How Users Perceive Security During the Checkout Flow (Incl. New ‘Trust Seal’ Study)

“People have lost everything you know, so I always check a 100 times before I purchase anything”, one of our test subject explained as she meticulously entered her credit card information. Indeed, during our past 7 years worth of large-scale checkout usability testing, we have observed that users continue to feel uneasy about sharing their payment information with e-commerce sites.

In fact, our new Checkout Usability study reveals that 18% of users have abandoned a checkout flow during the last 3 months because they “didn’t trust the site with their credit card information” (1,044 respondents, average US adult internet population, 2016). Throughout all of our testing of checkout processes, we’ve consistently observed 2 important user behaviors relating to security:

  1. Depending on the design, users perceive some parts of a page to be more secure than other parts of the same page.
  2. The average user’s perception of a site’s security is largely determined by their “gut feeling”, which – beyond how much they trust the brand – is to a large extent observed to be directed by how visually secure the page looks.

In this article we’ll dive deeper into how visual security is best established, how users perceive security in a checkout flow, and we’ll provide new updated results for our “Which Site Seal do People Trust the Most?” study (incl. testing a fake seal).

Users’ Perceived Level of Security in a Checkout Flow

Already back in 2009 we observed that a large proportion of users perceive some parts of a checkout page to be more secure than other parts of the same page. This was re-verified in 2012. And now again, in 2016, in our latest large-scale checkout usability testing.

The test subjects generally had less confidence in the security of their credit card details on pages where the credit card form didn’t “look” or “feel” more secure than the rest of the form fields used for less sensitive information. An example of Macy’s is seen here – notice how the credit card fields and address fields look exactly the same.

What we consistently observe is that any parts of a checkout page with trust badges, reassuring microcopy and a general visual “robustness” are often perceived as being “more secure”, while parts without these visual clues inspire less confidence – despite the fact that these fields are all part of the same form on the same page. Now, from a technical perspective, this of course doesn’t make any sense, as all the form fields on an HTTPS-page are equally encrypted. However, the majority of normal web-users do not have this level of technical insight, and are likely to perceive some parts of the checkout page as more secure than others, whether it’s technically true or not.

There’s two additional observations on users’ perceived security that are important to underscore:

  1. We observe the test subjects to exhibit little to no security concerns during checkout steps that only ask for address, shipping methods, contract info, and similar. The security concerns arise as users are confronted with the credit card interface.
  2. We see that when testing sites from large brands (i.e. Apple, Microsoft, Walmart) users have few security concerns, even with a minimum of “visual security” simply because they are large corporations and well-known brands (although they are still highly vulnerable to layout bugs). By contrast, when testing sites that are newer, less well-known, or more niche than these major brands, we have however observed users raise security concerns very easily if there are no visual clues. Hence, the more well-known a site or brand is, the less “visual security emphasis” clues are needed.

Let’s take a look at some design tactics that have performed particularly well during our usability testing when it comes to reinforcing the user’s perceived level of security.

Visually Reinforce the Credit Card Section

One method we consistently observe to perform well for increasing users’ perceived security of sensitive fields is to visually encapsulate them. This can be achieved simply by using borders, background colors, shading, and other visual styling that will make one part of the form seem more robust than the rest. Remember: this is about perceived security of the fields, not their actual technical security.

This mockup we created illustrates how a payment form may emphasize its security through visual cues such as microcopy, the use and position of site seals, a padlock icon, along with a visual encapsulation of the sensitive credit card fields via a grey background color.

It’s important to note that the visual reinforcement must be distinct and unique for the credit card fields. If you use a similar style elsewhere during your checkout form for less sensitive information, it will likely be considered generic styling and not yield the desired increase in user confidence. Again, this is about tapping into the user’s perception of the fields, making the user feel that this highly sensitive information will be treated more securely than the fields that contain less sensitive information (like an address or name).

Which Site Seal do People Trust the Most? (2016 Results)

Another visual clue that during testing also proved effective at increasing the perceived level of security (and adding robustness to the encapsulation) is the use of “site seals”, such as trust badges, SSL seals, and similar symbols suggesting trustworthiness.

Now there is a broad range of site seals, each with different meanings:

  1. SSL seals – Some are “SSL seals” which are issued by SSL certificate vendors – like Norton, Thawte, Trustwave, Geotrust, Comodo, etc., and these seals indicate that communication between your browser and the site is encrypted via the Secure Socket Layer (SSL) protocol. In short: it denotes technical security.
  2. Trust seals – Others are “trust seals”, like Google Trusted Store, BBB Accredited, TRUSTe. These seals typically indicate some sort of verification of the site and its business – in other words, a trusted 3rd-party (like Google, TRUSTe, etc) saying “this is a legit business”. In short: it typically denotes business authenticity.
  3. Made up symbols – Finally there are visual symbols that aren’t issued by a 3rd-party and are simply “homemade” icons like padlocks or “Secure Checkout” badges. These are effectively visual symbols the site utilizes to make its own claims of security. In short: it’s entirely made up; the site claiming that it is safe.

Generally, we see during testing that adding any visual icon will help increase the user’s general level of perceived security. However, we wanted to look a little deeper into which seals and icons inspire the highest level of confidence in users, and we’ve therefore conducted two quantitative studies testing various site seals. We ran the first study in 2013 and then the second in 2016, both asking the same question: “Which badge gives you the best sense of trust when paying online?”

The 2016 test results tell largely the same story as our 2013 results. The SSL seal from Norton dominates as the seal that establishes the best sense of trust, followed by three trust seals, with several of the SSL seals performing rather low. Looking at the results, it’s very interesting to note that the seals from well-known consumer-facing brands, like Norton and Google, perform very well. This suggests that it’s at least to some extent possible for e-commerce sites to leverage the recognizability of these brands.

