Privacy Protection in E-Commerce Websites: Information Integrity

¶ … Integrity: Privacy Protection in e-Commerce Websites

Privacy Protection in e-Commerce Websites

Back in the 90s, websites were more or less digital brochures that did little more than serve their registered users with monthly electronic newsletters. Today, however, websites are powerful and complex information platforms that not only store and process data, but also allow for the sharing of information across a wide range of online platforms. We share personal data on these websites, and unfortunately, the same passes on to numerous other parties, compromising our own security as well as that of our families in the process. The situation is even worse in the case of e-commerce websites. Whilst they have made shopping a whole lot easier by bringing specialty retail within a few clicks, they have also sprawled up opportunities for thieves who now find it a whole lot easier to obtain personal information and credit card numbers from unsuspecting shoppers. A 2001 study by Culnan (as cited in Ackerman & Davis, 2003) found that the reason most people provide false information on e-commerce websites is because they either do not believe that their information is well-protected from unscrupulous persons or because they feel that they have very little control over how their personal data is used by businesses. For this reason, companies are increasingly adopting fair information practices directed towards safeguarding user information. This text outlines some of the fundamental privacy protection features put in place by some key e-commerce companies to protect information revealed on their corporate websites.

Privacy Protection Features

Privacy Controls

In a bid to address the problem of users not having control over the information they reveal on e-commerce websites, companies have adopted privacy control features that give users substantial control and specificity over data-sharing activities performed on their corporate websites. Most websites allow users to choose whether or not to provide personal information, and also define whether or not they wish to receive legal notice or terms of use from the company. More sophisticated websites such as Amazon.com actually give the user the power to decide whether the information they provide can be used to personalize advertisements displayed to them (Amazon, 2014). Barnes & Noble.com and Amazon.com grant their users substantial control over the acceptance or rejection of cookies (Barnes & Noble, 2014).

Privacy Policies

A company's privacy policy is meant to communicate its privacy practices to outsiders. It is often a lengthy document detailing among other things, the personal information that the company collects, reasons why such information is collected, the manner in which such information is collected, how the company uses such information, how such information is secured, who it is shared with, and so on (Amazon, 2014; Barnes & Noble, 2014). Privacy policies go a long way in helping website users understand the inherent data relationships on the site. The FTC requires all websites to have a privacy policy, and as such, it advises users to i) look for a privacy policy whenever they are asked to provide personal information or register onto a website, and ii) ask the company to post the same in case they cannot find one.

Security Seals

Any website that treats personal information provided by its users ethically will put in place stringent measures to ensure that its third party providers, who also have access to the information, treat it in a manner that does not compromise the privacy and security of users. Third party seals are meant to ensure that third party providers, affiliated to the primary corporation, take personal information entrusted to them by users seriously. The five classes of security seals common in e-commerce websites, and their respective security assurance indices on a scale of 1-5 are listed below:

Reliability website seals: these vouch for the company's identity by validating its email addresses, telephone number(s), and mailing addresses. They simply give an assurance that the company is indeed what it claims to be (TRUSTe, 2014). Towards this end, they signify that the entity is an incorporated company. However, reliability seals have an extremely low security guarantee index (1 of 5) - first because they provide no information on how the company uses its users' personal information, and secondly, because they provide no safeguards barring fake companies from setting up fake contacts and posing as legitimate entities. Comodo Authenticity and BBB Online Reliability Seal are two of the most commonly-used reliability seals in e-commerce websites (TRUSTe, 2014).

Security seals (SSL Certification): these include GeoTrust, Comodo, and VeriSign. They seek to validate that an entity has SSL (Secure Socket Layer) protection safeguarding the transmission of personal information (TRUSTe, 2014). They are represented by such symbols as 'https://' in the address bar or the 'lock' feature at the foot of the browser window. This basically means that criminals cannot intercept information transmitted through the website. Nonetheless, the security assurance index is still relatively low (2 of 5) because the seal only offers protection for data in transit, and offers no such protection once the data is in the site's database (TRUSTe, 2014).

Vulnerability website seals: they have a 3/5 security assurance index and include SquareTrade and HackerSafe. They offer some form of assurance that the site is scanned for vulnerabilities on a regular basis (TRUSTe, 2014).

Privacy seals: these include ESRB Privacy, BBB Online Privacy, and TRUSTe. They have a 4.9 security index, and extensively cover internal data usage as well as data collection processes, allowing users to file complaints in case they feel that their sensitive information has been mishandled (TRUSTe, 2014).

