This is a guest post by Salvatore Schiano, a researcher serving Security & Risk Management professionals.

The dark web is an underground marketplace for drugs, stolen credentials, stolen financial and medical records, and other illicit products and services. Cybercriminals use it to monetize breached data, but they also use it to buy and sell exploits and ransomware (customer service and support included). The privacy of the Tor browser, coupled with cryptocurrencies, enables criminals to operate incognito. From a business perspective, it would be easy to dismiss this criminal marketplace, but lessons can be learned from this scary place where customers can get what they want when they want it. The surprising key ingredient to the dark web’s success: trust.

According to authors Scott Duxbury and Dana Haynie of new research published in the Journal of Quantitative Criminology, trust is the primary motivator among dark net consumers.

“Vendors’ trustworthiness explains more variation in the overall network structure than the affordability of vendor products or the diversity of vendor product listings.”

Marketplaces use reviews and ratings to evaluate sellers, similar to Yelp or Google Reviews, and this is how buyers determine if the seller is legitimate. The study found that first-time buyers (who accounted for 82% of the users in the study) valued trustworthiness of a seller more than low prices.

“The results indicate that vendors’ trustworthiness is a better predictor of vendor selection than product diversity or affordability.”

When we scoured the dark web for medical device exploits last year, we observed that is was the age of the customer on the underground too. A wide selection of products and vendors and access to seller reviews and information gives buyers the power to dictate what they want and how they get it.

Buyers are making informed decisions about the products that they’re purchasing, which makes sense for a normal person who can buy their prescription inhaler online at a fraction of the cost they would legitimately from drug companies. The study also revealed that the increasing cost of pharmaceuticals is sending more people to the underground for their prescriptions.

Not only do the biggest sellers have the most positive reviews, some even offer free shipping “with your purchase of $50 or more!” to attract more customers. Vendors have gone out of business from enough poor reviews. This new research confirms it and calls on law enforcement agencies to play the game of disgruntled customer; use an alias to give sellers bad reviews to weaken trust and deter first time buyers.

Further, the study confirms the role of loyalty in this market: Of the first-time buyers who returned to the marketplace for a second purchase, only 30% shopped around.

Cybercriminals seem to intuitively understand the link between trust and customer acquisition, retention, and enrichment, but security leaders still struggle with the concept. Forrester’s survey of global business and technology decision makers at large enterprises found that 72% said improving customer experience was a top priority. However, less than half of security leaders are helping improve the security of their company’s products or enabling the adoption of new technologies to improve customer engagement. Today, too many security leaders still focus a disproportionate amount of their time and resources securing back-end systems of record and acting as an authoritarian determined to eliminate all risk rather than as a pragmatic business resource. It’s time for security leaders to take a page from the cybercriminal handbook and focus on customer trust.

For more information on how security leaders can build customer trust and loyalty, see:

How To Become A Superstar Security Leader 

The Future Of Data Security And Privacy: Growth And Competitive Differentiation

Top Seven Recommendations For Your Security Program In 2017