Online Stores: Preparing for Holiday Shopping
Today I ordered gifts for half of the family in various online stores, mainly choosing large trading floors, as representatives of small businesses, alas, do not always provide a sufficient level of comfort and safety when shopping in their online stores.
Although, to be honest, I was not completely satisfied with what the "mastadons" were offering.
More precisely, it was not that I was not satisfied, but merely cemented in my mind an idea that came to me a couple of months ago after reading the result of a survey conducted by Symantec in collaboration with professionals.ru on the relationship of users to security when conducting online transactions.
One of the numbers that struck me the most was that 86% of users were afraid to make transactions, while only 20% really refused to make them ... Apparently, the remaining 66% were afraid of their eyes and made their hands.
The first logical question: “What to fear if traffic is transmitted over SSL.” I found the answer to it in the same poll. Only 24% of respondents are looking for signs of cryptography on the site.
And again the question: “We don’t know what SSL is?”
Tell me, many of you are checking if the site uses a secure connection?
I’m sure many thought, “What are you asking us about? Of course ... "At least I would be glad if you thought so.
But practice shows that only three categories do it all the time: paranoid, too attentive, too loose (who have no business but to check for certificates).
Ordinary people, even those who know what SSL is and why it is worth checking whether a secure connection is used, forgets to do this (either in a hurry, or out of carelessness, or for any of many other reasons).
And just then the thought almost came to me with which I started this post: “Vendors who came up with such a technology that requires constant attention of users are to blame.”
Attention training is a good thing, but not everyone is willing to pay for it by losing money from their account, and some simply do not have time for this.
That is why the vendors thought and decided to make life easier for ordinary users. Certificates with the Extended Validation function were invented and browsers immediately learned to identify them and visualize it very clearly. A long-standing study showed that almost 100% of users always notice that the address bar has become highlighted in green.
By the way, for those who have forgotten how it looks (something like this):
But here our Russian and friendly brother was waiting for the villain-fate . Unfortunately, there are still so few EV certificates in the .ru zone that anyone who finds one can celebrate it as a holiday.
Why is this happening?
Maybe the creators of our sites do not know about EV? Unlikely…
Maybe they want to be like everyone else? Then it’s time for someone to begin to break out of the gray mass ...
And maybe it was someone’s will from above? Now conspiracy theories are quite popular. Then we will organize the X-thousandth protest rally in the name of protecting such a wonderful technology. Thank God, the technology of the rally has been perfected recently to perfection.
I think everyone has already understood what thought visited me after spending several hours on the Internet and searching for gifts. That's right “There are wonderful technologies that will allow users to make transactions and not be afraid of anything. Why not use? Site owners, we’re awake, it’s time to act. ”
Well, lastly I would like to remind you that the holiday season is coming, which is traditionally famous for the increased activity of Internet scammers.
In this regard, a couple of requests / advice to site owners and users.
Owners:
- Have pity on users, use EV certificates. They are not much more expensive, but much more convenient. By the way, judging by the statistics, it’s more profitable for you, because bring more sales.
For users:
- Check the security of sites (https in the address bar; lock displayed in the browser). If the site owner does not care about you, then take care yourself. Sometimes it is better to feel paranoid than to get the bank to return the stolen money.
- Avoid pop-up ads. They don’t bring anything good.
- Well, of course, use good antivirus protection on your workstations.
ps: for those who care about attentiveness training, you can teach the browser not to distinguish the EV certificate from the usual one and train, and train again. I wish you success in this difficult battle!
Although, to be honest, I was not completely satisfied with what the "mastadons" were offering.
More precisely, it was not that I was not satisfied, but merely cemented in my mind an idea that came to me a couple of months ago after reading the result of a survey conducted by Symantec in collaboration with professionals.ru on the relationship of users to security when conducting online transactions.
One of the numbers that struck me the most was that 86% of users were afraid to make transactions, while only 20% really refused to make them ... Apparently, the remaining 66% were afraid of their eyes and made their hands.
The first logical question: “What to fear if traffic is transmitted over SSL.” I found the answer to it in the same poll. Only 24% of respondents are looking for signs of cryptography on the site.
And again the question: “We don’t know what SSL is?”
Tell me, many of you are checking if the site uses a secure connection?
I’m sure many thought, “What are you asking us about? Of course ... "At least I would be glad if you thought so.
But practice shows that only three categories do it all the time: paranoid, too attentive, too loose (who have no business but to check for certificates).
Ordinary people, even those who know what SSL is and why it is worth checking whether a secure connection is used, forgets to do this (either in a hurry, or out of carelessness, or for any of many other reasons).
And just then the thought almost came to me with which I started this post: “Vendors who came up with such a technology that requires constant attention of users are to blame.”
Attention training is a good thing, but not everyone is willing to pay for it by losing money from their account, and some simply do not have time for this.
That is why the vendors thought and decided to make life easier for ordinary users. Certificates with the Extended Validation function were invented and browsers immediately learned to identify them and visualize it very clearly. A long-standing study showed that almost 100% of users always notice that the address bar has become highlighted in green.
By the way, for those who have forgotten how it looks (something like this):
But here our Russian and friendly brother was waiting for the villain-fate . Unfortunately, there are still so few EV certificates in the .ru zone that anyone who finds one can celebrate it as a holiday.
Why is this happening?
Maybe the creators of our sites do not know about EV? Unlikely…
Maybe they want to be like everyone else? Then it’s time for someone to begin to break out of the gray mass ...
And maybe it was someone’s will from above? Now conspiracy theories are quite popular. Then we will organize the X-thousandth protest rally in the name of protecting such a wonderful technology. Thank God, the technology of the rally has been perfected recently to perfection.
I think everyone has already understood what thought visited me after spending several hours on the Internet and searching for gifts. That's right “There are wonderful technologies that will allow users to make transactions and not be afraid of anything. Why not use? Site owners, we’re awake, it’s time to act. ”
Well, lastly I would like to remind you that the holiday season is coming, which is traditionally famous for the increased activity of Internet scammers.
In this regard, a couple of requests / advice to site owners and users.
Owners:
- Have pity on users, use EV certificates. They are not much more expensive, but much more convenient. By the way, judging by the statistics, it’s more profitable for you, because bring more sales.
For users:
- Check the security of sites (https in the address bar; lock displayed in the browser). If the site owner does not care about you, then take care yourself. Sometimes it is better to feel paranoid than to get the bank to return the stolen money.
- Avoid pop-up ads. They don’t bring anything good.
- Well, of course, use good antivirus protection on your workstations.
ps: for those who care about attentiveness training, you can teach the browser not to distinguish the EV certificate from the usual one and train, and train again. I wish you success in this difficult battle!