Consumer ratings seals: these basically are reviews from other shoppers who have interacted with the company's website. Such seals offer a security assurance of 4 out of 5, and often go a long way in giving shoppers a glimpse of what to expect from the site (TRUSTe, 2014). However, they offer no guarantee that the site is indeed free from security and privacy risks.

Anonymity Services

E-commerce websites need to provide anonymity services for online payment, surfing the web, and also for email exchanges. The main idea behind anonymity services is to equip users with self-defense tools by which to hide their sensitive information from unscrupulous collectors and privacy violators (Head & Yuan, 2001). They include:

Anonymous email: in this case, an anonymous remailer chain is used to transmit email messages while hiding the personal details of the sender and recipient (Head & Yuan, 2001). Message encryption is included at various stops within the chain to keep the information being transmitted away from eavesdroppers (Head & Yuan, 2001).

Anonymous web-surfing: in this case, proxy servers are included in the site such that web servers are only able to capture the proxy's identification, and not users' personal information (Head & Yuan, 2001). Cookies are the most commonly-used tool in this regard; almost all e-commerce websites use cookies, but give their users the discretion to either accept or reject the same in their interactions with the website.

Anonymous payment: in order to maintain anonymity in payment, e-commerce websites need to adopt smart cards or digital cash. This would go a long way in ensuring the privacy of transactions since there would be no way for the bank to link a user's identity to the electronic coin (Head & Yuan, 2001).

A Comparison of Key E-Commerce Websites in Terms of Privacy Protection Features

Amazon.com -- in its privacy statement, Amazon reiterates its commitment to secure any sensitive information provided by its website users and maintains that any such information is used solely for the purpose of customizing individual users' shopping and maintaining communication with users. Information collected includes that on user location, their telephone number and address, the identity of their mobile device, and so on. Cookies are used to obtain the aforementioned personal details; nonetheless, the website grants users substantial control over the information they give, allowing them to i) enable or disable cookies at will; ii) choose whether or not to receive emails from the company; and iii) decide whether the information they give to the company could be used by third party subsidiaries for telemarketing purposes (Amazon, 2014). The site protects its sensitive information through SSL software. Its attempts to maintain anonymity in payment is evident from the fact that only the last four digits of users' credit card numbers are revealed during order confirmation (Amazon, 2014). Further, having received the BBB Online privacy seal, the site maintains adherence to the Safe Harbor Privacy Principles of data integrity.

Barnes & Noble.com -- Like Amazon.com, the Barnes & Noble site uses cookies to collect sensitive personal information about its users, and grants them the discretion to choose i) whether to allow or disable cookies; ii) whether to receive promotional emails from the company; and iii) whether the information they give could be used by third party providers for telemarketing purposes. Unlike Amazon, B&N makes use of a number of other tools -- web server logs, GIFs, targeted advertising, geo-location services, wireless networks, and social networking sites - in addition to cookies to automatically collect user information. There, however, is no evidence that users have control over all of these sources. All the same, the site is seen to protect its personal information through SSL software, and the site's credibility is assured through the TRUSTe personal privacy seal.

eBay.com -- eBay, like most of its competitors collects personal information, including users' names, addresses and telephone numbers, web log information, and so on, and reiterates its commitment to secure the same in the best possible way. The personal information collected is used to resolve disputes, customize customer experiences, and personalize communication with users. The ebay.com site grants users privacy controls, allowing them the discretion to choose, among other things, whether or not to receive marketing communications from the company; and ii) whether or not to allow or reject cookies. Like B&N.com and unlike Amazon.com, eBay.com does not put in place security measures to ensure that its third party providers maintain the integrity of personal information entrusted to the company by users. Passwords and encryption mechanisms are some of the features used to protect personal information stored on the site. This is in addition to the TRUSTe personal privacy seal (eBay, 2014).

Bestbuy.com -- compared to eBay.com, Bestbuy.com appears to have a more precise privacy policy that not only grants users privacy controls over the information they provide, but also protects its personal information through SSL software and the TRUSTe privacy security seal. Like most of its competitors, Bestbuy.com collects information on, among other things, users' demographics and lifestyle, their credit card information, and their names and addresses; and uses the same to resolve disputes, customize customer experiences, and personalize communication with users. Anonymity in payment is maintained through the in-store kiosk.

