Where Argos have failed on their 'new' web site
I can't remember when the new Argos site was release, I think it has been 6 months or so but for various reasons, it was slated and sadly, there are still many parts of it that are severely lacking. Really, the main issue is that people need to trust the web sites they use. Poorly rendered pages, misleading information or words that sound like Argos don't really understand what they are doing gives the whole site a fairly amateur feel and doesn't leave me feeling particularly safe on their site.
First, let's get some of the basics out of the way. Last night, I was given a "sorry" page since it said, "there were an excessive number of people visiting the site" and therefore some rate-limiting was in place. Unless this was some kind of Denial of Service attack, there is no excuse for a large online retailer to ever have to do this. It's like locking your shop door for no good reason. The system should be able to scale to very large numbers of customers and if it is designed properly, that is actually very easy to do.
Even today, I went to order something and various bugs occurred, meaning I needed to start again. Not the end of the world but pretty poor.
Secondly, design and layout is incredibly important, again to make people trust the quality of your brand but also to make me trust that the people who made the site knew what they were doing. The overall design is so bland, there should be no room for mistakes - it is hardly at the cutting edge of complicated design. Some of the images below show various parts of the site that have not rendered properly. The fact these bugs still exist is a testimony to either a very poor lack of testing or a lack of a system to enable them to be fixed.
Let us now turn our attention to the search and or population of the "Popular" lists in the menu. I chose (randomly) Sport and Leisure -> Popular -> Car Covers and guess what I saw? This:
How very trendy! A page that tries to be cool by saying, "Hmmm" but even worse, it's telling me that my search term was not correct. There should be nothing in the menu that returns no results and if that is not possible to fix, the page should be less "Look what you did wrong" and more "Looks like there isn't anything here any more..."
So then, I turned my attention to the "Secured by Argos" badge. I feel REALLY strongly against companies doing this (and Argos aren't the only ones). The point of a badge is to represent something official, something audited or awarded, not just the fact that Argos want their site to be secure. This badge means nothing at best but at worst, it misleads the customers to believing that it does mean something. Things like "Verified by Visa" are OK in that they are external organisations that can describe exactly what they do to protect you, although they are fairly weak in terms of real protection for a web site. Argos should really have something much more meaningful like one of the Safe Site seals you can buy from various security companies.
But, it continues. Let us click through and see the (poorly rendered) Secure Online Shopping page. Interestingly, argos don't seem to like using page titles correctly, which makes their site difficult for Google and other search engines to correctly index. If you click on Nike, for instance, it's actually a search and the title of the page you go to is "Results for NIKE" not terrible but sloppy. Anyway...
"A padlock will be visible in the bottom right of your web browser, this means you are in secure mode – this should always be when entering personal or payment details."
NO, NO, NO. A padlock that the web site has drawn in the bottom right of the screen means exactly nothing! It is misleading and it is wrong. The icon for security is the padlock in the browser URL bar, which means the TLS connection is in place and verified. You might as well say that a picture of a pink banana means you are in secure mode. It is a non-standard, non-transferrable piece of information that does not increase web security. For goodness sake, teach people about the actual technology, not just your intention to be secure.
"Being in secure mode means all your details are encrypted for increased security (256 bit)"
Not if your TLS is not correctly set up it doesn't. It also only refers to details in transit, not the data stored in your databases, which may or may not be encrypted. Again, it sounds like you are trying to be user friendly but are being misleading in the process.
"We use advanced encryption so that your card details cannot be seen"
Similar to above, this is a half-truth.
"We use the Secure Socket Layer (SSL) for all orders placed – this prevents you from inadvertently revealing any personal information"
You actually use TLS, not SSL. TLS does not prevent you revealing any personal information at all. There are lots of ways that can occur and only one of these (transmission) is protected by TLS.
"We use your card details to process your orders and we will ask for them for every order placed"
This is not clear. Are you saying that you do not STORE them, which is why you ask for them each time? If so, say that, otherwise it is unclear why this is a good thing.
"The three digit card signature code will be required to place an order – this ensures that your card cannot be misused"
Really? How? Again, it sounds like you are implying something that is not clear in the statement. It also does not prevent, for instance, your child from using your card to order something, in which case it doesn't ensure that your card cannot be misused.
The recommendation block is about the only thing that is almost true.
Moving down to the browser recommendations, I'm not sure which version of Firefox you are talking about because under my security tab, I don't have any section for warning messages. Also, your definition of old browser should really read "Ancient". There is no reason for anyone to be using a browser older than IE8, which is available on Windows XP. IE5? That was superseded in 2001 and even IE6 is woefully insecure for modern browsing. This whole thing smells of a quick dirty attempt to put a security page together rather than an informed and well-thought out page. Sadly, that is par for the course on most web sites.
It is unclear why you are only offering a link to Internet Explorer, especially since not all operating systems can download and use it. Why not offer a browser choice link instead, so people can choose the browser they want to use? A site like http://www.browserchoice.eu/browserchoice/browserchoice_en.htm
Conclusion?
If this site was built by a small company with limited expertise, most of the issues wouldn't surprise me too much, although I would definitely expect the usability issues to be fixed by now. The performance problems should only be a problem if you don't have the money to scale up the web server farm. For a large company like Argos however, most of these issues should never have been made in the first place.
