Toward an Understanding of the Online Consumer's Risky Behavior and Protection Practices

FALL 2009 VOLUME 43, NUMBER 3 449

GEORGE R. MILNE, LAUREN I. LABRECQUE,AND CORY CROMER

Toward an Understanding of the Online Consumer’sRisky Behavior and Protection Practices

This research draws upon protection motivation theory and socialcognitive theory to investigate the extent to which the level ofperceived threat and likelihood of threat along with online self-efficacyaffect online behaviors. This article contributes to the literature byinvestigating a wide range of risky and protective behaviors andexamining the role of online self-efficacy with a national online surveyof 449 nonstudent respondents. Results show that both self-efficacyand demographic factors such as age have a differential impact onthe type of behaviors taken online.

Self regulatory policy in the United States requires consumers to be,in part, responsible for their online behaviors and to protect their privacyand security. To do this, consumers must have an understanding ofonline security and privacy risks (Miyazaki and Fernandez 2001), what ishappening to their data, what tools are available to protect them, and theymust have the skills to do something about it. Research has suggestedthat consumers’ level of awareness and skills vary, and that education isneeded as a corrective prescription (LaRose and Rifon 2007a).

For consumers to educate themselves and acquire such skills takes timeand continued effort to be current with evolving technologies (LaRose,Rifon, and Enbody 2008). Indeed, consumers face a continuing array ofprivacy and security threats while shopping online. New tracking devicessuch as web bugs are being used and identity theft has been growing(Jakobsson and Myers 2006), while the opportunity for connecting to theInternet has expanded through the creation of a wide variety of abundantcomputing devices and increasing public online access points. Muchhas been made about the fact that consumers say they are concernedwith their privacy, yet they continue to shop online and divulge personalinformation. Some take prudent actions to protect themselves, whereas

George R. Milne ([email protected]) is an associate professor of marketing and LaurenI. Labrecque is a marketing doctoral candidate, both in the Isenberg School of Management,University of Massachusetts, Amherst. Cory Cromer ([email protected]) is anassistant professor of marketing and entrepreneurship at Oregon State University.

The Journal of Consumer Affairs, Vol. 43, No. 3, 2009ISSN 0022-0078Copyright 2009 by The American Council on Consumer Interests

450 THE JOURNAL OF CONSUMER AFFAIRS

others take risks with their personal information and security. Such aparadox exists at the macro societal level, and not until recently hasinvestigation begun at the individual level (Norberg, Horne and Horne2007). In this article, we examine what variables lead consumers to makeadaptive or maladaptive responses in the face of privacy and securitythreats. Adaptive behaviors are actions taken with an online business tokeep information safe. Maladaptive behaviors are avoidance responsesthat are driven by a more general fear of online shopping. In addition, ourresearch examines factors that lead consumers to conduct protective andrisky online behaviors. These factors are not specific to online shopping,but rather address other activities conducted online. Risky behaviors arespecific computer-based actions that put people at risk, whereas protectivebehaviors are specific computer-based actions that consumers take tokeep their information safe.

More broadly, the purpose of our research is to examine how con-sumers’ perception of the threat and likelihood of threat associated withonline experiences affects the decision to engage in these behaviors.Importantly, in this research we examine the extent to which a consumer’sself-efficacy directly affects protection choices and also moderates therelationship between threat and protection decisions. We examine self-efficacy’s role in terms of both security and privacy, which are intrinsi-cally linked (Miyazaki and Fernandez 2001). Our research contributes tothe growing literature using protection motivation theory and social cog-nitive theory to understand privacy behaviors (Rifon, LaRose and Lewis2007; Milne, Cromer and Culnan 2006; LaRose and Rifon 2007a) byexamining how self-efficacy affects (1) maladaptive and adaptive shop-ping behaviors and (2) protective and risky computer-based behaviorsoutside of an experimental context with a large sample of US onlineshoppers. By focusing on the online behaviors that either put consumersat risk or serve to protect them, we develop a more nuanced understand-ing of what background and contextual factors lead individuals to makesuch decisions.

Our findings create many implications for public policy and consumereducation. First, our results illustrate that self-efficacy plays a key rolein a consumer’s choice to perform risky online behaviors. High self-efficacious individuals are more likely engage in protective actions tosecure their information and less likely to take unprotected (high-risk)actions. Therefore, our results attest to the importance of educatingconsumers about the risks and offering tools to cope in an attempt toincrease consumer self-efficacy. In addition, our results also show thatperceived threat and likelihood of threat also play a part in influencing


a consumer’s decision to choose an adaptive or maladaptive copingbehavior. Our findings show a positive relationship between threatand maladaptive behaviors, whereas likelihood of threat has a positiverelationship with adaptive behaviors. These findings may be influentialfor designing communications and programs to educate consumers.For instance, focusing on the threat may lead consumers to choose amaladaptive behavior, but focusing on the perceived likelihood of threatmay lead consumers to opt for an adaptive behavior.

Our article is organized in five sections. In the first section, we providebackground on consumer privacy protection theories, and present ourconceptual model and hypotheses. In the second section, we presentthe methodology for our study, which is based on an online surveyof 449 US online shoppers. Results are presented in the third section:first, we report the influence of self-efficacy on perceived online threatand privacy invasion likelihood on adaptive and maladaptive behavior.Second, we report the direct and moderating impact of self-efficacy anddirect impact of demographic factors on risky and protective behaviors.In the fourth section, we discuss the policy implications. In the finalsection, we summarize our findings and discuss the limitations and futureresearch directions.

THEORETICAL BACKGROUND, CONCEPTUAL MODEL, ANDHYPOTHESES

Protection Theories

Protection motivation theory has recently been advocated by resear-chers as a useful framework for studying privacy protection behaviorin the face of online privacy threats (Rifon, LaRose and Lewis 2007;Milne, Cromer, and Culnan 2006). The protection motivation model(Rippetoe and Rogers 1987; Tanner, Hunt and Eppright 1991) states thatconsumers’ motivation to protect themselves depends on the severityof the threat, perceived likelihood of the threat, and self-efficacy.Self-efficacy is defined as one’s belief in their ability or capacity toaccomplish a task or deal with changes such that their actions willhave the desired outcome. Consumers will choose either adaptive ormaladaptive behaviors, depending on the presence of the antecedentfactors of perceived threats and likelihood of threats. Specifically, ifcoping mode self-efficacy is high and can outweigh the threats, thenconsumers are more likely to choose adaptive behaviors. Alternatively,the theory states that if threats outweigh the level of self-efficacy, then


maladaptive behaviors are likely to occur (Tanner, Hunt and Eppright1991).