Table 1: Website Ranking

Amazon.com

B&N.com eBay.com

Bestbuy.com

Privacy controls

Privacy policy comprehensiveness)

Security seals

Reliability seals

Security seals

Privacy seals

Customer rating seals

Anonymity services

Anonymous email

Anonymous web-surfing

Anonymous payment

Total

9 points

8 points

7 points

8 points

Note: represents

Conclusion

Privacy is a fundamental component in e-commerce. Research has shown that the reason why most people opt to give false information on e-commerce platforms is because they do not trust the mechanisms put in place to secure such information. For this reason, the FTC recommends that e-commerce websites put in place reliable features to ensure that information stored therein is kept secure. Such privacy-protection features have since grown to be a source of competitive advantage in most industries.

Question Two: First Mover Advantage vs. Market Followership

Introduction

First mover advantage is a popular mantra in the business world, often taken to symbolize the economic benefits that a firm enjoys as a result of its early entry into a particular market. Most business people believe that being a first mover gives a firm some form of head start and market dominance that later entrants may never be able to match. Research has, however, come out strongly to dispute this basis. A plethora of academic studies have actually been able to demonstrate that the best innovation strategy in business is to wait for others to develop great ideas, and then come up with ways to replicate and improve the same. For almost every study that aims to prove the existence of first mover advantages, there is another study looking to prove the contrary; and this then begs the question -- what is more advantageous; being a first mover or a fast follower?

Strategy -- First Mover or Fast Follower?

Well, the question of whether to enter a new market first or sit back and wait for others to identify the risks and then come in with effective ways of addressing the same is one that lacks a definite answer, particularly because there are numerous examples to support either option. Coca-Cola, for instance, was a first mover in the production of soft beverages, introducing its first product into the market in 1886; the company has managed to maintain its leadership position and remains the largest player in the industry to date. The same cannot, however, be said of Ford Inc., which launched the model Ts in 1921, then occupying 60% of the market share, but then had its market share reduced to less than 30% over a relatively short duration with the introduction of General Motor's more adaptable Chevys Model. Overture (now a part of Yahoo Inc.) also falls under this category of 'no-so-lucky' first movers -- the company, then under the commercial name Goto.com, launched the pay-per-click search engine in 1998, but its leadership was short-lived, and the company almost sunk to bankruptcy in 2000, when Google invented the Adwords system of advertising, which capitalized significantly on the inherent weaknesses of the Overture product. Today, Overture is a mere part of Yahoo Inc. And Google continues to make billions in revenue from the Adwords feature. These instances only indicate that some markets have a first mover advantage, and other do not; and it is up to the firm strategist, therefore, to decide whether it would be more beneficial to move first or wait and follow the mover (Blank, 2010; Ettington, n.d.).

Lieberman and Montgomery (1988), however, posit that it is not only about the nature of the market -- a first mover's success will also depend on i) luck, and ii) how well it is able to capture the benefits of moving first, as shown in fig 1 below.

Fig 1: Mechanisms Leading to First-Mover Advantages

Firm proficiency

Luck

Profits

Firm-specific m echanisms for addressing first-mover advantage

First-mover opportunity

Nature of market

(Source: Lieberman and Montgomery, 1998, p. 42)

EBay and Amazon, both first movers in their respective niches -- online auctions for the latter and books for the former -- are perfect examples of companies that have managed to remain the predominant owners of their respective markets by capitalizing on the benefits of moving first. This firm-specific strategies used by each to achieve this have been discussed in the subsequent sections of this text. Lieberman (2007) points out that "to be successful, a pioneer must be able to draw upon at least one of these mechanisms" (p. 5).

Technology Leadership: observers have shown that the internet environment offers limited opportunities for pioneer e-commerce companies to enhance their positions through proprietary technology (Lieberman, 2007). This is because compared to other technology-driven sectors, the internet is more prone to imitation by competitors. Towards this end, it is relatively easy for market followers to learn new technology and use the same to reduce the advantage of the first mover (Ettington, n.d.). Amazon and eBay have, however, managed to go around this issue by "racing around the learning curve ahead of competitors" (Lieberman, 2007, p. 5). Through their unique 'one-click ordering' and 'reverse auctions' features, Amazon and eBay have literally managed to establish their products and themselves as the industry standard, and it has been relatively difficult for later entrants to get accepted by consumers. Moreover, by placing patents on their business methods, the leaders have essentially been able to keep their products free from imitation (Lieberman, 2007).