How to make your online shopping cart suck less

Gareth sent me this link to The Oatmeal's funny and all-too-true 6-page comic strip about the horrible interaction design of many online checkout procedures.

Mark Frauenfelder is the founder of Boing Boing and the editor-in-chief of MAKE and Cool Tools. Twitter: @frauenfelder. Come and hear Mark speak at the ALA conference in Chicago on July 1.

More at Boing Boing

Ants and Stars: Bruce Sterling and Jasmina Tesanovic visit the Sardinia Radio Telescope in Italy

The Snowden Principle

http://www.flickr.com/photos/stefan_e_jones/ Stefan Jones

The Oatmeal is great stuff all around.

Although, if I actually had to deal with the Bobcats in my office, I’d be tempted to bring my dog to work and let her deal with them.
http://www.disoriented.net/ angusm

The Oatmeal is a living god, but this line made me cringe:

“… unless it’s absolutely critical that I create an account, allow for Express Checkout or Facebook Connect” …
… because Facebook doesn’t have enough data on each of us anyway, and why wouldn’t you want to share your entire purchasing history with Mark Zuckerberg? Yes, please add Facebook Connect to everything.

It’s a pity that OpenID proved too complex for the masses to get their heads around: it would be nice to have a single sign-on solution that isn’t linked to a corporation with a vested interest in tracking your every virtual move (Facebook, Google, Microsoft, etc)
- bkad
  
  I agree, I’m NOT a fan of Facebook Connect, not for commenting on blogs, and certainly not for purchases. This is especially because I joined Facebook in the early ‘people use their real names’ era and my facebook page promotes my real life and my real identity (even if I were to change it now, and I don’t know if I can, the cat is out of the bag). I’m not opposed to having a persistent handle across various websites, but there’s no way, for example, that I would post on Boing Boing with my real name. And certainly, there’s no reason facebook needs to know what I buy.
  - edgarhjelte
    
    Any connection to Facebook is bad PR in my book.
- xzzy
  
  Valve implemented a way for people to authenticate to sites through Steam. They have a decent track record in not being asshats, though I guess I can’t see a lot of justification for using a digital game distributor to log into every website in the world.
  
  But if you’re running a gamer oriented site it’s there, and works well.
  - Greg Webster
    
    Steam and the processes within it are not without issue. For example, I play Borderlands and I have a shitty slow internet connection so I play single-player. On a computer, I install it and I play it for a few hours. All is happy. Then I go to bed and come back to play it again. Well, I can’t because it forces me to update the software and there is no way to prevent it from doing that update. 12 hours later, after the update is downloaded and installed from my slow connection, I could play, but by that time I’m in bed.
    
    Firstly, it’s crappy to force people to update on Steam’s whim (no questions about whether I wanted or was ready to update). Secondly, there are no other options for update (for example, downloading the update at work and bringing it home).
    - bcsizemo
      
      I do miss the days when updates were for specific issues and games shipped 99.9% ready to play.
      - mccrum
        
        At the same time, it can be argued that Team Fortress has been made better by the constantly evolving maps and changes for holidays.
        
        Please note I made no mention of hats making anything better.
    - http://twitter.com/posty Derek
      
      From memory, if you change the properties of the game there should be a tab that you can set specific games update settings.
      
      it’s not exactly well advertised though.
- mccrum
  
  I can’t figure out why I can’t buy something as a guest more often than not. I don’t want an account for a one-time purchase, ever.
scatterfingers

He doesn’t go far enough.
voiceinthedistance

I justa ordered a case of Koala Burgers. I’ve been paying too much for them elsewhere.
Thanks, Boing Boing!
http://twitter.com/james4765 Jim Nelson

I actually do ecommerce, and shared this with my boss. Once we finished wiping the tears of laughter out of our eyes, it became one of our new standards documents.
ChicagoD

I need an asshole in my forehead. Bad.
- Greg Webster
  
  Mindfuck.
netdivaweb

I agree. I refuse to join any site where Facebook membership is a requirement. period. I don’t have a FB account and I don’t want one.

I actually don’t mind having another account when checking out: I use a password manager and since I got that, creating new accounts is not a PITA anymore.
pyster

heh. a very important thing is; 1 fucken field for a persons real name.

Why? FIRST MIDDLE LAST… people use this on their billing, and more than once this has cause me to not be able to place an order because something does not validate correctly.

another thing not to do is use forms/drop downs for cities. An example of this failing is on the roomba site.
ScottCh

One comment regarding allowing you to choose an easily guessed password. IMO no storefront – online or in meatspace – should be allowed to retain your credit card number. But since they can, and often do – a crap throwaway password opens the door wide to Id theft and fraud.
Jeb Adams

If I may, please support ZIP+4. It’s been out there for almost THIRTY YEARS. Please, for the love of God, let me enter my ZIP+4. And if it fails your shitty regex filter, don’t make me enter everything again because you are so dumb. If you want to get super fucking high tech, start putting in totally sweet type=”email” tags so I get my easy keyboard on the iPad.
Jay Converse

And leave the phone number field as a single open string. I don’t want to have three fields for the area code, and 555-444-3333 and 5554443333 are both legit. Don’t force me to enter (555) 444-3333.
- https://www.facebook.com/rgovrebo B. Peasant
  
  Yes, and let me write the plus sign and country code in my phone number, because I’m may be in a different country.
  
