating 10).
4.5. Manipulation check
We checked the security level manipulation by asking
participants to rate perceived ease of fraud for each simulated
purchase on a 10-point scale (Very difcult1 to Very
easy 10). A repeated-measures ANOVA revealed a sig-
nicant main effect of Security Procedure, F(1, 20)15.48,
p.001. A post hoc test based on Bonferroni corrections
showed that the What-You-Have (M6.29, SE0.50)
procedure, being rated as the least vulnerable, was perceived
to instantiate the highest level of security, which was followed
by the What-You-Know (M7.69, SE0.40) procedure; the
1-Click procedure (M8.51, SE0.43), rated as the most
vulnerable to fraud, was perceived to offer the lowest-level
of security (all pso.01). These patterns conrmed that our
manipulation of security level was successful.
4.6. Results
We conducted 3 (Security) 2 (Price) repeated-measures
ANOVAs. A summary of the ANOVA results are pre-
sented in Table 1.
Perceived convenience. The main effect for price was
signicant, F(1, 20)19.08, po.001. Participants perceived
the authentication procedures more convenient for low-
priced items (M7.60, SE0.27) than for high-priced items
(M6.88, SE0.29). The main effect for security level was
also signicant, F(2, 40)71.87, po.001. Using Bonferroni
corrections to adjust for an inated probability of a Type I
error, we found that the What-You-Have procedure
Fig. 1. A screenshot of the Experiment 1 Online Shopping Interface.
Table 1
Summary table of Experiment 1 ANOVA results.
Convenience Frustration
Source df SS MS F p Source df SS MS F P
P 1 16.07 16.07 19.08 .001 P 1 6.68 6.68 6.51 .02
Error (P) 20 16.85 .84 Error (P) 20 20.49 1.03
S 2 502.37 251.19 71.87 .001 S 2 358.30 179.15 50.63 .001
Error (S) 40 139.80 3.50 Error (S) 40 141.53 3.54
PS 2 12.37 6.82 4.31 .02 PS 2 12.59 6.29 3.92 .03
Error (PS) 40 57.46 1.44 Error (P S) 40 64.25 1.61
Note: P (price, within); S (security, within). Signicant p-values ( o.05) are highlighted in bold.
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 367
(M4.46, SE0.36) was rated as signicantly less conve-
nient (po.001) than the 1-Click (M9.08, SE0.33) and
the What-You-Know procedure (M8.17, SE0.36), both
pso.001. More importantly, the security price interaction
effect was signicant, F(2, 40)4.31, po.05. To decompose
the interaction effects, we performed post hoc tests based on
Bonferroni corrections (Table 2). When the mean differences
were examined by price level, the patterns were identical for
both high- and low-priced items: 1-Click was rated as the
most convenient, followed by What-You-Know; What-You-
Have was rated as the least convenient. Somewhat surpris-
ingly, when we examined the mean differences by security
level, the signicant mean difference between high vs. low
price was found only for the highest-security level authentica-
tion: participants gave signicantly lower ratings on conve-
nience when they made high-priced transactions than when
they made low-priced transactions while using the What-
You-Have authentication.
Frustration. The main effect for price was signicant,
F(1, 20)6.51, po.05. Participants reported greater frustra-
tion when purchasing high-priced items (M3.53, SE0.20)
than low-priced items (M3.07, SE0.22). The main effect
for security level was signicant, F(2, 40)50.63, po.001.
Post hoc tests based on Bonferroni corrections indicated that
participants felt more frustrated when using the What-You-
Have procedure (M5.64, SE0.37) than the What-You-
Know (M2.52, SE0.29) and the 1-Click (M1.74,
SE0.24) procedures, both pso.001. In addition, the
interaction effect for security by price was signicant, F(2,
40)3.92, po.05. Applying Bonferroni corrections, we
conducted a series of post hoc tests to decompose the
interaction effects (Table 3). For the low-priced transactions,
we found that the What-You-Have procedure was rated as
most frustrating and the 1-Click procedure was rated as least
frustrating; all of the mean differences were statistically
signicant. On the other hand, the high-priced transactions
showed a slightly different pattern: whereas the What-You-
Have procedure was rated as signicantly more frustrating
than the 1-Click and the What-You-Know procedures, the 1-
Click and the What-You-Know procedures did not signi-
cantly differ on the frustration ratings. Interestingly, when
the mean differences were probed by security level, the results
were parallel to the results on the convenience ratings: the
only signicant mean difference between low vs. high price
levels emerged for the authentication with the highest security
level (What-You-Have), with participants reporting greater
frustration when they made high-priced transactions than
when they purchased low-priced items.
5. Discussion
Overall, the present experiment, revealing a pattern of
security-convenience trade-offs, showed that participants
found the most demanding procedure (i.e., the What-You-
Have challenge questions) less convenient and more frus-
trating. Interestingly, the results also indicated that price
level, which we introduced as a factor of perceived nancial
risk, moderated the effects of security level on consumers
evaluation of the authentication systems. In particular,
participants rated the high-level security authentication
procedure less convenient and more frustrating when
purchasing high-priced items than when purchasing low-
priced items during the simulated online shopping session.
