• Secure Your Business’s Website to Make Conversions a Lock

    secure your business website and increase conversions

    In 1999, The American Institute of Certified Public Accountants released some research about security and ecommerce after customer information was compromised on certain popular websites. I can already hear you questioning its relevance in 2009. But before you dismiss it, you should know one thing: it’s just as applicable today as it was then. Some may say that it’s even more so.

    Take this excerpt:

    “Consumers are looking for better ways to research and buy online, all the while requiring a reasonable amount of assurance and trust that the sites are safe and secure and that their information is kept private.”

    Sound familiar? It should. Consumers on the Internet never stop trying to find better ways to shop and they are always concerned with the privacy and security of a business’s website- even if the company is established and they’ve personally had numerous successful transactions with it in the past.

    Not convinced?



    PETCO wasn’t either.

    The PETCO Scenario

    In 2005, John Lazarchic, PETCO’s Vice President of E-commerce, began questioning his decision to have an “uncluttered” Petco.com homepage- one without security certification logos on it. Up until that point, Petco.com boasted only one VeriSign security logo. And that logo was on the checkout page. Lazarchic believed that prospects and customers were “over” security concerns, despite evolving security threats and their ongoing media coverage.

    How wrong he was.

    After some A/B split testing involving security logo appearances and different placements on the homepage, Lazarchic and his analytics team found that conversions on Petco.com increased by 8.83% when the security logo was above the fold, very high on the page and to the left- in other words, when the logo was in a natural, “readable” position for customers. When the security logo was below the footer and on the bottom right, conversions were a mere 1.76%.

    Imagine that.

    Now put it in the context of the (often argued, but generally accepted) industry standard conversion rate of about 2%.

    Not bad, right?

    What Lazarchic failed to realize was what the AICPA had pointed out ten years earlier- that prospects and customers don’t stop searching for ways to optimize their online shopping experiences- especially where security is concerned.

    The Reality

    The internet “era” that customers are shopping in doesn’t matter.

    Specific years don’t, either.

    On the road of ecommerce, security logos are universal green lights leading the way to conversions. It’s just that simple.

    When you consider that recent studies of the past few years suggest that 84% of polled Internet shoppers don’t think that online retailers are putting enough effort into protecting customers (Forrester Research, Inc), 75% of customers left sites because they didn’t feel safe (Internet Retailer), 90% would have completed sales if they saw security logos on the website (Internet Retailer) and 70% of online shoppers will not purchase from websites without viewing security seals or logos, the importance of website security should be glaringly obvious.

    But it’s not just a matter of simply protecting the data that your online business collects. It’s also about making your customers feel like they’re having a safe shopping experience and convincing them that you’re doing all that you can to protect them.

    If you do those things, you may experience what Lazarchic did…sans the growing pains. Your own conversion rates can jump- even leap- with the simple use of visible and accessible security logos, privacy policies and security policies.

    If the research tells us anything, it’s that these things are major components to a consumer’s satisfaction after a sale. More than that, they get your foot in the sales door. They are what make customers trust you.

    And it’s not just the average customer who responds well to seeing security reassurance. A while back, Eric Enge had a conversation with a representative of ScanAlert, the company once responsible for HackerSafe. He found out that the HackerSafe logo helped finalize the orders of cautious shoppers who waited days to complete a transaction. The HackerSafe logo resulted in a “34 percent lift in purchases, as compared to a 14 percent lift overall.” Suddenly, winning over some of the toughest prospects just got easier.

    Security, Privacy and Reliability = Trust

    Gaebler Ventures has it right when they say that “security, privacy and reliability” are the keys to securing potential customers’ trust and increasing conversion rates. But the element of reliability and the resulting trust from it is often taken for granted. Well-designed websites go a long way, but they’re often not enough to convey trust and convince prospects to buy. Thousands of dollars can be spent on web design and testify to resources and a good designer’s eye, but it doesn’t scream “reliability.”

    Like any other area of business, building trust between you and your customers has to be an ongoing, multi-faceted endeavor. You must maintain and continue building trust with your customers well after you’ve established it through good business practices and reliability.

    So how do you start your journey to trustworthiness?

    Though security and privacy efforts, of course.

    Tips & Tactics for Security, Privacy and Trust

    Try any or all of these security and privacy-related tips and tactics to immediately begin seeing a conversion rate change:

    1. Employ security and privacy policies: Tell customers what information you’ll collect on the website, the reasons behind the collecting and how you’ll use the data. In plain terms, clearly state what you do and what you don’t do with collected information. Reference laws that protect data, state your commitment to protecting data and your methods of doing so, outline how your company implements security measures and detail security testing procedures. All of this reassures readers so that they will feel comfortable submitting personal information to complete a transaction. Many customers specifically look for documentation that tells them that you will not sell or rent their personal information to spammers or third-party companies, so consider including that in a noticeable area on your policy. Sound daunting? Joshua Dorkin at Time For Blogging suggests using policy generators to help simplify the process. By using a generator, you can simply fill in your company name and contact information or you can make modifications to existing policy templates.

    2. Link security and privacy policies on all of your website’s pages: The actual policies don’t have to be front and center of every page, but reminding customers of their existence and making them easily accessible does effect conversion rates. Don’t forget to link them on transaction-related places like shopping cart, billing and shipping pages where customers will need to input their information.

    3. Remind visitors that they are visiting a secure website: While green address bars and small padlocks on browsers do help to convince customers that their information is safe and the website is trustworthy, take the opportunity to reiterate your commitment to protecting private information. Each time they submit personal information like email addresses, physical addresses or financial information, have them read a little reminder testifying to your website’s security measures.

