Augmenting the technology acceptance model with trust model for the initial adoption of a blockchain-based system

Background

This section provides background information about the Blockchain-Based System used in the study described in this paper, the Technology Acceptance Model, and the models of Privacy, Security and Trust used to predict software systems’ adoption by users.

Blockchain-Based System (BBS)

The term BBS for a general blockchain-based system was initially used in Jun (2018) without any detailed explanation. BBS in our study represents the blockchain-based service that we have developed with an engineering-oriented approach to address trust-aware business processes in an e-commerce domain, in the context of an online shopping cart system (Shrestha, Joshi & Vassileva, 2020). The requirements for the BBS are:

• To enable companies to increase trust in their products and supply chains.

• To offer direct payment with native Ethereum tokens thereby enabling privacy and confidentiality.

• To create proof of the existence of every transaction.

• To give the users full transparency over who accesses their data, when and for what purpose.

• To enable companies to share customers’ data among others in the consortium network.

• To provide incentives to customers in real-time for sharing their data.

This BBS has a 3-tier architecture (Fernandez et al., 2008) employing Spring Boot (https://spring.io/projects/spring-boot) and React (https://reactjs.org/) as the main building technologies. The system uses permissioned MultiChain as a solution to both on-chain and off-chain data storage, encryption, hashing and tracking of data, together with Ethereum. Ethereum is used for access control and enabling transactions with ethers that allow users to shop online with all the transactions stored in the blockchain and get incentives for permitting to share their data as they specify in the smart contracts. Figure 1 presents the interaction among the customer (data provider) and other e-commerce companies/apps (data consumers) of the BBS. The system comprises two subsystems: Shopping Cart System (SCS) and Data Sharing System (DSS). SCS is used in the online shopping cart enterprise. It has a payment mechanism supporting cryptocurrency, ether and manages the mutual agreement between customers and enterprise through smart contracts. SCS automatically registers the immutable timestamped information about the transactions that acts as proof of existence and can be useful to settle any disputes between the stakeholders in the future. Moreover, SCS deploys smart contracts that allow customers to provide their data sharing preferences on a template form without needing them to write the code for the smart contracts. The smart contracts support users in the following ways (Shrestha & Vassileva, 2019b):

• Give users full transparency over who accesses their data, when and for what purpose.

• Allow users to specify the purposes of data sharing, which kinds of data can be shared, and which applications or companies can access the data.

• Provide an incentive to users for sharing their data (in terms of payment for the use of the data by applications, as specified by the contracts).

DSS is used for sharing user data among the companies, that provide the shopping cart system to the customers. DSS allows enterprises to form a consortium blockchain network in the MultiChain environment so that user data are only shared with the particular node, that has been given the data access permission, as defined in the smart contracts when deployed by customers on SCS. DSS offers tamper-proof encrypted data storage, publication and provenance mechanisms with a transparency of the event log mechanism in collaborative processes where different enterprises use published/shared data.

Augmented Technology Acceptance Model

The classical Technology Acceptance Model (TAM) as shown in Fig. 2 was based on the Theory of Reasoned Action (Fishbein & Ajzen, 1975) in social psychology, which claims that behavioral intention is a strong indicator of actual behavior. The TAM has been used as a conceptual framework in many studies of the potential users' behavioral intention to use a particular technology. The behavioral intention is defined as “the degree to which a person has formulated conscious plans to perform or not perform some specified future behavior” (Warshaw & Davis, 1985). The classical TAM focuses on using technology, where perceived ease of use (PEOU) and perceived usefulness (PU) are two design attributes or antecedent to influence user acceptance behavior. PEOU is defined as the degree to which a person believes that using a particular system would be free of effort. PU is the degree to which a person believes that using a particular system would enhance his or her job performance. TAM hypothesizes that the actual use of the system is determined by behavioral intention to use (ITU), which is the degree to which a person has behavioral intention to adopt the technology. ITU is in turn influenced by the user’s attitude towards use, perceived usefulness and perceived ease of use of the system. Attitude towards use is the degree of belief to which a person uses the system as guided by valuations (Shin, 2019; Shin, 2017).

TAM is widely used to understand how users come to accept and use information technology. However, there is no existing literature on using TAM in the context of real-life blockchains and smart contracts-based applications, indicating a significant gap in the knowledge. To fill this research gap in the existing literature, this study applies the augmented TAM with trust model to the BBS that we implemented, with participants who actually used the system before answering the survey questionnaires. Our study also uncovers the individual mediating effects of trust, security and perceived usefulness.