This nding may seem somewhat counterintuitiveone
might expect that the authentication system with the highest
level of security (thus more demanding and inconvenient on
the consumers end) would be more tolerable for higher-
priced goods than for lower-priced goods. A possible
explanation for this pattern of user responses is that product
price could have affected consumers expectation about the
quality of the service they deserve. Research on the
relationship between price and quality has demonstrated
that consumers often attribute higher quality to products
that are priced higher, particularly when other cues of
product quality are absent (Lambert, 1981; Olson, 1977).
It is likely that participants attribution of higher quality to
high-priced goods could have translated into their expecta-
tion of better service, including a less onerous purchase
process. Hence, the What-You-Have procedure, which
required the participants to expend the extra efforts of
retrieving the requested information for authentication (i.e.,
physically looking up the requested information), might
have induced even more negative reaction in participants
when they were purchasing the high-priced goods. This
nding suggests that the risk-relieving effort made by
authentication systems with a higher security level may be
perceived by consumers more as a burden than a benet,
particularly when they are purchasing expensive goods.
Although the ndings were intriguing, Experiment 1 had
several limitations. First, particularly in the context of simu-
lated online shopping employed in the experiment, nancial
risk associated with product price might have been more
Table 3
Effects of security level and price level on frustration ratings: Post Hoc
Results.
1-Click What You Know What You Have
Price low 1.64(.19)
a
2.60(.37)
b
4.98(.34)
c
Price high 1.83(.33)
a
2.45(.29)
a
6.31(.52)
d
Note: standard errors are presented in the parentheses. Different super-
script letters are used to denote signicant mean differences as determined
by post hoc tests based on Bonferroni corrections, all pso.05.
Table 2
Effects of security level and price level on convenience ratings: Post Hoc
Results.
1-Click What You Know What You Have
Price low 9.26(.29)
a
8.26(.41)
b
5.26(.36)
c
Price high 8.91(.41)
a
8.07(.37)
b
3.67(.50)
d
Note: standard errors are presented in the parentheses. Different super-
script letters are used to denote signicant mean differences as determined
by post hoc tests based on Bonferroni corrections, all pso.05.
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 368
implicit (or implied) than being explicit. Second, while the
1-Click and the What-You-Know authentication procedures
are actually being used in various online shopping/transaction
venues, the What-You-Have procedure is not a typical
authentication approach, thereby limiting the external validity
of the ndings. Finally, Experiment 1 did not take into
consideration other situational factors associated with nancial
risk such as retailer reputation or consumers liability about
possible fraudulent activities (Biswas and Biswas, 2004). With
the availability of an overwhelming number of retailers,
which is partially due to the perceived low entry and setup
costs for sellers on the Web [relative to] the brick-and-mortar
economy (Biswas and Biswas, 2004, p. 31), retailer reputation
may constitute another critical nancial risk factor for online
shoppers. And given the ever-present threat of identity theft
and fraud in online transactions (Li and Zhang, 2006),
consumers liability for fraudulent activities may be considered
more explicit than other nancial risk factors in term of risk
salience (Herzenstein et al., 2007).
We attempted to extend Experiment 1 and address the
aforementioned limitations intrinsic to authentication con-
texts based on challenge questions. To this end, we turned
to authentication based on card verication codes (also
known as card verication values or CVV2)three digit
codes provided on the back of payment cards. These codes,
widely used to prevent fraudulent card-based transactions
(Banerjee, 2004; Mangiaracina, 2009), are often requested
by online merchants and retailers for card not present
transactions (Bhatla et al., 2003). Use of this particular
authentication context allowed us to introduce a more
explicit perceived nancial risk factor: consumer liability.
It also enabled us to introduce another perceived nancial
risk factorretailer reputationin the experiment design.
The retailer reputation factor was particularly germane to
authentication based on card verication codes. Retailers
are required not to store the verication code numbers in
their databases when involved in card-based transactions,
but a loophole in the payment system of retailing websites
could make verication code information vulnerable to
misuse (Molloy et al., 2007). Therefore, retailers with low-
reputation (i.e., low-credibility) may be perceived to have
greater likelihood of causing nancial risk for consumers,
leading consumers to feel unconvinced about how securely
such retailers would handle verication code information.
To control for the different types of payment cards
participants might have been using, we used a cover story
featuring virtual payment cards for college students. In
addition, as a way to manipulate security levels of authenti-
cation, we adopted a novel method of presenting card
verication codes that vary (unlike the traditional CVV2).
Also known as dynamic CVV2, these variable card verica-
tion codes are designed to change after each transaction to
prevent fraudulent actions that could occur when CVV2
codes are temporarily or inadvertently stored in the transac-
tion system (Noka, 2010; Warner, 2007). In the present
experiment, we employed two types of dynamic CVV2
systems in order to instantiate high versus low security levels.
For the high-level security, we presented a dynamic CVV2
system that generates a different code for every transaction,
which could minimize the likelihood of fraudulent activities;
such a system, however, would require users to enter a
different code every time, making the transaction more
cumbersome for users, on their end as they have to look
up and enter a new code for every transaction. For the low-
level security, we presented a dynamic CVV2 system that
generates a different code for every four transaction, which
could allow users to remember and reuse a given code for
three additional transactions. This authentication process was
conceived to be less cumbersome on the users end when
compared with the system involving code generation for
every transaction, while still reecting the variable, as
opposed to static, characteristic of dynamic CVV2 codes.
