Feeling secure on the web

I was recently offered a free upgrade to a new version of the foremost page publishing program. Great, something for nothing. All I had to do was fill in the serial number of my current product, my contact and address details, and  credit card information to pay for the post and packaging. What could be simpler?

As I started to fill in the form I realised that this form didn’t display the gold padlock to signify it is secure and to reassure me that my details will be passed over the internet in an encrypted format. Neither is the page https:// which to all you techies out there also signifies that the page is hosted in a secure section of the webspace running the site.

However, there was a contradiction on the webpage before me. The form displays a Security Seal from Verisign. So is this page secure or not? Now I’m confused. All I want to do is get a free upgrade but my online life has just become complicated as there is absolutely no way I’m going to trust a website with my credit card information (and also the serial number of a relatively expensive piece of software).

I did a little investigation by looking at the page source and found that the actual form collecting my information is working within an iframe in the site. This actual form part of the webpage is it turns out hosted on a secure URL and therefore my credit card details should be encrypted and not open to all and sundry to steal.

But how many users are going to go to the level of investigation I did to find out that the form is worthy of me adding my confidential details and credit card information? And how many users are aware of and have the time to discover this information?

This is a good example of a major usability issue with website design and programming where too many E-commerce developers are requiring the end user to do more work than they should have to. The users part of the deal is to fill in the form with the required information and provide a valid form of payment. They should be able to see the Padlock and the page URL starting with https:// as well as the Security Seal. Users shouldn’t have to search around and perform an investigation to make sure a form is secure because they cannot see the usual signs that is safe.