I'm just looking for opinions, what do people think about things like Hacker Safe or having an SSL Certificate with an authentication seal on an E-Commerce site?

Are they worth anything? More importantly, are they worth what they cost? :)

The seal that comes with a SSL certificate doesn't increase security but you know that already, it merely allays fears for the user. Other labels such as hacker safe and all the "We've been checked out by blah de blah" I personally do not think do you a tremendous amount of good.

Having a well designed and professional looking site along with clear contact details, phone number on ever page in the top half of the fold, will give users more confidence...

You may find this post useful:
http://www.ukbusinessforums.co.uk/forums/showthread.php?t=33411

If your planning to accept cards through the website then your site must be 128 bit secure, required by all banks and card merchants.

There are other payment methods where you don't need this, but when your customer gets to your payment page they will be transferred away from your site to the merchants site. Personally I hate this.

Number 1 rule I use for when buying from any website is to see if the gold security lock is there, at the bottom of older window packages and at the top in vista, sorry not sure for macs. I think this does mean alot to most people.

Thanks, I'm just about to buy a certificate ( hosting is with Carl ) and I simply wondered what difference it would possibly make to the purchasers ( not a technical difference, just their perception ) whether the cert was issued by rapid or geotrust, or whether it had one of the 'validation' seals. I'll be taking cards via Protx so none of the card details will be on my site as such but I do want to make the checkout process secure as soon as a user starts inputting any personal details, name address etc.

A friend was asking about hacker safe, he figured it was a good thing for him to get his site regularly tested, I just wondered if there would possibly be any additional payback in terms of user trust and therefore higher conversions.

I used to use geotrust, now i use comodo, both will do the job and both will have validation seals along with various logo's.

see my logo, at the bottom right, it drags as you scroll up and down!

www_deviltronics_com

Hi Deviltronics, hope you don't mind this:

Have you thought about some sort of thumbnailing script for your site? Currently the images are loading as full size and relying on the browser to scale them..

Internet Explorer in particular is absolutely rubbish at scaling images and it's making your thumbnails very jaggy.

Just something for you to consider, it's a shame to have the look of the site spoiled.

Thanks for the advice. I have forwarded this issue to my web programmer and they said it was fine! Will see if I can get something done with it.

When you say the thumbnails are very jaggy, is it fine when the whole page is loaded or is it all over the place when fully loaded?

Also what internet speed are you using?

They're jaggy because they are being resized by the browser, the page is fully loaded and I'm sitting on a 100mb/s lan connected to a 622 fibre ( I'm in a telephone exchange.. ) at the moment.

Probably the best example I could give you is of the pico helicopter, have a look at the three smaller images to the right, the actual images are ok when loaded into the lightbox but they're quite poor looking as displayed on the main page.

I can't see anything wrong with them! (sorry)

Is it the same for this product: bow wow pink (type it in the search on the site as I can't post the link on here, haven't got fifteen posts yet)

It's actually the same for all of the images, it's not as noticeable with the bow wow because it's a smaller image to start with so it's not being scaled as much.

It will very much depend on the browser you're using, some scale images better than others.

It doesn't affect the useability in any way, just one of those small details that will probably pass most people by, I just happened to notice it.

thanks, will definetly look into it.

Your site is based on OsCommerce and there is a thumbnail contribution for it, might be worth looking into.

One of the other problems with letting the browser do the scaling is that if you have large images it'll increase the page loading times.

My site has quite large images, generally 100k-150k for each, if I were to load the full images and let the browser do the work it would mean that over 1Mb of data would be loaded for the home page! As it is the images are resized on the server and the thumbnails on the homepage come in about 4k each and the total image load for the page is about 50k.

Thanks for that, have you got the link to the exact contrib, looking now, but there is quite a few.

I couldn't really say which would be the best to go for, I'm using Zen Cart myself and Image Handler.

ZenCart is an offshoot of OsCommerce but the contributions are different for each. I'd ask your web designer which one they normally use.

ok brill, really appreciate the help.

You can pay for these security logos but if ask a dozen friends which ones they look out for I expect they would struggle to name any particular one that they consider essential.

I got the impression hacker safe is more of US thing. They have a good sales force who try and claim it'll add 15% on your sales but I'm not convinced people even know what it means.

It probably helps to have one of them, we have 'Internet shopping is safe' but I can't say we saw a leap in sales as a result, but if it convinces just .25% that would cover it's cost for us.

There is a great site that talks about site seals or trust seals and how they can be a great an investment if you are selling something since it is a third party verification. You can view it here: http://www.trusttheseller.com I would suggest reading the article as it also talks about companies other than Hackersafe.

Unfortunately the trusttheseller site is very light on any details, it does not give specifics, just After some research here are some of the results I have came to. then a couple of paragraphs of general info, no facts, no figures, no proof.

Its also an affiliate to both seals that it tries to sell, sorry review, so as its trying to make money from them, it is not independent.

Deviltroniks - would absolutely advise you take the above advice - you will cut your site load time by as much as two thirds. I would also recommend not asking your delvelopers advice in the future with graphic design issues as he clearly doesnt know what he is talking about

If your planning to accept cards through the website then your site must be 128 bit secure, required by all banks and card merchants.

There are other payment methods where you don't need this, but when your customer gets to your payment page they will be transferred away from your site to the merchants site. Personally I hate this.

If you're accepting cards onsite you need more than just an SSL certificate, you need an underlying professional, robust, secure system, and you might need a system that ticks other boxes like PCI compliance (http://www.ukbusinessforums.co.uk/forums/showthread.php?t=44762).

An SSL certificate alone doesn't mean much, and it certainly doesn't mean that your credit card details are safe with the company behind the SSL website.

It is pretty easy for a website to set up an SSL certificate and then ask for credit card details, there doesn't even have to be an automated e-commerce system behind it.

