With an ever-increasing number of websites and a seemingly comparable increase in the level of fraud and other problems with purchases, people need to apply a greater level of judgement over which websites they use and choose to trust with their credit card details. What constitutes site credibility is somewhat subjective. The aim here is to highlight and discuss several obvious issues and ask thought-provoking questions so that you can make your own decisions over what you will accept, tolerate or avoid like the plague.
Consider a simple example of website images that imitate search boxes. Everyone knows what a search box looks like, and how to perform a search, but more and more websites have images that look like search boxes and any attempt to use them results in completely unrelated content which opens in different windows. There are many other variations on this same theme where the site deviates from standard website behaviour to create an outcome to its users’ detriment. This behaviour is deceptive, and you should leave the website.
- Generally speaking, how people behave some of the time is how people behave all of the time. A deceptive website design demonstrates the values of the people who built it, and the people who run the business behind it.
- Adverts are a popular way to monetise websites, and we can forgive website owners for adding one or two adverts that are directly related to their blogs, for example. Websites lose their credibility when the page appears to have more adverts than content; not to mention disguised adverts which appear to be a genuine part of the page content.
- Implementing deceptive means to trick users into clicking on adverts is often a fraud against those paying for adverts on a per click basis. Consider the credibility of the websites advertised when evaluating the credibility of the site you are visiting.
- Intrusive pop-ups are unprofessional, and they give a clear picture of the overall credibility of the site. Website behaviour includes pop-up windows that appear on top of the current page, hidden under the page later when you close your browser or timed to open after a specific amount of reading time on the current site. If people open a webpage, they expect to read the content of the page without being interrupted by unpredictable behaviour.
- An amusing trend with web pages on tablets is the inclusion of an image which makes it look like a speck of dust, or a hair is on the screen. Consequently, cleaning your screen results in the selection of links to new pages; amusing in so much as it shows how far people are willing to go to get people to click on links.
Considering the nature of the site behaviour and the values of the business, this indicates that it is the last place anyone should use their credit card details. Putting that aside, the following are the kind of things you should expect if you choose to make a purchase.
- A pre-selected check box with additional purchase options – by going ahead with your purchase, which may be for a negligible value, you inadvertently make a purchase that you didn’t expect. Essentially it becomes an opt-out purchase
- Terms and conditions that deviate from standard practice – such as a term which states that by making a purchase, you are joining a club and that subsequent payments will be taken from your credit card and added to an online account ready for future purchases
- Automatic continuation of services – payment is made for a specific duration, but automatically renewed without any warning or notification. The customer doesn’t notice until they check their bank/credit card statement.
- Email address and other personal information sold to other businesses leading to an increase in unrelated junk email
Claiming a chargeback against the credit or debit card used to make the purchase is not straight forward in cases where the customer has explicitly given their credit card details. Banks don’t consider this to be credit card fraud and responsibility for the loss remains with the cardholder. Under these conditions, banks tell their customers to contact the vendor. The issue with dealing directly with such vendors is that the values exhibited throughout the customer journey are consistent with customer support model. Essentially, designed to get people into an undesirable situation, while making it difficult, time-consuming, or expensive to get out.
Robert is an information security professional with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through Telegram.