Website security is always a consideration, and nowhere is this more important than on ecommerce websites. When a user is being asked to submit sensitive information such as addresses or payment details, it’s essential that they are able to trust your site and that their information will be safe.
Encryption is the process of encoding information so it cannot be understood by unauthorised parties; it doesn’t stop the information being intercepted, but it does obfuscate the content so the interceptor can’t use it.
This process is typically associated with ecommerce sites, where a user is making a purchase and thus inputting sensitive data such as credit card details, which must be encrypted to ensure their safety.
It used to be the case that ecommerce website checkout processes and ‘my account’ areas are secured, but many ecommerce businesses chose not to encrypt their entire site. And it used to make good sense not to do so. Connections that are encrypted are a lot ‘heavier’ – they consume more bandwidth and take longer to send data. This meant that users could be faced with a longer load time, which adversely affected their experience on the site.
By choosing to only encrypt the sensitive parts of the website, webmasters were able to reduce load time and server requirements.
Today though, server and browser technology is improving and fewer and fewer users remain on outdated devices and software. Compression of files sent over the web has also markedly improved. This means that as the number of communications required to establish the connection is increasing, the physical data size is decreasing, countering what would have previously been an issue and that encrypted sites can load quickly.
As well as encrypting your site, you should also use an SSL certificate to further secure it.
There are a number of options available to you when selecting your certification level and you’ll need to find a trusted provider of the certificate of your choice. The main options are:
Extended validation (EV) SSL certificates
An EV certificate is awarded to a website once the Certificate Authority has confirmed the applicant has the right to use the domain they have put forward and verified that ownership. According to information from Global Sign, this vetting process includes:
Once the EV certificate is granted, the website will show a green padlock bar in the browser bar, like this:
Organised validation (OV) SSL certificates
The Certificate Authority will check your right to use the domain with some vetting of your company, but to a lesser extent than the EV certificate.
Domain validation (DV) SSL certificates
The Certificate Authority will check your right to use the domain, but with no checks of your company.
The Extended Validation EV certificate is therefore the most secure and the version we recommend selecting for your ecommerce website. The presence of the green bar is a great trust signal for your business too, helping users to immediately see a clear signal of your trustworthiness and therefore to feel comfortable buying from your site.
Website security certificates are important. They’re great for users who will continue to value secure websites meaning conversion rates are likely to increase. Search engines are continuing to value “HTTPS everywhere” too, so secure website visibility is likely to benefit in your website’s search visibility in the short term too.
There are some legal issues pertaining directly to data security that are worth mentioning here.
When collecting payment details, your website must comply with the Payment Card Industry Data Security Standard (PCI-DSS) which includes security and encryption requirements for any business that stores, processes or transmits payment cardholder data.
For smaller ecommerce business, using a payment gateway from a third party, such as PayPal, will ensure they comply with the PCI-DSS as the third party will will collect the data and process the payment on their behalf.
If you are confused or concerned about the legal considerations around your ecommerce site, it is advisable to speak to a legal professional.
As well as selecting your CMS or hosted platform, any ecommerce business also needs a payment platform. After all, if you can’t take payments, you can’t make sales.
Your choice of payment platform isn’t quite as simple as choosing a platform which functions. Trust is an essential component of ecommerce success, as we’ll explain further in chapter 2, and your choice of payment method can have real implications on the trust your target audience has in your website.
By selecting a well known and trusted payment platform, you stand a better chance of instilling trust in your website visitors – and that means more sales. It’s also essential that any ecommerce website implement website security through HTTPS, as explained in chapter 3.
Here are some of the most commonly used payment platforms, along with their pros and cons.
World Pay is used by over 250,000 SMEs and is, according to their website, the UK’s number 1 payment gateway by usage.
World Pay offers two options for you to take payments, the first being hosted payment pages and the second integrated payment pages. If possible, it’s best to use the integrated payment pages, which allow your customer to stay on your site to make their payment, whereas the hosted option takes them to a dedicated World Pay page.
World Pay also enables you to take payments via three primary methods; virtual terminal (over the phone), pay-by-link (which means you can send a link to pay via email) and online payments (pay through your website). You can use one or more of these methods, meaning you can make it as easy as possible for your customers to complete their purchase in the way that best suits them.
The benefits of World Pay include:
Sage Pay is used by over 55,000 ecommerce sites and is part of the much larger Sage Group, which has been providing financial software to businesses since 1981.
You’ll receive your funds within 2 days of payment being made which is, according to their website, faster than the industry standard 7+ days.
The benefits of Sage Pay include:
Stripe is the payment platform favoured by web developers. Stripe provides code which can easily be taken and used on the host website and customised within the HTML of the page to deliver exactly the look and functionality you need.
Of course, this does mean you need development resource easily available to you. But the benefits of using this system mean it is much easier for your development team to customise the Stripe functionality to your brand and requirements.
The benefits of Stripe include:
Authorize.net was one of the earliest available, having been founded in 1996. Today, Authorize.net is used by just under 50,000 websites worldwide (from builtwith.com). It is part of a wholly owned subsidiary of Visa.
Authorize.net has a number of available tools which are available as part of the standard package or at an additional fee. These tools include fraud prevention, automated recurring billing and additional currencies. It also includes Apple Pay as standard.
The benefits of Authorize.net include:
Amazon Payments makes it possible for Amazon customers to log in to their existing Amazon account and pay for goods through it on your website.
This means the hundreds of thousands of existing Amazon customers will be able to buy from your site without having to sign up or log in to your site – they simply login via Amazon.