In classical TAM, the main design constructs such as perceived ease of use and perceived usefulness have shown significant influence on the behavioral intention of the user to adopt the information systems (Davis, 1989), and the latest study by Shin (2019) shows the necessity of considering the Trust-Security-Privacy factors in the decision model of the blockchain-based-solution adoption. So, we adopted the partial least square structural equation modeling (PLS-SEM) analyses on the augmented TAM as it is a useful technique to estimate complex cause-effect relationship models with latent variables and we aimed to model the latent constructs under conditions of non-normality and small sample sizes (Wong, 2013).

Many researchers often extend TAM by adding external constructs because classical TAM often does not capture many key factors specific to the context of the technology (Melas et al., 2011). Quality of system (QOS) (Koh, Prybutok & Ryan, 2010), trust (T) (Wu & Chen, 2005), behavioral control (Bhattacherjee, 2000) are some of the constructs that have been added as influential variables to user acceptance of the information technology and are therefore inevitable for evaluating a novel system, BBS as in this current study. Although in the software engineering domain, security and privacy are regarded as part of QOS, in this study, we have presented perceived security and perceived privacy as separate constructs. DeLone & McLean (1992) refers to QOS as the technical details of the system interface and system’s quality that produces output response such that the technology attributes singularly or jointly influence user satisfaction. Hence, it is assumed that the QOS affects user satisfaction and that directly or indirectly through PU, affects users’ intention to use the system (DeLone & McLean, 1992; Shrestha & Vassileva, 2019a).

Moreover, perceived privacy and perceived security have critical roles in the acceptance of the technologies as the prior research suggest they have a significant effect on users’ attitudes that positively influence their intention to use the technologies (Amin & Ramayah, 2010; Roca, García & de la Vega, 2009; Shin, 2010).

Multidimensionality of privacy

Privacy is defined as the right to be let alone (Warren & Brandeis, 1890). Furthermore, privacy has been considered as the right to prevent the disclosure of personal information to others (Westin, 1968). Later, privacy has been known to be not just unidimensional (Burgoon et al., 1989; DeCew, 1997) as it includes informational privacy along with accessibility privacy, physical privacy and expressive privacy.

• Informational privacy – “how, when, and to what extent information about the self will be released to another person” (Burgoon et al., 1989; DeCew, 1997), e.g., the user is asked for too much personal information while using online services.

• Accessibility privacy- “acquisition or attempted acquisition of information that involves gaining access to an individual” (DeCew, 1997), e.g., the user’s contact (address, phone or email) information might be left in the old system.

• Physical privacy- “the degree to which a person is physically accessible to others” (Burgoon et al., 1989) e.g., viewing user screen in an unauthorized way.

• Expressive privacy- “protects a realm for expressing one’s self-identity or personhood through speech or activity” (DeCew, 1997). It restricts extrinsic social control over choices and improves intrinsic control over self-expression, e.g., user data may be inappropriately forwarded to others.

Introna & Pouloudi (1999) developed a framework of principles for the first time to study privacy concerns while exploring the interrelations of interests and values for various stakeholders. The study has identified that different users have distinct levels of concern about their privacy. Smith, Milberg & Burke (1996) developed a scale for the concern for privacy that measured unidimensional aspects of privacy such as collection, errors, secondary use, and unauthorized access to information factors. Malhotra, Kim & Agarwal (2004) also presented a model to consider multiple aspects of privacy such as identifying attitudes towards the collection of personally identifiable information, control over personal information and awareness of privacy practices of companies gathering personal information. However, all these studies just focused on the informational privacy, so the scales to measure privacy were also based on a unidimensional approach and were not even validated. Furthermore, the issue regarding the benefit to giving up privacy such as offering personalization, enhanced security etc. was not addressed by those studies.

Hence, to address the multidimensionality of privacy, it is particularly important to consider privacy-related behaviors while studying privacy concerns and user attitudes towards privacy in BBS. The constructs presented in a study by Buchanan et al. (2007) are validated and considered both privacy concerns and user behavior models. The behavioral items include general caution and technical protection of privacy. Attitudinal item includes privacy concern. The authors found that privacy concern correlates significantly with a general caution, but not significantly with the technical protection factor. Furthermore, perceived privacy, which is the attitudinal privacy or privacy concern undoubtedly plays a critical role in user accepting technologies (Hoffman, Novak & Peralta, 1999; Poon, 2008). It sheds light on the possibility of unauthorized use and access to the personal and financial information of the users by the companies that they are intending to use the service of Dwyer, Hiltz & Passerini (2007).