Misleading language and non-standard security guidance is unforgiveable. The fact that your presumed expertise has not been able to resolve the technical and layout problems can only lead me to deduce that either the Argos management have had too many fingers in the design process and have ended up producing a very poor product (this is very common in the software world) or the whole thing has simply been managed so badly that the result is exactly what is expected: A site that is just about usable but which does not fill the customer with trust.
5 out of 10
First, let's get some of the basics out of the way. Last night, I was given a "sorry" page since it said, "there were an excessive number of people visiting the site" and therefore some rate-limiting was in place. Unless this was some kind of Denial of Service attack, there is no excuse for a large online retailer to ever have to do this. It's like locking your shop door for no good reason. The system should be able to scale to very large numbers of customers and if it is designed properly, that is actually very easy to do.
Even today, I went to order something and various bugs occurred, meaning I needed to start again. Not the end of the world but pretty poor.
Secondly, design and layout is incredibly important, again to make people trust the quality of your brand but also to make me trust that the people who made the site knew what they were doing. The overall design is so bland, there should be no room for mistakes - it is hardly at the cutting edge of complicated design. Some of the images below show various parts of the site that have not rendered properly. The fact these bugs still exist is a testimony to either a very poor lack of testing or a lack of a system to enable them to be fixed.
Let us now turn our attention to the search and or population of the "Popular" lists in the menu. I chose (randomly) Sport and Leisure -> Popular -> Car Covers and guess what I saw? This:
How very trendy! A page that tries to be cool by saying, "Hmmm" but even worse, it's telling me that my search term was not correct. There should be nothing in the menu that returns no results and if that is not possible to fix, the page should be less "Look what you did wrong" and more "Looks like there isn't anything here any more..."
So then, I turned my attention to the "Secured by Argos" badge. I feel REALLY strongly against companies doing this (and Argos aren't the only ones). The point of a badge is to represent something official, something audited or awarded, not just the fact that Argos want their site to be secure. This badge means nothing at best but at worst, it misleads the customers to believing that it does mean something. Things like "Verified by Visa" are OK in that they are external organisations that can describe exactly what they do to protect you, although they are fairly weak in terms of real protection for a web site. Argos should really have something much more meaningful like one of the Safe Site seals you can buy from various security companies.
But, it continues. Let us click through and see the (poorly rendered) Secure Online Shopping page. Interestingly, argos don't seem to like using page titles correctly, which makes their site difficult for Google and other search engines to correctly index. If you click on Nike, for instance, it's actually a search and the title of the page you go to is "Results for NIKE" not terrible but sloppy. Anyway...
"A padlock will be visible in the bottom right of your web browser, this means you are in secure mode – this should always be when entering personal or payment details."
NO, NO, NO. A padlock that the web site has drawn in the bottom right of the screen means exactly nothing! It is misleading and it is wrong. The icon for security is the padlock in the browser URL bar, which means the TLS connection is in place and verified. You might as well say that a picture of a pink banana means you are in secure mode. It is a non-standard, non-transferrable piece of information that does not increase web security. For goodness sake, teach people about the actual technology, not just your intention to be secure.
"Being in secure mode means all your details are encrypted for increased security (256 bit)"
Not if your TLS is not correctly set up it doesn't. It also only refers to details in transit, not the data stored in your databases, which may or may not be encrypted. Again, it sounds like you are trying to be user friendly but are being misleading in the process.
"We use advanced encryption so that your card details cannot be seen"
Similar to above, this is a half-truth.
"We use the Secure Socket Layer (SSL) for all orders placed – this prevents you from inadvertently revealing any personal information"
You actually use TLS, not SSL. TLS does not prevent you revealing any personal information at all. There are lots of ways that can occur and only one of these (transmission) is protected by TLS.
"We use your card details to process your orders and we will ask for them for every order placed"
This is not clear. Are you saying that you do not STORE them, which is why you ask for them each time? If so, say that, otherwise it is unclear why this is a good thing.
"The three digit card signature code will be required to place an order – this ensures that your card cannot be misused"
Really? How? Again, it sounds like you are implying something that is not clear in the statement. It also does not prevent, for instance, your child from using your card to order something, in which case it doesn't ensure that your card cannot be misused.
The recommendation block is about the only thing that is almost true.
Moving down to the browser recommendations, I'm not sure which version of Firefox you are talking about because under my security tab, I don't have any section for warning messages. Also, your definition of old browser should really read "Ancient". There is no reason for anyone to be using a browser older than IE8, which is available on Windows XP. IE5? That was superseded in 2001 and even IE6 is woefully insecure for modern browsing. This whole thing smells of a quick dirty attempt to put a security page together rather than an informed and well-thought out page. Sadly, that is par for the course on most web sites.
It is unclear why you are only offering a link to Internet Explorer, especially since not all operating systems can download and use it. Why not offer a browser choice link instead, so people can choose the browser they want to use? A site like http://www.browserchoice.eu/browserchoice/browserchoice_en.htm
Conclusion?
If this site was built by a small company with limited expertise, most of the issues wouldn't surprise me too much, although I would definitely expect the usability issues to be fixed by now. The performance problems should only be a problem if you don't have the money to scale up the web server farm. For a large company like Argos however, most of these issues should never have been made in the first place.
Misleading language and non-standard security guidance is unforgiveable. The fact that your presumed expertise has not been able to resolve the technical and layout problems can only lead me to deduce that either the Argos management have had too many fingers in the design process and have ended up producing a very poor product (this is very common in the software world) or the whole thing has simply been managed so badly that the result is exactly what is expected: A site that is just about usable but which does not fill the customer with trust.
5 out of 10