Other protection theories include fear appeals (Keller and Block 1996),the theory of planned behavior (Ajzen 1985), and social cognitive theory(Bandura 1989). In addition, privacy and online shopping research,primarily examining student samples, has begun to draw upon theoriesthat use self-efficacy to explain behavior (Rifon, LaRose and Lewis 2007;LaRose and Rifon 2007a,b; George 2004; Hsu and Chiu 2004; Lwin andWilliams 2003). Across all these studies, the construct of self-efficacyhas played an important role in the online behavior.

Conceptual Model and Hypotheses

In our research, we draw from both protection motivation theoryand social cognitive theory in developing our conceptual model. Weposit that perceived threat, likelihood of threat, and self-efficacy willdirectly affect adaptive and maladaptive behaviors as well as risky andprotective online actions. Furthermore, based on social cognitive theoryand its use in privacy research (LaRose and Rifon 2007a), we expect thatself-efficacy will also have a moderating influence on the relationshipbetween perceived threat as well as likelihood of threat and our outcomevariables. Finally, given the noted heterogeneity in privacy behavior(Phelps, Nowak and Ferrell 2000), we also include demographic variablesas important covariates.

Adaptive and Maladaptive Behaviors

In this article, adaptive behaviors are actions taken with a businessto keep information safe. In other words, they consist of managingone’s personal information, refusing to provide information or shop/visitspecific websites, or deciding not to use a website altogether due tolack of information. However, maladaptive behaviors are avoidanceresponses that are driven more by a general fear of online shopping. Theyinvolve avoiding shopping online, feeling hopeless or out of control whileshopping online, and shifting from online shopping to other alternativessuch as brick and mortar stores. Protection motivation theory suggeststhat as both threat and the likelihood of threat increase, individuals willengage in more adaptive and maladaptive behaviors (Tanner, Hunt andEppright 1991), with the allocation of these behaviors dependent onself-efficacy. As perceived threat and likelihood of threat increase, thereshould be an increase of adaptive behavior in an effort to protect one’s


FIGURE 1Conceptual Model and Hypotheses

self. However, as the perceived threat and likelihood of threat increases,so does one’s fear and lack of one’s ability and confidence to deal withthe situation, resulting in increased maladaptive behavior as well.

H1: Perceived online privacy threat will have a:a. positive relationship with adaptive behaviorb. positive relationship with maladaptive behavior.

H2: Perceived likelihood of online privacy threat will have a:a. positive relationship with adaptive behaviorb. positive relationship with maladaptive behavior.

Bandura (1993) emphasizes that self-efficacy can be different indifferent areas of life; hence, it is important that self-efficacy is taskspecific. In this study, we look at consumer self-efficacy predictingwhether consumers will engage in adaptive or maladaptive behaviorsonline. In deciding on the course of action, individuals will consider thethreat and severity of threat in relationship to their current level of self-efficacy to deal with the situation (Margolis and McCabe 2004). Highself-efficacy consumers have the skill, confidence, and hence ability totake adaptive actions. In contrast, lack of self-efficacy results in moremaladaptive courses of action, due to the lack of confidence, skill, orperceived ability. In line with this logic, both social cognitive theory


and protection motivation theory predict that self-efficacy has a positiverelationship with adaptive behavior and a negative relationship withmaladaptive behavior.

H3: Self-efficacy will have a:a. positive relationship with adaptive behaviorb. negative relationship with maladaptive behavior.

Self-efficacy is the underlying coping behavior being measured inthis study. As self-efficacy determines what people will do with theirpast knowledge and skill (Rippetoe and Rogers 1987; Kim and Kim2005), it should affect specific tasks and guide online behavior. Thisrelationship has been studied extensively in other more common threatand behavior environments such as learning and teaching pedagogies(Margolis and McCabe 2004; Bandura 1993). Bandura (1986, p. 396)emphasized that “measures of self-precept must be tailored to the domainof the psychological functioning being explored.” Within the domain ofonline behavior, self-efficacy has also been used to moderate relationshipsbetween the presence of a privacy warning statement and disclosures(LaRose and Rifon 2007a). Such findings are consistent with socialcognitive theory. With respect to the relationship of both perceivedthreat and likelihood of threat with the outcome variables, we expectthe presence of self-efficacy to enhance the relationship with adaptivebehaviors and weaken the relationship with maladaptive behaviors.

H4: Self-efficacy will moderate the relationship between:a. threat and adaptive behavior (enhance)b. likelihood and adaptive behavior (enhance)c. threat and maladaptive behavior (weaken)d. likelihood and maladaptive behavior (weaken).

Risky and Protective Behaviors

With respect to risky and protective behaviors, the literature is not asclear. In this article, risky behaviors are defined as specific computer-based actions that put people at risk; whereas protective behaviors aredefined as specific computer-based actions that individuals take to keeptheir information safe. Examples of risky actions include having comput-ers save passwords and connecting to unknown or unsecure networks;whereas protective behaviors include installing antivirus programs andupgrading web browsers to newest versions. Most of the prior researchin marketing has focused on privacy concern and not specific behaviors.


As pointed out by Rifon, LaRose and Lewis (2007), there is no well-established relationship between privacy concerns and protection behav-iors. Some research finds no relationship (Rifon, LaRose and Choi 2005),whereas other research finds a positive relationship (Milne and Culnan2004), and yet other research indicates negative relationships (Sheehanand Hoy 1999). Protection motivation theory suggests, however, thatthere is a positive relationship for perceived threat and likelihood ofthreat with protective behaviors and an implied negative relationship withrisky behaviors. This logic is supported by Rippetoe and Rogers’ (1987)notion that protective behavior is caused or triggered by a fear appeal.

H5: Perceived online privacy threat will have a:a. negative relationship with risky behaviorsb. positive relationship with protective behaviors.

H6: Perceived likelihood of online privacy threat will have a:a. negative relationship with risky behaviorsb. positive relationship with protective behaviors.

Bandura (1986) describes the sources of self-efficacy informationbeing comprised of mastery experience, vicarious experience, socialpersuasion, and physiological states. Mastery experience is the actualenactive attainment of a task or goal developed through a history ofrepeated successes, in addition to occasional failures, but with determinedeffort that will build a strong sense of self-efficacy of the specific taskof the domain being examined. Vicarious experience is achieved largelyby observation or interpretation of others’ capabilities of a certain task.Vicarious experience may be influenced the most by an absence or lackof enough mastery experience. Vicarious experience is most prevalentin social contexts where the “social comparative information figuresprominently in self-efficacy appraisals” (Bandura 1986, p. 400), andwhere social persuasion can also exist and contribute to the formationof self-efficacy evaluations, that may or may not be consistent with theperson’s own beliefs. Finally, physiological states such as stress or fatiguemay lead to vulnerable or dysfunctional behavior that alters self-efficacylevels of the individual.