The benefits of Amazon pay include:
Google Wallet is currently only available in the US. We can expect to see it in the UK in the coming months.
Google Wallet enables people to pay money to anyone with a Gmail address by downloading an app (available on Android and iOS).
The benefits of Google Wallet include:
One of the benefits of online commerce is the ability to trade internationally and to service customers from across the globe.
Providing a good user experience to all customers relies on presenting them with the information that is relevant to them. Imagine accessing an online store and finding the currency wasn’t the currency of your country, or that you had no option to change the currency – you’d likely leave the store thinking it wasn’t able to serve you.
There are 3 main options for presenting currencies on your website.
1) Use one currency and enable conversion at payment
In this option, the price is shown in one currency, e.g. Euros, and then converted by the user’s own payment platform, such as PayPal or their bank.
Pros: VAT and exchange costs paid by customer
Cons: Can be confusing to the user, who may not know the conversion rate or assume their order won’t be fulfilled efficiently as it is in a currency other than their own
2) Let the user specify their currency
This is quite a common solution and involves presenting the user with the option to amend the currency to the one they prefer. Usually represented as a flag or currency symbol with a drop down selection.
Pros: User can choose the currency most appealing to them
Cons: User may be confused on entering the site if the currency isn’t already set to their own
3) Automatically set currency based on IP address
Another common solution is to automatically detect the user’s location and set the currency appropriately. This is done using cookies and requires the currency of that location to be available or a default provided.
Pros: User is presented the appropriate currency for them from the moment they arrive
Cons: Requires user to enable cookies, can be inaccurate
Your choice of option will depend on your preference and the functionality of your site.
The language you use on your ecommerce site is indicative of its appropriateness for the user. Whether it’s variations on one language (‘finalise’ vs ‘finalize’ or ‘add to cart’ vs ‘add to basket’ in UK vs US English) or different languages entirely, your choice of language has an impact on the user’s perception of your ability to fulfil their need and the ease with which they can use your site.
There are two main options in the way you present language to your user.
1) Let the user specify their preferred language
Allow the user to select their language, usually using a flag and drop down of options. In this option, the user can specify the language they prefer to use, not necessarily the language most common to their country. For example, a user in Canada may select English or French.
2) Automatically detect location and set appropriate language
Through cookie detection, serve the most appropriate language to the user’s location. This will ideally be specific enough to account for regional variations, and still allow the user to change this if desired.
Your choice of language option will depend on your preference or technical capabilities of your website.
Note: if setting currency or language for your ecommerce site, it’s important to mirror this through subsequent communications to provide a consistent experience – e.g. confirmation emails in the appropriate currency.
The key to ecommerce success is conversions. Without sales, an ecommerce website is useless, so it’s essential that every step of the design, build and ongoing strategy is focused around making conversion as easy as possible for your users.
One of the biggest barriers to conversion is the requirement that a user sign up for an account with the site before being able to progress their order.
While there are many advantages to having a user sign up – not least the increased personalisation options and marketing intelligence – it can put people off, especially if they only intend to buy from you once.
Providing your users the option to purchase without sign up can therefore be hugely beneficial to your overall conversion rate. Give them the choice, and make it clear why they may want to sign up.
Internal search, sometimes referred to as onsite search, is a valuable tool for increasing conversion rate, providing users a way to navigate the site and gather important behavioural and intent data.
Users that engage with internal search can be broadly categorised into three groups:
Location of the search bar is a key consideration. Search needs to be global across the site to enable users to easily find and use the functionality. Following convention will give users greater trust in the site so having the search bar in the header located close the main navigation is recommended.
It’s important that the search bar is visible at all times with a clear prompt to initiate the search. The John Lewis site search bar being prominently located above the main menu with the helpful prompt “Search product name, code or brand…” is an example of internal search best practice.
On entering information a predictive set of results is a good way to provide users with a faster way to search for the products or category they are looking for.
When there is a wide range of product categories the use of constrained search provides the user the ability to refine the search and increasing the chance the user will find the product being search for.
The best example of this type of search is on Amazon.co.uk
Search results page
The formatting of the search results page and the order that the search results are given back to the user are key to increasing conversion. It’s important to give the user the option further filter the results, Topshop do this using a left hand navigation with Product Type, Colour and Size meaning the customer can quickly the product they want to purchase.
The order of the search results is also key to increasing conversion, with many of the enterprise ecommerce platforms allowing for A/B testing of sorting methods.
No search results page
When a user searches for a product, code or category and there are no relevant items returned then they will hit the dreaded “No search results page” and without a clear next step may choose to exit the site. Adding a few options and an engaging design can help keep the user on the site, Tommy Hilfiger give the user the opportunity to search again, shop New Arrivals by Women, Men, Girls and Boys. and to “Shop our Labels”
In order to improve performance of the site’s search metrics regular reports need to be produced for optimisation
Review search terms for common search spelling errors can be removed, most ecommerce platforms allow for groupings of synonyms and misspellings so that the user finds the content that they are searching for. This should be reviewed on a weekly basis by the ecommerce team.
List all searches that hit the no search results page and identify any where there are relevant results that would be expected to show. Investigate and fix underlying reasons that the products are not showing.
For common search terms it is possible to increase conversion rate by adding a search redirect to the most relevant category or page as this page will be more tailored for conversion than the search results page. Topshop have set a redirect for “Jeans” to go directly to their jeans category page. Creating redirects for delivery related search terms to the delivery page will mean that the user is automatically find the page they are searching for a many platforms will only return products in the search results.