Security versus usability: the e-commerce conundrum

E-commerce sites are failing to present security measures in a user-friendly way

Experts at a recent roundtable event hosted by Oracle debated the results of a survey which casts new light on the problems faced by online merchants in balancing security with usability, and maintaining customer loyalty.

There were calls for e-commerce firms to better communicate with customers on the security steps being taken, and to approach online fraud prevention in a more sophisticated and multi-layered way.

The study, entitled Online Security: A Human Perspective, was commissioned by Oracle and carried out by user experience consultancy Foviance. The firm surveyed 550 UK consumers, gathering quantitative data which was then enhanced with qualitative data from the results of a diary study and focus groups.

The results suggest an "almost frightening" lack of understanding and awareness about online security and the resulting threats, according to Marty Carroll, director of consulting at Foviance. Although 15 per cent of respondents admitted to not understanding the risks, this figure is likely to be much higher given people's wish not to sound ill-informed.

"People were using vocabulary they didn't understand [like phishing and malware] because they'd heard it in the press," he said. "Press-led awareness should not be confused with real understanding."

The survey found that many current security measures are "cumbersome and non-intuitive", forcing many to circumvent such measures with risky strategies, such as writing passwords on bills or in diaries.

Furthermore, one in 10 consumers have defected to another vendor after feeling frustrated at the security procedures on a site, while 31 per cent would use a site less frequently if they encountered log-in problems.

"In the two-week period of this survey, there were eight episodes where people told others of bad experiences they had on a site," said Carroll. "It's difficult to quantify, but this is brand damage."

Carroll argued that security could be a core brand value if used correctly, and that brand can play an important role in creating the online trust which is vital to allaying consumer fears. Low consumer confidence online, he added, can directly affect revenue generation.