In the context of this study, mastery experience will make up themajority of a person’s level of self-efficacy. Although stories and wordof mouth can contribute to vicarious experience of online shopping, theactivity, skills, and feedback are mostly a solitary experience, with littleinfluence from social persuasion or physiological states (because we aremeasuring their recall of a direct experience, not during the experience).


In developing the scales of self-efficacy for this study, items were usedthat measured the direct experience and belief of accomplishing thespecific tasks, to further tap into the most powerful component of self-efficacy, mastery experience (Bandura 1997).

In this study, we look at consumer self-efficacy in navigating theonline environment, which involves avoiding danger, securing, removinghazards, and protecting one’s self and information. Individuals processthe probability of a threat and severities of a threat and appraise theircurrent behavior to arrive at their own personal perception of severityand probability with relation to their current level of self-efficacy forthe task (Margolis and McCabe 2004). Given that self-efficacy is largelydriven from mastery experience, we would expect that individuals withhigher self-efficacy would be less likely to engage in risky activities.Furthermore, with self-efficacy, consumers may have a greater desirefor protective behavior. The empirical question remains if they have theability and confidence to do so.

H7: Self-efficacy will have a:a. negative relationship with risky behaviorsb. positive relationship with protective behaviors.

Self-efficacy perceptions help determine what individuals may do withthe knowledge, experience, and skills they have, resulting in a specificperson’s behavior toward a given context (Bandura 1997). Furthermore,as self-efficacy varies within individuals, they will react to perceivedonline threats and likelihood of online threats differently, and alter theirchoice of risky or protective behaviors. Because self-efficacy is drivenby previous experience, we expect that individuals who are more self-efficacious will take more protective behaviors for a given level ofthreat or likelihood of threat than those who are less self-efficacious.In effect, self-efficacy should enhance the positive relationships betweenperceived threat and protective behavior as well as likelihood of threatand protective behavior. Following the same logic, self-efficacy that isbased on previous experience will weaken the relationships betweenperceived threat and risky behavior and likelihood of threat and riskybehavior. This is because experiences that make people more self-efficacious create awareness of online behavior choices. Therefore, wehypothesize that self-efficacy will moderate the relationship betweenthreats and likelihood of threat with risky behaviors, weakening therelationship between threat and risky behaviors as well as weakeningthe relationship between likelihood and risky behavior.


H8: Self-efficacy will moderate the relationship between:a. threat and risky behaviors (weaken)b. likelihood and risky behaviors (weaken)c. threat and protective behaviors (enhance)d. likelihood and protective behaviors (enhance).

RESEARCH STUDY

Method

Survey and Sample

A survey instrument was created after reviewing the literature for exist-ing scales; we developed new scale items where appropriate (Churchill1979). The items were pretested by having expert survey researchersreview the instrument and with a full pretest of forty-five college stu-dents. Based on feedback, changes were made. To test our researchmodel (Figure 1), participants were recruited from a commercial opt-in consumer panel. Invitations to complete the survey were sent to4,000 individuals who were known Internet shoppers and resided in theUnited States. For their completion of this web-based survey, partic-ipants were offered compensation from the panel. In order to furtherstimulate involvement, we offered respondents a chance to be includedin a random drawing for an Amazon.com gift certificate. In total, 493responded. Forty-four respondents were excluded from the final sampledue to incomplete data, resulting in a final sample size of 449 partic-ipants, for a response rate of 11.2%. To check for possible responsebias, early and late respondents were compared on demographic vari-ables (Armstrong and Overton 1977). No statistical differences werefound.

The sample demographics are shown in Table 1. The sample is 70%women. This percentage is higher than LaRose and Rifon’s (2007b)telephone survey, which was 60% women. The average age of the samplewas 43 years, with 13.2% less than thirty years and 6.4% more than fifty-nine years. Thirty-four percent of the sample had a four-year collegedegree. Forty-three percent of respondents had household income above$50,000 and 23.2% above $75,000. Although all respondents purchasedonline, 34.4% bought over $500 online in the last year. On average,respondents spend 23.2 hours a week online, excluding e-mail use.


TABLE 1Descriptive Statistics

Variables MeanStandardDeviation Minimum Maximum

Dependent variablesAdaptive behavior 3.21 1.79 0 6Maladaptive behavior 0.62 1.11 0 5Protective behavior 10.46 3.17 0 16Risky behavior 7.50 5.66 0 33Independent variablesPerceived online threat 12.86 3.78 4 20Perceived likelihood of online threat 16.47 4.37 5 25Self-efficacy 15.27 2.87 4 20Control variablesAge 43.45 11.68 17 79Hours spent online per week excluding

e-mail23.25 16.63 0 140

Gender (female %) 70.2College graduate (%) 34.6 − − −Income over $75,000 23.2% − − −

Measures

The first part of the survey instrument consisted of twenty-fouritems measuring perception of online threat, likelihood of online threat,self-efficacy, maladaptive behaviors, and adaptive behaviors. PerceivedOnline Threat consisted of four 5-point Likert items adapted from Woon,Tan and Low (2005). Perceived Online Threat Likelihood consisted offive 5-point Likert items also adapted from Woon, Tan and Low (2005).Adaptive Behavior was a summated scale of six yes/no items adaptedfrom Westin (2004). Maladaptive Behavior was a summated scale basedon five yes /no items created for this study. Online shopping self-efficacyconsisted of four 5-point Likert items adapted from Kim and Kim (2005)and Hsu and Chiu (2004). Coefficient alpha was calculated for theagree/disagree and likelihood scales and Spearman Brown reliability forthe summated scales, with all scales meeting a minimum reliability of0.70 or above. A detailed list of scale items, source of the scale, and scalereliabilities is shown in the Appendix 1. The convergent and discriminantvalidity for online threat, likelihood, and self-efficacy was establishedwith standard Confirmatory Factor Analysis (CFA) procedures (Andersonand Gerbing 1988; Fornell and Larcker 1981).1

1. χ2(62) = 225.63, p = .00, NFI = .97, NNFI = .97, CFI = .98, IFI = .98, RMR = .039,RMSEA = .077. All composite reliabilities exceed .70 and AVE exceed .50 (threat composite


In the second part of the survey, we asked respondents whetherthey participated in specific risky and protective behaviors. The listof behaviors was compiled from previous research (LaRose and Rifon2007b; Milne, Rohm and Bahl 2004) and by suggestions made fromdiscussions with information technology experts. A principal componentsanalysis was used to group forty-nine items into the risky and protectivefactors. While the data were binary, Hair et al. (1995) note that principalcomponents analysis is quite robust with respect to binary data. The twofactor solution was selected, which is consistent with the scree plot andthe loading patterns. Summated scales were formed from each factor(after reverse scoring negative loading items) and the Spearman Browncoefficient scores were calculated. The risky actions factor was comprisedof thirty-three items and had a reliability of 0.822. The protective actionfactor had sixteen items and a reliability of 0.671. The items and thepercentage of consumers engaging in each of the behaviors comprisingboth factors are shown in Table 2.