Perceived security

Perceived security is the degree to which a user believes that the online service has no predisposition to risk (Yenisey, Ozok & Salvendy, 2005). The protected financial and personal information may get compromised by theft and fraudulent activities leading to vulnerability on the internet. Because of this, a sense of security becomes a major concern for the customers to handout their details on the network (Gefen, 2000; Shrestha, 2014; Wang, Lee & Wang, 1998). Perceived security here does not only mean technical security but the user’s subjective feeling of being secured in the network (Roca, García & de la Vega, 2009). Authors (Linck, Pousttchi & Wiedemann, 2006) have argued that a lack of subjective security in the user’s mind will create hesitation to use systems.

Trust as mediating factor

Trust is an important contributing factor for users to do a certain task that can make them vulnerable and yet hope the service provider on the other end to fully comply with the set of protocols to complete a transaction (Dwyer, Hiltz & Passerini, 2007) and eventually develop a new relationship (Coppola, Hiltz & Rotter, 2004; Jarvenpaa & Leidner, 1999; Piccoli & Ives, 2003). In a virtual environment, as the users do not have any control over the outcome of their actions, trust becomes one of the prime factors for them to ground some firm belief in the reliability to engage with the other party (Hoffman, Novak & Peralta, 1999). In e-commerce, when information is disclosed, users tend to trust more the service provider (Metzger, 2004) resulting in users being free of doubts and are more likely to engage with the other party (Hoffman, Novak & Peralta, 1999). Research has shown that trust has a positive significant impact on attitude and intentions to use systems (Papadopoulou, 2007). With greater trust, users question less the authenticity of online services.

The user acceptance behavioral model, as presented by Rios, Fernandez-Gago & Lopez (2017), Shin (2010) for theoretical social network services, is also useful for conceptualizing the role of perceived security, perceived privacy (privacy concern from attitudinal privacy) on user trust. Their findings revealed that perceived security has a moderating effect on perceived privacy that correlates significantly with trust the user can have on the system.

Related work

Numerous studies have been conducted to examine the factors that determine the acceptance of information technology in the context of an extended TAM and Trust model. We cover a cross-section of those studies that are related to our work.

To the best of our knowledge (Folkinshteyn & Lennon, 2016), conducted a very first user study with TAM in the context of the adoption of bitcoin as financial technology. Their findings revealed both positive and negative factors associated with the acceptance of bitcoin, the first real-life application of blockchain technology. They have also argued that the cryptocurrency offers borderless and efficient transactions with significant positive factors in PEOU and PU, giving users full control over their currency, however it is also extremely volatile with not being lenient of security breaches or errors (Folkinshteyn & Lennon, 2016). So, it has both risks and benefits that affect the overall adoption of the cryptocurrency. Their findings also suggested exploring other aspects beyond TAM variables to consider the underlying risk and trustworthiness constructs associated with the blockchain-based applications. Previous research by Kern (2018), Shin (2019) on an abstract blockchain-based application model suggested that the blockchain-based system can be accepted if it has enough trust to sustain and is perceived as convenient and useful in the highly competitive market. Almost all of the existing research so far is limited to the blockchain-based prototype system using an extended TAM (Kern, 2018; Shrestha & Vassileva, 2019a) and Trust model (Shin, 2019). Our current study extends the research contribution of the prior study (Shrestha & Vassileva, 2019a) by conducting a new user study on the real-life blockchain-based system, BBS (Shrestha, Joshi & Vassileva, 2020).

Gefen et al. have previously explored a mixed model with TAM and Trust model to study the adoption of the on-line shopping setting (Gefen, Karahanna & Straub, 2003). Their model presented the use of the on-line system into both system attributes such as perceived usefulness and perceived ease of use and trust in e-vendors. Their model resulted in the integrative indication of the TAM and Trust constructs as good predictors for the output response, which was the behavioral intention to use the online shopping system. Therefore, the current study adopts a similar model and presents it as augmented TAM which comprises an extended TAM and Trust model.

As online activities such as online shopping generate a plethora of real-time transactions of all kinds of assets and information, they are prone to security and privacy-related risks (Roca, García & de la Vega, 2009). A privacy issue mostly occurs with unwarranted access to the users’ personal data, but that does not necessarily involve security breaches, which can happen with poor access control mechanisms in the system allowing malicious actors to control the system. However, both breaches are critical issues and they often exist together on the online services where users typically feel hesitant to provide private information over the internet (Hoffman, Novak & Peralta, 1999). (Shin, 2010) previously explored the statistical significance of security and privacy in the acceptance of social networking sites. Later, Shin (2019) presented the role and dimension of digital trust in the emerging blockchain context, where (Siegel & Sarma, 2019) has argued that it has not been investigated how privacy/security factors affect user’s behavioral cognitive process of accepting the blockchain-based systems. This study, in addition to previous TAM validated constructs, explores the users’ perception towards the security and privacy aspect of the BBS and their influence on intention to use the BBS by using the moderating effects of trust on attitudes towards system. Besides, the current research aims to answer the following research questions when exploring the relationship between different indicators of the augmented TAM with the trust model:

• RQ1: Which of the design attributes is/are the strongest antecedents of the attitudes towards BBS?