The SSL only means that the connection and the credit card details are secure as they pass from the user's web browser to the website with the SSL certificate (that is if the web page's form actually HTTPS posts the details back to the secure site, which isn't always the case in very badly designed sites, but someone in the know would be able to notice this, unfortunately the general public might not).

Once the credit card details arrive at the SSL website the owner can pretty much do what they want with those details in any insecure way they please. This is why the general public should only send their credit card details to sites and companies they have heard of and trust.

Personally, I wouldn't submit my credit card details directly to a small online shop that I'd never heard of before even if it did have an SSL certificate. You don't know who you are dealing with, you dont know whether the underlying systems are secure or even automated, you don't know the integrity of the people behind the shop, you don't even know whether its a bona fide shop or just a con to get your credit card details.

This is where the third party off-site trusted payment provider site/company comes in, a site/company which you have heard of and one that you trust, like PayPal or WorldPay. And that is why, in my opinion, small shops shouldn't even be thinking of taking credit card details onsite.

Put yourself in the position of the customer. If they have got to your site from the search engines then they may have never heard of you before, in which case they should prefer to divulge their credit card details to a site they have heard of like PayPal or WorldPay. It's a matter of trust. Just because big sites like Amazon take credit card details directly on their site, it doesn't necessarily follow that a small company's website selling to strangers should do so too. If you haven't got a well-known or trusted brand, then you are better off relying on a payment site that does.

As for sticking so-called trusted logos on your site, that is meaningless to the informed surfer. Anyone can put a logo on a website, in fact that's exactly what phishers do to pretend their site is the real thing.

If you are taking credit card details onsite, it also doesn't help with trust if you have anything on your site that indicates that the site isn't professional, like bad thumbnails or very slow loading pages (associated with either cheap hosting or bad design/programming). Informed customers will think, if they can't get simple things like that right how good is their underlying security going to be?

Paul,

With the greatest of respect from one professional to another I think you are dead right on all of the above points BUT a little bit of scare mongering is creeping in.

I cannot, and will not, dispute the points you have raised; you may not shop at a site that you have never heard of but the way you have put it across, anyone running an eCommerce site that doesn't want to use a 3rd party might as well pack up shop and go home now ;)

Yes research your suppliers, yes take every precaution with your customers data but don't feel obliged or forced into using a 3rd party if you really don't want to. Just make sure that the supplier and host ticks all the boxes.

have you got the link to the exact contrib, looking now, but there is quite a few.
Not having auto-thumbnailing, or server-side thumbnailing, means that the large image is sent to the browser, and the browser visually shrinks this down the quickest, lowest quality, way possible. Hence the poor quality thumbnail images with jaggies (jagged lines and pixel loss), and hence the slow page loads (since many large images are being downloaded, even though they visually appear as only small images).

This situation is typical of a lot of osCommerce implementations where the developers haven't put in the time to do a proper job (and it isn't a proper job because browser shrinking is a mistake only novices or web design beginners make). The default osCommerce system doesn't have an autothumbnailing feature, nor do most of the templates based on osCommerce (see osCommerce template checklist (http://www.ukbusinessforums.co.uk/forums/showthread.php?t=29170)), but in both cases both systems should only be used as a base for developing a final more professional system, with autothumbnailing included.

There are a number of contributions and ways to add autothumbnailing to osCommerce installations. The improvements we put in place with our custom version of osCommerce for our ecommerce sitebuilder service (http://www.awebapart.com) were originally based on the following contribution:

www.oscommerce.com/community/contributions,2226 (http://www.oscommerce.com/community/contributions,2226)

but integrating that contibution alone isn't enough, we added some of our own very necessary improvements on top of this too. Contributions, like the default osCommerce system, should be treated as a base for customising and improving your system, and should really only be undertaken by developers who know what they are doing with PHP, MySQL, etc. Autothumbnailing also requires specific hosting requirements, e.g. PHP with GD (a graphics library) installed (which I guess is one of the reasons it was originally left out of the default osCommerce system).

If the person who creates the image in the first place know how to use a graphical application like photoshop you wont need to use the auto thumbnailing. I would hesitate to say that allthough the auto thumbnailing software will quicker, if you want to keep graphical control over the site/ front page I would do them by hand. It wont take any extra time whatsoever if you know how to use photoshop.

re site certificates etc i personally am very trusting when it comes to UK online businesses - everyone is trying their damned hardest to be good at what they do. The only sites I dont trust are abroad. So if you sell abroad much I would think about it.

To be honest I find certificates a bit irritating sometimes - more in particular - when they run out they can destroy your sites rep. until you get a new one. ie once you get one, there is noooooo going back.

I cannot, and will not, dispute the points you have raised; you may not shop at a site that you have never heard of but the way you have put it across, anyone running an eCommerce site that doesn't want to use a 3rd party might as well pack up shop and go home now ;)
I certainly wouldn't want my post to be classed as scare-mongering - being a part of the ecommerce industry must be scary enough for shop owners reading this forum as it is! I'm sorry to anyone who thought it came across that way. I did take care to leave in the caveat that:

"If you haven't got a well-known or trusted brand, then you are better off relying on a payment site that does"

So if you have a website/brand that is trusted, even if you are a small concern, then onsite credit card taking is an option. It is down to trust. Existing customers would trust you more than new customers. New customers who have heard good things (from trusted sources) would have more trust. If you are an existing retail operation that people have heard of, then those people will have some trust in your new online operation. If it looks like your website has been professionally developed by professional companies, then people will also have more trust. If you open and are providing the right information about your company on your website, people will have more trust. If you are a trace-able company, people will have more trust. If people google your site/company and find good comments rather than bad comments, then they are more likely to trust you. etc