StraightUpSearch.com
Oneupweb.com

Blue Cross Blue Shield: A Lack of Coverage Online

Posted by keirsun on January 08, 2009 at 10:38 AM


It's been awhile since we blogged about website security and SSL certificates, but in light of recent events (of a personal nature), I think the time is right to talk about the importance of establishing trust with your online clientele.

B2C and e-commerce websites know how important a secure website is, particularly during the check-out process. If you're asking for someone to enter personal information (ie. name, home address, phone #, credit card info, etc.) the slightest disruption in trust, the tiniest chink in the armor, can spread doubt in the customer's mind. And doubt leads to lost conversions and AWOL customers.

But all webmasters, regardless of who they're trying to sell to, should keep the secure portions of their website(s) in working order.

Case in point:

I was recently notified by our company's health insurance provider, Blue Cross Blue Shield of Michigan, that I need to complete a Coordination of Benefits form in order to continue receiving coverage. (The form itself is Blue Cross's method for ensuring it's not paying for claims that may fall within another insurance provider's jurisdiction.)

I was directed to fill out the form online. Great! Since I'm not a big fan of picking up the phone and sitting on hold, I prefer completing forms online.

I plug the URL into my Firefox web browser and get a page with the following text.

Firefox screenshot 1


I click on the Use our Secure Online COB Form link.


Firefox screenshot 2


Before I begin filling out the form, the padlock with the red exclamation point in the status bar catches my eye. Clicking on it brings up a message box with the following info:

Firefox screenshot 3


Well, that's no good. I'm a full encryption kind of guy myself, especially when entering Social Security numbers for both myself and my spouse. (see screenshot above)

Knowing that Firefox is a more forgiving web browser when it comes to security warnings, I decide to try out the Blue Cross form in Internet Explorer, which most people would be using since it's the most popular browser (for now).

After clicking on the very same Use our Secure Online COB Form link, I get a surprisingly blank web page with the following message box:

ie screenshot 1


Hmm. What would the average user do? I imagine the average user, like myself, would want to be secure. I click No, don't show me these nonsecure items.

ie screenshot 2


Well, that's not very user-friendly is it? Essentially I get a stripped down version of the online form, minus any graphics or page styling. You can still use it, and it is secure, but how many people would? If my mother had gotten this page, she would have thought she just broke the internet. Then she would have shut down her computer and backed slowly away.

If I had clicked Yes for show me nonsecure items, I would see a normal looking form - a nonsecure normal looking form, but a normal looking form nonetheless.

Now don't get me wrong. I have been completely satisfied with Blue Cross Blue Shield of Michigan as an insurance provider. And with the national unemployment rate approaching 7% and 46 million Americans living uninsured, I feel incredibly fortunate to even have a job that provides health insurance.

My point is this: the Blue Cross Blue Shield website failed to gain my trust. Any website that asks for a user's personal information, especially when asking for Social Security numbers, needs to provide a secure environment.

You owe that trust to your customers. And in the long run, that trust will translate into repeat and faithful customers.

Josh Bernoff at Forrester's Groundswell blog shares a similar experience of confusion surrounding Blue Cross's Coordination of Benefits form.

Tags



Category
Best Practices


Socialize This Post

If you enjoyed this blog post, don't forget to:

Leave a comment

• Add one of our feeds to your favorite reader:

RSS Feed ATOM RSS Feed

• Add to your favorite social site:

Add to del.icio.us! Digg This! Add to Furl! Add to Ma.gnolia! Add to Reddit! Add to Stumbleupon!

• Vote for it on Yahoo! Buzz:




Comments (7)



By The Original Wahd :

Posted on January 8, 2009 05:58 PM

Great and very specific post, I too have recently noticed similar issues with many so-called "encrypted" websites. One note, though, could this possibly have been an issue with the browser and not with the site itself? I've noticed, for example, that even some of the most robust security measures -- like Extended Validation SSL, which requires additional backchecks and is essentially impossible to hack -- don't show up in certain browsers, or get totally mangled due to compatibility issues. Honestly it sounds like in this case the problem was with the implementation of the cert (protecting some things but not others? wtf?) but in many situations I've noticed that the browsers are to blame. It would be great if more sites made the investment in their customers' protection...and then petitioned browser development teams to get with the freakin' program.



By Larry Kahm :

Posted on January 9, 2009 01:53 PM

You are fortunate that your BCBS provider lets you use Firefox. Horizon BCBS of New Jersey's site will >only



By Josh Bernoff :

Posted on January 9, 2009 06:38 PM

Interesting that the online experience was just as confusing to you as their robocall to me was.



By yesssirrr :

Posted on January 9, 2009 09:19 PM

I went to the BCBSM.COM site, and into the Coordination of Benefits Part-I screen and have secure.bcbsm.com" in the status bar. Yes, I'm using FireFox.



By Keirsun :

Posted on January 12, 2009 10:09 AM

@ yesssirrr: I too am getting a secure web page now in Firefox, with a page info message box that says the connection is encrypted via 128 bit High Grade Encryption. Thanks to BCBS of Michigan for addressing this website security issue.



By blueshield :

Posted on January 13, 2009 01:20 AM

should there be any website security issues with the browser being used you can always change. I usually visit Blue Cross Blue Shield site of California, and I'm happy my browser's not giving me any prob.



By Nick :

Posted on February 4, 2009 05:56 PM

I think that you are right that issues like these should be addressed by these companies, but you are really missing the point about SSL and what that message means. That message is letting you know that some of the data they sent you was not encrypted, it is not talking about any data that you are entering into the form. It may be true that you would want to question how the data is being sent back to the company, but I believe that you would also recieve a message at that point letting you know that not all the data you are sending is encrypted. It is likely that only the unimportant images and formatting were unencrypted and anything of value was. You can actually look at the html file and see was files have HTTP:// listed in front of them and that would be a good indication of what is not encrypted. Anyway, I understand why the everyday consumer would be nervous though and it is a good thing that they cleaned this up. One major exeception to what I am saying though. If you recieve that message after logging into something like a bank account or your insurance account, well I would definitly be concerned because you don't know what they are sending you until after you have recieved it already. The direction of the transmission deffinitly matters.



 

Post a Comment

Email This Entry

 

straight up search podcast album art
Straight Up Search Podcast Straight Up Search Podcast Straight Up Search Podcast





OneUp Low-Down provides a monthly scoop on Oneupweb happenings, including research, opinions, and smart search services.









www.flickr.com
This is a Flickr badge showing public photos from oneupweb. Make your own badge here.






© 2009 Oneupweb, All Rights Reserved.   Privacy Policy | Terms of Use