6. Experiment 2
6.1. Design and participants
Experiment 2 was based on a 2(Retailer Reputation: Well-
Known vs. Unknown, within-participants) 2(Price: High
vs. Low, within-participants) 2(Security Level: High vs.
Low, between-participants) 2(Liability: Zero vs. Full,
between-participants) mixed-factor design. A total of 60
undergraduate students enrolled in a Communication course
at a university in the United States were recruited for course
credit (24 female, 36 male, age M
age
=22.00, SD
age
=4.02).
Participants were randomly assigned to one of the four
conditions based on the combination of the two between-
participants factors (i.e., security level and customer liability).
The presentation order of Retailer Reputation and Price was
randomized within each of the four blocks based on the
combination of security level and liability; the counterbalan-
cing of the four blocks was performed via Latin Squares.
6.2. Materials
The cover story stated that participants would be testing
a new payment system in development for university
studentsUniversity Virtual Payment Card (VP-Card)
systemby making a series of simulated online purchases
with a beta version of the application (see Fig. 2 for a
sample screenshot of the experiment interface).
Retailer reputation. To instantiate well-known online retai-
lers, we used Amazon.com, Barnes&Noble.com, BestBuy.-
com, Crate&Barrel.com, OfceDepot.com, Staples.com,
Target.com, and Walmart.com. To instantiate unknown
merchants, we created eight non-existent retailer names
along with made-up logos: e-Market.com, Elec-City.com,
GetSmart.com, PhonesRUs.com, RightHere4You.com, Of-
ceNet.com, ShopQuick.com, and EziBuy.com.
Price. In Experiment 1, we employed somewhat narrower
price ranges for low-priced versus high-priced items; while the
products presented in the study well suited the cover story,
the types and prices of the items were not diverse enough to
reect the breadth of online shopping experiences of general
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 369
consumers. Therefore, Experiment 2 employed a greater
variety of products and prices. Eight low-priced items and
eight high-priced items were selected from a pool of the 40
most popular items on two major online shopping sites
(Amazon.com and Buy.com). When selecting the sixteen
items to be used for the experiment, we considered their
popularity as wish-to-have items among the age group
(i.e., 18 to 30) from which our sample would be drawn. This
ensured that we would present participants with items that
they would be interested in purchasing. The low-priced items
ranged from 30 to 80 US$ and included: wireless keyboard,
presentation clicker, folding shelf, multimedia cabinet, coffee
maker, toaster, and two popular, newly (as of November
2008) released movie DVDs. The high-priced items ranged
from 800 to 1500 US$ and included: HDTV, laptop, LCD
monitor, DSLR camera, color laser printer, unblocked smart
phone, rowing machine, and treadmill machine.
Security level. For the 16 simulated purchases, the three-
digit verication code of the virtual payment card changed
for every four purchases in the low-security condition; the
code changed for every purchase in the high-security
condition. This information was provided to participants
as follows: To protect you from fraudulent attempts and
make your purchases more secure, the VP-Card applica-
tion will provide you a different card verication code for
each (vs. every four) purchase(s).
Liability. Participants were informed about the policies
for unauthorized purchases. Participants in the zero
liability condition read:
To protect you against unauthorized purchases, the
VP-Card System will provide you with Zero Liability
Protection. As a VP-Card member, you will not be held
liable in the event of an unauthorized use of the VP-
Card.
By contrast, participants in the full liability condition
read:
Please note that you are responsible for all purchases
made with the VP-Card, which will be charged to your
student account.
6.3. Procedure
Recruited through an announcement circulated via
university class mailing lists, participants were invited to
a laboratory room and were run individually. Upon
arrival, participants were informed that they would be
making a series of simulated online purchases with a beta
version of the VP-Card system. Participants were then
seated in the experiment room equipped with a laptop
computer. Upon logging on, participants were asked to
provide their name, mailing address, phone number, and
student ID to ostensibly register with the VP-Card system.
Participants were then presented with each of the 16 items
for purchasing. To complete each transaction, participants
had to enter a three-digit verication code shown on the
virtual card displayed on the computer screen. After each
purchase, participants answered a set of questionnaire items
(self-report) regarding their purchase, which included ques-
tions asking participants about the items they purchased
and the names of the retailers presented during the transac-
tion. These questions were employed not only as manipula-
tion checks but also as a means to keep the participants
focused on the experiment task which involved multiple
simulated transactions.
When the simulated purchase of the 16 items was
completed, participants were directed to a post-question-
naire, which included additional dependent measures and
manipulation check items. It took approximately 30 min
Fig. 2. A Screenshot of the Experiment 2 Online Shopping Interface.
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 370
for participants to complete the experiment session.
6.4. Measures
Sense of security. After each simulated purchase, parti-
cipants rated how safe and comfortable they felt when
they made the purchase using the verication system on
10-point scales (Not at all 1 to Extremely 10). The
reliability of the resulting index was very high (Cronbachs
a.97).
Sense of Pleasure. After each simulated purchase, parti-
cipants rated how positive and pleased they felt
when they made the purchase using the verication system
on 10-point scales (Not at all 1 to Extremely 10).
The reliability of the resulting index was very high
(a.95).
Perceived reliability of the system. In the post-question-
naire, participants indicated how dependable, reliable,
and secure they perceived the verication system to be
on 10-point scales (Not at all 1 to Extremely 10).
