Trust is a huge component of Digital Security, do your customers trust you?

I don’t know about you but if I do not trust a website I will not do business with it.   That trust can also be a ethereal realisation that something is just a little off.   To most of us, if we are looking to buy we have already done most of the homework and we trust who we are giving our hard earned scruples to.

Recently I tried to purchase some RAM (RAM for a 4 year old HP server) for a client, a small investment of about $1000 but let me tell you the problems I encountered.

Their web site took my credit card and delivery details (normal requirements for an internet purchase) and that took a little bit of trust but when I had to fill in a US Government compliance form, fill in a proforma with my credit card details and send them a copy of my credit card (front and back).

I promptly cancelled the order.

Now maybe I am paranoid but this transaction did a number of things that raised my distrust of the site.

They already had my credit card and delivery details, they requested my business information, they wanted a separate form with my credit card details and they wanted a copy of my credit card.

That is 4 locations within their business where my full credit card details could be compromised.   They are – from the web site, from the proforma, from the copy of my credit card details and the email conversation.

All of which could be compromised, looked at and copied within their business.

In addition to this there was no where on the site that either explained the whole process and why they did it and there was no reasoning behind their additional request.

Even when purchasing high end Cisco and HP equipment the compliance component is a tick box of terms and conditions within the purchasing process.   I know that US compliance requirement are complicated but this is the first US company that required all of this information for a simple purchase.

Don’t get me wrong, I purchase a large amount of goods from the Internet, I normally always purchase from reputable companies, Dell, HP, IBM, Cisco and our suppliers ingrammicro and dickerdata for instance,

I do it so that our clients don’t have to expose themselves and their credit card information to the Internet plus we make a small profit on the sale.

I also do it because I trust them.

I have never had to do what this insignificant company wants me to do just to purchase some RAM.

So what am i saying?   When you are doing business on the Internet you have to create a trust worthy environment.   You have be able to belay people’s fears, that you are not going to rip them off, that you are going to treat the purchasers information with respect and most importantly you are going to keep their information as secure as they do.

By demanding additional information from the purchaser makes them edgy and insecure, which leads to a lack of trust which then jeopardise your sale.

If you have to ask this level of information from a prospective purchaser then you need to look at alternative strategies to achieve it to protect both them and your business.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework. Rapid Restart Appliance Creator. He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.