A Forrester report points out challenges faced by some business-to-business firms working online.
(Page 2 of 3)
VeriSign researches the backgrounds of companies that apply for its seals-including researching the financial documents and the background of key executives-to assure that these are legitimate retail operations. Even well-known retailers like having the VeriSign seal so that shoppers know that the site they are shopping on really belongs to the retailer they think it belongs to and not some criminal impersonating a well-know retail chain or catalog brand.
Callan estimates that VeriSign’s security logo is on 57,000 web sites today, including about half of the Internet Retailer Top 400 retail sites. While VeriSign is still collecting information from its retailers that could document increased sales from the use of its logo, its executives point to outside research that shows consumers want more authentication.
Callan notes that a study by London-based TNS PLC, a market research company, in April 2005 found that 75% of online shoppers surveyed say they have abandoned a retail site at one time or other due to security concerns.
When those customers who admitted to site abandonment were questioned further, 90% said they would have gone ahead with the sale if they had seen a recognized security market, Callan says.
Opening the shopping options
In addition, consumers are right to be worried about identity theft. Such fraud represented 37% of Internet-related complaints to the Federal Trade Commission in 2005, the FTC reported in January. “With the rise of phishing and other Internet-related fraud, we live in a world where there is a lot more attention on consumer fraud and that makes customers more uncomfortable about shopping at sites where they don’t know what security measures were taken,” Callan says.
While many retailers have pages on their sites that explain their security measures, a simple logo that says this site was recognized by a known security authority is often more meaningful, Callan says.
ScanAlert does not have a marketing program directed at consumers to look for the safety seal. But ScanAlert estimates that 10 million consumers a day see its logo on web sites and have come to know what it means just through its market presence. In addition, shoppers who click on the logo get a pop-up with an explanation of what the certification means.
VeriSign does conduct some limited consumer marketing, however Callan also notes that having customers see its logo at so many sites does more to get customers to recognize the significance of that logo than any consumer marketing campaign VeriSign might conduct.
Not only do certification programs give comfort to consumers who are afraid to shop online at all, but they also open up the number of retail possibilities to those consumers who will shop online, but only at retailers with whom they are familiar.
“A lot of consumers shop only with a few retailers that they are comfortable with rather than explore all of the options that are available,” Leonard says. “These consumers are missing the full potential of Internet shopping.”
With phishing scams in the news, there is even concern that some criminals will illegally use the logos of respected retailers and pretend to be those companies in order to get customers to hand over their credit card numbers. One way for customers to verify that the site they are shopping on actually is the authentic site of that retailer is to click on the security seal. “When people click on the VeriSign seal on a site, they are shown who actually owns that site and they can verify that the retailer is who it says it is,” Callan says.
Certification is ongoing and, in the case of ScanAlert, the audit takes about two hours and is conducted daily. If a company at any time receives a ranking of 3, 4, or 5, on a scale of 1 to 5 scale with 5 having the most serious problems, it must fix problems within 72 hours or take the certification logo off the site. The audit looks at both server level security as well as any open ports or web applications that might be vulnerable. Rankings of 1 or 2 are typically “information disclosures” where there is not a breach in security per se, but companies may be giving away information about its security in such a way that a hacker might take advantage of it. In such cases, retailers are notified of potential problems.
VeriSign does its research upfront by checking the financial records and other documents to certify that a retailer is legitimate. It does not actually inspect the security-related technology the retailer uses.
Once a retailer has achieved certification, one of the big questions becomes how to display the certification seal. There is actually a trick to making sure customers see the seal.
Frederick’s puts its security certification on its home page, on each product page and at the check-out. “We’ve tested putting the logos in multiple places such as the top and the bottom of the page,” Rhyan says. “The larger the logo was, the greater the conversion rates, but we need to weigh increases in sales conversions against concerns that the logo could become too intrusive. We don’t want anything that will interfere with our own logo.”
Indeed, for logos to be effective, they need to be “on every product page, preferably above the fold,” Leonard says.
VeriSign’s Callan agrees. “You need to put the certification on every page where purchases are made. The best strategy is to put the mark near the buy button so that customers see it when they are deciding whether or not to make a purchase. You also need to put the logo on the home page or you may not get the customer engaged enough to go farther.”
One big mistake that some retailers initially made, Leonard says, is putting the security logos only on the checkout page. “Once consumers get to that page, they have already made the decision to buy. You need to have the logos on the product pages to avoid abandonment.”