It isn't really necessary to have the customers name etc collected on a secure server. This info is not sensitive and is accessible to anyone who wants it ie phone book, electoral roll.

as long as CC details are secure that is all that matters.

Unless you are paranoid or just don't know what you are talking about IMHO

How do they know it is putting people off buying? If the paranoid customers are contacting the company in any form they are releasing some form of information in a non-secure way, even if it is just an email address to complain or someone over-hearing their conversation with a scanner. As Jo says, there are 1001 ways to gather information about the person online and off.

It is more likely the site is losing customers due to some other factor (content, price, delivery charges etc) rather than non-secure address pages.

There are paranoid or ignorant people out there....

Hi,

I went looking for this thread because a customer just emailed us with exactly this concern - they didn't want to enter their address because the site 'isn't secure'. We use WorldPay, so their CC details should be reasonably secure, eh?

But...how much can we tell them? Are the addresses held on the site in encrypted form until download? Is there any other positive message we can give about security in the address part of the process? At least we can make warm noises for them then.

(Telling them that anybody could get their address off the electoral roll or phone book isn't very positive, and isn't true if they've opted to be excluded from the public versions of both - now THAT's paranoid. But then, paranoid people still spend money).

I think this is an area where there's a gulf between those that know what's going on and those that don't. We need to cater for both groups, and an un-padlocked start to the checkout process isn't very reassuring for the latter group.

Any more thoughts welcome...!

Neil

I can only add to the debate.

1. Yes, Order details, including the address are encrypted before being stored. i.e. Once they've been completed no-one can see them.

2. Be sure to tell them that the important bits, like Credit card details, are entered on a secure page so no-one can possibly see them.

3. Why would anyone want to hide their address details?. The most insecure part of the process is going to be the post office employees and you can't get your parcel delivered without them finding out where you live.

Some people are just too paranoid.

Mike

Adding another layer to the paranoia - the email confirmation contains their address but will be sent un-encrypted anways - so anyone desperate to know where they live could in theory intercept their email and find the address there - but again the chances of that are improbably small and if the customer is that concerned they should set up a PO Box or collect and pay in cash

Then again, if the the client's paying....

I think Actinic allows you to run the checkout under SSL, if you have your own certificate.

I think this is where the concern is, that compared to Woolworths who probaby do run the checkout under SSL, it 'seems' insecure.

You know it's secure, I know it's secure but the client may not and the customer may not.

Hi there

Yes this is correct, by going into "View | Business Settings | Payment and Security", Where it says "SSL", you would put a tick here, then select "Checkout Page and Customer Login only".

For more information on setting up SSL with Actinic, please check the following guide: http://www.actinic.co.uk/hosting/doc...or_Actinic.pdf

Kind Regards

Nobody take this the wrong way its just ‘Food for thought’… I think we might need to change the way we think as regards ‘customer paranoia’ to ‘genuine customer concern’ because right now there are a lot of scare warnings on TV, Radio Tabloids etc... about ‘identity theft’, Internet scams and people’s Bank details on view to the world over the Internet etc…What advice do we give to someone wanting to buy online?, we say “look for the golden padlock – https” and not much more after that really. These are the things that stick in people's minds in my opinion; well I look for this myself. We might say phone or check their address out…but WE do that, most customers don’t, how many customers in proportion to your sales actually phone up, exactly, it doesn’t get that far, the missing padlock has put them off.

So to people who don’t really understand the Internet, I can appreciate how they could easily become worried, concerned and to some extent a little paranoid, but if they really was paranoid, would they be on the internet buying anyway? Both myself and a client of mine have had phone calls from people wanting to buy from the websites, they wanted to know about the section where their home address was, saying that its not secure…after doing my best to convince the buyer that it was safe, we put the phone down and we never did get those sales. I know there’s an argument about people being able to get details from a number of places, like the electoral roll etc, but I don’t think this is what’s going through the customers minds when giving their details online, it could be that they are worried about giving you all their details even though your site is not as concerned about their private info as they are.

Ask yourself…Do you believe the Internet is safe and secure? What is true is that most crimes regarding credit cards are committed offline, but to someone new, all they are thinking is that a lot of their personal info is being given to some stranger all at once, can they trust you? Why should they trust you when it’s so easy for them to go to Argos? It’s better to be safe than sorry and for me, I think there is a decent percentage of customers turned away because of not feeling secure. I don’t have facts because most people don’t bother to explain why they are not buying from us.

