As e-commerce has emerged and expanded, a string of misconceptions has arisen. Throughout my career as both a CTO and advisor to e-commerce companies, following are the most common myths I’ve encountered:
PCI compliance doesn't matter. Many smaller e-commerce sites fail to address critical security needs, assuming they can fly under the radar while they remain small. This is a huge and unnecessary risk for a company to take, and it is easily avoidable. While obtaining PCI (Payment Card Industry) compliance is a lengthy and expensive undertaking when you store or transfer consumer credit cards, it's a fairly trivial operation when you don't.
How can an e-commerce site not transfer or store credit cards? By utilizing credit card processing from companies such as Braintree or
Stripe, which have offerings where the credit cards are sent directly to their PCI-compliant secured servers and an authorization token is sent to your servers.
Encrypted passwords are safe enough. Once upon a time, this was true, but with the advent of Graphic Processing Units and cloud computing, if anyone got access to your password database they would be able to crack all of the passwords in a matter of minutes. For under $2,000, you can build a home computer that can try well over 1 billion passwords a second. With cloud computing, you can rent this for about $3/hour. For about $300/hour, you could crack around 500 billion candidate passwords a second.
Perhaps you are feeling good right now because you are using a salt, which is an additional string for your encryption that makes a hash unique to you, preventing use of things like bubble tables. A universal salt does nothing to help the matter. The only way to properly secure your passwords is to: 1) have a random salt for each user; and 2) use an encryption library like bcrypt, which is designed specifically for encrypting things like passwords and can keep up with Moore's law by letting you increase the amount of work your hash needs to do, slowing it down and making it harder to crack.
Interested in learning more? See Coda Hale's excellent post.
Speed doesn't matter. Most e-commerce sites rank among the slowest sites on the Internet. Amazon did a study where they identified that there is a direct relationship between page load speed and conversion rates. They found a 1 percent decrease in sales for every 0.1 second decrease in response times. Other studies have identified speed as the single most critical factor for e-commerce conversion.
The manufacturer description and photos are good enough. Typically, the description and photos provided by manufacturers (and commonly found on retail e-commerce sites) are quite poor, consisting of low resolution photos and incomplete descriptions. By crafting your own descriptions and photos, you define your shopping experience. This provides a differentiator from every other shop selling the same merchandise, and it is critical to any store looking to establish itself.
PayPal is an acceptable payment processor. All sorts of alarms go off in consumers’ minds when a supposedly reputable business only offers PayPal (or Google Checkout). Consumers want to purchase from a trustworthy and reliable company. PayPal conveys to the consumer that your site is run by a fly-by-night con man, who isn't trustworthy enough to get their own merchant account.
Consumers don't need free shipping. The Internet has reduced all barriers from comparison shopping. Amazon is often the lowest price on the Internet and offers free shipping on nearly all their merchandise, and in two days if you have prime. Amazon has trained customers that they shouldn't pay for shipping. Surprise your customers with shipping charges at checkout and they will abandon your checkout like it's the Titanic. Either offer free shipping or at least offer flat-rate per-order shipping (like
woot.com). When I ran engineering for OpenSky.com, we did lots of testing around this and found that conversion rates plummeted when shipping was an extra cost at checkout (or in the cart). We even found that consumers would readily pay more for an item if it had free shipping.
Thanks for the information. It makes for a good reminder for those of us who take some issues for granted, and a useful guideline for those wanting to use e-commerce.
search matters. I get so damn tired of looking for something and ending up with a gazillion irrelevent results. I will pick a site that doesn't have the best price if it's easier to find the damn product.
(And while I'm at it, it ticks me off that I'll search for something using Google Shopping [which I still call Froogle], it will give me the lowest price at a certain site, and then when I go there, I find the actual price is significantly more.)
I was surprised by the note on PayPal too. Aren't PayPal's business accounts exceptions to that? I'd be wary if I see a personal or a premier account on a big e-commerce site, but a merchant account sounds fine to me.
Amazing list. Study on correlation between loading speed for an ecommerce site and conversion rate is really a fantastic share. I have seen that happening to my own self when some times I regret a buy when I think more reasonably but I bought it just because, at a split second I liked it and at the other I had booked it. Didnt got much of the time due to rapid loading speed. With slow load times, the ecommerce sites might loose people like me.
Excellent post. Spot on, at least when seeing my behaviour as a customer.
Regarding passwords, what can users do? I saw an interesting article yesterday that because of a MS glitch, having a 14 char password is seen as two 7 char passwords, so they recommended 15+ (!!). Also, avoid a word from the dictionary but at the end they recommended "passphrases" with several dictionary words but with no real sense.
Yes, plenty to chew on there. I am surprised that PayPal has that reputation, but I can kind of see the reasoning. There are plenty of payment service vendors out there, which can be integrated with sites, so using PayPal at the very least seems lazy.
Hi Steve. Welcome to Internet Evolution. What a fantastic list! I am one of those consumers who is turned off by PayPal and shipping costs. (And yes, Amazon has taught us all that we don't have to pay for shipping.) I wanted to place an order on a site the other day -- it was an $8 order, and during the final step I saw the shipping charges were $7.95. I closed out and didn't make the purchase.
Also, this was pretty startling: "For under $2,000, you can build a home computer that can try well over 1 billion passwords a second. With cloud computing, you can rent this for about $3/hour. For about $300/hour, you could crack around 500 billion candidate passwords a second."
Scary stuff indeed. Thanks for the excellent and informative first post.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Social media has been with us for a decade -- but employer policies and the law are anything but firm about the most appropriate usage of this powerful tool.
Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
I've been writing about how the next evolution of the Internet might just be an advertising revolution, and how corporate IT can stay involved as the enablers and providers of the technologies that make this possible.
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
