In the ProjectVRM Standards Committee discussions, we’ve talked quite a bit about a “One Night Stand” use case, where a personal data store is used with an online retailer and all personal data is erased–as much as possible–after the transaction.
The premise is simple: if users know they are safe giving personal data, they will give it more freely. Limits on long term data mining (and its attendant offensive behavior of junk mail, spam, and telemarketing) paradoxically increase data sharing and enhance the ability of vendors to provide more meaningful engagement at the moment of the transaction. Less long term data retention leads to more real-time data provided by users, resulting in better customer experiences, and more profit for vendors.
Until recently, this was a theoretical argument, a belief by those of us promoting VRM. As Doc Searls puts it, “A free customer is more valuable than a captive one.”
Now we have evidence of just how valuable that can be.
The form was simple. The fields were Email Address and Password. The buttons were Login and Register. The link was Forgot Password. It was the login form for the site. It’s a form users encounter all the time. How could they have problems with it?
The problem wasn’t as much about the form’s layout as it was where the form lived. Users would encounter it after they filled their shopping cart with products they wanted to purchase and pressed the Checkout button. It came before they could actually enter the information to pay for the product.
“I’m Not Here To Be In a Relationship”
We were wrong about the first-time shoppers. They did mind registering. They resented having to register when they encountered the page. As one shopper told us, “I’m not here to enter into a relationship. I just want to buy something.”
Some first-time shoppers couldn’t remember if it was their first time, becoming frustrated as each common email and password combination failed. We were surprised how much they resisted registering.
Without even knowing what was involved in registration, all the users that clicked on the button did so with a sense of despair. Many vocalized how the retailer only wanted their information to pester them with marketing messages they didn’t want. Some imagined other nefarious purposes of the obvious attempt to invade privacy. (In reality, the site asked nothing during registration that it didn’t need to complete the purchase: name, shipping address, billing address, and payment information.)
Not So Good For Repeat Customers Either
Repeat customers weren’t any happier. Except for a very few who remembered their login information, most stumbled on the form. They couldn’t remember the email address or password they used. Remembering which email address they registered with was problematic – many had multiple email addresses or had changed them over the years.
When a shopper couldn’t remember the email address and password, they’d attempt at guessing what it could be multiple times. These guesses rarely succeeded. Some would eventually ask the site to send the password to their email address, which is a problem if you can’t remember which email address you initially registered with.
(Later, we did an analysis of the retailer’s database, only to discover 45% of all customers had multiple registrations in the system, some as many as 10. We also analyzed how many people requested passwords, to find out it reached about 160,000 per day. 75% of these people never tried to complete the purchase once requested.)
The form, intended to make shopping easier, turned out to only help a small percentage of the customers who encountered it. (Even many of those customers weren’t helped, since it took just as much effort to update any incorrect information, such as changed addresses or new credit cards.) Instead, the form just prevented sales – a lot of sales.
The $300,000,000 Fix
The designers fixed the problem simply. They took away the Register button. In its place, they put a Continue button with a simple message: “You do not need to create an account to make purchases on our site. Simply click Continue to proceed to checkout. To make your future purchases even faster, you can create an account during checkout.”
The results: The number of customers purchasing went up by 45%. The extra purchases resulted in an extra $15 million the first month. For the first year, the site saw an additional $300,000,000.
Now that’s real money.
Firstly this reminded me of a post Ben Laurie wrote about recent research and the possibility of using the Trusted Platform Module found in most modern computers, to create an envelope for handing sensitive data transactions.
“… using the TPM to hold sensitive data such that the guy holding it can read it – but if he does, then it becomes apparent to the person who gave him the data. Or, the holder can choose to “give the data back” by demonstrably destroying his own ability to read it.”
This may help alleviate some concerns people have in sharing certain information to be held long-term, and to potentially audit access of ones data (how practical this is, is yet to be seen).
The other thought concerned how your site and many others required(s) that people either register, fill out forms or other protocols that get in the way of the users goal. While there are two sides to this story, I see inappropriate barriers to entry for users everywhere, it’s sure frustrating.
I’m a strong advocate of letting users do whatever they like without registering or form filling in order to lower the initial barrier to entry with one or two catches: Requiring just an email address (or other identifier where required) for later verification, with conditions on how it will be used. Such that all actions performed are put in moderation until users have both verified themselves, and administrators have considered them fit for approval. A two-pronged approach with as much automation/outsourcing (e.g. using the user base to moderate) of this process as the situation desires.
With so much competition online, getting people to simply try something new will only get harder in time, and I believe many will have to go open access and allow minimum disclosure in order to simply get traction. OAuth and OpenID may help this process but I don’t really like either of them due to their centralization, or the Internet’s information-exchange architecture for the same reason… but they’re all we have (for now).
Hi Joe – nice post. I have one of my own linking to it tomorrow. Bart Stevens suggested it might be interesting for us to have a chat. If you think so please drop me a line. I’m a partner at VC firm DFJ Esprit – http://www.dfjesprit.com.
best,
Nic