• RQ2: Which of the design attributes is/are the strongest antecedents of the intention to use BBS?

• RQ3: Is the influence of privacy on attitudes towards BBS mediated by both security and/or trust?

• RQ4: Is the influence of security on attitudes towards BBS mediated by trust?

• RQ5: Is the influence of ease of use/quality of system on intention to use BBS mediated by perceived usefulness?

Research instrument design

We conducted online surveys through SurveyMonkey by requesting each participant to respond to the questionnaire on different constructs. The survey instrument is based on constructs validated in prior studies by Buchanan et al. (2007), Davis (1989), Davis, Bagozzi & Warshaw (1992), Dennis et al. (2012), Jian, Bisantz & Drury (2000), Koh, Prybutok & Ryan (2010), Shin (2010, 2017) and adapted in the context of our research model. The instrument consists of 6 items for perceived ease of use, 6 items for perceived usefulness, 4 items for quality of system, 3 items for perceived enjoyment, 4 items for intention to use, 3 items for perceived security, 9 items for trust, 4 items for attitudinal privacy (perceived privacy), 4 items for behavioral privacy-general caution, 4 items for behavioral privacy-technical protection and 3 items for attitude towards BBS. For our later analysis, we did not consider data related to perceived enjoyment. All the respective items (questions) in the constructs are provided as Supplemental Files. We measured the responses to the items on a 7-scale Likert scale from 1 = strongly disagree to 7 = strongly agree.

Sample organizations

We recruited participants through the website announcement on the University of Saskatchewan’s PAWS homepage and on the social networking site, LinkedIn. Participation was entirely voluntary. The participants had to read and accept the consent form to participate in the study. No real identities and email addresses were collected during the data-gathering phase in the surveys. The consent for participation was obtained via an implied consent form. By completing and submitting the questionnaire, participants' free and informed consent was implied and indicated that they understood the conditions of participation in the study spelled out in the consent form.

To contextualize the surveys for SCS, we provided participants at the beginning of the pre-test survey questionnaire (presented as the Article S1) with a video about a brief description of blockchain technology and BBS. The inclusion criteria for the SCS survey was that any individual with knowledge about the internet could participate. After participants completed the pre-test survey, we presented them with another video about using the SCS and hosted a remote session allowing them to use the SCS for fifteen minutes. We did not record but noted down their comments and confusion during their interaction with the system. Thereafter, we presented them with a post-test survey questionnaire (presented as a Article S2) to measure different constructs of our Augmented TAM with Trust model.

Similarly, we conducted the pre-test and post-test surveys for the DSS part as well. The post-test survey questionnaire for DSS is presented as a Article S3. Each participant in the DSS survey was also asked to use the DSS remotely for fifteen minutes. The inclusion criteria for the DSS survey was that the participants should be from a technical (computer science or engineering) background because the DSS includes technical aspects that only the software developer or system administrator could understand better. Most of the participants completing DSS surveys also took part in the SCS surveys.

Participants demographics

A total of 66 participants took part in the SCS study and 53 participated in the DSS study. However, upon cleaning, 63 valid responses for SCS and 50 for DSS were left for the analysis. We used a partial least square nonparametric bootstrapping procedure to test the statistical significance with 5,000 subsamples (Hair et al., 2013) so that the resampling process would create subsamples with observations randomly drawn from the original set of data. For the study, we based our survey by collecting data from the participants who understood at least something about the blockchain and smart contract technologies after watching the video that we prepared on blockchain technology and BBS. The mean score suggests that for SCS, 79% of participants have basic knowledge and 19% have advanced knowledge of blockchain technology; whereas for DSS, 68% of participants have basic knowledge and 28% have advanced knowledge of blockchain technology. Table 1 highlights the demographics of the participants.

Descriptive statistic

We had a 7-scale Likert scale for the responses to the items, so we categorized the scale in terms of percentage value to analyze the average score for each item and overall impression of the constructs. We collected scores for all the items in perceived ease of use, perceived usefulness, quality of system, trust, security, privacy, attitudes, and intention to use constructs of our model.

