You are here: Home Contents V19 N3 V19N3_AlAbdullah.html
Personal tools

How Does Vulnerability Awareness Impact Consumer Behavioral Intention: Evidence from POS Systems



Full text

Journal of Information Systems Security
Volume 19, Number 3 (2023)
Pages 195216
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Muhmmad Al-Abdullah — University of Tampa, USA
Yazan Alnsour — University of Wisconsin, Oshkosh, USA
Mohamad Alsharo — Al al-Bayt University, Jordan
Information Institute Publishing, Washington DC, USA




Point-of-sale systems (PoS) are essential in today’s business to provide good customer service and shopping experience. PoS systems seamlessly manage customers, track inventory, and smooth the checkout process. Although PoS systems adoption is becoming the norm and the existing literature has proven their benefits, they are becoming more vulnerable to information security incidents and vulnerabilities. To that extent, this research focuses on understanding the effects of the customers’ awareness of system vulnerabilities on the intentions to use the PoS system. To examine that, we extended the Technology Acceptance Model (TAM) by Perceived Risk (PR) and technology Vulnerability Awareness (VA) constructs to better understand how they affect the consumers' intention to use PoS systems. Our results show that customers’ awareness of existing vulnerabilities reduces their intention to use the PoS system due to the increase in the customers’ perception of risks. In addition, the results show that the customers’ evaluation of PoS technologies usage is affected by the technology’s perceived usefulness (PU) and the technology's perceived ease of use (PEOU). We found that PEOU increases PU and the intention to use the PoS. We also discuss the implications to both practice and theory.




System Vulnerabilities, Information Security Awareness, Perceived Risk, Vulnerabilities Awareness.




Abed J., Dhillon G., Ozkan S. (2016). "Investigating continuous security compliance behavior: Insights from information systems continuance model." Twenty-second Americas Conference on Information Systems, San Diego.

Aladwani, A. M. (2001). "Online banking: a field study of drivers, development challenges, and expectations." International Journal of Information Management, 21(3), 213-225.

Ajzen, I. and Fishbein, M. (1980). "Understanding Attitudes and Predicting Social Behavior." Prentice-Hall, Englewood Cliffs, NJ.

Åhlfeldt, R.-M., M. Nohlberg, E. Söderström, C. Lennerholt and J. van Laere (2018). "Current Situation Analysis of Information Security Level in Municipalities". Journal of Information System Security 14(1).

Anderson, J. C. and Gerbing, S. W. (1988). "Structural Equation Modeling in Practice: A Review and Recommended Two-Step Approach." Psychological Bulletin, 103(3), 411-423.

Bandura, A. (1982). "Self-efficacy mechanism in human agency." American psychologist, 37(2), 122.

Beach, L. R. and Mitchell, T. R. (1978). "A contingency model for the selection of decision strategies. Academy of management review." Academy of management review (3)3, 439-449.

Bellman, S., Lohse, G. L., and Johnson, E. J. (1999). "Predictors of online buying behavior." Communications of the ACM, 42(12), 32-38.

Bettman, J. R. (1973). "Perceived risk and its components: A model and empirical test." Journal of marketing research (10)2, 184-190.

Byrne, B. (1998). "Structural Equation Modeling with LISREL, PRELIS, and SIMPLIS." Lawrence Erlbaum Associates, N.J., 196-199.

Candal-Vicente, I., Castro-Gonzáles, S. and García-Cortés, J. (2017). "Evaluation of vulnerabilities in computer systems users." Journal of Information System Security 13(1): 35-55.

Davis, F. D. (1989). "Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology", MIS Quarterly, 13, 319-340.

Davis, F. D., Bagozzi, R. P., and Warshaw, P. R. (1989). User acceptance of computer technology: a comparison of two theoretical models. Management science, 35(8), 982-1003.

Demetis, D. S. (2010). "Technology and anti-money laundering: A systems theory and risk-based approach." Edward Elgar Publishing.

Dhillon, G., Syed, R. and Pedron, C. (2016). "Interpreting information security culture: An organizational transformation case study." Computers & Security 56, 63-69.

Dinev, T. and Hart, P. (2005). "Internet privacy concerns and social awareness as determinants of intention to transact." International Journal of Electronic Commerce, 10(2), 7-29.

Dinev, T. and Hu, Q. (2007). "The centrality of awareness in the formation of user behavioral intention toward protective information technologies." Journal of the Association for Information Systems, 8(7), 386.

