With an ever-increasing number of websites and a seemingly comparable increase in the level of fraud and other problems with purchases, the need is clear for people to apply a greater level of judgement over which websites they use and choose to trust with their credit card details. What constitutes site credibility is rather subjective but the aim here is to highlight and discuss a number of obvious issues and ask thought-provoking questions so that you can make your own decisions over what you are prepared to accept, tolerate or avoid like the plague.
Consider a simple example of website images that imitate search boxes. Everyone knows what a search box looks like, and how to perform a search, but more and more websites have images that look like search boxes and any attempt to use them results in completely unrelated content which opens in different windows. There are many other variations on this same theme where the site deviates from standard website behaviour to create an outcome to the detriment of the user. This is deception and at the first sign of such behaviour, it is time to leave.
- Generally speaking, how people behave some of the time is how people behave all of the time. If a website is going to be designed in a deceptive way, then it demonstrates the values of the people who built the site, and the people who run the business behind it.
- Adverts are a popular way to monetise websites, and site owners can be forgiven for adding one or two adverts that are directly related to their blogs for example. Websites lose their credibility when the page appears to have more adverts than content; not to mention disguised adverts which appear to be a genuine part of the page content.
- Implementing deceptive means to trick users into clicking on adverts is often a fraud against those paying for adverts on a per click basis. The credibility of the websites being advertised should also be taken into consideration when evaluating the credibility of the site you are visiting.
- Everybody knows that pop-ups are unprofessional and they give a clear picture of the overall credibility of the site. This includes pop-up windows which appear on top of the current page, hidden under the page to be found later when closing the browser page, or timed to open after a specific amount of reading time on the current site. If people open a webpage, they expect to be able to read the content of the page without being interrupted by unpredictable behaviour.
- An amusing trend with web pages on tablets is the inclusion of an image which makes it look like a fleck of dust or a hair is on the screen. Trying to remove the hair results in a link being selected. This is amusing in so much as it shows how far people are willing to go to get people to click in links.
Taking this into consideration, the nature of the site behaviour and the values of the business, this is indicative that it is the last place anyone should use their credit card details. Putting that aside, the following are the kind of things you should expect if you choose to make a purchase.
- A check box that has been selected by default with some kind of special offer that may or may not be related to anything which interests you. By going ahead with your purchase, which may be for a negligible value, you inadvertently make a purchase that you didn’t expect. Essentially it becomes an opt-out purchase.
- Terms and conditions of purchase which deviate from standard online purchases such as a term which states that by making a purchase, you are subscribing to a club membership and that subsequent payments will be taken from your credit card and added to an online account ready for future purchases.
- Automatic continuation of services after a purchase has been made. Payment is made for a service for a specific duration, but this is automatically renewed without any warning or notification. The customer doesn’t notice until they check their bank/credit card statement.
- Email address and other personal information being sold on to other businesses, consequently leads to an increase in unrelated junk email.
Claiming a charge back against the credit or debit card used to make the purchase is not straight forward in cases where the customer has explicitly given their credit card details. Banks don’t consider this to be credit card fraud and responsibility for the loss remains with the card holder. Under these conditions banks tell their customers to contact the vendor. The issue with dealing with such vendors directly is that the values exhibited throughout the customer journey are equally reflected within their customer support model. This will essentially be designed to get people into an undesirable situation and making it very difficult or expensive to get out.
Information security consultant with over 20 years’ extensive experience gained across a diverse range of private and public industry sectors including insurance, banking, telecommunications, health services, charities and more, both in the UK and internationally. Graduated in 1997 with a software engineering degree and specialising in cyber security, risk analysis, compliance reporting and access management.