  On a mobile phone you’ll actually key in +47 before my number, on a land line the plus is replaced by whatever hoops your phone company makes you go through (may be “00″, may not).
bo1n6bo1n6

Nancy from Wyoming sure likes koala meat.
petz79

“Figure out what countries most of your users are from and list those first”

Please don’t. I don’t like to use the stereotype of an egocentric american world view, but this is the best example.

I admit, I live in country with only half a million inhabitants, but it rolls up my toe nails, when I have to search a non-alphabetical list of 192 countries. With an ordered list I only have to type the first letter of my country’s name and the selection automagically jumps to the countries starting with that letter. Isn’t that easy?

And haven’t those poor Afghans suffered enough? You want to ban them from the first place too?
- teapot
  
  Um FYI you can also key through an unordered list. It runs down the list from top to bottom selecting every word starting with the letter you are pressing.
- Moog
  
  The real question is why the United States needs to be in that list of countries at all. If I’ve already typed in “Billerica, MA 01821,” the system should AUTOMATICALLY fill in the country for me! Or, on the other hand, if I’ve already filled in the country and zip code, why isn’t the city and state filled in for me? I think this sort of thing could be implemented without waiting for major advances in the field of artificial intelligence…
  - Guest
    
    or, as mentioned above, Name and ZIP+4 should be sufficient.
    
    It works as a return address, right?
  - taghag
    
    or how about having the country field before state and zip so that country-specific fields can be generated without me having to jump all around the form?
- omems
  
  Isn’t it pretty easy to geolocate by IP? Put that first, as a best guess, and then give the rest of the list alphabetically.
CliffStoll

A problem for those who run tiny ecommerce shops (me!) is how shopping cart software imposes its will upon websites. I like my old-school, handworked html, rather than a pre-packaged system that forces each product to be displayed as every other article on the software vendor’s web. The content of the website should be primary, not the vision of the shopping cart’s designer. Many of Oatmeal’s observations are due to assumptions by the ecommerce designer, not the shop owner.

Oatmeal’s comments have made me change my checkout form: I don’t need anyone’s phone number, and it’s unnecessary to choose a credit card type, since Visa/MC/Discover/Amex have different leading digits.

Checkout forms need to be customizable: is the ship-to address a residence or business (UPS needs to know). If someone doesn’t want to give her phone number or email, that’s OK.

I’m trying to change ec0mmerce systems; of the dozens out there, I’ve not found any which support multiple languages (yes, people in Japan like topology), multiple currencies, and simple integration with an existing website (let me add a buy-this button using html). I don’t need affiliate traking, gift certificates, and upselling gizmos. Oh – it should be easy to install, be hosted on my system, and not cost $300 per year. At the moment, I’m considering Avactis and community Magento. (anything is better than the system I’m using) Any recommendations?
- http://twitter.com/james4765 Jim Nelson
  
  Unfortunately, there aren’t a lot out there. You may want to look at using Google Checkout, though – I used to recommend PayPal to a lot of people, but recent events have soured me on them…
  - mccrum
    
    Amazon Payment, Stripe, there are a host of options I’ve been looking into myself today…
- teapot
  
  It is getting a little long in the tooth, but ZenCart is free and quite effective. It ticks most of the boxes that you mention, misses a few and includes some of the things that clearly irk you. The admin page is particularly confusing to get your head around at the start but once you figure out where the settings you want to change are it’s pretty sweet.
  
  http://www.zen-cart.com/
  http://sourceforge.net/projects/zencart/
  
  Here is a list of sites that employ Zen Cart
  http://www.zen-cart.com/index.php?main_page=showcase
  - Hubris Sonic
    
    zencart is shit, and needs numerous security patches. It is still possible to do a simple sql injection attack on zencart…
http://vertigo25.tumblr.com/ vertigo25

My complaint about password requirements is that, although it makes it less likely that someone could *guess* your password, it makes coming up with an algorithm to figure out *all* passwords much easier by creating a finite and predictable pattern.
snowmentality

The flipside of forcing you to create an incomprehensible password is e-mailing your user name and password to you in plain text. *headdesk* Yes, this has happened to me.

And I know this is already in the comic, but please dear God stop making me enter unreadable captchas. I bought tickets online today and it took four attempts to guess correctly among “m,” “rn”, “fn”, and “in.”

