The test

Baynard showed users the following security logos and asked the question: “Which badge gives you the best sense of trust when paying online?”

The results

Of the 2,520 responses in the Baynard study, 1,286 said ‘don’t know or no preference’ which tells a story in itself. For the rest, the results are as follows: 

What’s interesting about the results is that the actual security offered by the seals seems to have little bearing on the results. 

McAfee, TRUSTe and BBB are ‘trust seals’ while the rest are SSL seals, which actually suggest that the site is technically secure. 

It seems it’s not about technical security, just about recognition. I imagine Norton’s high vote has more to do with its ubiquity as an anti-virus program on people’s PCs than its perception as a guarantor of online payment security. The same applies for McAffee. 

The results are broadly similar to a previous study from Actual Insights in 2011. The most popular ecommerce trustmarks were simply the best known ‘brands’, such as Verisign and McAffee. 

The results were: 

  • PayPal (29%)
  • Verisign (25%)  
  • McAfee (23%) 
  • BBB (7%)
  • TRUSTe (3%) 

That study used 150 respondents, so is less robust, but the point about it being more a branding/reassurance exercise stands. 

Issues with the study

Ecommerce consultant and Econsultancy guest writer Greg Randall sees several flaws in the study. 

Asking the question: Which badge gives you the best sense of trust when paying online?  implies a selection must be made. The fact that those who took the survey spent approximately 13 seconds to make a selection proves they wanted to conduct the survey and consciously selected “Don’t know or no preference”.  This speaks volumes. 

I interpret the 49% as those who do not care about the brand of a security badge, and the remaining 51% made selections based on equity in the brands they had to choose from.

How to properly test this hypothesis…

Asking the opinions of a survey group who do not have true buying intent at the stage of submitting their credit card information will never truly answer the question of the power of security badges.

Why? When conducting a survey in this manner it becomes a popularity contest. Have a look at Google Trends for the US and you can see the top two selections in the Baymard study have the highest brand trend activity. 

What’s interesting is the downward trend. This could be a combination of an increase in competition, and/or perhaps online retailers are finding other methods to build trust online.

According to Greg: 

The only way to truly test this hypotheses is to test payment pages with people who are in “buying mode” and are about to submit their payment information to a site for an actual purchase: how do they react when they see a badge vs no badge at all? How do they react to different badges?  

If I was put in charge to test this hypothesis I would conduct a series of AB tests in the following manner and structure. Firstly, I would select a site with a mediocre shopping cart and conduct the following tests:

  • Badges vs no badges at payment details page.
  • Badges vs badges at payment details page – see which brand converts higher.
  • Badges with copy vs badges with no copy at payment details page. Have short snippets of content explaining what the badge delivers i.e. “Norton software ensures your personal details and credit card information are safe and secure” (or something like that).  

    These confidence building messages placed in key areas of the shopping cart have proven to be extremely effective.

  • Placement of badge near the pay button vs somewhere else on the page. The ASOS badge has a very odd placement being at the top right hand corner of the payment page.  

    You miss it because your eyes focus on the fields that need to be filled out.  I would bet money they would lift performance if they had the badge beside or under the call to action button on that page.

  • Placement of the badge in the shopping cart (first step), the delivery and billing address page, and the payment page (last step when they are submitting their payment information) vs badge displayed only on the final step.  

    This would test the power of introducing security messages sooner.

Different kinds of trustmarks

According to Lovehoney’s Head of Ecommerce Matthew Curry, trustmarks tend to fall into three categories: 

Security certificates

Security certificates are good, as long as it’s a name people recognise. I do wonder though nowadays if it’s such a given that people even notice.The trustmark should be a CTA that links to some level of proof, but I’m always reticent to steer people away from a site. Be careful here.

Site reviews

This is a form of social proof, and works because it demonstrates that other people have shopped on the site without any major problems. 

Here, Lovehoney has a Shopzilla logo during checkout, as well as one from Verisign:

This then leads to a page which, if your ratings are as good as Lovehoney’s, provides a lot of reassurance for shoppers: 

According to Matt:

Site Reviews are ace, and probably my favourite trustmark – they should link to a page on your own site, featuring an edit of recent comments, and some of your best sellers. You can then link off to the review site from there.

