Re: Some studies on the visibility of EV sites. from Serge Egelman on 2008-03-05 (public-wsc-wg@w3.org from March 2008)

From: Serge Egelman <egelman@cs.cmu.edu>
Date: Wed, 05 Mar 2008 08:54:10 -0800
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
CC: public-wsc-wg@w3.org
Message-ID: <47CED032.3020705@cs.cmu.edu>
This entire study is flawed: participants were primed for security.  Any 
legitimate security study would not begin by telling participants it is 
a security study, and telling them which browser features to look for!

"The simple description participants heard in
this study was: “The green address bar in
Internet Explorer 7 means that this website is an
Extended Validation website. Extended
Validation, or EV, means that the website owner
has gone through extra, rigorous steps with an
authorized Certificate Authority to prove they
are a secure site.”

Of course you're going to get favorable results when you tell them ahead 
of time what to look for!  In every study where participants have *not* 
been told to look for SSL indicators, they *rarely* notice them.  With 
the EV indicator specifically, I had 0 of 60 participants notice it.

This study has not shown that the EV indicators are effective.  It has 
shown that when some schmuck calls you on the phone and tells people 
what to look for, they generally follow those instructions.  Hooray, 
VeriSign just paid to confirm the Hawthorne Effect.  It's too bad this 
has been known for over 50 years.

serge

Hallam-Baker, Phillip wrote:
> OK, these are vendor studies, but they are much bigger sample sizes and 
> under field conditions. The Tec-Ed study is an independent study we 
> comissioned. These are the only studies I am aware of that VeriSign has 
> commissioned.
>  
>  
> I don't think that the small sample size is the real problem in lab 
> tests. Its the lab itself. I have been using computers for 25 years, I 
> used a Mac every day at MIT. It has taken me over two weeks to get used 
> to my MacBook Air and I am still finding things out now.
>  
> Nielsen's usability tests seem to me to be exactly right if your 
> objective is to design something in order to sell it. I was in the Apple 
> store for a total of about 30 minutes. I did not intend to buy that 
> particular model going in (I was going to buy a more expensive model but 
> they didn't have it in stock - thankfully).
>  
> But what matters for stopping Internet crime is the long term user 
> interaction.
>  
>  
> ___http://www.verisign.com/static/040655.pdf_ 
> <https://webmail.verisign.com/exchweb/bin/redir.asp?URL=http://www.verisign.com/static/040655.pdf> 
> 
> January 2007, Tec-Ed researched usage and attitudes of 384 online shoppers
> 
>           o Measured their responses to Web sites with and without green
>             bars
>                       # 100% of participants notice whether a site shows
>                         the green EV bar
>                       # 93% of participants prefer to shop on sites that
>                         show the green bar
>                       # 97% are likely to share their credit card
>                         information on sites with the green EV bar, as
>                         opposed to only 63% with non-EV sites
>                       # 77% of participants report that they would
>                         hesitate to shop at a site that previously
>                         showed the green EV bar and no longer does so 
> 
> *DebtHelp: 11% increase in transactions*
> ___http://www.verisign.com/Resources/success-stories/SSL_and_VeriSign_Secured_Seal/debthelp.html___ 
> <https://webmail.verisign.com/exchweb/bin/redir.asp?URL=http://www.verisign.com/Resources/success-stories/SSL_and_VeriSign_Secured_Seal/debthelp.html>__ 
> 
> 
> *Overstock: 8.6% decrease in abandoned shopping cart rate*
> ___http://www.verisign.com/Resources/success-stories/SSL_and_VeriSign_Secured_Seal/overstock.html___ 
> <https://webmail.verisign.com/exchweb/bin/redir.asp?URL=http://www.verisign.com/Resources/success-stories/SSL_and_VeriSign_Secured_Seal/overstock.html>__ 
> 
> 
> *Scribendi: 27% increase in transactions*
> ___http://www.verisign.com/Resources/success-stories/SSL_and_VeriSign_Secured_Seal/scribendi.html___ 
> <https://webmail.verisign.com/exchweb/bin/redir.asp?URL=http://www.verisign.com/Resources/success-stories/SSL_and_VeriSign_Secured_Seal/scribendi.html>__ 
> 
> 

-- 
/*
PhD Candidate
Carnegie Mellon University

"Whoever said there's no such thing as a free lunch was never a grad 
student."

All views contained in this message, either expressed or implied, are 
the views of my employer, and not my own.
*/
Received on Wednesday, 5 March 2008 16:55:00 UTC