View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Research reveals consumer frustration with online security

Security damaging online shopping experience, hurting sales

By CBR Staff Writer

As many as three-quarters of online shoppers have reported at least one login or online security problem in the past three months alone, which could have led them to abandon their online transactions.

Online retailers are leaving money on the table, a new study for Oracle has concluded, citing a number of frustrations that have led consumers to abandon their online shopping carts. The reasons range from shoppers being perplexed by username and password selection rules, forced to wait for an email password reminder, or being left flummoxed by password reminder questions.

The research was carried out to map the human landscape of online retail, to assess people’s attitudes to online security and detail some of the habits that are starting to emerge.

Several themes emerged, Marty Carroll of Foviance, the user experience company behind the study, told us. “Most people seem blissfully unaware of online security threats, and around 15% of respondents didn’t understand risks at all. Those that do show awareness are using vocabulary that they really didn’t always understand,” he said, noting that malware or phishing attacks are concepts that are not always well understood. 

As well as an initial survey of 500 people representative of the online consumer, the company persuaded 24 respondents to participate in a dairy study who over a two week period kept a log of their online shopping experiences. Some of the panel also joined a later focus group discussion. 

There was plenty of evidence of people developing risky habits, some of which stem from the demands being imposed on online consumers to remember user names and passwords that are not always memorable. 

Some 25% of those questioned in the survey admitted to keeping written lists of their online usernames and passwords. 

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

In one focus group, a participant admitted to writing passwords on every account statement. “It’s becoming too difficult for people to manage multiple passwords,” Carroll said.

In some cases there can be added complications, when a site uses a third-party site like 3D Secure, and which calls for another user name and another password to be entered to complete an online transaction. “These processes are poorly understood,” Carroll suggested. For survey participants that had abandoned a purchase in the last 12 months, 16% did so because the transaction took them to another website, such as 3D Secure. 

Despite two-thirds of respondents to the Oracle-funded survey stating they would be more confident online if websites imposed additional security measures, they were unlikely to accept these measures if it meant the transaction process increased in either time or complexity. In fact, 26% reported that such measures would drive them onto competitors’ sites. 

The number one reason for discontinuing a transaction was the process taking too long (48%), with almost 40% noting that a purchase process with too many steps is considered as a barrier to online shopping.

A quarter of people say they blame themselves, as much as they blame a particular website or online security procedures for their impatience, Carroll told us, but interestingly they tend not to use a retailer offline once they have had a poor shopping experience with them online. Getting online security right is a good way of building trust, and with it brand differentiation, he suggested.

Des Powley from Oracle said there are significant opportunities for retailers to improve the situation and readdress attitudes to online security. “We see a need to rebalance online security away from the current position where the onus is placed on the consumer, to one where technology is used in ways that helps build a level of trust and confidence among online consumers. There’s a need to change the mindset towards customer intimacy, the quality of the customer experience and the needs of the online consumer.”

The findings of the research reveal a complex picture of consumer activity, with a mix of sometimes contradictory attitudes influencing online behaviours.

Almost a third of survey respondents (30%) do not trust online security measures. The focus groups also revealed that consumers showed no desire to understand the mechanics of IT security in more detail and had high expectations about their rights if affected by a security threat.

Oracle suggested that online retailers need to demonstrate a greater understanding of instinctive human responses to security. Customers want reassurance, demonstrating this with their buying preference for trusted brands, but they do not want it at the expense of convenience.

Powley said that passwords should be seen only as a door opener, and made to be easy as possible to remember with other technologies ensuring transactional security and authentication. A password could be a favourite picture or a memorable phrase, with systems data such as the physical location, IP address or caller-line ID used to further authenticate an online shopper, underpinned with strong fraud protection processes.



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.