Audience Dialogue

Trust and trustworthiness on the Web

This page gives more detail of the Trust stage of our website effectiveness model. How can a site become more trustworthy? How can trust (from visitors) be measured? And how can it be encouraged? We are still getting our thoughts together on this, but are publishing this page anyway, in case somebody would like to comment on the work in progress.("Under construction" as they used to say, before realizing that the whole web is a permanent construction site.) This page will later split into two - one on measuring trust, and one on cultivating it. But for now, it's covering both aspects.

One of the major problems on the Web - from the point of view of a site owner - is the lack of trust that visitors have with websites. If you're telling visitors something, they may not believe you. If you want them to buy something from you, they may think they'll be ripped off. If you're asking for information, people won't supply it because they don't trust what you'll do with it.

Site visitors have the same problem, from the opposite angle. If a site tells you something, why should you believe it? If it tries to sell you something, how do you know it won't rip you off - in some way you never knew was possible? And if it asks for information, how do you know that your response won't be sold or misused?

However, why would people visit a site if they didn't want to be able to trust it? And why would site owners not want to be trusted? So if both parties want to be able to establish a bond of trust, how can trust be encouraged? That's what this page is about.

What exactly does trust mean, in this context?

Trust is one of those concepts that seem obvious, but is difficult to explain in detail. Perhaps that's because the word has a wide range of interpretations, with different people attributing different meanings to "trust". Because this page is not about abstract philosophy, but focused on website effectiveness, I propose a working definition: that trust in any object can be measured by the willingness of visitors to interact with it in some way. When the object is a web page, that means not just looking at the page, but believing the information presented, or acting on it. (Also note that "willingness to interact" is not quite the same thing as interacting: interaction can occur without much trust, when the alternatives are worse.)

You can think of trust as one form of what are sometimes called "market based assets" - a value that a business (or other organization) has - based not on what it owns, but on what others think of it. In that context, trust goes with awareness level, word of mouth, reputation, image, referrals, and track record. All of these are fairly loose concepts, but they are all related. To that extent, when trust increases, so do those other concepts. It's plausible (though untested, as far as I know) that increasing trust will also increase awareness - and vice versa.

What is there that can be trusted?

You could think about trust by using an epidemiological model: trust, like a disease, spreads by contagion between related entities. Thus your trust in a web page will be influenced by your trust in...

Opinions are formed in two different ways. If you start from a position of ignorance, a sensible thing to do is follow experts who you respect. If you've never bought anything online, and have seen a TV program that says the whole Web is a giant fraud, you might adopt that as an initial opinion. But if you can get past that barrier and actually try it, you'll be able to move from your initial top-down (deductive) thinking to a bottom-up (inductive) thinking, and begin to build generalizations from your own experience.

This suggests that trust is built (from the site owner's point of view) by being a member of something, which in turn is a member of something, which in turn is a member of something that the visitor has heard of, and can trust. Thus trust can be encouraged by creating a chain (or maybe more of a cloud) of favourable associations.

A visitor need not trust a site in every way, in order to use it. For example, I have zero trust in my bank to act in my best interests, but I trust its website enough to do online transfers between accounts - because I've done this many times, and never had a problem.

Trust cannot be totally rational, because it can never be based on enough experience. At some point, if you're going to take almost any action, you have to try a little trust - cautiously edging forward. Here's an example. Tallulah came in here a little while ago, wanting to sit on my lap while I was typing at the computer. (In case you're getting the wrong idea about Audience Dialogue, I'd better point out that Tallulah is the office cat.) Because the chair's arm is in the way, she reaches my lap by jumping first onto the desk, then down again. Today, on the desk was a heap of papers, and on top of that was a map, larger than the other papers. Tallulah, cautious as ever, studied the heap for a few seconds. She decided to jump onto the centre of the heap, and from there onto my lap. She didn't trust that map enough to stand on its edges. In just the same way, trust can start at a solid centre and work slowly outwards.

Relating trust to desired actions

In establishing trustworthiness, as a website owner you can start by thinking about exactly what is it that you want visitors to do when they see each page (or group of similar pages)? Some possibilities...

  1. You want them to believe the information on the page (as an .edu or .ac site might)
  2. You want them to act on the information (e.g. a social marketing site)
  3. You want them to buy something online (as a .com site might)
  4. You want them to be impressed with your organization and more inclined to do business with it (that covers most consultancy sites, including this one)
  5. You want them to remember the name of your organization, and then buy something offline (for a .com site that doesn't do online sales).

For each relevant desired action, imagine each possible barrier that visitors might encounter, discouraging them from doing what your page wants them to do. After you've listed the barriers, think about how to overcome each of them. Different kinds of barrier will need different approaches.

Simply saying "trust us" may have the opposite effect from what you want - if other indicators of trust aren't looking good to the visitor.

A checklist

One way to improve trust is to use a checklist. This will get you part of the way, but not all the way, because trust is irrational. You might have everything else right, but if visitors don't like your site's colour scheme, they may trust you less (as some Korean researchers found).

Here's a first cut at a checklist: what you could include on a web page to increase trust in your site...

What do you notice about the above list? Maybe that trust works in both directions. For example, if you don't trust your visitors enough to tell them your street address, why should they buy anything from you, or believe what you are saying?

How to measure trust

Because trust is a feeling rather than a rational calculation, acting on a checklist like the above one may not make people trust your site. Trust needs to be assessed empirically, not heuristically.This involves talking to users and potential users of the website. An appropriate research method would be a triadic one, based on Kelly's repertory grid. For each user, it would involve comparing three websites:

After the set of 3 sites was sorted out for a particular participant, these questions would be asked:
  1. Questions about characteristics of the site (as in the above checklist) that might relate to trust in it.
  2. Questions about willingness to interact with each of the 3 sites: the types and depths of interaction that seem appropriate to that user.
  3. Questions about the user, to see how various user groups differ (demographic, "webographic", etc.) One of these questions would distinguish between current and potential users of the target site.
Think of type 1 questions as "cause", type 2 as "effect", and type 3 as mediating variables (why some causes have effects in certain situations, but not in other situations). The study is trying to find out what characteristics of the site relate to willingness to interact. Depending on the differences between different types of user, the sample size need not be large. I suspect that 20 participants would often be enough for a clear pattern to emerge. If you had a large enough sample (a few hundred), you could use a statistical technique such as canonical correlation, but that might be overkill. If you had to use a big sample and multivariate statistics, this would be an indication that the questions might not have been relevant.

We haven't actually tried this method yet, but from our past experience, it should work quite smoothly. The key problem is recruiting participants for the research. Unless the response rate was unusually high (over 50%) the sample might be one of people who already trusted the site enough to take part in a survey about it.

Further reading

A lot has been written in the last few years about trust on the Web. While writing this page, I read about 20 of those articles. Most of the academic research is reported in ICT journals and conference proceedings, not available on the public part of the Web. A good starting point that is available is Jakob Nielsen's article Trust or Bust: Communicating Trustworthiness in Web Design.

The most comprehensive article I found was "An overview of online trust", by Ye Diana Wang and Henry H Emurian, in Computers in Human Behavior, volume 21, pages 105-125 - dated 2005 but really 2004. This reviews most of the research so far.

On practical aspects of building trust, there's a report (for sale) from the Nielsen Norman Group E-commerce User Experience: Design Guidelines for Trust and Credibility.

A useful guide on the trustworthiness of web sites is from the Google Librariran Center: Beyond Algorithms: A Librarian's Guide to Finding Web Sites You Can Trust, by Karen G. Schneider. The five principles she uses are availability (does the site work?), credibility, authorship, external links, and legality.