Significant opportunities for retailers with a more sophisticated security strategy to strengthen customer loyalty
Findings reveal a complex picture of consumer activity online with emotions and attitudes influencing behaviors
“Online Security: A Human Perspective” - Thames Valley Park, Reading, UK – July 06, 2009: OracleCorporation UK Ltd today launched “Online Security: A HumanPerspective” a report based on research by Foviance, the userexperience consultancy
- Foviance spoke to UK consumers, whoregularly use the Internet about their experiences of online securityand its impact on their behaviour. The study gathered quantative datathat was assessed in more detail through a diary study and focusgroups. This approach offered both baseline statistics and a deeperunderstanding of consumer attitudes and behaviours
- Thequantative survey covered 550 respondents and the diary study assessedthe responses and habits of sub-group of 24 people, asking them abouttheir experiences of real-life online security situations. The focusgroups brought this smaller panel together to qualify trends andextract greater detail about the initial findings
- The research revealed three key areas of interest:
Current consumer attitudes to online security: mixed messages - Consumersappeared to have contradictory attitudes towards online security, withperceptions very much ‘press-led’ and fuelled by assumptions of thepotential threats and expectations about their rights.
- Consumerscontinued to list predictable threats, such as malware, spyware,identity theft and 30% said they do not trust central or localGovernment with their personal data.
- Yet when questioned moreclosely respondents revealed a distinct contradiction between theirattitudes and their understanding of the issues. For example, almost athird of survey respondents (30%) do not trust online securitymeasures. When some members of the focus groups raised WiFi as asecurity threat, others agreed, but detailed questioning revealed aclear lack of understanding
- Indeed the majority of surveyrespondents (70%) blamed themselves as the primary cause their ITsecurity problems, which suggests they accept their ‘culpability.’ Thatsaid a nearly a quarter (24.9%) blamed the website, brand or technologyif they experienced login problems
- The focus groups alsorevealed consumers showed no desire to understand the mechanics of ITsecurity in more detail and had high expectations about their rights ifaffected by a security threat
- However, consumers go on tosuggest they would not respond favourably to stricter security. Despitetwo thirds (66%) stating they would be more confident online ifwebsites imposed additional security measures, they were unlikely toaccept these measures if it meant the transaction process increased ineither time or complexity. In fact, 26% reported that such measureswould drive them onto competitors’ sites.
- This creates adilemma for less recognised brands to reassure prospective customersand for larger brands that have been hit by a security issue. How doesa company engender trust, which can lead to customer loyalty andpotential revenue growth if consumers offer such mixed messages aboutcurrent security technology?
Cracking the code: balancing security and convenience to avoid bad habits - Theanswer seems to be that both online retailers and other organisationswith an online presence need to demonstrate a greater understanding ofinstinctive human responses to security. Customers want reassurance,demonstrating this with their buying preference for trusted brands, butthey do not want it at the expense of convenience
- Respondentsto the research and focus group participants cited a number offrustrations that have led to them abandon online transactions,including being perplexed by username and password selection rules,being forced to wait for an email password reminder and being flummoxedby password reminder questions
- The survey also produced some worrying statistics:
-72% of respondents have had at least one problem in the past three months alone
- The number one reason for discontinuing a transaction was the process taking too long (48%)
- 38.9% said that a purchase process with too many steps is a barrier to online shopping
- For survey participants that had abandoned a purchase in the last 12 months 16% did so because the transaction took them to another website, such as 3D Secure Way
- Stricter security policies also lead to less secure consumer practices
- 25% of those questionned in the survey admitted to keeping written lists of their online usernames and passwords
- In one focus group a participant admitted to writing passwords on every account statement
- Thedangers to online vendors are obvious as consumers are quite preparedto complain to others about their frustrations to others. 8 exampleswere raised over the course of the focus groups with participants veryquick to name the brand. 31% of people surveyed were likely to use asite less frequently if they encountered login problems.
- Thismakes it extremely difficult for online retailers (and for that matterany organisation wishing to interact with its stakeholders via theInternet) to balance security needs against providing a fast andefficient service. For example, there was a point blank refusal toaccept the extension of 2-factor security beyond the banking sector onthe grounds transactions, which involved smaller sums should notrequire this technology.
