Thursday, January 19, 2017

forms - Showing "this is secure" on credit card entry screen


Should I show some sort of "this site is secure" puffery (e.g. lock image, or some brief "this site is secure" boilerplate) on my credit card payment screen? If so, what should it look like? If not, why not?


I do want my customers to feel confident (as well as actually be safe) if they choose to enter their credit card details to pay my clients. I also want them to learn a healthy cynicism. Most of my customers are likely to have a very low level of technical knowledge about internet security and are usually either too trusting, and (in some cases) too suspicious of the wrong things.


I even had a customer call me up saying he wasn't sure if my payment page was secure because it didn't have any "padlock" image within the page. (yes, the page had a valid SSL certificate, the customer had the correct URL, and his version of Chrome was showing it with the green padlock with the "Secure" label at the time - after pointing this out he was happy to proceed).


I just feel it's a bit strange to splash a "this is secure" badge on a page because I know it means nothing, technically - because a phishing page would just as easily show the exact same badge.



Assumption: that my site is actually secure (let's just say I've tried my best and will continue to improve as much as possible).


For reference, here is the page as it currently stands:



Here's a mockup of what I mean:



UPDATE after some modifications:




Answer



Funny thing, I just did the research on this recently, because we faced the same "issue" in our e-commerce shop.


There is a good Baymard article referencing exactly this:




Visually Reinforce the Credit Card Section


One method we consistently observe to perform well for increasing users’ perceived security of sensitive fields is to visually encapsulate them. This can be achieved simply by using borders, background colors, shading, and other visual styling that will make one part of the form seem more robust than the rest. Remember: this is about perceived security of the fields, not their actual technical security.



So what we ended up doing, as nonsensical as it sounds, is actually add the word "secure" to the payment headline and a little lock icon near the credit card input field.




Note: This could be perceived as manipulative (referencing your healthy cynicism point), but I would argue it is simply a method to calm the user, since the page itself should already be technically robust.


You could also purchase a trust seal for your site, to give your users something to hold on to when judging the seriousness of your shop. The Baymard article references these too.


Since our shop is already quite known here and trusted we didn't feel the need for one in our case.





Edit: As Jeffrey noted in the comments, the seal itself might not add much security either.
What really can help though, are user reviews. Like in this example, where you can click on the seal icon and open the site with the actual reviews.


No comments:

Post a Comment

technique - How credible is wikipedia?

I understand that this question relates more to wikipedia than it does writing but... If I was going to use wikipedia for a source for a res...