The Macrosite for News, Analysis and Opinion about the Future of the Internet
Steve Francia

The Top Myths of E-Commerce

Written by Steve Francia
4/27/2012 27 comments
DISCUSS     Email This

As e-commerce has emerged and expanded, a string of misconceptions has arisen. Throughout my career as both a CTO and advisor to e-commerce companies, following are the most common myths I’ve encountered:

PCI compliance doesn't matter. Many smaller e-commerce sites fail to address critical security needs, assuming they can fly under the radar while they remain small. This is a huge and unnecessary risk for a company to take, and it is easily avoidable. While obtaining PCI (Payment Card Industry) compliance is a lengthy and expensive undertaking when you store or transfer consumer credit cards, it's a fairly trivial operation when you don't.

How can an e-commerce site not transfer or store credit cards? By utilizing credit card processing from companies such as Braintree or Stripe, which have offerings where the credit cards are sent directly to their PCI-compliant secured servers and an authorization token is sent to your servers.

Encrypted passwords are safe enough. Once upon a time, this was true, but with the advent of Graphic Processing Units and cloud computing, if anyone got access to your password database they would be able to crack all of the passwords in a matter of minutes. For under $2,000, you can build a home computer that can try well over 1 billion passwords a second. With cloud computing, you can rent this for about $3/hour. For about $300/hour, you could crack around 500 billion candidate passwords a second.

Perhaps you are feeling good right now because you are using a salt, which is an additional string for your encryption that makes a hash unique to you, preventing use of things like bubble tables. A universal salt does nothing to help the matter. The only way to properly secure your passwords is to: 1) have a random salt for each user; and 2) use an encryption library like bcrypt, which is designed specifically for encrypting things like passwords and can keep up with Moore's law by letting you increase the amount of work your hash needs to do, slowing it down and making it harder to crack.

Interested in learning more? See Coda Hale's excellent post.

Speed doesn't matter. Most e-commerce sites rank among the slowest sites on the Internet. Amazon did a study where they identified that there is a direct relationship between page load speed and conversion rates. They found a 1 percent decrease in sales for every 0.1 second decrease in response times. Other studies have identified speed as the single most critical factor for e-commerce conversion.

The manufacturer description and photos are good enough. Typically, the description and photos provided by manufacturers (and commonly found on retail e-commerce sites) are quite poor, consisting of low resolution photos and incomplete descriptions. By crafting your own descriptions and photos, you define your shopping experience. This provides a differentiator from every other shop selling the same merchandise, and it is critical to any store looking to establish itself.

PayPal is an acceptable payment processor. All sorts of alarms go off in consumers’ minds when a supposedly reputable business only offers PayPal (or Google Checkout). Consumers want to purchase from a trustworthy and reliable company. PayPal conveys to the consumer that your site is run by a fly-by-night con man, who isn't trustworthy enough to get their own merchant account.

Consumers don't need free shipping. The Internet has reduced all barriers from comparison shopping. Amazon is often the lowest price on the Internet and offers free shipping on nearly all their merchandise, and in two days if you have prime. Amazon has trained customers that they shouldn't pay for shipping. Surprise your customers with shipping charges at checkout and they will abandon your checkout like it's the Titanic. Either offer free shipping or at least offer flat-rate per-order shipping (like woot.com). When I ran engineering for OpenSky.com, we did lots of testing around this and found that conversion rates plummeted when shipping was an extra cost at checkout (or in the cart). We even found that consumers would readily pay more for an item if it had free shipping.

Related posts:

— Steve Francia is a technology executive (CTO, CIO, VPE) in New York City.
DISCUSS     Email This
Current display:       newest comments first       display in chronological order
Page 1 of 3   Next >
Mr. Roques
Researcher
Tuesday August 14, 2012 10:02:27 PM
no ratings

I've tried 1Password but maybe didn't give it a chance. I'll try it again.

Thanks for the tips.

Ariella
Thinkernetter
Thursday May 3, 2012 10:25:11 AM
no ratings

@taimur-tz I used to constantly get spam email regarding my PayPal account when I didn't even have one. I did have to set up one a few years back for the terms of payment for a business I do write for. So far, I haven't run into any difficulties, though I never keep a balance in it.

Ariella
Thinkernetter
Thursday May 3, 2012 10:23:20 AM
no ratings

@Steve 

"We even found that consumers would readily pay more for an item if it had free shipping."

That is so true. When I worked in a paper supply business, I once quoted the standard rate and shipping for a customer. He was livid because he said he never gets charged for shipping. What he failed to realize is that the standard rate plus shipping added up to less than his rate with shipping included. It's psychological: we hate to pay for shipping. I've had to remind myself of that when ordering books through Amazon that were not from Amazon because the other seller was actually cheaper even with the $3.99 charge for shipping tacked on.

Mary Jander
Thinkernetter
Tuesday May 1, 2012 10:07:25 AM
no ratings

This is why I often don't trust online ordering and turn to the phone when in doubt.

taimur_tz
Thinkernetter
Monday April 30, 2012 9:29:27 PM
no ratings

@Mary: May new comers in the ecommerce world do not have the necessary architecture and infrastructure that PCI requires. It's also a huge cost to outsource these to a third-party. This is probably why some companies wait for the success of the ecommerce business before they can invest into PCI.

syedzunair
IQ Crew
Monday April 30, 2012 1:10:36 PM
no ratings

Taimur:

It is not only paypal that has subjected users to victimization but I've also seen some less popular sites doing it more often. A service that I used went by the name of moneybookers and it has sealed numerous accounts based on false premises.