The scores obtained for selected constructs indicate that user perceptions on the benefits of using BBS should be maintained by making improvements to achieve a higher level of score category. The preliminary descriptive statistic of the obtained data is shown in Fig. 4 which informs that the average results of the constructs are above 71.43%, so they qualified for the quite high category (Shrestha & Vassileva, 2019a). The comparatively lower pre-test scores indicate that participants developed confidence and trust towards the overall usefulness, usability, attitudes and intention to use the BBS after they used the SCS and DSS. Furthermore, higher scores for PEOS, PU, QOS for SCS over DSS signify that the participants feel easier to use SCS compared to the participants who participated in the DSS part of the study. However, all the selected constructs in our study provided a significant impression in the context of both BBS.

Measurement validation

We checked the measurement model with the exploratory factor analysis by testing the convergent validity, reliability of measures and discriminant validity.

For Exploratory Factor Analysis, we first checked the factor loadings of individual items, as shown in Table 2, to see whether the items in each variable loaded highly on its own construct over the other respective constructs. According to Chin, Peterson & Brown (2008), factor loadings exceeding 0.60 can be considered as significant. In our study, all the indicators in the measurement models had a factor loading of value greater than 0.60 except for Item 4 in the construct Behavioral Privacy-Technical Protection (BP-TP4). Since the square of factor loading is directly translated as item’s reliability, the item BP-TP4, “I regularly clear my browser’s history” with a very low loading value of 0.39 indicated that its communality value would be only 0.15, and thus should be avoided in the model. Although we used the validated constructs, our exploratory analysis detected that the item BP-TP4 had a weak influence on the Behavioral Privacy construct.

For the Convergent Validity of each construct measure, we calculated the Average Variance Extracted (AVE) and Composite Reliability (CR) from the factor loading. AVE for each construct should exceed the recommended level of 0.50 so that over 50% of the variances observed in the items were accounted for by the hypothesized constructs, and CR should also be above 0.75 to publish results (Hair et al., 2014). In our study, the AVE reported in Table 3 exceeds 0.50 for all the constructs except for Beh Privacy-Technical Protection (BP-TP). However, CR for each construct was above 0.75 (acceptable), confirming that it measures the construct validity of the model. Since the BP-TP had the item BP-TP4 of very low factor loading along with an AVE value of 0.469, it suggests that the factor BP-TP did not bring significant variance for the variables (items/questions) to converge into a single construct which means BP-TP items are a less-than-effective measure of the latent construct. We also justify this with the exceptionally low rho_A value for the construct BP-TP.

Table 3 shows the calculated rho_A value (Dillon-Goldstein’s rho) for checking the internal consistency to justify the reliability of each measure. The rho_A evaluates the within-scale consistency of the responses to the items of the measures of constructs and is a better reliability measure than Cronbach’s alpha in SEM (Demo et al., 2012). In our study, as recommended, rho_A for each construct was greater than 0.70 except for BP-TP which had a 0.28 rho value. Therefore, this also supports our decision of removing the behavioral privacy constructs from the post-tests for both SCS and DSS. We assumed that using the BBS simply does not influence the user’s behavioral perception of privacy. So, we were interested to see if there is any significant effect on the attitudinal aspect of privacy.

For assessing the Discriminant Validity of measures, we calculated the square root of the AVE (along the diagonals) of each construct as shown in Table 4. To lean towards discriminant validity (Fornell & Larcker, 1981) recommended having low correlations between the measure of interest and the measures of other constructs. In our model, we observed those diagonal values for each construct exceeded other corresponding values, which are the intercorrelations of the given construct with the other remaining constructs. This pointed out that the measures of each construct which was theoretically supposed to be not overlapping with measures of other variables are in fact, unrelated in our model.

Partial least square path modeling

To begin our Structural Equation Modeling (SEM) analysis, we built the models for the general population in the context of the pre-test (prototype model) and two subsystems SCS and DSC. We characterized the models by looking into coefficients of determination (R²’s), path coefficients (β’s) and corresponding P-value. R² determines the variance of a given construct explained by antecedents, β captures the strength of the relationship between the selected constructs and P-value determines the statistical significance of the models (Shrestha & Vassileva, 2019a). According to Chin’s guideline (Chin, Marcelin & Newsted, 2003), a path coefficient should be equal to or greater than 0.2 to be considered relevant. A model is statistically somewhat significant (*p) when p-value < 0.1, statistically quite significant (**p) when p-value < 0.01 and statistically highly significant (***p) when p-value < 0.001. Tables 5–7 each show the standardized path coefficient (β), t-statistics, p-value and R² across selected constructs for pre-test, SCS and DSS, respectively. The indirect and total effects of one construct over another construct in the presence of mediating constructs were also computed alongside.