The reliability of the resulting index was very high
(a.90).
Perceived likeability of the system. In the post-question-
naire, participants rated how appealing, pleasing, and
likeable their experience with the verication system was
on 10-point scales (Not at all 1 to Extremely 10).
The reliability of the resulting index was very high
(a.92).
Manipulation Checks. We checked the manipulation of
retailer reputation by examining the extent to which partici-
pants found the online retailers presented during the experi-
ment familiar (Not familiar at all1 to Very
familiar10) and safe to shop with online (Not safe
at all 1 to Very safe10). The well-known retailers
(M8.62, SE0.21) received signicantly higher familiarity
ratings than did the unknown retailers (M1.35, SE0.09),
t(59)31.78, p.001; the well-known retailers (M8.64,
SE0.20) were also rated signicantly safer to shop with
than were the unknown retailers (M1.52, SE0.08),
t(59)31.66, p.001. These patterns demonstrated that the
manipulation was successful.
The manipulation of product price was checked with two
items: How expensive are the following products? (Not
expensive at all 1 to Very expensive10), and How
safe would you feel about purchasing the following products
online? (Not safe at all 1 to Very safe10). The high-
priced products were rated more expensive (M7.36,
SE0.23) than were the low-priced products (M4.01,
SD0.14), t(59)15.08, p.001; the low-priced products
received signicantly higher safety ratings (M7.35,
SE0.21) than did the high-priced products (M5.22,
SE0.24), t(59)8.09, p.001. These patterns showed that
the manipulation was successful.
For checking the manipulation of security level, we asked
participants to rate how often the verication codes changed
during the simulated shopping session (Not often at all 1
to Very often10) in the post-experiment questionnaire.
The high-security participants found the code changed
signicantly more frequently (M9.40, SE0.21) than did
the low-security participants (M5.90, SE0.34),
t(58)8.43, p.001. We checked the manipulation of
customer liability by asking participants to respond to a
true/false question item, The Virtual P-Card members will
be protected by the zero-liability policy. A Chi-Square test
showed that the proportion of zero-liability participants
answering True was 87%, and that the proportion of
full-liability participants answering False was also 87%,
w
2
(2, N60)32.27, p.001. These patterns showed that
the manipulations were successful.
6.5. Results
For analyzing the effects of the four factors on sense of
security and pleasure assessed after each simulated purchase,
2 (Retailer Reputation) 2(Price) 2(Security Level) 2(Lia-
bility) mixed-model ANOVAs were conducted (See Table 4
for summary). For perceived reliability and likeability of the
authentication systems assessed in the post-questionnaire
only, we used 2 (Security Level) 2(Liability) between-parti-
cipants ANOVAs (See Table 4 and Table 5 for summary).
Sense of security. The main effect of retailer reputation was
signicant, F(1, 56)8.97, p.01: participants reported that
they felt more secure when purchasing from the well-known
retailers (M6.29, SE0.32) than from the unknown retailers
(M5.79, SE0.33). The main effect of price was also
signicant, F(1, 56)12.77, p.001: participants reported that
they felt more secure when purchasing low-priced goods
(M6.23, SE0.31) than high-priced goods (M5.78,
SE0.32). Among the interaction effects, the only signicant
interaction emerged between security level and liability, F(1,
56)6.23, p.02 (Fig. 3). This interaction effect was decom-
posed by security level via a simple effects test. Participants
who used the high-security authentication reported that they
felt signicantly more secure in the full-liability condition (i.e.,
high risk) than in the zero-liability condition (i.e., low risk),
F(1, 56)5.07, p.03. The full- vs. zero-liability difference for
the low-security authentication was not signicant, F(1,
56)2.55, ns. When the interaction effect was decomposed
by liability, the high- vs. low-security difference for the full-
liability approached, but did not reach, signicance, F(1,
56)3.73, p.06. In zero liability, the high- vs. low- security
difference was not signicant, F(1, 56)o1.63, ns.
Sense of pleasure. The main effect of retailer reputation
was signicant, F(1, 56)6.94, p.01: participants reported
that they felt greater pleasure when purchasing from the well-
known retailers (M7.74, SE0.21) than from the
unknown retailers (M7.43, SE0.22). The main effect of
price was signicant, F(1, 56)5.43, p.02: participants
reported that they felt greater pleasure when purchasing
low-priced goods (M7.69, SE0.21) than high-priced
goods (M7.48, SE0.22). No other main effects were
signicant, all Fso0.18, ns.
Among the interaction effects, the price by liability inter-
action approached, but did not reach, signicance, F(1,
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 371
56)3.74, p.06. The only signicant interaction effect was
found between security level and liability, F(1, 56)6.40,
p.01 (Fig. 4). When this interaction effect was decomposed
by security level with a simple effects test, we found that
participants who used the high-security authentication
reported signicantly greater pleasure in the full-liability
condition than in the zero-liability condition, F(1,
56)4.36, p.04. By contrast, participants who used the
low-security authentication did not show a signicant full- vs.
zero-liability difference in felt pleasure, F(1, 56)2.22, ns.
When the interaction effect was decomposed by liability, the
high- vs. low-security difference for the full-liability partici-
pants approached, but did not reach, signicance,
F(1, 56)3.93, p.06. Among the zero-liability participants,
the difference was not signicant, F(1, 56)2.55, ns.