RESULTS

Adaptive and Maladaptive Behaviors

Hypotheses H1–H4 were tested with Ordinary Least Squares (OLS)regression analysis (Table 3). For the regression explaining adaptivebehavior, the variable maladaptive behavior was added as an independentvariable to account for shared variance along with demographic back-ground variables of gender, age, education, income, and hours online.Because interaction terms were included in the regression to test themoderating relationships, we mean-centered the continuous independentvariables to reduce potential multicollinearity (Aiken and West 1991).With mean-centered regression, the criterion Y was kept in the samescale and only the continuous independent variables were mean-centered(by subtracting the mean from each observation). Thus, if one wants toestimate the predicted Y in the original scale, the mean-centered X valuesare put into the equation (reporting unstandardized coefficients).

The overall regression model explaining adaptive behavior (model 2)was statistically significant (p < .001) with an adjusted R2 of .149. Anexamination of the Variance Inflation Factors (VIF) statistics found no

reliability = .93, AVE = .78, self-efficacy composite reliability = .89, AVE = .66, likelihood com-posite reliability = .96, AVE = .82).


TABLE 2Percentages of Respondents’ Behaviors

Respondents’ Behaviors Percentage

Protective BehaviorsHad a virus checker installed on your computer 86Had a virus checker installed on your computer 86Used a combination of letters, numbers, and symbols in your password 85Frequently scanned your computer for spyware 84Cleared your computer’s cache after browsing 81Made sure that online forms were secure before filling out information 81When given the chance, you opted out of third party information sharing 80In addition to your work e-mail, you used a separate e-mail account for personal

e-mail78

Upgraded your web browser to the newest version 76Refused to give information to a website because you thought it was too personal 75Had phishing detection turned on in your browser 67Set up your browser to reject unnecessary cookies 63Always looked for and read privacy statements on the Web 53Used a separate e-mail account that you use solely for the purpose of registering on

websites53

Locked your computer when it was not in use 47Encrypted your e-mail 20Used anonymizers while browsing the Web 16Risky BehaviorsHad your computer save passwords 56Saved your credit card information in an online store’s database 51Used a private e-mail address to register for a contest on a website∗ 47Used social networking sites (e.g., flickr, myspace, facebook, etc.) 45Participated in a discussion forum 41Included biographical information on you online 41Gone online using networks other than your home one 32Opened an e-mail without a subject 30Read unsolicited e-mail 29Provided fake or fictitious information when registering on a website∗ 29Had browser safety settings (JavaScript/cookies) set at low 29Participated in a blog 25Used a password that is a word that can be found in a dictionary 24Used a password or login that contains personal information such as your birthday,

name, mother’s maiden name, pet’s name, address, digits in your social securitynumber, or a string of consecutive numbers

24

Met someone in real life that you first met online 21Used public wi-fi 20Used peer to peer file sharing networks (e.g., music, video, and software sharing) 19Kept profiles open on social networking sites 18Ignored system (e.g., Windows) updates 18Logged into online accounts using public computers 18Set images to automatically download in your e-mail 17Used an unsecured home network 15Had a virus checker installed, but it was expired 13Accepted unknown “friends” on social networking sites 13

Continued overleaf


TABLE 2Continued

Respondents’ Behaviors Percentage

Provided social security number when registering for a website 12Kept personal information such as account numbers, social security number, login

information and passwords stored in a text file on your computer12

Clicked on links in an e-mail without knowing the sender 12Made purchases using public computers 8Opened e-mail attachments without knowing the sender 8When you got an e-mail from a financial institution asking for information updates,

you clicked the link and filled out their update form6

Posted your Social Security number, birth date, address, phone number, bankaccount or credit card numbers, or other personal information to an unknown site

6

Used anonymous re-mailers* 5Downloaded unknown files on social networking sites 4

∗Reverse scored item.

TABLE 3Regressions Explaining Adaptive and Maladaptive Behaviorsa

Adaptive Maladaptive

Model 1 Model 2 Model 3 Model 4

Constant 3.243∗∗∗ 3.282∗∗∗ .575∗∗∗ .549∗∗∗

Self-efficacy .086∗∗∗ .077∗∗∗ −.052∗∗∗ −.049∗∗∗

Threat .036 .031 .068∗∗∗ .074∗∗∗

Likelihood .059∗∗∗ .062∗∗∗ −.000 −.003Self-efficacy × threat .003 −.006Self-efficacy × likelihood .011 −.002Maladaptive .492∗∗∗ .500∗∗∗

Adaptive .163∗∗∗ .166∗∗∗

Gender (male) −.329∗ −.342∗ .150 .163Age −.011 −.011 .000 −.000College graduate .118 .125 −.027 −.025Income over $75K .090 .063 −.080 −.072Hours spent online excluding e-mail .005 .004 .005∗ .005∗

F value 9.2∗∗∗ 7.9∗∗∗ 12.0∗∗∗ 10.2∗∗∗

Adjusted R2 .145 .149 .186 .189

aPredictors were mean-centered. Unstandardized beta coefficients are reported. ∗p < .10; ∗∗p < .05;∗∗∗p < .001.

evidence of problematic multicollinearity in any regression. The unstan-dardized coefficients were used to test the hypotheses. Perception ofthreat was found not to have a significant relationship with adaptivebehavior (β = .031, ns), thus not supporting H1a. Likelihood of per-ceived threat was found to have a significant impact on adaptive behavior(β = .062, p < .01), supporting H2a. Self-efficacy had a positive impact


on adaptive behavior (β = .077, p < .01), supporting H3a. The interac-tion of self-efficacy with perception of threat (β = .003, ns) and likeli-hood of threat (β = .011, ns) was not significant. As suggested by Baronand Kenny (1986), to test for moderation effects we compared regres-sions with and without the interaction terms. We found that although theoverall model was significant for both models, the interaction terms inthe full model were not significant, thus failing to support H4a and H4b.For the regression explaining adaptive behaviors, the covariates of mal-adaptive behaviors (β = .500, p < .01) and gender (male) (β = −.342,p < .10) were statistically significant.