Validation of hypotheses

For pre-test in the context of prototype model, the model presented in Fig. 5 shows causal relationship between perceived attitudinal privacy, behavioral privacy-technical protection, behavioral privacy-general caution, perceived security, trust and attitude towards BBS constructs. Considering the direct effects, attitudinal privacy (privacy concern) had very high significant effects on security (β = 0.64; p < 0.001) and trust (β = 0.313; p < 0.001), but an insignificant effect on attitudes towards system (β = 0.176; p > 0.05). In addition, attitudinal privacy also positively affected behavioral privacy-general caution (β = 0.465; p < 0.001) but had an insignificant effect on behavioral privacy-technical protection (β = 0.068; p > 0.1). The effect of security on trust was also highly significant (β = 0.529; p < 0.001), but insignificant on attitudes towards BBS (β = −0.104; p > 0.1). Finally, trust had a high significant positive effect on attitudes towards BBS (β = 0.724; p < 0.001). Thus, hypotheses H7, H8, H10, H11 and H13 were supported, but H9, H12, and H14 were rejected in the context of pre-test. Moreover, trust, privacy and security explain 59.8% of variance in attitudes towards BBS (R² = 0.598), security and privacy explain 58.8% of variance in trust (R² = 0.588), privacy explains 40.6% of variance in security (R² = 0.406), whereas attitudinal privacy explains very low, 21.6% of variance on behavioral privacy-general caution (R² = 0.216) and 0.5% on behavioral privacy-technical protection. R² value higher than 0.26 indicates a substantial model (Muller & Cohen, 1989).

For post-test study in the context of SCS, the model presented in Fig. 6 shows causal relationship between perceived ease of use, perceived usefulness, quality of system, security, privacy, trust, attitude towards SCS and intention to use SCS constructs. Considering the direct effect, perceived ease of use had quite significant effect on perceived usefulness (β = 0.356; p < 0.01) but insignificant effect on intention to use (β = 0.058; p > 0.1); therefore, H1 was supported and H2 was rejected. Perceived usefulness had relevant but somewhat significant effect on intention to use (β = 0.284; p < 0.1); thus, H3 was also supported. Quality of system had positive significant effect on perceived usefulness (β = 0.509; p < 0.001) and somewhat significant effect on intention to use SCS (β = 0.338; p < 0.1); therefore, H4 and H5 were supported. Attitude towards SCS had relevant but somewhat significant effect on intention to use (β = 0.25; p < 0.1); therefore, H6 was supported. The effect of trust was highly significant on attitude towards SCS (β = 0.534; p < 0.001); therefore, H7 was supported. Perceived privacy had positive significant effects on trust (β = 0.609; p < 0.001), attitudes towards SCS (β = 0.325; p < 0.01) and perceived security (β = 0.654; p < 0.001); therefore, H8, H9 and H10 were supported. Perceived security had insignificant effect on trust (β = 0.212; p > 0.1) and attitudes towards SCS (β = −0.165; p > 0.1); therefore, H13 and H14 were rejected. In the following, the explained variances include perceived usefulness (R² = 0.571), security (R² = 0.428), trust (R² = 0.585), attitude towards SCS (R² = 0.5) and intention to use (R² = 0.612). Therefore, R² value higher than 0.26 indicated a substantial model for SCS (Muller & Cohen, 1989).

Similarly, for post-test study in the context of DSS, the model presented in Fig. 7 shows causal relationship between perceived ease of use, perceived usefulness, quality of system, security, privacy, trust, attitude towards DSS and intention to use DSS constructs. Considering the direct effect, perceived ease of use had significant effect on perceived usefulness (β = 0.488; p < 0.001) but insignificant effect on intention to use (β = −0.173; p > 0.1); therefore, H1 was supported and H2 was rejected. Perceived usefulness had relevant but somewhat significant effect on intention to use (β = 0.495; p < 0.1); thus, H3 was also supported. Quality of system had positive significant effect on perceived usefulness (β = 0.427; p < 0.01), but insignificant effect on intention to use DSS (β = −0.009; p > 0.1); therefore, H4 was supported and H5 was rejected. Attitude towards DSS had relevant and positive significant effect on intention to use (β = 0.554; p < 0.001); therefore, H6 was supported. The effect of trust was highly significant on attitude towards DSS (β = 0.637; p < 0.001); therefore, H7 was supported. Perceived privacy had positive significant effects on trust (β = 0.495; p < 0.001) and perceived security (β = 0.82; p < 0.001), but insignificant effect on attitudes towards DSS (β = 0.097; p > 0.1); therefore, H8 and H10 were supported but H9 was rejected. Perceived security had significant effect on trust (β = 0.369; p < 0.01) but insignificant effect on attitudes towards DSS (β = −0.012; p > 0.1); therefore, H13 was supported but H14 was rejected. In the following, the explained variances include perceived usefulness (R² = 0.708), security (R² = 0.679), trust (R² = 0.683), attitude towards SCS (R² = 0.5) and intention to use (R² = 0.678). Therefore, R² value higher than 0.26 indicated a substantial model for DSS (Muller & Cohen, 1989). Table 8 summarizes the validation of our study’s hypotheses.

