“E-commerce sites are failing to present security measures in a user-friendly way”.
This article struck me as very interesting as I am presently conducting usability testing with a financial services’ Web site, on its newly redesigned information on security section aiming at better serve and educate their online clients about security issues.
The challenge is to reassure fearful clients regarding all the measures offered to them, and sometimes even guaranteed to them. But the key question is how much information is enough in such contexts? For some users, reassuring them implies exhaustivity, and for other, it means clear but short basic security statements along with the right cues during interaction, like the security lock icon which should always be there, right in your face.
Here are the first lines of the article but the best part are the results!
“Experts at a recent roundtable event hosted by Oracle debated the results of a survey which casts new light on the problems faced by online merchants in balancing security with usability, and maintaining customer loyalty.
There were calls for e-commerce firms to better communicate with customers on the security steps being taken, and to approach online fraud prevention in a more sophisticated and multi-layered way.
The study, entitled Online Security: A Human Perspective, was commissioned by Oracle and carried out by user experience consultancy Foviance. The firm surveyed 550 UK consumers, gathering quantitative data which was then enhanced with qualitative data from the results of a diary study and focus groups.
The results:
They suggest an “almost frightening lack of understanding and awareness about online security and the resulting threats…with only 15 per cent of respondents admitted to not understanding the risks”[...]“People were using vocabulary they didn’t understand [like phishing and malware] because they’d heard it in the press”. [...]The survey found that many current security measures are “cumbersome and non-intuitive”, forcing many to circumvent such measures with risky strategies, such as writing passwords on bills or in diaries.”
Read more! Here is the full article by Phil Muncaster, from V3.co.uk, formerly VNUNET.com.
July 6th, 2009.
It is interesting to read the results in the light of Jakob Nielsen’s recent alertbox (June 23rd, 2009) discussing Usability issues around masking password design practices, and claiming that “Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn’t even increase security, but it does cost you business due to login failures.”