For the regression explaining maladaptive behavior, the variable adap-tive behavior was added as an independent variable to account for sharedvariance along with demographics. The overall regression model explain-ing maladaptive behavior was statistically significant (p < .001) with anadjusted R2 of .189. With respect to maladaptive behavior (model 4),perception of threat was positive and statistically significant (β = .074,p < .001), supporting H1b. The likelihood of perceived threat was non-significant (β = −.003, ns), not supporting H2b. The self-efficacy coef-ficient (β = −.049, p < .001) was statistically significant and negative,supporting H3b. Comparing the model 3 with model 4 to test for modera-tion effects (Baron and Kenny 1986), we found both models statisticallysignificant. However, the interaction of self-efficacy with threat (β =−.006, ns) and likelihood (β = −.002, ns) was not significant in model4, thus failing to support H4c and H4d. For the regression explainingmaladaptive behaviors, the covariates of adaptive (β = .166, p < .01)and hours spent online (β = .005, p < .10) were statistically significant.

Protective and Risky Behaviors

Hypotheses H5–H8 were tested in the Ordinary Least Squares regres-sions reported in Table 4. Again, the continuous predictor variables weremean-centered (Aiken and West 1991) to reduce the threat of multi-collinearity. The Variance Inflation Factors from all regressions werebelow 10 indicating that multicollinearity was not a problem for anyregression in Table 4. The full model explaining risky behavior (model 6)was found to be statistically significant (adjusted R2 = .190, p < .001).With respect to risky behaviors, perception of threat did not have a sig-nificant impact (β = −.082, ns) not supporting H5a. Likelihood of threatalso did not have a statistically significant impact (β = .056, ns), not sup-porting H6a. Self-efficacy, however, was found to have a significantly


TABLE 4Regressions Explaining Risky and Protective Behaviorsa

Risky Behavior Protective Behavior

Model 5 Model 6 Model 7 Model 8

Constant 6.394∗∗∗ 6.379∗∗∗ 10.467∗∗∗ 10.508∗∗∗

Self-efficacy −.226∗∗ −.194∗∗ .338∗∗∗ .349∗∗∗

Threat −.069 −.082 .097∗∗ .076Likelihood .052 .056 .060 .068∗

Self-efficacy × threat .025 .030∗∗

Self-efficacy × likelihood −.036∗ −.019Protective .220∗∗ .207∗∗

Risky .077∗∗ .072∗∗

Gender (male) 1.789∗∗∗ 1.772∗∗∗ −.335 −.367Age −.165∗∗∗ −.163∗∗∗ .014 .016College graduate 1.364∗∗ 1.322∗∗ .394 .365Income over $75K .474 .549 −.076 −.043Hours spent online excluding e-mail .048∗∗∗ .049∗∗∗ .012 .013F value 12.2∗∗∗ 10.2∗∗∗ 6.5∗∗∗ 5.8∗∗∗

Adjusted R2 .189 .190 .103 .108

aPredictors were mean-centered. Unstandardized beta coefficients are reported. ∗p < .10; ∗∗p < .05;∗∗∗p < .001.

negative relationship (β = −.194, p < .05) with risky behavior, support-ing H7a. The moderating effect of the interaction terms was examined bycomparing model 5 (no interaction terms) with model 6 (with interactionterms) per the Baron and Kenny’s (1986) approach. The inclusion of theinteraction term for perception of threat was not significant (β = .025,ns), but for likelihood of threat was marginally significant (β = −.036,p < .10). Thus, there is no support for H8a, but there is support forH8b. The control variables of protective behavior, gender, age, collegegraduate, and hours spend online were statistically significant.

The regression explaining protective behavior (model 8) was statis-tically significant (adjusted R2 = .108). With respect to explaining pro-tective behavior, perception of threat was not significant (β = .076, ns),not supporting H5b. Likelihood was marginally significant (β = .068,p < .10) supporting H6b. Self-efficacy was positively and significantlyrelated to protective behavior (β = .349, p < .001), supporting H7b.Comparing model 7 (no interaction terms) with model 8 (interactionterms), we found that interaction of self-efficacy and threat was statisti-cally significant (β = .030, p < .05), supporting H8c. The interaction ofself-efficacy with likelihood of threat was not statistically significant (β =−.019, ns), not supporting H8d. The control variable of risky behaviorwas significant; however, the demographic variables were not significant.


DISCUSSION

Overall, the results showed that self-efficacy plays an important anddirect role in online protection behaviors. When consumers feel that theyare faced with danger and are confident that they have the skills andability to avoid or cope with the danger, they play an active role insecuring their online environment. The confidence that they can removehazards makes it more likely that they will choose adaptive behaviors andless likely that they will choose maladaptive actions. The self-efficaciousshopper is more likely to take an active role in terms of asking companiesfor control over their personal information and not provide companieswith information if trust is not earned. Having the confidence to takeaction reduces the feeling of being out of control and choosing avoidancebehaviors, which may lead to increased likelihood of making an onlinepurchase. In addition, we found that the self-efficacious individual is morelikely to protect her information and broader computing environment, andis less likely to take high-risk unprotected actions from being too trustingor lazy with respect to online protection.

Our findings also show a positive relationship between perceivedonline threat and maladaptive behaviors and a positive relationshipbetween likelihood of threat and adaptive behaviors. Educators can usethese findings to create more effective messages to increase consumerawareness. This indicates that focusing on the threat may lead consumersto choose a maladaptive behavior, but focusing on the perceivedlikelihood of threat may lead consumers to opt for an adaptive behavior.Perhaps, the reason for this is that focusing on the perceived threat mayincrease feelings of being overwhelmed, and thus increasing the chancethat a consumer will give up.

In addition, we found a positive relationship between adaptive andmaladaptive behaviors in the regression analysis. The direct relationshipfound between adaptive and maladaptive behaviors may be due toconsumers trying an array of strategies to deal with the onslaught ofprivacy invasions. It appears as if some consumers take more actionsthan others, either positive or negative.

Shifts in Behaviors

Overall, respondents were more inclined to report protective behaviorsthan risky behaviors. Yet, our results show that although many consumersmay be moving away from many obvious risks, they are still engagingin risky behaviors that there may not be solutions for. The technological


playing field is changing and consumers are sometimes protectingthemselves, whereas other times they are not. Evidence of this in theregression results is found in Table 3. Our findings in Table 2 indicatethat many consumers are safeguarding themselves against severe andobvious threats such as viruses and spyware. At the same time, newthreats to both privacy and security that may be unapparent are on the rise.For instance, many consumers still are not fully aware of cookie use andhow to manage them to safeguard privacy, despite their ubiquitous nature.In addition, as the amount of work time conducted online increases andmore time is spent online in general, consumers become more opento time-saving devices like saving passwords. Many consumers maynot be aware that they are increasing their vulnerability and creatingsecurity risks in their quest to maximize time efficiency. We find thatself-efficacy plays an important role in these new risks, as high self-efficacious consumers are more likely to take steps to protect themselvesfrom such risk. In particular, we note changes in behaviors regardingpassword saving devices and cookies.

Cookies are the common method for identifying and tracking anindividual and are also a concern for privacy. Using longitudinal data,Miyazaki (2008) found that cookie use has increased significantly overthe past seven years. Although the majority of sites are now disclosingtheir use of cookies, many sites are lacking in disclosure. Miyazaki foundthat disclosure of cookie use significantly reduced negative reactions touse. In addition, there is a general lack of knowledge among consumersregarding the functionality of cookies, their threats to privacy, and howto manage them. Prior research indicates that many consumers maynot be able to identify what cookies are, never mind understand theadvantages and disadvantages of their use (Ha et al. 2006; Hoofnagle2005). Although modern web browsers include the ability for consumersto create custom privacy settings and the functionality to accept, reject,or remove cookies, many consumers do not take advantage of thesecapabilities (Ha et al. 2006; Milne, Rohm and Bahl 2004). We find thathigh self-efficacious consumers (based on a median split) are more likely(68.9% compared with 56.6% of lower self-efficacious consumers) tohave an understanding about cookie use and to take actions to controlthem, such as setting their browsers to reject them.

In addition, we find that high self-efficacious consumers are alsomore likely than less self-efficacious consumers to take steps to securepasswords. Although most consumers use strong passwords and do notuse passwords containing identifying information such as birthdates,many allow computers to store the passwords. Lower self-efficacious


consumers are more likely to store passwords on a computer (61.0%) thanhigher self-efficacious consumers (51.6%). Passwords have historicallybeen the crux of many online security breaches and fraud. From historicalcases such as NASA’s loss of 6,000 passwords, Kinko’s loss of 450usernames and passwords by a thief who used them for bank fraud,and the case of an administrator at Yale who stole passwords to changeadmissions decisions, password vulnerability is still at the forefront ofsecurity risks (Ives, Walsh and Schneider 2004). The rapid increase in theuse of the Internet, in conjunction with increased concerns for privacy,has fostered a proliferation of passwords for consumers. Survey researchfound that heavy users have an average of twenty-one passwords tomanage, with some up to seventy (Hinde 2003). A typical user can beexpected to use four or five effectively (Adams and Sasse 1999). Tocope with this, many users admit to writing them down, keeping themin an unencrypted file on their computer, or sharing them with friends(Hinde 2003). Modern developers of web browsers and websites haveseen the need to help users manage the passwords and increasingly add“save password” features that save passwords either in the website’sdatabase or store them in their browser settings on user’s local machineor “remember me” features that save both passwords and usernames.

Much of the work on password security focuses on creating strongpasswords (i.e., requiring combinations of uppercase and lowercaseletters, numbers and symbols), but one can argue that this may lead usersto rely more and more on cognitive time-saving devices, like passwordsavers. In addition, this may prompt users to reuse passwords across sites,thus creating a weak form of protection and opening up the possibilityfor a domino effect of security breaches.

More attention needs to be given to the apparent sea changes withrespect to the technology-induced changes in online consumer behavior,such as social networking behaviors. As mentioned in the Pew Reporton Digital Footprints (Madden et al. 2007), some of what our study hascharacterized as risky behaviors may in fact be perceived to be desirableactivities. For example, participating in blogs and putting informationup about one’s self on social and professional networks are ways forconsumers to enhance their own social and economic viability. Researchis needed to learn whether the decision to participate in particular riskybehaviors is a calculated cost-benefit decision. Perhaps consumers arenaıve, raising the question whether the threats are mentally discounted,or whether or not consumers are aware of the potential risks at all.


Regulation

Standards and regulations are in place to safeguard consumer informa-tion in the marketplace. In addition to the Federal Trade Commission’s(FTC’s) fair information principles that outline standards for keeping con-sumer information safe and giving consumers notice and choice abouthow information is used, there are several industry-specific laws such asthe Gramm-Leach-Bliley (financial institutions), HIPAA (medical infor-mation), COPPA (protection of children online), FERPA (disclosure ofeducational records), and FACT Act (Reporting of Credit Data). TheFACT Act, which is an amendment to the Fair Credit Reporting Act, hasbeen used to combat identity theft by making fraudulent applications forcredit information more difficult. It also helps consumers by making iteasier to put alerts on their credit and review their credit record.

However, although these regulations are in place to regulate institu-tions’ use of consumer information, much of today’s problems arise fromWeb 2.0 invasions. For example, the ease in which consumers can accessthe Web and engage in activities such as participating in social network-ing sites, posting on blogs, and cloud computing from virtually anywhereincreases vulnerability. While we examined shopping behaviors that aremore likely to be covered under regulation, the computer-based actions(risky and protective behaviors) are not.

From a policy point of view, it is interesting that there is limited publicpolicy and regulations with regard to how personal information onlineis used by potential employers. Controlling this aspect of the computingenvironment will continue to be important. One implication is that thereneeds to be organizations that help guide consumers in this regard thatare particularly focused to the under thirty consumers who are the mostavid users of such technologies.

Education

Training consumers to be self-efficacious is an important objective asnoted in the previous research (LaRose, Rifon and Enbody 2008). Indeed,there are many online organizations that offer suggestions to consumerssuch as AARP.org, safeshopping.org, consumerreports.org, and so forth.Our data suggest more emphasis should be put on reducing securitythreats that go beyond just getting consumers to notice privacy andsecurity symbols such as e-trust. These include knowledge of phishingscams, cookie management, and reviews of policies and online shoppingterms beyond just privacy. Without the initial awareness of these threats,


consumers may continue to partake in unprotected behaviors and will nottake the steps to educate themselves to combat these threats.

In addition to creating increased awareness of these threats, it shouldbe stressed that although there are risks involved with online behaviors,there are also easy-to-use tools and steps to follow that allow consumersto protect themselves. Many consumers may feel that they are nottechnologically savvy enough to combat security and privacy risks,but providing simple tutorials and stressing the ease of learning thesetasks can increase self-efficacy and increase protective and adaptivebehaviors. Furthermore, it is important to note that consumers shouldalso be reassured that they are not facing an impossible challenge asnew and increasing numbers of threats emerge. This may help to maintainself-efficacy.

There are many innovative training modules that offer safety informa-tion and instruction to consumers that have the potential to improve self-efficacy. The FTC’s website (www.onguardonline.gov) provides simpleonline tutorials and games to help consumers learn about how to protectthemselves against online privacy and security risks. I-safe, a nonprofitorganization, is geared toward educating children through involvement ofpeers, parents, and community. Get Netwise features a large repositoryof videos on how to safeguard a youth’s online environment. While sucheducational efforts should have an impact on the younger generation ofcomputer users, it is important to realize that the job of online protec-tion becomes more difficult with the advancement of technologies; it isa moving target that will require lifelong education.

