Risk and Restitution: Assessing how users establish online trust
Faculty of Computing, Health and Science
School of Computer and Information Science / Centre for Security Research
The belief that users must be assured of security prior to engaging with an online service is challenged through the examination of attitudes from participants of a number of focus groups within the UK. What is apparent from our evidence is that rather than accepting simple assurances of protection, the average user is far more informed than service providers often credit, and will carry out a personal risk assessment prior to engaging with a service. Rather than guarantees of security, clearly defined indications of mitigation and restitution in the event of failure or problems are what users consider important. These findings have far reaching implications for service providers and a number of consequent recommendations are defined.