Perceived reliability of the system. Neither the main effect
of security level nor that of liability was signicant, F(1,
56)so1.56, ns. The interaction effect, however, was signi-
cant, F(1, 56)6.15, p.01 (Fig. 5). When this interaction
effect was decomposed by security level with a simple effects
test, participants who used the high-security authentication
perceived the system signicantly more reliable in the full-
liability condition than in the zero-liability condition, F(1,
56)6.95, p.01. Participants who used the low-security
system, however, did not show a zero- vs. full-liability
Table 4
Summary table of Experiment 2 ANOVA results (sense of security and pleasure).
Sense of security Pleasure
Source df SS MS F P Source df SS MS F p
R 1 18.84 18.84 8.97 .01 R 1 5.55 5.55 6.94 .01
R L 1 .05 .05 .02 .88 RL 1 .01 .01 .014 .96
RS 1 .15 .15 .07 .79 RS 1 .08 .08 .10 .76
RLS 1 1.10 1.10 .52 .47 RLS 1 .66 .66 .82 .37
Error (R) 56 117.66 2.10 Error (R) 56 44.78 .80
P 1 12.04 12.04 12.77 .01 P 1 2.61 2.61 5.43 .02
PL 1 .42 .42 .44 .51 PL 1 1.79 1.79 3.7 .06
PS 1 .65 .65 .69 .41 PS 1 .16 .16 .34 .57
PLS 1 .14 .14 .15 .70 P LS 1 .60 .60 1.24 .27
Error (P) 56 52.78 .94 Error (P) 56 26.85 .48
RP 1 .46 .46 .87 .36 RP 1 .04 .04 .11 .74
RPL 1 1.79 1.79 3.38 .07 RPL 1 .08 .08 .23 .63
RPS 1 .03 .03 .06 .81 RPS 1 .25 .25 .75 .39
RPLS 1 1.35 1.35 2.55 .12 RPLS 1 .46 .46 1.37 .25
Error (RP) 56 29.70 .53 Error (RP) 56 18.75 .34
S 1 11.16 11.16 .47 .49 S 1 .79 .79 .07 .79
L 1 1.31 1.31 .06 .81 L 1 1.89 1.89 .18 .67
SL 1 146.48 146.48 6.23 .02 SL 1 67.73 67.73 6.40 .01
Error 56 1317.28 23.52 Error 56 592.52 10.58
Note: R (retailer, within); P (price, within); L (liability, between); S (security, between). Signicant p-values ( o.05) are highlighted in bold.
Table 5
Summary table of Experiment 2 ANOVA results (Perceived reliability and likeability).
Perceived reliability Perceived likeability
Source df SS MS F P Source df SS MS F p
S 1 0.10 0.10 0.02 .89 S 1 0.22 0.22 0.05 .83
L 1 8.36 8.36 1.56 .22 L 1 4.42 4.42 0.96 .33
SL 1 32.84 32.84 6.15 .02 SL 1 21.15 21.15 4.57 .03
Error 56 299.25 5.34 Error 56 259.24 4.63
Note: S (security, between); L (liability, between). Signicant p-values ( o.05) are highlighted in bold.
Fig. 3. Effects of Security Level and Liability on Sense of Security. Note:
Error bars indicate standard error of the mean. The asterisk denotes a
signicant mean difference.
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 372
difference, F(1, 56)0.76, ns. When the interaction effect was
decomposed by liability, the high- vs. low-security difference
among the full-liability participants approached signicance
but was not signicant, F(1, 56)3.41, p.07; the difference
among the zero-liability participants was not signicant, F(1,
56)2.71, ns.
Perceived likeability. Neither the main effect of security level
nor that of liability was signicant, F(1, 56)so0.96, ns. The
interaction effect, however, was signicant, F(1, 56)4.57,
p.03 (Fig. 6). When this interaction effect was decomposed
by security level with a simple effects test, participants who
used the high-security authentication reported signicantly
greater liking of the system in the full-liability condition than
in the zero-liability condition, F(1, 56)4.85, p.03. By
contrast, participants who used the low-security authentication
did not show a signicant difference in terms of liability, F(1,
56)0.67, ns. When the interaction effect was decomposed by
liability, neither of the high- vs. low- security differences was
signicant, both Fso2.77, ns.
6.6. Discussion
Among the three nancial risk factors included in the
design (retailer reputation, price, and liability), the only factor
that interacted with security level of authentication systems
for sense of security and pleasure was liability. This pattern
suggests that liability (i.e., whether or not consumers would be
responsible for fraudulent transactions) plays a key role in
shaping participants evaluation of authentication procedures
regardless of transaction amount and retailer credibility. The
ANOVA results for perceived reliability and likeability of the
authentication systems, conducted only with security level and
liability, conrmed the security by liability interaction.
Furthermore, across the four dependent measures, the two-
way interaction effects consistently revealed that the authen-
tication system with high-level security (i.e., high-frequency
code variation) led participants to feel more secure and
pleased, and also to perceive the system as more reliable
and likeable, under full liability (high nancial risk) than
under zero liability (low nancial risk). These ndings suggest
that consumers are more likely to appreciate high-level
security efforts when the perceived nancial risk associated
with liability involved in their online transactions is high.