As new technologies are introduced, who should be made responsiblefor ensuring that consumers are aware of security and privacy threats andalso offer the tools and materials to teach consumers how to cope withthem? Although companies can offer fixes to security vulnerabilities, arethey doing enough to educate consumers about the likelihood of securityand privacy threats? For example, Microsoft pushes monthly securityupdates to its operating systems users, but many consumers find theautomatic install to be a nuisance and turn off updates without realizingthe high potential for harm. Moreover, the need to constantly keep upwith new patches and new versions of software may foster perceptionsthat consumers are facing a challenge that may be unbeatable withoutadvanced Internet and computer knowledge. Microsoft has recentlycreated an “Exploitability Index” that rates the likelihood that softwarevulnerabilities will be exploited to help IT administrators prioritizeinstalling security patches (Claburn 2008). Regrettably, this initiativeis focused toward business customers and not average consumers. A


tool like this could benefit consumers. In addition, consumers need tobe both educated about potential security risks that they may face bypostponing update installations and reassured that the process can bedone quickly and easily. Perhaps the best way to safeguard consumersis through effective marketing communications that offer both awarenessand education in an effort to enhance consumer self-efficacy.

CONCLUSIONS

In summary, this research relied upon protection motivation theoryand social cognitive theory to investigate the extent to which the level ofperceived threat and likelihood along with online self-efficacy affect riskyand protective online behaviors. This study, which consisted of a nationalonline survey of 449 nonstudent respondents, found that self-efficacy hasa differential impact on the type of behaviors taken online.

In future research, more scale refinement needs to be made for themaladaptive, adaptive, risky, and protective behavior scales. Althoughmany of the constructs were drawn from previous literature and themeasurement error was acceptable for exploratory work, the reliabilitiescould be improved through the refinement of items. While we useda parsimonious yes/no response scale to capture information acrossa wide set of phenomenon, this measurement scale is limited inthe information it provides. In addition, respondents reported fewermaladaptive than adaptive behaviors, indicating a positive response bias.Future research could also explore outside the United States; the currentsample was drawn from an online panel, which is limited to US onlineshoppers.

Nonetheless, our research extends the initial research of the role self-efficacy plays in online behavior in several ways. First, we examinedthe impact of self-efficacy outside of an experimental context usinga national sample. Second, we find that self-efficacy has both posi-tive and negative relationships with adaptive and maladaptive onlineprivacy behaviors, respectively, as predicted by protection motivationtheory. Third, online self-efficacy was related to a broader set ofprotective and risky behaviors than previously investigated. Fourth,we found some evidence of a moderating impact of self-efficacy onthe relationship between threat/likelihood and online protective/riskybehaviors.

Research that continues to monitor consumer protective and riskybehaviors is needed. Given that younger consumers are growing up withthe Internet, investigating how age and self-efficacy interact in the online


environment in an important direction for further research. In addition,research is needed to better understand how to enhance consumer self-efficacy as they will continue to be confronted with new technologicalchallenges to their online privacy and security.

APPENDIX 1

Scale Items and Reliability

Perceived threat α = .935-point scale anchored strongly disagree/strongly agree

1. I am concerned about having my identity stolen while shoppingonline.

2. I am concerned about e-mail eavesdropping while shopping online.3. I am concerned about losing my data privacy while shopping online.4. I am concerned about losing financial information while shopping

online.

Perceived likelihood α = .965-point scale anchored very unlikely/very likely

1. How likely is it that one’s identity can be stolen while shoppingonline?

2. How likely is it for one’s privacy to be invaded while shoppingonline?

3. How likely is it for one’s financial information to be stolen whileshopping online?

4. How likely is it for one’s personal information to NOT be securedwhile shopping online?

5. How likely is it for one’s personal information to be shared withothers while shopping online?

Adaptive behavior α = .70In the past year, have you. . . (measured yes/no)

1. asked an online business to remove your name and address fromany lists they use for marketing purposes?

2. asked an online business not to sell or give your name and addressto another company?


3. asked an online business to see what personal information, besidesbilling information, they had about you in their records?

4. refused to give information to an online business because youthought it was not really needed or was too personal?

5. decided not to use or purchase something from an online businessbecause you weren’t sure how they would use your personalinformation?

6. decided not to register at a website to get information or to shopthere because you found their privacy policy too complicated orunclear?

Maladaptive behavior α = .77In the past year, have you. . . (measured yes/no)

1. avoided online shopping to avoid risk?2. felt out of control while shopping online?3. encouraged others you know not to shop online?4. felt hopeless about being able to protect yourself while shopping

online?5. shifted your shopping to stores that are not online?

Self-efficacy α = .895-point scale anchored strongly disagree / strongly agree

1. I am skilled at avoiding dangers while shopping online.2. I am active in securing my environment when shopping online.3. I am confident that I can remove any hazards while shopping online.4. I have the ability to protect myself from the dangers of shopping

online.

REFERENCES

Adams, Anne and M. Angela Sasse. 1999. Users Are Not the Enemy. Communications of the ACM,42 (12): 40–46.

Aiken, Leona S. and Stephen G. West. 1991. Multiple Regression: Testing and Interpreting Interac-tions. Thousand Oaks, CA: Sage Publications.

Ajzen, Icek. 1985. From Intentions to Actions: A Theory of Planned Behavior. In Action-control:From Cognition to Behavior, edited by Julius Kuhi and Jurgen Beckman (11–39). New York:Springer.

Anderson, James C. and David W. Gerbing. 1988. Some Methods for Respecifying MeasurementModels to Obtain Unidimensional Construct Measurement. Journal of Marketing Research,19 (4): 453–460.

Armstrong, J. Scott and Terry S. Overton. 1977. Estimating Nonresponse Bias in Mail Surveys.Journal of Marketing Research, 14: 396–402.


Bandura, Albert. 1986. Social Foundations of Thought and Action. Englewood Cliffs, NJ: PrenticeHall.

. 1989. Human Agency in Social Cognitive Theory. American Psychologist, 44: 1175–1184.

. 1993. Perceived Self-Efficacy in Cognitive Development and Functioning. EducationalPsychologist, 28 (2): 117–148.

. 1997. Self-Efficacy: The Exercise of Control. New York: Freeman.Baron, Reuben M. and David A. Kenny. 1986. The Moderator-Mediator Variable Distinction in

Social Psychological Research: Conceptual, Strategic, and Statistical Considerations. Journal ofPersonality and Social Psychology, 51 (6): 1173–1182.