Mary Jander
Thinkernetter
Monday April 30, 2012 10:12:40 AM
no ratings

Can't imagine why any company wouldn't be intent on establishing PCI compliance. It seems to be a bare minimum of security standardization. As Steve points out, it matters and there are ways around the cost, etc. And for large companies, the cost will be justified in volume of business returned.

scucci
IQ Crew
Monday April 30, 2012 8:23:08 AM
no ratings

For sites with no security PCI is a great baseline, but don't let PCI fool you into thinking your secure. I've seen many companies fall for this and still get compromised.

taimur_tz
Thinkernetter
Monday April 30, 2012 4:10:33 AM
no ratings

From what I have seen, many ecommerce websites have really poor search algorithms. They'd show up a whole list of irrelevant products in an attempt to expand the list for the users. This doesn't help the users one bit. If they user is searching for something, the results should be as relevant as possible. You're losing out on your chances of sales by confusing your consumers.

taimur_tz
Thinkernetter
Monday April 30, 2012 3:32:48 AM
no ratings

From what I have seen PCI compliance can help you build a good reputation while pitching out to new clients. In some companies, especially the ones involved in telesales, PCI compliant is a basic requirement if you need to business with any good principal.

Page 1 of 3   Next >
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
a moderated blogosphere of internet experts
Jon Carter
Kevin Jacoby
Jason Mick
Jason Mick   6/19/2013   4 comments
The US National Security Agency learned the hard way that it can be dangerous to give a contractor too much money and access, with too little scrutiny. The NSA and other government agencies hire tens of thousands of contractors a year to analyze data. Edward Snowden -- who revealed himself as the NSA leaker after fleeing the country -- was one such contractor, reportedly holding a $122,000 salaried position at Booz Allen Hamilton at the time of his departure.
Hilary Allison
Charlotte Erdmann
Midsize businesses rarely achieve the same standards of security in their own datacenters as professional providers that specialize in delivering these services to organizations.
IETV: the thinkerNet on film
5
of
John Kennedy
How Big-Data Is Changing Marketing
6|13|13   |   1:07   |   1 comment

Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
Kim Davis
Big-Data Can’t Always Sell Wine
5|21|13   |   2:23   |   10 comments

Whole Foods Global Wine Purchaser Doug Bell told me about some of the constraints on using analytics in the US wine market.
Paul J. Fleuranges
Digital Signage Keeps NYC Subway Straphangers on Track
5|6|13   |   3:51   |   1 comment

New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
Kim Davis
Fast Forward to the Future
4|23|13   |   2:29   |   20 comments

A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
Mitch Wagner
Google Launches Its Most Depressing Service Yet
4|15|13   |   2:59   |   10 comments

Google's new Inactive Account Manager lets you control how Google disposes of your accounts when you die.
Second Shooter
Argument Over Top-Level Domains Is 'Stupid'
4|11|13   |   2:07   |   3 comments

The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Kim Davis
Ladies, Your Tablet Awaits
3|21|13   |   2:22   |   37 comments

ePad Femme is the world’s first tablet “made exclusively for women.”
Wisdom of the Big Chair
NFC Moves Into the Mainstream
3|20|13   |   2:16   |   No comments

While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Brian Baron
How Edmunds.com Collects Customer Information
3|18|13   |   1:15   |   No comments

Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
2pm EDT
Fri
Jun 21st
an IBM information resource
sponsored content
big blue blog
Todd Watson
Todd Watson   6/18/2013   Post a comment
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
an IBM information resource
sponsored content
Expert Integrated Systems: Changing the Experience & Economics of IT
In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator.
READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!
REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com
Internet Evolution – not for thickies
The One Thing Your Customers Want (& How To Give It to Them)
Kevin Jacoby
It's safe to assume Microsoft isn't going anywhere.
CLICK FOR MORE
Checklist for a Watertight Cloud Computing Contract
Charlotte Erdmann
Midsize businesses rarely achieve the same standards of security in their own datacenters as professional providers that specialize in delivering these services to organizations.
CLICK FOR MORE
The One Thing Your Customers Want (& How To Give It to Them)
Kevin Jacoby
It's safe to assume Microsoft isn't going anywhere.
CLICK FOR MORE
The One Thing Your Customers Want (& How To Give It to Them)
Kevin Jacoby
It's safe to assume Microsoft isn't going anywhere.
CLICK FOR MORE
The One Thing Your Customers Want (& How To Give It to Them)
Kevin Jacoby
It's safe to assume Microsoft isn't going anywhere.
CLICK FOR MORE
NSA Leaks Shine Spotlight on Perils of Contractor Partnerships
Jason Mick
The US National Security Agency learned the hard way that it can be dangerous to give a contractor too much money and access, with too little scrutiny. The NSA and other government agencies hire tens of thousands of contractors a year to analyze data. Edward Snowden -- who revealed himself as the NSA leaker after fleeing the country -- was one such contractor, reportedly holding a $122,000 salaried position at Booz Allen Hamilton at the time of his departure.
CLICK FOR MORE
Amazon Revolutionizes Book Publishing
Mansur Hasib
The publishing world has long been controlled by powerful companies with high costs, barriers to access, restrictions on distribution, one-sided copyright ownership contracts, and lengthy delays in getting critical information and knowledge out to a broad audience. In this world it often seemed all but the most famous of authors controlled little while publishers controlled everything. In the academic community, the sad result has been an excessive price increase in the cost of textbooks. Technology is finally empowering authors.
CLICK FOR MORE