7. General discussion
7.1. Summary
Authentication procedures in online shopping contexts are a
form of humancomputer interaction entailing security-con-
venience trade-offs. Research on authentication has shown
that customers preference of authentication methods tends to
be heavily based on usability and convenience as opposed to
increased security (e.g., Weir et al., 2009). Extending the
previous research, we investigated the role of nancial risk in
consumers evaluation of customer authentication technolo-
gies. More specically, the present research attempted to
answer the following question: Under what circumstances do
consumers appreciate security enhancement efforts instan-
tiated by authentication technologies? Our research demon-
strated that perceived nancial risk factors play a moderating
role in shaping consumers evaluation of authentication
systems. In particular, the ndings of our experiments suggest
Fig. 6. Effects of Security Level and Liability on Perceived Likeability.
Note: Error bars indicate standard error of the mean. The asterisk denotes
a signicant mean difference.
Fig. 4. Effects of Security Level and Liability on Sense of Pleasure.
Note: Error bars indicate standard error of the mean. The asterisk denotes
a signicant mean difference.
Fig. 5. Effects of Security Level and Liability on Perceived Reliability.
Note: Error bars indicate standard error of the mean. The asterisk denotes
a signicant mean difference.
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 373
that the patterns of moderation may vary depending on the
context of authentication and the types of perceived nancial
risk factors.
Experiment 1 examined the role of product price, which
is often considered a key component of perceived nancial
risk (Grewal et al., 1994), focusing on the authentication
context involving challenge questions. The ndings indi-
cated that the higher-level security authentication, which
was more cumbersome to use on the consumers end, could
be perceived as more inconvenient and induce greater
frustration for high-priced goods than for low-priced ones.
On the other hand, in Experiment 2 which focused on
the context of card verication codes, product price did
not signicantly interact with security level. Rather, con-
sumer liabilitya perceived nancial risk factor particu-
larly germane to online transactions involving payment
cardswas the only perceived nancial risk factor that
interacted with security level: participants exhibited more
positive evaluation of the high-level security authentication
(namely, perceiving the system to be more pleasing,
reliable, and likeable) when the perceived nancial risk
involving liability was higher (i.e., full liability for fraudu-
lent activities). These ndings suggest that consumers may
show greater appreciation of high-level security authenti-
cation when the situation necessitates an immediate risk-
reliever (Roselius, 1971; Tan, 1999).
7.2. Limitations and future directions
The present research has several limitations. First, the
articiality of our experiment procedures limits the external
validity of the ndings reported here. In particular, possible
problems entailing the authentication systems based on
dynamic card verication codes, which were featured as
part of the stimuli in Experiment 2, should be noted. We
manipulated high versus low security levels by varying the
frequency of code generation. Some may point out that
dening code generation interval (a new code being generated
for every four purchases) as the low-security level was
arbitrary. In addition, while the authentication models based
on dynamic card verication codes have been proposed by
major credit card companies as a potentially useful alter-
native to the existing CVV2 authentication with the advances
in digital technologies (e.g., Noka, 2010), such procedures
have yet to be actualized. The somewhat arbitrary and
articial nature of the experiment task and manipulation of
security levels employed in Experiment 2 may limit the
generalizability of the ndings. More importantly, the con-
texts of simulated online shopping may also be problematic.
In both experiments, participants were asked to perform
transactions in a simulated settingit may be pointed out
that they had little to risk. In addition, the experiment
setting did not allow participants to choose products and
retailers. To make the risk factors as substantive as
possible, future research should employ experiment para-
digms that allow participants to perform transactions in a
more realistic and naturalistic setting (e.g., requiring
participants to use their own credit card information and
allowing them to choose specic retailers and/or products), as
demonstrated in Egelman et al. (2009).
Second, the experimental manipulations of security
levels used in our studies may raise concerns. Experiment
1 was largely based on the widely-used challenge-question
authentication; the What-You-Have method, however, is
remote from the real-world challenge-question authentica-
tion systems, which may limit the ecological validity of the
experiment. Moreover, some may argue that the What-
You-Know method, which is one of the common solutions
for authentication, is neither user-friendly nor secure (Just
and Aspinall, 2009; Rabkin, 2008). One way to improve
the design of Experiment 1 would be to manipulate the
number of challenge questions (e.g., single-question con-
dition vs. two-question condition vs. multiple-question
condition), given that the multiple-question method has
been demonstrated as a secure and viable solution (Just
and Aspinall, 2009). It should also be noted that different
types of information were used for authentication in our
experiments. Some of the What-You-Know security ques-
tions in Experiment 1 involved personal information (e.g.,
middle name, billing address information), whereas the
What-You-Have questions (e.g., customer service phone
number) in Experiment 1 and the card identication codes
in Experiment 2 were impersonal in nature. Hence, any
possible feelings of discomfort experienced by consumers
when they were asked to provide personal information
could have played a role in their perception of the
authentication systems. Future research should examine
whether consumers react differently when they are
requested to share personal versus impersonal informa-
tion with the authentication system.