Oh, and in general? Why do you always force me to make an account to check out? And then when I come back months later, having forgotten all about it, and I’ve entered all my info? You throw up an error saying “There is already an account with your e-mail address. Log in to continue.” Then I have to find your password reset link, wait for your stupid password reset email to arrive, go through the entire password reset process, and hope that your stupid system lets me log in properly once I’ve changed it. I don’t need to log in to your stupid website to check out. You don’t need to store my address and credit card number for “faster checkout next time.” I’d rather just type it in.
bcsizemo

I also love how Amazon keeps track of everything you have ever bought. If I’d known that BEFORE I purchased some ummm, not appropriate for dinner conversation toy I would have made a fake account or something…
- Antinous / Moderator
  
  I check links all day. Do you know what my Amazon recommendations look like?
  - http://burntheflag.ca Jardine
    
    Probably a lot like this: http://www.amazon.com/Passion-Natural-Water-Based-Lubricant-Gallon/dp/B005MR3IVO/
nox

Actually, cat-sat-on-keyboard passwords are not as good as we’ve been led to believe. Those restrictions are purely frustrating, and cause me to make simpler passwords so I can remember all the stupid characters I was required to include.

http://xkcd.com/936/

Mind you, I now just use lastpass for everything. But your lastpass master password need not be an impossible-to-memorize piece of garbage.
- teapot
  
  Correct Horse Battery Staple!
  
  I showed this exact comic to a colleague about 1 hour ago.
  - http://twitter.com/PronMastaDON Don Del Grande
    
    I keep typing in “Horse Battery Staple Correct” – why isn’t it letting me in? (Thought: make the words in alphabetical order – yes, it’s slightly easier to break, but if you already know the 4 words, that’s only 24 permutations the cracker has to try)
- Hanglyman
  
  Ever since seeing that comic, I’ve been using pass phrases instead of passwords, and using KeePass to store them (and Dropbox to store an encrypted backup of the KeePass file online in case my computer is stolen or destroyed).
  
  Annoyingly, the websites that could really use the most secure passwords have the smallest character limits… my bank, in particular, lets me use a MAXIMUM of 12 characters. Meanwhile, my pass phrases for internet forums are unbreakable for the next few centuries.
  - paul_leader
    
    Banks wind me up with that sort of crap. They like to make their security systems complicated to give the impression of greater security.
    
    One of my credit card providers requires me to provide a “memorable word” or between 8 and 12 characters, and a “secret code” which has to be a 6 digit number.
    
    Of course they don’t just call this a password, as that would be too easy. But that’s essentially what it is, but it’s so tightly restricted that it’s actually made easier to guess.
    
    Some are ok though. I have an Amazon credit card through Bank of America, and their website is really nice. Login is done using a username and password (and they let me use something nice and long). Simple, but still secure.
viggy

AMEN!!!
samvara

So true. I’d share it with people but the misogyny was kinda offputting.
TokenCapitalist

As someone who runs an ecommerce shop, this comic speaks deeply to me. It doesn’t help to have a background in UI. Ignorance is bliss, they say.
TaymonBeal

Relevant and funny rant on the same phenomenon:

http://steve-yegge.blogspot.com/2011/07/ebay-patents-10-click-checkout.html
howaboutthisdangit

A couple of my peeves:

Post the password rules – all of them! – on the page near the password box.

Not all fields are required. Really. I’ll prove it to you by giving you bogus information in any field that I don’t think is essential.
http://twitter.com/yogasuz Suzanne LaForest

Since there is a discussion going on here about shopping cart technology for small sites, I used to design websites and I implemented a couple of shopping carts using software I purchased that was supposed to make the process of creating a shopping cart easy and secure. After having had that experience, and after having worked for a company that developed software used on many big retail sites, I would recommend for many small business owners to sell through Amazon using their shopping cart technology. There are a couple reasons I recommend this 1) You will never in a million years ever be able to purchase shopping cart technology as sophisticated as what Amazon has spent millions of dollars and development hours creating. Their cart works well and is constantly improving. 2) Your products will be more likely to turn up in search results just because they are on Amazon, which as a massive website is much more likely to be raised up in the search results. No matter how much attention you devote to your little website, you will never be able to create a site with as many links to it and on it as Amazon has, or with as much content.
MrsBug

Guest checkout is the best thing since sliced beer.
- h2oh
  
  U haz sliced beer???
NickPheas

And if you ARE going to insist on particular password lengths and character combinations then TELL ME when you prompt for a password, not when I’ve filled the rest of the damned form in. Validation is good, sure, but set the rules out in plain text so I don’t have to waste more of my time.
GawainLavers

While a lot of this sounds good, the fact is that a number of these items (like password, session length, etc.) aren’t up to an e-commerce site builder, as they are decreed by PCI-DSS. While some of the rules strike me as silly or over-the-top, when I find a site that isn’t in compliance, I assume they probably aren’t even aware of it, and then wonder what other, more critical security measures they’re oblivious to.

Hot sexy details here:
https://www.pcisecuritystandards.org/security_standards/
TNGMug

Canucks, raise your hand if you’re familiar with hitting “C” for Cambodia, and then scrolling down a little bit more.

They way I figure it, any US site that ships to canada should ship roughly 10% of their goods to Canada, and even at half that, it merits being put at the top of the list.