Creating Trust Online - Blog
Why should customers trust your e-commerce site? An important part of successful e-commerce is customer trust. Without it, people won't buy from you.
There is a set of effective techniques for online traders to build trust with customers. They involve encrypted communication using keys supplied via a trusted third party, and they significantly reduce the risk of "man-in-the-middle" attacks or similar eavesdropping by hackers.
Some time ago we partnered with Comodo, the SSL certificate issuers, to make sure our clients would never have to worry about the security aspect of e-commerce. They offer extremely high encryption levels but are fast and don't add significantly to the cost of a project.
But we would argue that building trust isn't just a question of installing the right software and obtaining certificates from certifying authorities. Buyers aren't very interested in the technology behind a secure sales system, but rely a lot on how they feel about the site – how it looks, the information about security it provides, and what they've heard via word of mouth.
So when we build e-commerce sites, we also think about building trust using effective design and content. In other words, we have a two-pronged approach to security and trust that involves both getting the technology right and reassuring the customer they are safe.
What's under the bonnet?
The Secure Sockets Layer (SSL) protocol and its newer incarnation Transport Layer Security (TLS) are very popular ways to make sure an e-commerce sale is transacted securely. And they are not just used for e-commerce - similar methods are used when you log in to your email or check your bank account.
They solve two problems: Firstly that you cannot be sure your internet connection has really gone to the site you think it's gone to. Secondly, that somebody might be listening in to your communication, picking up confidential information such as your credit card number or date of birth.
By using two keys and a certificate authenticated by a recognised organisation such as Thawte or Verisign, a browser will encrypt the information you send to the server, and the server will encrypt any information it sends back to your browser. The keys mean that only you can unlock the messages being sent between browser and server.
If there is no certificate to show that the keys are valid, or the certificate is invalid or out of date, then your browser will stop the communication.
Two ways to create trust
At tripledub we recommend and install this technology as standard for e-commerce sites. But since the technology is complex and really of no interest to the average website user, we also consider how to create trust through the way a site is presented.
Most users don't even know that this sort of technology gives a high level of security but they do often consider a number of less reliable factors. Take this example from a recent paper about trust and e-commerce which interviewed typical internet users:
"I think the issue here depends on the website, I mean if the website is well known and rated by users, then that is secure and includes an actual address and telephone number then this site is secure.....
The reputation of feedback on a website and the rating by customers, and their experience with a website gives proof that the website is secure and credible."
And the irrelevance of the technology is confirmed by further research which looked at the branding provided by certifying authorities:
"Trust signs such as padlocks are cheap to emit [display on a website], and appear to elicit positive reactions; even though there may be no link to any tangible form of security protocol (simply an image of a padlock does not supply security assurance).
Paradoxically, third party seals such as Verisign trust seals, appear to be only weakly associated with positive trust perceptions."
So we also consider how best to present a privacy policy, the use of customer testimonials, whether a site can be enhanced by highlighting its association with known brands such as the banks or online security firms.
In this way we take a dual approach: We increase security in reality, using SSL certification from Comodo, and we back that up with elements that will also increase the perception of security.
Further reading
If you'd like to find out more about how TLS works, don't hesitate to get in touch with us here at tripledub. The following presentation also explains the technology and methods behind it:
http://computing.ece.vt.edu/~jkh/Understanding_SSL_TLS.pdf
Security Perception in E-commerce: Conflict between Customer and Organizational Perspectives by Mohanad Halaweh and Christine Fidler of De Montfort University:
http://www.proceedings2008.imcsit.org/pliks/35.pdf
A Card-Sorting Probe of E-Banking Trust Perceptions by Tim French, Kecheng Liu and Mark Springett, published by the Chartered Institute for IT: