tags:

views:

44

answers:

4
Q: 

UX: HTTPS and "Lock" for Shopping SItes

Our geeky back-end developer is trying to tell us that we really don't need to have the whole logged-in section of our shopping site be "https" with the browser "lock".

He just wants to put the credit card fields in an https frame (which customers will not be able to see is secured).

As far as we can tell, this is sheer UX lunacy that would be the kiss of death for an e-commerce site today. Consumers absolutely expect that "lock" icon or they think the site is some kind of scam.

But our developer doesn't think it would be so unusual and says it will make his integration easier.

So can anyone refer us to a single major shopping Web site that does not use https and the lock for the entire logged-in account section?

+3  A: 

HTTPS is an absolute requirement for eCommerce transactions. Make sure you use HTTPS while collecting shipping and card details and make this obvious to the user.

However, you need not have HTTPS all though out your site. HTTPS is not needed while browsing your product catalog or adding an item to cart.

Ashwin Prabhu  2010-06-02 12:59:38
A: 

Your developer is just plain wrong.

By putting your CC form in a frame you'd be able to access the DOM of the https page from the unsecured server because it is a child of the parent document.

Rimian  2010-06-04 10:45:55
I guess not, unless the CC form is loaded from the same domain/source. Otherwise access the DOM in the iframe will be a violation of the 'same origin policy' - browsers will not allow this.
Ashwin Prabhu  2010-06-07 05:45:34
A: 

Keep in mind that your developer is looking at this from a coding perspective not a UX perspective. In short, thank the developer for the awesome input but go with what your users expect to see and and use HTTPS.

Atanasio Segovia  2010-07-13 04:45:49
A: 

No matter what you decide... I always look at it from a pay-now or pay-later cost scenario:

Will letting the developer "save" me a few dollars now, or making choices based on what is easier for him now, cost me more in the future than any amount of up-front savings?

If you are right (and I believe you are) that people are EXPECTING to see that little lock so they can feel their transaction is secure, then your cart abandonment should be high enough that you will lose far more money than you would ever save doing things the "easier for me to develop" way....

It does not really matter what is happening behind the curtain... as long as things operate the way people expect they will be appeased, kept calm, and click the "pay" button.

Users are so paranoid about scams, phishing, and whatever else that ANY deviation from expected visual and security indicators will cost you and cost you and cost you....

Sometimes the most expensive things cost us the least....

exoboy  2010-07-22 21:52:18

related questions

Usability Solutions to Displaying Denormalized Data
How important for programming skills is to have nice gadgets?
How do you find out what users really want?
Why are usability evaluation methods so rarely employed?
internal error markers
Rich interaction in Java/JSP web app
Web page runtime errors
J2EE Error Handling - Application and User
General tips and techniques for minimizing the size of Flex applications.
An alternative to alert/confirm/error dialogs?
What are great _specific_ usability guidelines?
Most Astonishing Violation of the Principle of Least Astonishment
How to encourage a user to fill in long application forms?
window.resizeTo affects subsequent Firefox windows
UI Design / Workflow: Changing same property on multiple objects
Where do you get your application sounds from?
Resources to create applications with a great user experience?
Quick and Dirty Usability testing tips?
Forced Alpha-Numeric User IDs
Experience with SQLExpress for a multi-user commercial application?
Good books on "designing for improving the User Experience"
Native Tongue as Default Language For an Application
Password generation, best practice
What free software can I use to create UI mockups?
How to collect customer feedback?