Similar to the 2013 results, it’s interesting to see that the majority of the most trusted seals are “trust seals”, not SSL seals. This is noteworthy because SSL seals suggest actual technical security of the payment form (preventing man-in-the-middle attacks and network eavesdropping), whereas the trust seals indicate little to no actual technical security. Again, this just re-emphasizes that actual technical security is beyond most users’ understanding, and that users will go with what makes them feel most secure.

.. the homemade seal performed significantly better than the SSL seals issued by established vendors ..

In our 2016 tests we also included a completely “homemade / fake” seal not issued by a 3rd party, with no meaning whatsoever beyond the icon itself. Note how the homemade seal performed significantly better than the SSL seals issued by established vendors except Norton. This suggests that beyond strong brand reconizability, it doesn’t matter too much which actual seal is chosen. Rather what’s most important is making sure there’s some kind of visual seal or icon present to indicate the robustness of the credit card fields.

When it comes to placement of the seals and icons, we observe that placing 1-2 icons within the encapsulated area performs well to help the perceived reinforcement of the sensitive fields.

Layout Quirks Erode User Trust

While users’ general lack of deep technical knowledge means we can strengthen the perceived security of the credit card fields through visual cues, even entirely made-up ones, we also observe in testing that this lack of technical understanding can cause unrelated layout quirks to completely erode all sense of security.

During testing we observe how seemingly innocent layout bugs and quirky interactive features cause the test subjects to doubt the security of the site. In fact, some subjects even believed the site had been hacked or wasn’t currently working properly, causing them to abandon their purchase due to a lack of trust in the site. In these instance even the strongest of brands can suffer since the user no longer trusts that the business has control over the site, and indeed we’ve seen subjects abandon sites such as Amazon and Walmart due to layout quirks during their checkout processes.

It’s therefore crucial to scrutinize your checkout flow for even the smallest layout quirks – preferably across a wide range of browsers and devices, every single time there’s code changes to the checkout flow. Even sites with just moderate traffic levels will likely find such efforts worthwhile.

While fixing layout quirks and technical bugs should be almost needless to say, our experience with benchmarking and auditing leading e-commerce sites for 7 years indicate otherwise – something we examine in-depth in: How Layout Bugs Keep Haunting E-Commerce Sites – It’s Time to Fix This.

More Sites Are Visually Reinforcing Their Credit Card Fields

Our 2012 checkout usability benchmark revealed that 89% of sites didn’t visually emphasize the security of their credit card fields, whereas our 2016 checkout usability benchmark shows that it’s now only 66% of the major US ecommerce sites that lack visual emphasis. (It’s worth noting that this significant improvement is despite these being major e-commerce brands which have the lowest need to increase their perceived security.)

In essence our research findings may be boiled down to these two points:

  1. Users have little technical understanding of form field security and rather go by their perceived sense of security – something that is largely determined by the site’s brand recognizability and any visual cues surrounding the payment form.
  2. The user’s perceived level of security can be lifted through the use of visual clues like encapsulating the credit card fields with a solid background color, having site seals in close proximity to the card fields, using (effectively “meaningless”) padlock icons, and other visual reinforcements.

Post a comment or Share:

User experience research, delivered twice a month

Join 16,000+ readers and get Baymard’s research articles by RSS feed or e-mail:

Due to spam, you need JavaScript to do that.

(1-click unsubscribe at any time)

Please note the following:

  1. The “site seals” test was a comparative study of the 8 site seals. In other words, just because Comodo only scored 1.5% doesn’t mean their seal fails to inspire any confidence. Instead, what it means is that Norton’s seal inspires more confidence than Comodo’s. The seal options were randomized for each user.
  2. We always recommend that you A/B split-test different visually reinforced designs and different site seals to see what works the best for your unique audience and site context. The demographic for our tests were matched to the general US internet population. If reviewing other’s shared A/B-split test case studies on the performance of specific site seals, remember that the results are often highly specific to that site’s audience, and should be take with a grain of salt (like our’s, of course).
  3. Disclaimer: more than 60% of the Fortune 500 companies within B2C e-commerce have either purchased Baymard’s research studies or we’ve conducted usability audits for them. This includes Symantec, the parent company of Norton as well as several other smaller companies within the SSL certificate industry. None of these companies have been involved in the making of our tests, or even informed about their existence prior to the publication of this article. The survey was paid for entirely by Baymard Institute using both the ‘Google Consumer Survey’ and ‘SurveyMokey Audience’ services, and thus their respondent recruiting mechanisms.

Jackie Mellor Brownlee October 5, 2016 Reply to this comment

Layout Quirks Erode User Trust.
Another lovely little nugget of evidence to help sell the benefits of user testing to clients. Thanks!

Scott Vold October 5, 2016 Reply to this comment

Great article as usual.
Did you present McAfee as a trust seal in your survey?

Silver October 10, 2016 Reply to this comment

Small hint: the images are not clickable, so the reader actually can’t see and understand the samples (unless you right click and open in new tab). Thank god it’s not a payment page here ;-)

Christian, Baymard Institute October 20, 2016 Reply to this comment

Hi Silver, thanks for letting us know. We had a dev. backlog with other pending items to deal with first, but it’s fixed now and images are zoomable.

David April 27, 2017 Reply to this comment

Christian, wow in-depth article! Any thoughts on how to identify which of these potential reasons for checkout abandonment to test 1st? Especially if you have a smaller size audience pool? Would you focus on split testing the visually reinforced credit card vs current version or trust symbols next to the credit card — basically how would you identify which of those to test first? thanks again!

Post a comment!

Close overlay