Dowling, G. R. and Staelin, R. (1994). A model of perceived risk and intended risk-handling activity. Journal of consumer research, 21(1), 119-134.

Featherman, M. (2001). Is perceived risk germane to technology acceptance research. AMCIS Proceedings, Boston, MA.

Featherman, M. S. and Pavlou, P. A. (2003). Predicting e-services adoption: a perceived risk facets perspective. International journal of human-computer studies, 59(4), 451-474.

Gefen, D. and Straub, D.W. (1997). Gender Differences in the Perception and Use of E-Mail: An Extension to the Technology Acceptance Model, MIS Quarterly, 21(4), 389-400

Gefen, D., Karahanna, E., and Straub, D. W. (2003). Trust and TAM in online shopping: An integrated model. MIS quarterly, 27(1), 51-90.

Gefen, D., Straub, D., and Boudreau, M. C. (2000). Structural equation modeling and regression: Guidelines for research practice. Communications of the association for information systems, 4(1), 7.

Gemünden, H. G. (1985). Perceived risk and information search. A systematic meta-analysis of the empirical evidence. International Journal of Research in Marketing, 2(2), 79-100.

Goodhue, D. L. and Straub, D. W. (1991). Security concerns of system users: a study of perceptions of the adequacy of security. Information & Management, 20(1), 13-27.

Gupta, A. and Arora, N. (2017). Understanding determinants and barriers of mobile shopping adoption using behavioral reasoning theory. Journal of Retailing and Consumer Services, 36, 1-7.

Hanafizadeh, P., and Khedmatgozar, H. R. (2012). The mediating role of the dimensions of the perceived risk in the effect of customers’ awareness on the adoption of Internet banking in Iran. Electronic Commerce Research, 12(2), 151-175.

Hu, Q. and Dinev, T. (2005). Is spyware an internet nuisance or public menace? Communications of the ACM, 48(8), 61-66.

Hu, Q., Hart, P., and Cooke, D. (2006). The Role of External Influences on Organizational Information Security Practices: An Institutional Perspective. In Proceedings of the 39th Hawaii International Conference on Systems Science (HICSS 39), Hawaii, USA. CD-ROM, IEEE Computer Society.

Hubert, M., Blut, M., Brock, C., Backhaus, C., and Eberhardt, T. (2017). Acceptance of Smartphone‐Based Mobile Shopping: Mobile Benefits, Customer Characteristics, Perceived Risks, and the Impact of Application Context. Psychology & Marketing, 34(2), 175-194.

Igbaria, M. (1993). User acceptance of microcomputer technology: an empirical test. Omega, 21(1), 73-90.

Jahangir, N. and Begum, N. (2008). The role of perceived usefulness, perceived ease of use, security and privacy, and customer attitude to engender customer adaptation in the context of electronic banking. African journal of business management, 2(2), 32.

Jarvenpaa, S. L. and Todd, P. A. (1996). Consumer reactions to electronic shopping on the World Wide Web. International Journal of electronic commerce, 1(2), 59-88.

Karlsson, F., J. Åström and M. Karlsson (2015). "Information security culture–state-of-the-art review between 2000 and 2013." Information & Computer Security 23(3): 246-285.

Kosner, A. W. (2014). "Actually Two Attacks In One, Target Breach Affected 70 to 110 Million Customers." Forbes. Retrieved from:

Kucuk, S. U. (2016). "Consumerism in the digital age." Journal of Consumer Affairs, 50(3), 515-538.

Langenderfer, J. and Miyazaki, A. D. (2009). "Privacy in the information economy." Journal of Consumer Affairs, 43(3), 380-388.

Lee, M. C. (2009) "Factors influencing the adoption of internet banking: An integration of TAM and TPB with perceived risk and perceived benefit." Electronic commerce research and applications, 8(3), 130-141.

Li, Y. H. and Huang, J. W. (2009). "Applying theory of perceived risk and technology acceptance model in the online shopping channel." World Academy of Science, Engineering and Technology, 53(1), 919-925.

Liebermann, Y. and Stashevsky, S. (2002). "Perceived risks as barriers to Internet and e-commerce usage". Qualitative Market Research: An International Journal, 5(4), 291-300.

Lifen Zhao, A., Hanmer-Lloyd, S., Ward, P., and Goode, M. M. (2008). "Perceived risk and Chinese consumers' internet banking services adoption." International Journal of Bank Marketing, 26(7), 505-525.

