Blue Cross Blue Shield: A Lack of Coverage Online

online securityIt’s been awhile since we blogged about website security and SSL certificates, but in light of recent events (of a personal nature), I think the time is right to talk about the importance of establishing trust with your online clientele.

B2C and e-commerce websites know how important a secure website is, particularly during the check-out process. If you’re asking for someone to enter personal information (ie. name, home address, phone #, credit card info, etc.) the slightest disruption in trust, the tiniest chink in the armor, can spread doubt in the customer’s mind. And doubt leads to lost conversions and AWOL customers.

But all webmasters, regardless of who they’re trying to sell to, should keep the secure portions of their website(s) in working order.

Case in point:

I was recently notified by our company’s health insurance provider, Blue Cross Blue Shield of Michigan, that I need to complete a Coordination of Benefits form in order to continue receiving coverage. (The form itself is Blue Cross’s method for ensuring it’s not paying for claims that may fall within another insurance provider’s jurisdiction.)

I was directed to fill out the form online. Great! Since I’m not a big fan of picking up the phone and sitting on hold, I prefer completing forms online.

I plug the URL into my Firefox web browser and get a page with the following text.

I click on the Use our Secure Online COB Form link.

Before I begin filling out the form, the padlock with the red exclamation point in the status bar catches my eye. Clicking on it brings up a message box with the following info:

Well, that’s no good. I’m a full encryption kind of guy myself, especially when entering Social Security numbers for both myself and my spouse. (see screenshot above)

Knowing that Firefox is a more forgiving web browser when it comes to security warnings, I decide to try out the Blue Cross form in Internet Explorer, which most people would be using since it’s the most popular browser (for now).

After clicking on the very same Use our Secure Online COB Form link, I get a surprisingly blank web page with the following message box:

Hmm. What would the average user do? I imagine the average user, like myself, would want to be secure. I click No, don’t show me these nonsecure items.

Well, that’s not very user-friendly is it? Essentially I get a stripped down version of the online form, minus any graphics or page styling. You can still use it, and it is secure, but how many people would? If my mother had gotten this page, she would have thought she just broke the internet. Then she would have shut down her computer and backed slowly away.

If I had clicked Yes for show me nonsecure items, I would see a normal looking form – a nonsecure normal looking form, but a normal looking form nonetheless.

Now don’t get me wrong. I have been completely satisfied with Blue Cross Blue Shield of Michigan as an insurance provider. And with the national unemployment rate approaching 7% and 46 million Americans living uninsured, I feel incredibly fortunate to even have a job that provides health insurance.

My point is this: the Blue Cross Blue Shield website failed to gain my trust. Any website that asks for a user’s personal information, especially when asking for Social Security numbers, needs to provide a secure environment.

You owe that trust to your customers. And in the long run, that trust will translate into repeat and faithful customers.

Josh Bernoff at Forrester’s Groundswell blog shares a similar experience of confusion surrounding Blue Cross’s Coordination of Benefits form.