Does anyone have any info on

1. What proportion of users are likely to give up filling a form if they
feel the questions are too intrusive?
e.g. for no obvious reason there is a date of birth field which is
mandatory. Users may think "this isn't relevant" or "uh-oh, identity
theft risk" and abandon the form.
(depending on the stats, website designer may revisit the requirement
and make the field optional)

2. Guidelines on best practice for gathering customer data via secure
forms. Whilst it's standard best practice to gather credit card details
via SSL, what about names and addresses. What about name, address and
date of birth? I'm tending to think that where all three are on the same
form, then SSL may be preferable. I see Firefox by default does not
cache secure pages, although IE6 and IE7 do.

any pointers gratefully received

--
Craig Cockburn ("coburn"). http://www.SiliconGlen.com/
Please sign the Spam Petition: http://www.siliconglen.com/spampetition/
Home to the first online guide to Scotland, founded 1994.
Scottish FAQ, weddings, website design, stop spam and more!

On Mon, 27 Feb 2006 23:07:08 +0000, Craig Cockburn put finger to
keyboard and typed:

That's an almost impossible question to answer, as you can't tell how
many people don't do something or their reasons for not doing it.
Other than doing a comparative test to see how many people sign up
with one version of the form and how many sign up with another,
there's probably no way to determine this information.

But it's common sense to keep required form elements to a minimum -
not just because some people may object to giving out certain
information, but also because some may be genuinely unable to provide
it in some cases (For example, Ireland doesn't have postcodes. A lot
of ecommerce sites wonder why they get very few orders from Ireland),
and some people simply don't like filling in lengthy forms and will
give up out of boredom.

If you do require certain information, then it helps to explain why
you require it. There might also be a better way of going about it.
For example, if you have a need to restrict registration to people
over 18, then requiring a date of birth will do that - or, at least,
it will force anyone under 18 to lie, which is just as good from your
persepctive as it covers your backside sufficiently. But, if that's
all that you need an age for, then a checkbox for "I certify that I am
18 or older" is just as good - it's no more or less falsifiable by the
user, but it's a lot simpler to fill in.

On the other hand, if you don't have a need for the information, but
want to collect it anyway (eg, for internal demographic purposes),
then make that a separate section of the form but introduce it with a
paragraph saying something along the lines of "The following
information is entirely optional, but completing it will help us to
understand our users better". People are often quite happy to be
helpful when asked politely; what they dislike is being forced to be
helpful.

Credit card data should always be transmitted via SSL. Since you can't
have half an SSL page, that means that any other data on the same page
will also be SSL. But it isn't necessary for basic personal
information such as names and addresses. There is a small minority of
people who won't submit any personal data unless the page is
encrypted, but that's rare - it's unusual for websites to have
encryption for basic registration information.

Names, addresses and dates of birth are public domain. Anyone can look
them up on the electoral roll and register of births, and they're
often required by law to be publicly displayed on various documents
such as a driving licence. So requiring encryption on a webpage form
submission of such data would be a little pointless.

Mark
--
Visit: http://www.CorporateContact.info - phone and email contacts for Amazon, Paypal, eBay and lots of other hard-to-contact organisations
Listen: http://www.goodge.co.uk/files/dweeb.mp3 - you'll love it!

Message-ID: <dfv7021n9d65e8u90fbnipjpggp6tmkb3l@news.markshous e.net>
from Mark Goodge contained the following:


Bearing in mind the DPA which states that information processed must be
adequate, relevant and not excessive.

--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011

"Mark Goodge" <usenet@listmail.good-stuff.co.uk> wrote in message
news:dfv7021n9d65e8u90fbnipjpggp6tmkb3l@news.marks house.net...
of an online transaction rather than the actual security afforded by
the SSL certificate.

Person to person email can be encrypted to protect against the
interception of data in transit but the use of an SSL certificate only
protects the information between the HTML form and the server.

The transmission of data from the server to the recipient by email
might not be secure and the person submitting the HTML form
using SSL has no way of knowing how their data will be dealt with
once it has reached the server.

rp

Craig Cockburn wrote:

Ask for some basic guidelines when you register under the Data
Protection Act (you weren't planning to hold personal data
illegally, were you?)

--
Nick Kew

Craig Cockburn wrote:

I think bigger concerns for most people than the risk of identity
theft would be (i) waste of my time, and (ii) information likely to be
sold on to spammers and marketeers.

The basic rule is - if you don't need it, don't ask for it. Some
people _will_ resent being asked questions they don't perceive as
relevant, and will either abandon the form or will fill in incorrect
responses.

The next rule is - if you don't need it in a specific form, don't ask
for it in a specific form ... eg, addresses, phone numbers, dates.
Unless your computer is going to automatically process the information
and is not capable of, eg, parsing a date that could be written in one
of several formats, it doesn't matter how they enter the information.

Yes, there will be times when you want to find out more about your
users, with information that is not strictly necessary. I would
recommend separating this from the required information, and making it
clear that while you would appreciate it if people filled it in, it is
entirely optional for them to do so. You might not get so many
responses to that bit, but you will get more responses to the
important bit of the questionnaire, and you will have more satisfied
respondents. Another option is to give people options to choose from.
Instead of asking them for their DOB, ask for their age bracket. This
is less intrusive, and allays some of the fears respondents might
have.



--
Stevie D
\\\\\ ///// Bringing dating agencies to the
\\\\\\\__X__/////// common hedgehog since 2001 - "HedgeHugs"
___\\\\\\\'/ \'///////_____________________________________________

On Tue, 28 Feb 2006 11:31:02 +0000, Nick Kew put finger to keyboard
and typed:

Depending on the application, registering may not be necessary. You
don't need to register with the DPA if all you're doing is keeping
records of customer names and addresses, for example.

Mark
--
Visit: http://www.GoogleFun.info - fun and games with Google!
Listen: http://www.goodge.co.uk/files/dweeb.mp3 - you'll love it!

In message <dfv7021n9d65e8u90fbnipjpggp6tmkb3l@news.markshous e.net>,
Mark Goodge <usenet@listmail.good-stuff.co.uk> writes
page and record how many of the hits result in complete submissions and
then try the same with a page with more intrusive questions on the same
site.
Not really, almost a third of people are no longer on the public
register
http://www.parliament.the-stationery...05/cmhansrd/cm
050222/text/50222w33.htm

The register of births is only public with some effort. In Scotland any
birth within 100 years is not on the Internet, someone has to physically
go to register house to get it.

--
Craig Cockburn ("coburn"). http://www.SiliconGlen.com/
Please sign the Spam Petition: http://www.siliconglen.com/spampetition/
Home to the first online guide to Scotland, founded 1994.
Scottish FAQ, weddings, website design, stop spam and more!

In message <44040cc3$0$49669$ed2619ec@ptn-nntp-reader03.plus.net>, rp
<rp@xx.xx> writes
SSL pages by default. IE6 and IE7 cache secure pages by default
therefore a copy of the submitted data might be on the person's PC.

--
Craig Cockburn ("coburn"). http://www.SiliconGlen.com/
Please sign the Spam Petition: http://www.siliconglen.com/spampetition/
Home to the first online guide to Scotland, founded 1994.
Scottish FAQ, weddings, website design, stop spam and more!

In message <msodd3-l98.ln1@asgard.webthing.com>, Nick Kew
<nick@asgard.webthing.com> writes
the company.

--
Craig Cockburn ("coburn"). http://www.SiliconGlen.com/
Please sign the Spam Petition: http://www.siliconglen.com/spampetition/
Home to the first online guide to Scotland, founded 1994.
Scottish FAQ, weddings, website design, stop spam and more!