- The report offers some guidance withrespondents and focus group participants suggesting that they look for‘trust signals’ from an online brand, which could include:
- 3rd party certification logos
- Security and privacy policies
- Customer reviews / ratings
- Confirmation page / confirmation email
- Terms & conditions
A security enabled online world: using security to tip the scales - Theresearch provides clear insights beyond the usual assessment ofconsumer concerns about IT security to suggest that there are clearbenefits for online vendors, whose security approach can help to tipthe scales in their favour
- For instance if consumers have tomake a risk assessment of two online sites, weighing up the merits of aprice-based one against those of a recognised brand, unsurprisinglyattitudes to online security tend to drive the consumer to the latter.Furthermore focus group respondents suggested they would be willing topay a premium for such products and services.
- Hence theobvious calculation is that a good approach to security breeds trust,which in turn engenders loyalty that can help to drive revenues
- ConsequentlyOracle recommends a number of steps that businesses can take to improvethe customer experience and foster brand loyalty without compromisingsecurity:
Take the onus away from the customer and reassure them: customers are anxious about security and do want online transactions to be protected. As a result, companies should publish highly visible third-party security certification logos, so that customers immediately recognise that each click, transaction or purchase is secure. Businesses should also make their own security and privacy policies highly visible, with customer reviews and ratings on show for visitors to see. In addition, businesses should also confirm all purchases with a confirmation page, followed by a confirmation email
Build a better user experience by recognising there are shades of grey: Organisations need to appreciate that the one-size-fits-all approach for assessing the risk of fraudulent activity no longer works. Instead, businesses should assess the varying degrees of risk presented by particular transactions. If we consider that the most likely reason for abandoned transactions is because it is taking too long, then businesses should consider the level of threat versus disruption to the customer. For instance, a £5,000 online transaction calls for more security controls, such as two-factor authentication, than for a purchase of just £10.
Stop thinking in terms of a moat and castle – introduce a multi-layered approach: Organisations need to shift the onus of responsibility away from the consumer to encourage online sales. This can be achieved by taking a layered approach, with technology that drives confidence at each level of an online purchase. From the website to the back-end processes and where sensitive customer information is stored, companies can install a mechanism that manages customer information throughout its lifecycle, wherever it resides. Technology is now available that automates and simplifies the setting and management of IT security policies, which minimises users’ need to clear a confusing variety of security checks. By taking the concern away from consumers, organisations can take positive steps towards building a trusting, long-term relationship with customers. By analysing the origin and nature of incoming transactions, behavioural intelligence and profile information can be gathered to generate a risk score for each transaction, allowing continual assessment of threat levels and the ability to dynamically update policies and respond to new threats.
Supporting Quotes
“It’s time to stop viewing IT security as a castle and moat, companies need to take a more sophisticated approach and that requires a shift in mindset,” explains Des Powley, Director Security, Oracle UK and Ireland. “Done well security can be an enabler of online activity, whether that is retail eCommerce or engagement with public services. Organisations must remember that security is an emotive subject that understandably triggers very primitive instincts for consumers and citizens. It’s time to be more strategic, which includes using technologies such as adaptive authentication and single-sign-on all delivered seamlessly with the service.”
“Low consumer confidence impacts revenue generation, but the inverse is also true: good security that increases confidence without creating further hassle, driving sales.
Our research shows that smart retailers and their technology partners have an opportunity to build security into their value proposition, and in doing so, foster customer loyalty and increase revenue,” said Marty Carroll, Director, Foviance.
About Oracle
Oracle (NASDAQ: ORCL) is the world’s largest business software company. For more information about Oracle, please visit our Web site at
http://www.oracle.com.
About Foviance
Foviance is a leading customer experience consultancy with a focus on delivering measurable benefits that works globally with some of the world’s best known brands.
Founded in 2000 and with a heritage in website usability and data analytics, Foviance delivers consultancy to its clients about the effectiveness of their individual channels, such as mobile, web and call centre and how they combine in a cross-channel environment. For many clients, insight is provided not only in their home market, but also internationally through Foviance extensive alliance network.
Foviance engages with its customers wherever they are in their product lifecycle, and provides insight so they understand how to improve, create and deliver excellent customer experiences.
Foviance boasts 43 of the UK FTSE 100 companies among its client roster, including Barclays, BSkyB, and Sainsbury’s. In addition Foviance works with International brands such as Astra Zeneca, Dell and Nokia. For further information please visit:
http://www.foviance.com Trademark
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
# # #