Lincke, S. J., R. Kumar and V. Tiwari (2010). "Security of Information Systems in Schools: An Evaluation using Audit and COBIT Interviews." Journal of Information System Security 6(3).

Littler, D. and Melanthiou, D. (2006). Consumer perceptions of risk and uncertainty and the implications for behaviour towards innovative retail services: the case of internet banking. Journal of retailing and consumer services, 13(6), 431-443.

Luo, X. and Liao, Q. (2007). "Awareness education as the key to ransomware prevention." Information Systems Security, 16(4), 195-202.

Marriott, H. R. and Williams, M. D. (2018). "Exploring consumers perceived risk and trust for mobile shopping: A theoretical framework and empirical study." Journal of Retailing and Consumer Services, 42, 133-146.

Marsh, H. W. and Hocevar, D. (1985). "Application of confirmatory factor analysis to the study of self-concept: First- and higher order factor models and their invariance across groups." Psychological Bulletin, 97(3), 562-582.

Monzelo, P. and S. Nunes (2021). "Information Security Awareness and its Impact on the CISO's Responsibilities - A Study of The Portuguese Environment". Journal of Information System Security 17(2).

Milne, G. R., Pettinico, G., Hajjat, F. M., and Markos, E. (2017). "Information sensitivity typology: Mapping the degree and type of risk consumers perceive in personal data sharing." Journal of Consumer Affairs, 51(1), 133-161.

Mitchell, V. W. (1992). "Understanding consumers’ behaviour: can perceived risk theory help." Management Decision, 30(3).

Miyazaki, A. D. and Fernandez, A. (2001). "Consumer perceptions of privacy and security risks for online shopping." Journal of Consumer affairs, 35(1), 27-44.

Nehf, J. P. (2007). "Shopping for Privacy on the Internet." Journal of Consumer Affairs, 41(2), 351-375.

Nohlberg, M., Wangler, B., and Kowalski, S. (2011). "A Conceptual Model of Social Engineering." Journal of Information System Security, 7(2).

Ramachandran, S., C. Rao, T. Goles and G. Dhillon (2013). "Variations in information security cultures across professions: A qualitative study." Communications of the Association for Information Systems 33(1): 11.

Rifon, N. J., LaRose, R., and Choi, S. M. (2005). "Your privacy is sealed: Effects of web privacy seals on trust and personal disclosures." Journal of consumer affairs, 39(2), 339-362.

Rogers, E.M. and Shoemaker, F.F. (1971). "Communication of Innovations: A Cross-Cultural Approach." Free Press, New York, NY, as cited in Davis, F. D. (1989). Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology, MIS Quarterly, 13, 319-340.

Semantic. (2014). "A Special Report on Attacks on Point-of-Sale Systems." CA, Mountain View.

Sohn, S. (2017). "A contextual perspective on consumers' perceived usefulness: The case of mobile online shopping." Journal of Retailing and Consumer Services, 38, 22-33.

Suh, B. and Han, I. (2003). "The impact of customer trust and perception of security control on the acceptance of electronic commerce." International Journal of electronic commerce, 7(3), 135-161.

Sun, H., Ni, W., and Wang, Z. (2016). "A consumption system model integrating quality, satisfaction and behavioral intentions in online shopping." Information Technology and Management, 17(2), 165-177.

Swanson, E. B. (1987). "Information channel disposition and use." Decision Sciences, 18(1), 131-145. As cited in Davis, F. D. (1989). "Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology." MIS Quarterly, 13, 319-340.

Target Corporation. (2018). "Payment Card Issues FAQ." Retrieved from

Thambusamy, R. and R. Singh (2011). "Design of a Secure Electronic Medical Records Process Using Secure Activity Resource Coordination." Journal of Information System Security 7(2).

Van der Heijden, H. (2004). "User acceptance of hedonic information systems." MIS quarterly, 695-704.

Venkatesh, V., Morris, M. G., Davis, G. B., and Davis, F. D. (2003). "User acceptance of information technology: Toward a unified view." MIS quarterly, 425-478.

Westland, J. C. (2002). "Transaction risk in electronic commerce." Decision Support Systems, 33(1), 87-103.

Whitman, M. E. and Mattord, H. J. (2012). "Threats to Information Security Revisited." Journal of Information System Security 8(1).

Yiu, C. S., Grant, K., and Edgar, D. (2007). "Factors affecting the adoption of Internet Banking in Hong Kong—implications for the banking sector." International journal of information management, 27(5), 336-351