A new study by Oracle, “Online Security: A Human Perspective”, has found that current security technologies are actively hampering the growth of online commerce in the UK. The conclusions in the report are based on in-depth interviews conducted by Foviance with UK consumers who regularly use the internet, investigating their experiences of online security and its impact on their behaviour.
The research identified that:
- Consumers appear to have contradictory attitudes towards online security, with perceptions very much ‘press-led’ and fuelled by assumptions of the potential threats and expectations about their rights
- Online retailers need to demonstrate a greater understanding of instinctive human responses to security. Customers want reassurance, demonstrating this with their buying preference for trusted brands, but they do not want it at the expense of convenience.
- Respondents cited a number of frustrations that have led to them abandoning online transactions, including being perplexed by username and password selection rules, being forced to wait for an email password reminder and being flummoxed by password reminder questions
The survey also found that:
- 72% of respondents have had at least one problem in the past three months alone
- The number one reason for discontinuing a transaction was the process taking too long (48%)
- 38.9% said that a purchase process with too many steps is a barrier to online shopping
- For survey participants that had abandoned a purchase in the last 12 months, 16% did so because the transaction took them to another website, such as 3D Secure
- 31% of people surveyed were likely to use a site less frequently if they encountered login problems
- If consumers have to make a risk assessment of two online sites, weighing up the merits of a price-based one against those of a recognised brand, attitudes to online security tend to drive the consumer to the latter. Furthermore focus group respondents suggested they would be willing to pay a premium for such products and services.
Based on the findings, Oracle recommends ways in which both the customer experience and brand loyalty can be improved, without compromising security:
- Take the onus away from the customer and reassure them: Customers are anxious about security and do want online transactions to be protected
- Companies should publish highly visible third-party security certification logos, so that customers immediately recognise that each click, transaction or purchase is secure
- Businesses should also make their own security and privacy policies highly visible, with customer reviews and ratings on show for visitors to see
- By analysing the origin and nature of incoming transactions, behavioural intelligence and profile information can be gathered to generate a risk score for each transaction, allowing continual assessment of threat levels and the ability to dynamically update policies and respond to new threats
“It’s time to stop viewing IT security as a castle and moat; companies need to take a more sophisticated approach and that requires a shift in mindset,” says Oracle’s Des Powley. “Done well, security can be an enabler of online activity, whether that is retail ecommerce or engagement with public services. Organisations must remember that security is an emotive subject that understandably triggers very primitive instincts for consumers and citizens. It’s time to be more strategic, which includes using technologies such as adaptive authentication and single-sign-on all delivered seamlessly with the service.”