Remember we are trying to make money and why not cover all viewpoints especially when it comes to security. So with all the competition against us it’s in our interest to do what we can to get every sale. So for me I will be using the dedicated SSL from now on to make sure the padlock is there as soon as any personal info is being taken. Anyway that’s just me looking at it from another point of view, I could be totally wrong. Mind you some people say that I am totally paranoid!

(I promise I will keep my posts shorter in future, I need a brew!)

I guess that's the crux of the issue - over zealous scarmongering in the tabloids creating fear amongst the net users that are not that net-savvy. Alas there is no required test or exam to pass before you are allowed online to teach people what to look out for and how to avoid trouble.

Of course any Tom - Dick or Thief can set up a website with a golden padlock across the board so at least only the site operator is going to rip you off and not anyone hacking into the site. No amount of education and training will stop that if the dodgy site is done properly.

Some people will always like a brand identity and prefer to shop with Argos, M&S, Tesco etc no matter what security is in place and no matter how good a deal the non-brand site has on offer. The trick is converting people over slowly but surely - and if that means having SSL on the address as well then go for it. I have one customer who is a director for one of the search engines and he sends his credit card details via email! I have others who print out the online form and send it off with the card details manually written down despite them being customers for the past 3 years or so!

The hardest task for anyone designing / operating their own site is to think as a non experienced user does and implement the necessary improvements - although you can bet your last dollar someone else will be on the phone again with another issue!

In Design!Options!Shop Defaults!Page Header we have placed a text, designed to assist users having problems using the site asking them to contact us by phone to place their order. It is very prominent, with our contact telephone number displayed, as well as an invitation to email us with their contact details so we can call them to take the order. Since adding this message we have seen a significant increase in telephone orders generated by our site. I'm sure some of these are from customers who feel more comfortable using traditional methods of ordering. This would also include users who don't trust the internet with their details.

Regards
Brian

I will weigh in with some experiences here.

First I believe the customer’s perception of security on an ecommerce site is proportional to the success an ecommerce site yield. In other words if a "customer" believes the site is secure they will be more likely to purchase then abandon their purchase. Experience tells me you must develop this customer’s perception of security on every single page of the website. The majority of website "customers" have no clue as to what is secure or insecure from a technical perspective. However the major credit card companies have made it their business to reinforce their version of security on their customer base, so it’s worth a visit to http://visa.com to get a better understanding of what the credit card companies are telling their users.

There are several things a merchant can do to build the perception of security on an ecommerce site, here are a few:
Make your site look professional with quality design.
Make your site highly functional and code error free
Post your company details with full address and contact information so that it is prominent and easily accessible:
Use a quality Full SSL certificate which can be clicked on for business verification
Brand the SSL security on every page of the website
Place your phone number in the header so it is easy to find
Place your terms and conditions in plain English so that it is easy to reference from any page on your web site
Have a privacy policy and adhere to it
Offer live chat on every page of your site.
Brand The BBB logo or another credible consumer advocate association.

Here are a few easily made mistakes that should be fixed:
Bouncing the checkout page to an alternate domain (the perception of phishing)
Not posting your complete company details
Not posting your return policy
Using a merchant account under a different name from that of the website owner
Using unknown security methods (actinic java encryption, bobs house of shared SSL)

I think it is important to focus on peoples (customers) perceptions of security. Remember most users really do not understand the technical aspects of security. Explaining security in a technical and detailed fashion will only scare non techie people away. If you make people comfortable and give the feeling of a professional organization your sales will most definitely increase.

One extra tid bit: I helped a jewelry site with some search marketing and shopping cart conversion. We ran some analysis and found lots of folks abandoning the cart. To correct this we implemented two text links on to the "return policy" and a second to the "Satisfaction guarantee" place with the add to cart button on every product. The statistics quickly showed that the pop up page for return policy soared as far as number of visitors (usage). As well their conversion ratio jumped by more then 10%.

Simple changes to your website can make a big difference. Security is paramount. Sure Solutions recommends Geotrust SSL or a good real time payment provider. I do not believe securing the order form pages would be necessary however Amazon, EBay and Buy.com all secure the orderform so it should be a topic Actinic development should consider.

Brian

Great post Brian, some good simple things to implement.