Building Online Credibility

Confidence is not easily won with consumers or prospectives, especially on the web. Paying attention to credibility and how a website expresses it can lead to better conversion rates for e-commerce websites, whether it is for product sales or lead generation. The messages you communicate and how you communicate them will largely be determined by two important factors:



    1. Customer Types or Consumer Demographics


    1. What you want the visitor to do when they get to your site



Consumer Reports Webwatch Guidelines

But the online reality today is that few Internet users say they can trust the Web sites that have products for sale or the sites that offer advice about which products and services to buy. Only 29 percent of users say they trust Web sites that sell products or services. And just 33 percent say they trust Web sites giving advice about such purchases. That compares to 58 percent who trust newspapers and television news and 47 percent who trust the federal government in Washington.

From the old hands to the newbies online, users want the Web sites they visit to provide clear information to allow them to judge the site’s credibility. Users want to know who runs the site; how to reach those people; the site’s privacy policy; and how the site deals with mistakes, whether editorial or transactional. For example, 80 percent say it is very important to be able to trust the information on a Web site — the same percentage who say it is very important that a site be easy to navigate.

Internet users were asked about six specific Web site policies and information for e-commerce sites. For each of the six policies examined, more than three-quarters of users say that it is very important that e-commerce sites provide specific, accurate information about the site’s policies and practices. For example, a total of 95 percent of users say it is very important that sites disclose all fees, while 93 percent attach the same emphasis to statements of the site’s policy on using personal information.

For example, about three in five (57%) have read at least most of the policies about credit card use on the sites they visit. Just 35 percent report reading the privacy policies on most sites and only 22 percent report reading the “About Us” pages that provide key information about the site, such as its personnel, goals and purpose. Although users may not always be diligent in reading this type of key information, they are consistent in their demands that the Web sites make the information easily available when they do want to read through the policies and practices.

1,500 Internet users age 18 and older

E-commerce sites overall draw dismal ratings, even among those who use them. Only three in ten (29%) say they trust e-commerce sites either “just about always” or “most of the time” while more than six in ten (64%) trust them “only some of the time” or “never”.

That puts credibility right up with ease-of-use at the top of the users’ list: An identical 80 percent say that it is very important that the site be easy to navigate.

The impressive reality of these findings is further strengthened by the fact that these opinions are strongly held across groups and across the varieties of experience with the Internet. There is not much variation by age, race, income, or education. And the variations that do exist are overshadowed by the fact that three-quarters or more of each group take the same position

About a third of users (32%) say who owns a site is very important, with another third (33%) saying it is somewhat important. About one in four users (24%) say knowing which businesses and organizations support a site is very important, while 37 percent say it is somewhat important.

A Web site’s display of seals of approval from third parties is far down the list of items that the users say are important. Only 19 percent say it is very important to see such seals, while 41 percent say it is somewhat important. Thirty-eight percent see no importance in such seals of approval.

A site’s display of awards and certificates also doesn’t buy much with users. Only one in ten (9%) find it very important and less than a third (30%) find it even somewhat important. A majority (59%) do not find it important.

Almost 6 in 10 read all or most of these policies

Those users who have attended or graduated from college use their cards more freely than those who never attended college (73% v. 51%).

Those who use a credit card on the Internet do not feel secure. More than six in ten (65%) worry a lot or somewhat that someone might obtain their credit card number and misuse that information. This worry is particularly acute among people who have not attended college (74%) compared to those who have attended or graduated from college (61%). Those who have been online more than three years show less concern (61%) than those who have been online for six months or less (75%). Visitors to e-commerce sites worry about this to a similar degree as those who don’t (64% v. 69%).

Those who know what a cookie is and have cookies enabled on their browser have a significantly different view on privacy and credit card protection than those who don’t have them enabled or do not know about cookies. More than eight in ten (84%) of those who have cookies enabled use a credit card online compared to slightly more than half (55%) of those who don’t allow cookies. More than nine in ten (90%) have provided personal information to Web sites, while just 65% of those who don’t have cookies enabled have done the same. Those with cookies enabled are more likely to look at all of credit card protection policies compared with those whose browsers do not accept cookies (40% vs. 30%). The difference on privacy policies is not as great, but slightly more of those who have cookies enabled look at some of these policies compared with those not using cookies (53% vs. 46%).


Specific and browser compatible privacy policy

Confidence Affiliations



      • With one icon you communicate a resolution policy you abide to


      • You take security to the next level and can prove it




Don’t use email addresses for logins!


From a discussion on Slashdot:

pros for using email as login:

1. guaranteed unique, though you’d be a fool to not have check.
2. users forget it slightly less
3. you have to send verification/password anyway

cons for using email as login:

1. What if a user has more than one email address?
2. Email addresses make reasonable unique keys, but slow indexes, especially since many are very similar
3. users may use disposable [] email addresses and suddenly you cannot contact them

However, if you read what prompted the discussion in the first place:

CNet is running a story about how spammers and phishers can learn about our surfing habits to better target their attacks. According to the article, web sites that use e-mail addresses as IDs are vulnerable to attacks that could leak their users’ email addresses. These attacks are performed by requesting a password reminder for an address or trying to register with it.”

You begin to see other problems more related to security and privacy, rather than just design/implementation issues.

The best quote though:

“Here’s another one, and it ties into the original posting: it’s the same problem as using biometrics for identification: using an ID or password that’s hard to change. You don’t want to use that kind of ID casually, because you want to make sure that people who have your ID have an incentive to be at least as careful with it as you would be.

If you use your thumbprint to pay for a drink at a bar, how good a job do you think the bar is going to do about making sure someone else doesn’t game their sensor with a bit of latex on their fingertip? If someone steals your credit card, you can cancel it and get a new credit card. If someone steals your thumbprint you’re hosed.

This is the same kind of thing. If someone finds out that there’s someone with the handle “fishdan” on slashdot, they don’t have anything useful. If they have your email address, they have something useful that’s hard to change (look at me, I’m using year-tagged email addresses and I’m thinking of going to month tags). Plus, if you DO change your email address you have to change it EVERYWHERE (which is why I’ve got spam filters that reject entire countries for my main email address… because I’ve had it for about as long as personal domains have been available and I’m really loath to dump it).

And because of all this, what this means is that all email addresses have to be treated as disposable, even the supposedly private ones you use for account registration only. Which means that now your email address has the same problem as any other name: you have to remember a bunch of them, you have to remember where you used them, and if you only keep ’em long enough for the verification you can’t relogin with the old address.”

Ultimately, you can’t treat email addresses as a no-collision domain, and worse, you have to treat them as disposable.