Third, some may point out that the discrepancies in the
ranges of product price across the two experiments might
be a confounding factor. This issue is worth attending to,
particularly in view of the different patterns shown by our
experiments with respect to the interaction effect for
product price and security level: whereas Experiment 1
revealed a signicant interaction effect between the two
factors, Experiment 2 did not yield a signicant interaction
effect. As to the non-signicant interaction effect found in
Experiment 2, we speculate that the liability factor, which
might have explicitly signaled the degree of vulnerability to
potential threats to the participants, could have overridden
the inuence of less explicit risk factors (such as product
price) on consumers perception of the authentication
systems. Nonetheless, it should be noted that the discre-
pancies between the two experiments concerning the price
ranges of the featured products might have been proble-
matic. In Experiment 2, we intended to present items with
a greater variety as part of the experiment stimuli by
widening the price range and to avoid potential problems
that could have been caused by the somewhat narrow price
range (1535 versus 135165 US$) employed in Experi-
ment 1. Although our manipulation check results showed
that the product price manipulation was effective, it may
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 374
be difcult to rule out the possibility that the highly
expensive items (of which prices ranged from 800 to 1500
US$) presented in Experiment 2 might have been short
of creating a realistic sense of nancial risk for the
participants, particularly given the simulated online shop-
ping context and the limited spending power/experience of
our college student sample.
Finally, it is important to note that most of the
participants in our experiments were digital natives
who spend most of their time online and are members of
a technology-savvy generation (Palfrey and Gasser, 2008).
It remains to be seen how these ndings will translate to
older consumersparticularly those who are less experi-
enced with or tend to feel greater discomfort with online
shopping when compared with the younger generations
(Morris et al., 2007). The role of culture may also be worth
investigating. Both experiments reported in the present
research were conducted exclusively with a U.S. sample,
whose culture is identied as individualistic when it comes
to the relationship of the self to the social environment.
Social and cultural psychologists have demonstrated that
individualistic cultures value independence of the self,
whereas collectivist cultures emphasize ones interdepen-
dence on the social environment to which the individual
belongs (Markus and Kitayama, 1991). It will be interest-
ing to examine whether more collectivist-oriented framing
of transaction processes (e.g., emphasizing partnership and
shared interest between the consumer and the retailer/
security system) would have differential effects on con-
sumers from individualistic cultures and those from col-
lectivist cultures with respect to their willingness to trade
convenience for security.
8. Conclusion
The present research contributes to understanding
consumer behavior in the context of humancomputer inter-
action by identifying key contextual factors that shape
security-convenience trade-offs concerning customer authenti-
cation in online shopping. Our ndings show that perceived
nancial risk factors moderate the effects of security levels on
consumers evaluation of authentication systems, suggesting
that participants response to the levels of authentication
security may vary depending on the nature of nancial risk
involved in the transaction process.
As concerns rise over online identity theft and fraud, the
need for secure authentication systems is becoming more
acute. Just as with any other online security systems, however,
the security-convenience trade-offs constitute a major dilemma
faced by developers and adopters of customer authentication
systems. Considering that consumers positive perception of
authentication technologies may translate into their willing-
ness to trade convenience for security, investigation of
contingencies under which consumers appreciate security
enhancement efforts in customer authentication will constitute
an important direction for future research.
References
Adams, A., Sasse, M.A., 1999. Users are not the enemy. Communications
of the ACM 42, 46.
Banerjee, S., 2004. Credit card security on the Net: Where is it today.
Journal of Financial Transformation 12, 2123.
Bhatla, T.P., Prabhu, V., Dua, A., 2003. Understanding credit card
frauds. Cards Business Review.
Bhatnagar, A., Ghose, S., 2004. Segmenting consumers based on the
benets and risks of Internet shopping. Journal of Business Research
57, 13521360.
Biswas, D., Biswas, A., 2004. The diagnostic role of signals in the context
of perceived risks in online shopping: do signals matter more on the
Web? Journal of Interactive Marketing 18, 3045.
Childers, T.L., Carr, C.L., Peck, J., Carlson, S., 2001. Hedonic and
utilitarian motivations for online retail shopping behavior. Journal of
Retailing, 511535.
Cline, J., 2004. How to build privacy into customer authentication.
/http://www.computerworld.com/s/article/92511/How_to_Build_
Privacy_Into_Customer_AuthenticationS (Retrieved on June 20,
2009).
De Angeli, A., Coventry, L., Johnson, G., Renaud, K., 2005. Is a picture
really worth a thousand words? Exploring the feasibility of graphical
authentication systems. International Journal of HumanComputer
Studies 63, 128152.
Dodds, W.B., Monroe, K.B., Grewal, D., 1991. Effects of price, brand,
and store information on buyers product evaluations. Journal of
Marketing Research 28, 307322.
Egelman, S., Tsai, J., Cranor, L.F., Acquisti, A., 2009. Timing is every-
thing?: the effects of timing and placement of online privacy indicators,
Proceedings of the 27th International Conference on Human Factors in
Computing Systems. ACM, Boston, MA, USA, pp. 319-328.
Forsythe, S.M., Shi, B., 2003. Consumer patronage and risk perceptions
in Internet shopping. Journal of Business Research 56, 867875.
Grewal, D., Gotlieb, J., Marmorstein, H., 1994. The moderating effects of
message framing and source credibility on the price-perceived risk
relationship. The Journal of Consumer Research 21, 145153.
Herzenstein, M., Posavac, S.S., Brakus, J.J., 2007. Adoption of new and
really new products: the effects of self-regulation systems and risk
salience. Journal of Marketing Research 44, 251260.
