To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/retailandleisure/0,3800011842,39166484,00.htm

Looks are good enough security for most web shoppers
Encryption low down on the shopping list

By Julian Goldsmith

Published: Thursday 22 March 2007

Look and brand are enough security assurance for the majority of online shoppers, with most not caring whether a site is encrypted.

According to research from web design company Webcredible, 40 per cent of the 1,200 people surveyed said they looked for 'https' in the url of a site to be assured that it is encrypted and secure.

But 42 per cent of respondents were comfortable making transactions on sites with reputable brands, or that had a professional look and feel.

For a further seven per cent, a phone number was enough to persuade them that their card details were safe if they bought something. Finally, six per cent were guided by written security assurances on the web page.

Webcredible MD Trenton Moss said in a statement: "It is frightening to see that some internet users will naively put their trust in a website based solely on the way it looks.

"Shoppers need to be clued up on what to look for to be sure their card details are safe when they make a purchase."

Webcredible urged online retailers to take five steps to calm shopper security worries:

1. 1 Provide written assurance about security policies
2. Include user reviews and have other site visitors rate the reviewers
3. Provide links to references of the company on other websites
4. Ensure content is up-to-date across the website
5. Include details of any affiliations or awards

Security company Verisign's EMEA marketing director Mike Davies agreed that the survey is positive overall, but indicates online retailing still has a way to go. He said: "Consumers are still confused. They don't know for certain that they are on the right site. We need to provide a more obvious signal to them that they are dealing with a the true website [rather than a phishing site]."

Davies recommended Extended Valuation SSL (EVSSL) to online retailers, which among other things causes the address bar to turn green if the site is bona fide and red if suspected to be a phishing site.

He added the caveat that the software doesn't operate with early browsers and operating systems, so wasn't a "silver bullet".

Davies said that 300 organisations have already signed up to EVSSL, including eBay and PayPal.