I need to dig it up, but PayPal once did a security presentation on “trust indicators” like EV certs related to user behavior.
The conclusion was essentially that trust indicators offer no benefit at all and can even go as far as creating harm since it could encourage a user to trust an entity that they don’t know if the system is abused. The psychology of it boils down to this: people trust lots of sites, services and other people who haven’t paid extra for these trust indicators and because of that it’s not going to change their behavior at all.
On the flip side, inline and accurate warning indicators go a long way towards making users more cautious. Big red warnings from Google about users outside your domain for example.
The conclusion was essentially that trust indicators offer no benefit at all and can even go as far as creating harm since it could encourage a user to trust an entity that they don’t know if the system is abused. The psychology of it boils down to this: people trust lots of sites, services and other people who haven’t paid extra for these trust indicators and because of that it’s not going to change their behavior at all.
On the flip side, inline and accurate warning indicators go a long way towards making users more cautious. Big red warnings from Google about users outside your domain for example.