Total effect analysis

To address the first research question, we present the total effect of antecedents from the trust model on attitudes towards BBS as shown in Fig. 8. In the pre-test model, trust had the strongest total effect on attitudes towards BBS (β = 0.732; p < 0.001), followed by privacy on attitudes towards BBS (β = 0.586; p < 0.001) and security on attitudes towards BBS (β = 0.283; p < 0.1), which was marginally significant. In the SCS model, privacy had the strongest influence on attitudes towards SCS (β = 0.62; p < 0.001), followed by trust on attitudes towards SCS (β = 0.538; p < 0.001), while security had no significant total effect on attitudes towards SCS (β = −0.049; p > 0.1). Finally, the total effect statistic for the DSS model was similar to that of the pre-test model, with respect to first two strongest design constructs which were trust (β = 0.637; p < 0.001), followed by privacy (β = 0.596; p < 0.001). Security turned out to have no significant effect on attitude towards DSS (β = 0.223; p > 0.1).

To address the second research question, we present the total effect of the perceived design constructs on intention to use from SCS and DSS model as shown in Fig. 9. In SCS model, quality of system had the strongest total effect on intention to use SCS (β = 0.49; p < 0.001). Perceived usefulness had a weak total effect on intention to use SCS (β = 0.297; p < 0.1), while privacy had no significant total effect on intention to use SCS (β = 0.156; p > 0.1), followed by perceived ease of use on intention to use SCS (β = 0.153; p > 0.1) and security on intention to use SCS (β = −0.01; p > 0.1). In the context of DSS, Perceived usefulness had the strongest total effect on intention to use DSS (β = 0.495; p < 0.01), followed by trust on intention to use DSS (β = 0.353; p < 0.001) and privacy on intention to use DSS (β = 0.33; p < 0.001). Quality of system had no significant total effect on intention to use DSS (β = 0.202; p > 0.1), followed by security on intention to use DSS (β = 0.124; P > 0.1) and perceived ease of use on intention to use DSS (β = 0.069; p > 0.1).

Mediation analysis

To address our third, fourth and fifth research questions, we carried out the indirect effect analysis. We first investigated the mediating effect of security and/or trust over the relationship between privacy and attitudes towards BBS, then investigated the mediating effect of trust over the relationship between security and attitudes towards BBS, and finally investigated a similar mediating effect of perceived usefulness over the relationship between ease of use/quality of system on intention to use BBS. According to Baron & Kenny (1986), Hair et al. (2014), there is no need to check for the indirect effect if the direct effect is insignificant in the model.

So, for the pre-test model as presented in Table 5, we found the observed indirect effects for the selected predictors in the presence of mediating variables in the pre-test model. In the presence of mediating effect of both trust and security, the effect of privacy on attitude towards BBS slightly decreased from (β = 0.584; T = 6.868; p < 0.001 while excluding both trust and security) to (β = 0.412; T = 4.466; p < 0.001) with the variance accounted for (VAF) value of 0.703. The VAF is calculated as the ratio of the indirect path coefficient to the total path coefficient. With 70.3% VAF, trust and security had a partial mediation effect between privacy and attitude towards BBS. While analyzing the individual mediating effects between privacy and attitudes towards BBS, trust alone had positive significant effect (β = 0.226; T = 3.151; p < 0.01), but security alone had no significant effect (β = −0.068; T = 0.852; p > 0.1). So, our finding suggested that only trust played a crucial mediating role while security had no significant effect between privacy and attitudes toward BBS. Similarly, in the presence of mediating effect of trust, the effect of security on attitude towards BBS slightly decreased from (β = 0.538; T = 6.14; p < 0.001 while excluding Trust) to (β = 0.391; T = 4.348; p < 0.001) with the variance accounted for (VAF) value of 1.382. With 138% VAF, trust had a perfect mediation effect between security and attitude towards BBS.