    4. Retrieve only necessary information from customers: Asking for more personal information than is needed to complete a transaction sends up red flags about privacy and security. Your customers won’t recognize that you’re trying to do well-intentioned market research. Instead, they’ll simply suspect that you’ll use the extra information against them somehow.

    5. Give customers control: When you let customers input, modify and delete their personal information on your website and give them the choice to remember usernames, save passwords or allow cookies, they are more likely to believe that yours is a legitimate business and that your business’s main concern is the customer. And that increases trustworthiness.

    FigPii Heatmaps

    6. Use private SSL certificates rather than shared ones: This gives websites more credibility in the eyes of customers who would otherwise become suspicious after being redirected to third-party websites to complete a transaction (note: the only exception to this is if they’re redirected to extremely established websites like PayPal). When it comes to SSL security, there’s no doubt that businesses benefit from shelling out extra money for private certificates. You may think that you’re cutting costs by sharing, but in reality, you’re missing out on the transactions that would have been completed under customer-preferred private certificates.

    7. Have your website’s security independently verified: What prospects and customers want to see is an organization that specializes in website security evaluating your website and giving it a passing grade. It’s not enough to blog or issue a press release about positive results. To really feel your conversion rate increase, earn a clickable security seal that you can boast from your website’s front page. A security or privacy seal above the fold on a front page is eye-catching, establishes your credibility within seconds and convinces prospects to proceed to other areas of the site. And take it from Kevin Gold: using SSL security logos like GeoTrust and VeriSign on a website can result in conversion rates of between 5 to 10%.

    Last Notes

    Convincing prospects and customers that you’re trustworthy, reliable and protective of their information isn’t easy, especially for startups, but it can be done. I would venture to say that it has to be. Any business that seeks to reach its potential and keep afloat in the increasingly competitive world of ecommerce must keep on top of these issues, which is why any business worth its weight considers their security policy to be a “living document.” It’s never done because “security” means something different each day.

    So now that we know that the extra “s” after “http” might as well stand for “$”, what are you currently doing to ensure that your customers are getting the right security signals from you?

Ayat Shukairy

My name is Ayat Shukairy, and I’m a co-founder and CCO at Invesp. Here’s a little more about me: At the very beginning of my career, I worked on countless high-profile e-commerce projects, helping diverse organizations optimize website copy. I realized, that although the copy was great and was generating more foot traffic, many of the sites performed poorly because of usability and design issues.

View All Posts By Ayat Shukairy
Ayat Shukairy

Join 25,000+ Marketing Professionals

If you enjoyed this post, please consider subscribing to the Invesp blog feed to have future articles delivered to your feed reader. or,receive weekly updates by email:

14 thoughts on “Secure Your Business’s Website to Make Conversions a Lock”

  1. Good blog post. I’ve tested security badges on some different e-commerce sites and have seen slight conversion increases. When creating sites for clients, we always try to weave some copy into checkout directions as well that tells the customer that the site is secure.

  2. While some of this advice applies just to ecommerce sites, I also think there are important nuggets here for content oriented sites. For instance the privacy policy information is excellent and too often overlooked on sites that ask people to fill out an email newsletter signup form.

    I even put a BBB insignia on my site. Some say people no longer pay attention to BBB, and that may be true in a minority of cases, but in a world overrun with spam sites, it is one more indication of validity and makes a difference. People click on that BBB insignia, so I know they are paying attention to such things.

  3. Avatar Kevin Knutson says:

    Great Post-

    Hacker Safe was acquired by McAfee and the new certification is called McAfee Secure.

    The correct Certification will Increase sales conversion and the only true way to do the metrics is with A/B Split Testing.

    With A/B testing you can measure the effectives of a certification/trust mark or brand placement.

    After extensive A/B Split testing by Petco, Kswiss and other large ecom clients. They found the New McAfee Secure Certification actually brought them higher sales conversions over the Hacker Safe Certification/Trust Mark. This came as a shock to us Hacker Safe employee’s, but goes to show that the McAfee Brand recognition is stronger than Hacker Safe’s trust mark.

  4. Rick, I’m sure you’re benefiting from that and I’m sure that your customers appreciate having that copy right there for them. Can I ask what type of copy it is? How long is it?

    Anita, you’re right. Really, any site that asks for emails should have a privacy policy in place. I also look at BBB insignia all the time!

    Kevin, thanks for your comment. Interesting about the trust mark. And thanks for the invite.

  5. Avatar Audio Bible says:

    I would think the McAfee Secure out performed the old Hacker Safe sign…


    Negative wording, who ever thougth up the original Hacker Safe wording, it is giving the user a negative experience right off the bat. It is planning a negative idea right off the bat that the user is not even think of.

    McAfee does have some positive benefits, but minimual I would guess.

    Most of the gain is in rewording?

    What would you respond more positive too?

    ‘Hacker’ or ‘Secure?

  6. Avatar Samantha says:

    Audio Bible, “secure” does seem like it would outperform the negative connotation of “hacker.”

  7. I recommend a service call GamaSec ( http://www.gamasec.com) remote online web vulnerability-assessment service that tests web servers, web-interfaced systems and web-based applications against thousands of known vulnerabilities with dynamic testing, and by simulating web-application attacks during online scanning.

    The service identifies security vulnerabilities and produces recommended solutions that can fix, or provide a viable workaround to the identified vulnerabilities


Comments are closed.