How Building the Right Way Ensures Customer Trust Remains High
In 2017, reading news reports about online security breaches has become commonplace. In the United States alone, there was a 40% increase in security breaches in 2016 vs 20151 and since 2013 hackers have stolen over 7 billion customer records.2
Understanding the impacts of security and how it impacts both organizations and customers when building modern eCommerce systems is crucial. Online security should be viewed through the lens of revenue, customer retention and other direct business metrics, not just through risk mitigation. The current business landscape is very stressful for eCommerce stakeholders facing immense pressure to be constantly innovating and iterating to keep ahead of the competition. But aligning trust through building security into the system from the beginning will directly impact an organization’s bottom line positively.
Emphasis and focus on customer safety through prioritizing and following best practices on privacy, identification, authorization, and authentication are a key part of preventing customers from being uncertain about security.3 Use of encryption, while data elements are both moving and at rest, provides another layer of security and trust.
Protecting customer data is the lynchpin of eCommerce security. Loyalty to a website is correlated with the levels of trust, and customer’s experiencing negative brand experiences can dissolve trust quickly.4
Simple design elements can also largely increase the feeling of privacy organically. It might appear that browser indicators (i.e., Google Chrome’s green lock system indicating a safe HTTP connection) help, but they are largely unnoticed by the public.5 Instead, one of the most powerful ways of doing this is the placement of key badges that highlight risk-free policies such as a 30-day money back guarantee. This tactic almost always guarantees increased conversion. As part of building a frictionless, easy-to-navigate checkout process, customers can also experience safety and trust creation, reducing cart and checkout abandonment.6
Identification and Authorization
Both businesses and customers need to be confident of the identity of the people and institutions with which they are doing business to avoid fraud. In Q1 2016, in the United States, $4.79 out of every $100 of sales were at risk, up $2.90 (150%) out of $100 from 2015 Q1.7
Failure to have a clear identification strategy can impact brand and key metrics through high chargebacks, poor customer trust, and the inability to properly market to your customer dataset.
A key impact of poor identification and authorization practice is experiencing fraud. Fraud has many forms of attack, including account takeover, phishing, and credit card testing. Being attacked creates costs on chargebacks and reducing customer trust. Properly tuned fraud detection can enable easy business interactions with legitimate end users while creating the opposite experience for illegitimate ones.8 This is rarely achievable without a dedicated third-party service that can evolve quickly and use modern techniques such as machine learning across very large datasets.
Clean data is also critical while managing identification. In their 2016 Marketing Automation report, OpenPrise found data hygiene issues, such as data scrubbing and deduplication, dominate as a key problem in almost half (49%) of their respondents.9 Building a strong identification strategy, with the ability to effectively market to a complete customer dataset, is critical to grow repeat sales and maximize loyal customers.
Beyond just straight marketing, having a deep, clean customer database allows for advanced first-party profiling and analytics, allowing you to understand the behavior of your customers.
Use of customer analytics to derive this knowledge has a considerable impact on corporate performance. Companies that make extensive use of customer analytics are more likely to report outperforming their competitors on key metrics, whether profit, sales, sales growth, or return on investment.10 Delivering web and mobile products that integrate with tools such as Google Analytics, Adobe Analytics or Amplitude greatly enhances web and mobile product’s value by:
Providing hard data on what features are actually being used and what features are not. This arms the product manager with critical data used to prioritize the backlog.
Providing hard data on the business value the application is generating, which is vital for stakeholders to make investment decisions.
Providing important insights to designers about the usability of the app. For example, monitoring user interface errors can provide insight into where users are getting tripped up.
Enabling experimental processes to make improvements to the app once it launches.11
Authentication is the act of giving permission, and in the case of eCommerce, is most often used when referring to customer payments. Authenticating payments by itself can be technically challenging to implement, and must include a number of best practices to work effectively. Payment integrators use a number of different approaches to implementation and security. To review all options and best practices it’s highly recommended to download and read in detail the PCI Data Security Standards – Information Supplement – e-commerce best practices.12
Two of the most important items to highlight are: know where your data is; and if you don’t need it, don’t store it. Understanding in detail the flow and storage of your data minimizes risk, and positively impacts the cost of certification and management of PCI compliance.
Encryption of data is a must, and the PCI DSS mandates transport layer security (TLS) version 1.1 with all payment integrations for June 2018. Encryption of data when moving through the system, and while being stored, is an important technical consideration. At no point should personally identifiable or private data be exposed.13
To build trust and help create the best possible return on investment when building a system with business-to-customer interactions, there needs to be a clear strategy around building trust with customers. Begin with thinking about privacy as a marketing tool, presenting the concepts of the policy clearly to the customer organically throughout the sales process. With thoughtful application of best practices, organizations can create systems where privacy, identification, authorization, and authentication positively impact business metrics and an organization’s brand and create trust.
Identity Theft Resource Center. (2017). Data Breaches Increase 40 Percent in 2016, Finds New Report from Identity Theft Resource Center and CyberScout. Retrieved from http://www.idtheftcenter.org/2016databreaches.html ↩
Breach Index Live. Retrieved from http://breachlevelindex.com ↩
Bumsoo and Joonkyum. (2014). Assortment optimization under consumer choice behavior in online retailing. Management Science & Financial Engineering. 20(2), 27-31. Retrieved from http://dx.doi.org/10.7737/msfe. 2014.20.2.027 ↩
Gupta et al. (June 2016). International Journal of Computer Science and Mobile Computing, Vol.5 Issue.6, (pp. 224-232) ↩
Porter Felt et al. (June 2016). Rethinking Connection Security Indicators. Retrieved from https://www.usenix.org/system/files/conference/soups2016/soups2016-paper-porter-felt.pdf ↩
Smith, Cooper. (2015). Shopping cart abandonment: online retailers’ biggest headache is actually a huge opportunity. Retrieved from http://www.businessinsider.com/heres-how-retailers-can-reduce-shopping-cart-abandonment-and-recoup-billions-of-dollars-in-lost-sales-2014-4 ↩
Pymts.com. Global Fraud Attack Index. Retrieved from http://pymnts.fetchapp.com/files/b2d59e ↩
Wheeler, John A. (2016). Hype Cycle for Risk Management Solutions. ↩
Openprise, The 2016 MarTech Data Report. ↩
Fiedler, Großmaß, Roth and Jørgen Vetvik. (2016). Why Customer Analytics Matter. Retreived from http://www.mckinsey.com/business-functions/marketing-and-sales/our-insights/why-customer-analytics-matter ↩
Ono, Ken. When to Integrate Analytics into Development Projects. ↩
PCI Data Security Standard. (2017). Best Practices for Securing E-commerce. Retrieved from https://www.pcisecuritystandards.org/pdfs/bestpracticessecuring_ecommerce.pdf ↩
Checklist and best practices for e-commerce contracting partners. (2016). Retrieved from https://www.six-payment-services.com/dam/downloads/datasheets/110016202DSBestPracticesINTEN_opt.pdf ↩