Security versus usability: the e-commerce conundrum

E-commerce sites are failing to present security measures in a user-friendly way

Experts at a recent roundtable event hosted by Oracle debated the results of a survey which casts new light on the problems faced by online merchants in balancing security with usability, and maintaining customer loyalty.

There were calls for e-commerce firms to better communicate with customers on the security steps being taken, and to approach online fraud prevention in a more sophisticated and multi-layered way.

The study, entitled Online Security: A Human Perspective, was commissioned by Oracle and carried out by user experience consultancy Foviance. The firm surveyed 550 UK consumers, gathering quantitative data which was then enhanced with qualitative data from the results of a diary study and focus groups.

The results suggest an "almost frightening" lack of understanding and awareness about online security and the resulting threats, according to Marty Carroll, director of consulting at Foviance. Although 15 per cent of respondents admitted to not understanding the risks, this figure is likely to be much higher given people's wish not to sound ill-informed.

"People were using vocabulary they didn't understand [like phishing and malware] because they'd heard it in the press," he said. "Press-led awareness should not be confused with real understanding."

The survey found that many current security measures are "cumbersome and non-intuitive", forcing many to circumvent such measures with risky strategies, such as writing passwords on bills or in diaries.

Furthermore, one in 10 consumers have defected to another vendor after feeling frustrated at the security procedures on a site, while 31 per cent would use a site less frequently if they encountered log-in problems.

"In the two-week period of this survey, there were eight episodes where people told others of bad experiences they had on a site," said Carroll. "It's difficult to quantify, but this is brand damage."

Carroll argued that security could be a core brand value if used correctly, and that brand can play an important role in creating the online trust which is vital to allaying consumer fears. Low consumer confidence online, he added, can directly affect revenue generation.

Des Powley, director of security at Oracle UK, called for a more sophisticated approach from online merchants and the vendors supplying them, which would try and approximate the 'one-to-one' relationship between shopkeeper and customer, but in the digital world.

"The vendors are trying to push risk out to the consumer, but the prevalence of online shopping means the consumer can go elsewhere if it is too difficult [to transact]," he said.

"We believe people need to look at it in a more balanced way. You have to build customer intimacy and drive security in a way that's convenient and seamless within the process the consumer is using online."

For example, merchants could use more sophisticated and multi-layered methods for identifying customers, such as monitoring behaviour and IP addresses, according to Powley.

Jeanne Gorman, business development director of identity and access management at BT, said that online merchants and service providers need to do a better job at communicating why certain security measures are in place.

The Visa and Mastercard 3-D Secure schemes, for example, could be useful in conjunction with other fraud management tools, but Gorman argued that most consumers do not know how the secure payment systems are protecting them.

"The retail industry has taken a lot of steps to protect payment information, and every retailer has to comply with Payment Card Industry standards. But it is not communicated to the average consumer," she said.

Carroll concluded by outlining the scale of the problem. Some 72 per cent of respondents indicated that they have had at least one log-in or security-related problem on a site in the past three months.

"Security is often treated as a cost rather than a growth enabler," he said. "But by removing the obstacles companies can reap the benefits."