Hofacker, C.F., 2001. Internet Marketing 3 ed. John Wiley and Sons,
Inc., New York.
Horrigan, J., 2008. Online Shopping. Pew Internet & American Life
Project, Washington DC.
Jefferson, J., 2006. Benets of online shopping. /http://ezinearticles.com/
?Benets-of-Online-Shopping&id=300201S (Retrieved on August 1,
2009).
Just, M., Aspinall, D., 2009. Personal choice and challenge questions: a
security and usability assessment, Proceedings of the 5th Symposium
on Usable Privacy and Security. ACM, Mountain View, CA, pp. 111.
Keating, B.W., Quazi, A.M., Kriz, A., 2009. Financial risk and its impact
on new purchasing behavior in the online retail setting. Electronic
Markets 19, 237250.
Keith, M., Shao, B., Steinbart, P.J., 2007. The usability of passphrases for
authentication: an empirical eld study. International Journal of
HumanComputer Studies 65, 1728.
Kim, I., 2007. The role of perceived risk on purchase intention in Internet
shopping. International Journal of Electronic Marketing and Retailing
1, 279288.
Ko, H., Jung, J., Kim, J., Shim, S., 2004. Cross-cultural differences in
perceived risk of online shopping. Journal of Interactive Advertising 4,
2842.
Kuber, R., Yu, W., 2010. Feasibility study of tactile-based authentication.
International Journal of HumanComputer Studies 68, 158181.
Lambert, D.R., 1981. Price as a quality cue in industrial buying. Journal
of the Academy of Marketing Science 9, 227238.
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 375
Leggatt, H., 2009. 2008 Data Breaches and Financial Crimes Scare
Consumers Away. /http://www.gartner.com/DisplayDocument?ref=
g_search&id=902212&subref=simplesearchS (Retrieved on July 1,
2009).
Li, Y., Zhang, X., 2006. Securing credit card transactions with one-time
payment scheme. Electronic Commerce Research and Applications 4,
413426.
Liang, T.-P., Jin-Shiang, H., 1998. An empirical study on consumer
acceptance of products in electronic markets: a transaction cost model.
Decision Support Systems 24, 2943.
Liebermann, Y., Stashevsky, S., 2002. Perceived risks as barriers to
Internet and e-commerce usage. Qualitative Market Research: An
International Journal 5, 291300.
Mangiaracina, R., 2009. Payment systems in the B2c eCommerce: are they
a barrier for the online customer? Journal of Internet Banking and
Commerce.
Markus, H., Kitayama, S., 1991. Culture and the self: implications for
cognition, emotion, and motivation. Psychological Review 98, 224253.
Molloy, I., Li, J., Li, N., 2007. Dynamic virtual credit card numbers,
Proceedings of the 11th International Conference on Financial
cryptography and 1st International conference on Usable Security.
Springer-Verlag, Tobago, West Indies, pp. 208223.
Morris, A., Goodman, J., Brading, H., 2007. Internet use and non-use: views
of older users. Universal Access in the Information Society 6, 4357.
Noka, I., 2010. Innovation in payment card fraud management.
Nowak, M., Rao, S., Nass, C., Lewenstein, J., Meyer, A., Richman, J.,
2009. Toward an experimental methodology for studying persuasion-
based online security. Proceedings of the 27th CHI Conference.
Boston, Massachusetts, April 49, 2009.
Odekerken-Schroder, G., Wetzels, M., 2003. Trade-offs in online pur-
chase decisions: two empirical studies in Europe. European Manage-
ment Journal 21, 731739.
Olson, J.C., 1977. In: Woodside, A.G., Sheth, J.N., Bennett, P.D. (Eds.),
Price as an Informational Cue: Effects on Product Evaluations.
North-Holland, NY, pp. 267286.
Palfrey, J., Gasser, U., 2008. Born Digital: Understanding the First
Generation of Digital Natives. Basic Books, NY.
Pavlou, P.A., 2003. Consumer acceptance of electronic commerce:
integrating trust and risk with the technology acceptance model.
International Journal of Electronic Commerce 7, 101134.
Rabkin, A., 2008. Personal knowledge questions for fallback authentica-
tion: security questions in the era of Facebook, Proceedings of the 4th
Symposium on Usable Privacy and Security. ACM, Pittsburgh,
Pennsylvania, pp. 1323.
Roselius, T., 1971. Consumer rankings of risk reduction methods.
The Journal of Marketing 35, 5661.
Szabo , K., 2003. Customer authentication, as a matter of risk in nancial
services. Periodica Polytechnica, Social and Management Sciences 11,
1326.
Tan, S.J., 1999. Strategies for reducing consumers risk aversion in
Internet shopping. Journal of Consumer Marketing 16, 163180.
Warner, A., 2007. Review: NCR Self-Service Universe 07, Kiosk Europe.
Weir, C.S., Douglas, G., Carruthers, M., Jack, M., 2009. User perceptions
of security, convenience and usability for ebanking authentication
tokens. Computers & Security 28, 4762.
Yadav, M.S., Monroe, K.B., 1993. How buyers perceive savings in a
bundle price: an examination of a bundles transaction value. Journal
of Marketing Research 30, 350358.
J.-E.R. Lee et al. / Int. J. Human-Computer Studies 70 (2012) 364376 376