For SCS model, as presented in Table 6, in the presence of mediating effect of trust and security, the effect of privacy on attitude towards SCS slightly decreased from (β = 0.619; T = 8.504; p < 0.001 while excluding both trust and security) to (β = 0.293; T = 2.23; p < 0.1) with the variance accounted for (VAF) value of 0.473. With 47.3% VAF, trust and security had a partial mediation effect between privacy and attitude towards SCS. While analyzing the individual mediating effects between privacy and attitudes towards SCS, trust alone had positive significant effect (β = 0.326; T = 2.683; p < 0.01), but security alone had no significant effect (β = −0.108; T = 1.466; p > 0.1). So, our finding suggested that only trust played a crucial mediating role while security had no significant effect between privacy and attitudes toward SCS. In the same SCS model, with the presence of mediating effect of trust, the effect of security on attitude towards SCS became insignificant from (β = 0.384; T = 3.304; p < 0.001 while excluding trust) to (β = 0.122; T = 1.191; p > 0.1) with the variance accounted for (VAF) value of −2.489. Therefore, trust had no mediating effect between security and attitude towards SCS since after adding trust predictor as a mediator, the indirect effect on attitude towards SCS became non-significant while the direct effect was also insignificant. Furthermore, in the same SCS model, with the presence of mediating effect of perceived usefulness, the effect of quality of system on intention to use SCS became insignificant from (β = 0.705; T = 11.127; p < 0.001 while excluding usefulness) to (β = 0.152; T = 1.557; p > 0.1) with the variance accounted for (VAF) value of 0.31. Therefore, perceived usefulness had no significant mediating effect between quality of system and intention to use SCS since after adding perceived usefulness predictor as a mediator, the indirect effect on intention to use SCS became non-significant while the direct effect was still significant.

In addition, with the presence of mediating effect of perceived usefulness, the ease of use on intention to use SCS became insignificant from (β = 0.559; T = 7.035; p < 0.1 while excluding usefulness) to (β = 0.108; T = 1.363; p > 0.1) with the variance accounted for (VAF) value of 0.706. Therefore, perceived usefulness had no significant mediating effect between ease of use and intention to use SCS since after adding perceived usefulness predictor as a mediator, the indirect effect on intention to use SCS became non-significant while the direct effect was also non-significant.

Finally, in the DSS model, as presented in Table 7, in the presence of mediating effect of trust and security, the effect of privacy on attitude towards DSS slightly decreased from (β = 0.6; T = 6.134; p < 0.001 while excluding both trust and security) to (β = 0.5; T = 2.319; p < 0.1) with the variance accounted for (VAF) value of 0.839. With 83.9% VAF, trust and security had a partial mediation effect between privacy and attitude towards DSS. While analyzing the individual mediating effects between privacy and attitudes towards DSS, trust alone had positive significant effect (β = 0.316; T = 2.726; p < 0.01), but security alone had no significant effect (β = −0.01; T = 0.053; p > 0.1). So, our finding suggested that only trust played a crucial mediating role while security had no significant effect between privacy and attitudes toward DSS. In the same DSS model, no mediation effect was observed for trust between security and attitudes towards DSS. Furthermore, in the same DSS model, with the presence of mediating effect of perceived usefulness, the effect of quality of system on intention to use DSS reduced from (β = 0.66; T = 7.82; p < 0.001 while excluding usefulness) to (β = 0.212; T = 1.846; p < 0.1) with the variance accounted for (VAF) value of 1.05. Therefore, perceived usefulness had a complete significant mediating effect between quality of system and intention to use DSD since after adding perceived usefulness predictor as a mediator, the indirect effect on intention to use DSD became significant while the direct effect was insignificant. This suggested that the indirect significant path between quality of system and intention to use DSD was contributed by perceived usefulness predictor construct. In addition, with the presence of mediating effect of perceived usefulness, the effect of ease of use on intention to use reduced from (β = 0.588; T = 6.385; p < 0.001 while excluding usefulness) to (β = 0.242; T = 1.946; p < 0.1) with the variance accounted for (VAF) value of 3.507. Therefore, perceived usefulness had a complete mediating effect between ease of use and intention to use DSD since after adding perceived usefulness predictor as a mediator, the indirect effect on intention to use DSD became significant while the direct effect was non-significant. This suggested that the indirect significant path between perceived ease of use and intention to use DSD was contributed by perceived usefulness predictor construct.