Churchill, Gilbert A. Jr. 1979. A paradigm for developing better measures of marketing constructs.Journal of Marketing Research, 16: 64–73.

Claburn, Thomas. 2008. Microsoft to Share More Security Information. Information Week. http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=209903295.

Fornell, Claes and David F. Larcker. 1981. Structural Equation Models with Unobservable Variablesand Measurement Error: Algebra and Statistics. Journal of Marketing Research, 18 (3):382–388.

George, Joey F. 2004. The Theory of Planned Behavior and Internet Purchasing. Internet Research,14 (3): 198–212.

Ha, Vicki, Farah Al Shaar, Kori Inkpen, and Lina Hdeib. 2006. An Examination of User Perceptionand Misconception of internet Cookies in CHI 2006. In Gary M. Olson and Robin Jeffries (Eds.),Extended Abstracts on Human Factors in Computing Systems (833–838). Montreal: Associationfor Computer Machinery.

Hair, Joseph F., Rolph E. Anderston, Ronald L. Tatham, and William Black. 1995. MultivariateData Analysis with Readings. Upper Saddle River, NJ: Prentice-Hall, Inc.

Hinde, Stephen. 2003. Careless about Privacy. Computers & Security, 22 (4): 284–288.Hoofnagle, Chris Jay. 2005. Privacy Self Regulation: A Decade of Disappointment. Electronic

Privacy Information Center. http://www.epic.org/reports/decadedisappoint.pdf.Hsu, Meng-Hsiang and Chao-Min Chiu. 2004. Internet Self-Efficacy and Electronic Service Accep-

tance. Decision Support Systems, 38 (December): 369–381.Ives, Blake, Kenneth R. Walsh, and Helmut Schneider. 2004. The Domino Effect of Password Reuse.

Communications of the ACM, 47 (4): 75–78.Jakobsson, Markus and Steven Myers. 2006. Phishing and Countermeasures: Understanding the

Increasing Problem of Electronic Identity Theft. Hoboken, NJ: Wiley-Interscience.Keller, Punam Anand and Lauren Goldberg Block. 1996. Increasing the Persuasiveness of Fear

Appeals: The Effect of Arousal and Elaboration. Journal of Consumer Research, 22 (4):448–459.

Kim, Young Hoon and Dan J. Kim. 2005. A Study of Online Transaction Self-Efficacy, ConsumerTrust, and Uncertainty Reduction in Electronic Commerce Transaction. Proceedings of the 38thInternational Conference on System Sciences, Big Island, Hawaii, January 3-January 6.

LaRose, Robert and Nora J. Rifon. 2007a. Promoting i-Safety: Privacy Warning Boxes, PrivacySeals and Online Privacy Behaviors. Journal of Consumer Affairs, 41 (Summer): 127–149.

. 2007b. Michigan State University Internet Safety Survey: Technical Report.https://www.msu.edu/∼isafety/.

LaRose, Robert, Nora J. Rifon, and Richard Enbody. 2008. Promoting Personal Responsibility forInternet Safety. Communications of the ACM, 51 (3): 71–76.

Lwin, May O. and Jerome D. Williams. 2003. A Model Integrating the Multidimensional Develop-mental Theory of Privacy and Theory of Planned Behavior to Examine Fabrication of InformationOnline. Marketing Letters, 14 (4): 257–272.

Madden, Mary, Susana Fox, Aaron Smith, and Jessica Vitak. 2007. Online Identity Manage-ment and Search in the Age of Transparency. Pew Internet and American Life Project.http://www.pewinternet.org/pdfs/PIP_Digital_Footprints.pdf.

Margolis, Howard and Patrick P. McCabe. 2004. Self-Efficacy: A Key to Improve the Motivationof Struggling Learners. The Clearing House, 77 (6): 242–249.


Milne, George R. and Mary J. Culnan. 2004. Strategies for Reducing Online Privacy Risks: WhyConsumers Read (or Don’t Read) Online Privacy Notices. Journal of Interactive Marketing,18 (3): 15–29.

Milne, George R., Cory Cromer, and Mary J. Culnan. 2006. Cyberactivism: Consumer Strategiesfor Addressing Privacy Concerns. Ingrid M. Martin, David W. Stewart, and Michael Kamins,eds., Marketing and Public Policy Conference Proceedings, American Marketing Association,(Vol. 16): 192–201.

Milne, George R., Andrew J. Rohm, and Shalini Bahl. 2004. Consumers’ Protection of OnlinePrivacy and Identity. Journal of Consumer Affairs, 38 (Winter): 217–232.

Miyazaki, Anthony. 2008. Online Privacy and the Disclosure of Cookie Use: Effects of ConsumerTrust and Anticipated Patronage. Journal of Public Policy and Marketing, 27 (Spring): 19–33.

Miyazaki, Anthony, D. and Ana Fernandez. 2001. Consumer Perceptions of Privacy and SecurityRisks for Online Shopping. Journal of Consumer Affairs, 35 (Summer): 27–44.

Norberg, Patricia, Daniel R. Horne, and David A. Horne. 2007. The Privacy Paradox: PersonalInformation Disclosure Intentions versus Behaviors. Journal of Consumer Affairs, 41 (Summer):100–126.

Phelps, Joseph, Glenn Nowak, and Elizabeth Ferrell. 2000. Privacy Concerns and ConsumerWillingness to Provide Personal Information. Journal of Public Policy and Marketing, 19 (1):27–41.

Rifon, Nora, J., Robert LaRose, and Sejung Marina Choi. 2005. Your Privacy Is Sealed: Effectsof Web Privacy Seals on Trust and Personal Disclosures. Journal of Consumer Affairs, 39 (2):339–362.

Rippetoe, Patricia A. and Ronald W. Rogers. 1987. Effects of Components of Protection-MotivationTheory on Adaptive and Maladaptive Coping with a Health Threat. Journal of Personality andSocial Psychology, 52 (3): 596–604.

Sheehan, Kim Bartel and Mariea Grubbs Hoy. 1999. Flaming, Complaining, Abstaining: HowOnline Users Respond to Privacy Concerns. Journal of Advertising, 28 (3): 37–51.

Tanner, John F., James B. Hunt, and David R. Eppright. 1991. The Protection Motivation Model:A Normative Model of Fear Appeals. Journal of Marketing, 55 (3): 36–45.

Westin, Alan. 2004. Harris Interactive Poll: Online Privacy, June 10, 2004.Woon, Irene, Gek-Woo Tan, and R. Low. 2005. A Protection Motivation Theory Approach to Home

Wireless Security. Proceedings of the Twenty-Sixth International Conference on InformationSystems, Las Vegas, pp. 367–380.

Documents

Toward an Understanding of the Online Consumer's Risky Behavior and Protection Practices