‘Safe shopping’ schemes

Matt is less keen on these schemes:

Safe shopping schemes are my least favourite, and tend to just be a way for an industry body to collect revenues without any effort promoting the scheme to the public beyond a website. Buyer protection is thin (sometimes it even carries an additional charge), and there’s no auditing procedure.

I have no faith in them. However in Germany there seems to be much more effort put into the scheme. It might be related to market maturity.

Matt is referring to some of the schemes where retailers pay for a badge or logo and checks are relatively infrequent.

However, schemes such as Google’s ‘Certified Shops’, recently launched in the UK, attempt to reassure customers with stats showing the number of transactions, success rate and percentage of deliveries dispatched on time.

Does this mean sites should use trustmarks? 

i am dubious about trustmarks, as the actual purpose of the trustmark (whether it’s a security or trust thing) seems to be lost on most consumers. 

Besides, there are other ways to convey trust in a site, such as the general look and feel of the site, its performance, a well-designed checkout and customer trust in the retailer/brand. 

I asked some ecommerce experts for their views: 

Are trustmarks important? Do they work? 

Dan Barker, Ecommerce consultant:

In the past, one of my ‘standard’ tests, particularly on non-high-street brands was to put a Verisign (or similar) logo in a visible position across the site. It always felt like that should not make a difference, but it regularly did. I first started running the test because McAfee used to sell that as a service with its logo for thousands of pounds. I figured if that worked, another highly recognised trustmark should perform similarly, which it did.

As ecommerce has gone from being a somewhat niche thing to a standard way of shopping, trustmarks and the like matter slightly less than they did. I’m often surprised though: I did a fairly big ‘new customer acquisition’ test for a company last year, and one of the tests we did was to switch out a model shot on a landing page with a Trustpilot logo (& associated testimonial). The TrustPilot logo version won, which I’d never have predicted, especially given the brand.

Stuart McMillan, Deputy Head of Ecommerce at Schuh: 

Testing shows that they make most difference in the checkout, which is hardly surprising. For example, one test I was involved in a couple of years ago involved in duplicating a trust mark which appeared at the bottom of the checkout page next to the “place order” button, we simply copied the button to the top of the page. This caused a noticeable reduction in checkout abandonment.

I’d say they are analogous to the ‘go to secure checkout’ treatment that is often applied to basket page calls to action, just because you say secure doesn’t mean that it is. However, it still unconsciously appeals to customers.

There is however, a counter argument. By using trust seals you may actually be reminding customers that websites can be unsafe. So I’d certainly advocate that logos be tested, and tested on the different pages you might put them on. We certainly plan to test further to see if they can be removed from various pages without affecting conversion.

James Gurd, Digital Juggler: 

I think there are a few well known trust marks that carry greater reassurance than others, such as Verisign simply because the logo is widely recognised. However, there are regional variations so you need to think about what, for example, a US audience would consider a sign of trust vs. the UK.

Increasingly social proof is becoming more important than security/trust badges. AO.com is a good example. It has been incredibly successful online and leads strongly with persuasion messaging based on its social following, as well as customer reviews. That said, I think not having a trustmark is an oversight. It’s not a major investment but it’s an important box ticker to cover the base for when a user specifically seeks out this level of reassurance.

Are other signs (design, brand trust etc) more important? 

Dan Barker: 

If you are unknown, or less known to your site visitors, you can ‘borrow’ some familiarity and trust using particular cues. In some markets (eg. fashion), design is far more important than trustmarks, but there are still elements that work there – for example that’s one of the reasons behind those “Big Brand x Niche Brand” collaborations, where each is borrowing an attribute of the other brand that particular people trust, or buy into.

Trustmarks are sometimes a way of borrowing credibility, quality photography and copywriting are others, design / look & feel another. Each of these, and many other elements, will be more or less important depending on a site’s audience.

James Gurd:

I don’t think they’re as important as they used to be. People are more comfortable shopping online, even on mobile devices over public wi-fi. I think we’ve seen an evolution towards wanting validation about brand credibility in other ways – social proof, customer reviews, brand value propositions, excellent customer service both on and offline etc. If those expectations are matched, then the need for security badges is reduced.

In summary

The Baynard study is interesting, though I would like to see what the shopping cart test outlined above would reveal about the importance of trustmarks. 

It does seem that the familiarity with the trustmark’s brand seems to be more important for customers than what it actually says about the site’s security or otherwise. 

Also, while they may be less important than before, it would be a brave ecommerce site which decided to do away with trustmarks altogether.