Abstract
We examine how security level and liability shares in online transactions are determined. Buyers typically bear significant hassle costs for self-authentication, but do not consider positive externalities generated for the seller. If a monopolistic seller knows the buyers' costs, it can choose a socially optimal security level by adjusting the liability share properly. Conversely, social inefficiency in the case of competition may rationalize regulation. If buyers are heterogeneous in terms of hassle costs and the seller cannot determine each individual's cost, they can attain the second-best solution by providing two options; a high security level and a high liability offer, and a low security level and a low liability offer. Contrary to full information cases, the inefficiency due to asymmetric information is eliminated by competition. The analysis has important implications on regulation policies in the security market.
•The security and liability choices are examined in online transactions.•Shoppers bear greater costs for greater levels of e-commerce security.•With homogeneous shoppers, an unregulated monopolist uses the socially optimal security.•Shoppers, for whom security technology is costly, prefer low security and liability offers.•The analysis has important implications on the security market regulation policy.