Application Security Testing: An Integral Part of DevOps
By Victor S. Yocco
Humans are naturally social. This is how we have survived. We need to develop identities that allow us to relate to others. You can use websites and mobile devices as platforms for delivering designs that leverage social influence. We know word of mouth is one of the best ways to convince others to try our product. People trust the recommendations of friends and family. We also know that others are more likely to purchase products with positive reviews. This article will cover two common influence techniques: compliance and conformity.
Martin is 19 years old looking for more information on local beers. He navigates to the Dogfish Head Brewery website to see seasonal beers they are brewing. Martin immediately encounters a modal warning him he all visitors need to be 21 years asking him to enter his birthdate. Although no one is around to force him to be honest, Martin enters his correct birthday because he believes that is what he should do. He then receives a message informing him he isn't old enough to enter the website (Figure 1). Martin demonstrated compliance with Dogfish Head's request that he enter his correct birthday.
Figure 1: Dogfish Head and other American breweries ask users to comply with their request for verifying users' ages, prior to granting them access to their website.
Compliance is when someone agrees to do something they are asked to do, because they realize the person or people asking them have an expectation they will engage in the behavior. Decision-makers must accurately interpret the desires of those making the order to effectively make their decision. You can't comply correctly with something you don't understand correctly.
Peer pressure to consume drugs or alcohol is a negative example of compliance. Someone taking time for daily exercise because their friends ask them to meet at the gym is a positive example of compliance. One key piece to compliance is that you actually ask someone to engage in the task; compliance does not rely on passive attempts to influence behavior.
Ron uses iTunes to purchase a new album his favorite band has just released. Once he has completed the purchase, iTunes surfaces recommendation based on what other users that purchased the album Ron purchased have bought (Figure 2). Ron understands these must be artists that people like him find enjoyable. Ron explores some of these bands, and decides to purchase some of the songs recommended. Apple has influenced social conformity in Ron's behavior.
Figure 2: Apple uses conformity to encourage additional purchases on iTunes when they show users what others have bought.
Individuals engage in Conformity when they do something based on the norms they perceive their group or society to hold. Unlike compliance, these norms are often unstated. Individuals assume this is how they should act. For example, most people don't need told they shouldn't eat a sandwich while using the toilet. This is something they assume based on observation over the course of their life. When entering a brand new situation, say going to an art museum for the first time, most individuals will see how others are behaving and then model their behavior after what they see.
Conformity is extremely powerful in that it can prevent individuals from engaging in behaviors perceived to be against the norm, and it can promote individuals engaging in certain behaviors without much (or any) additional effort.
Getting Users to Comply
Compliance has a negative connotation. People don't want pushed around or told what to do by overbearing salespeople. You can design for compliance in a way that enhances your users' experience.
Compliance is about how you ask your users to do something. In order to get our users to comply with what we are asking, we need to be straightforward about what we want them to do. If you want your users to purchase or use your product, you should be straightforward in how you ask. Users will respect you for that. You shouldn't attempt to force people by using veiled threats or use any type of buried text that most users overlook. For example, Hertz car rental (Figure 3) forces users to sign up for their marketing emails if they want to have their car rental confirmation emailed. If you expect your users to appreciate gaining compliance through this type of manipulation, you are wrong. I will unsubscribe to the next email I receive from Hertz.
Figure 3: Hertz forces me to opt-in to their marketing email if I want to receive email confirmation of my rental reservation. I also misspelled my first name.
How to design for compliance
Compliance is also about when you ask your users to do something. You should ask users to engage in a behavior after you have created a good experience and given them an opportunity to use your product. People are more likely to comply after realizing they have an interest in, or will benefit from, use of your product.
Similar to what we learned in the chapter on technology and behavior, you should present your users with a message asking them to comply with your request after you have given them a reason to want to do so.
Researchers have identified two specific compliance techniques you can incorporate in your product's experience:
Door-in-the-face: This technique involves asking users to make a large commitment to your product and then reducing it to a smaller ask if they say no. For example, you could ask users to purchase the full license for your product after they have given it a 10-day free trial.
If the user does not agree, you could:
- Generate an email that offers them another 30 days of using the product at a discounted price.
- Offer them a reduced price for a limited functionality version of your product.
Foot-in-the-door: This is the opposite of door-in-the-face. You make a small request from users in the hopes they will agree. You would then follow that request up with more or larger requests over a period. For example, you could:
- Ask users to do something small like tweet a promotional message you have created for your product.
- Follow up with users that do, and ask them to write a positive review about your product.
You should look for opportunities to incorporate both of these compliance techniques into the experience of your product. You should also reward customers that comply without the need for using one of these techniques. For example, you could provide a discount to a user that commits to making an immediate purchase of your full product, or you could extend their license for a couple months free of charge. This rewards your low-maintenance customers and can also activate reciprocity at a later date.
You should also keep in mind that it is a good policy to state upfront what you want your users to do. For example, Dogfish Head from earlier told users they had to be 21 as they asked them to comply with providing their date of birth. You should never lie to users or offer them something at a cost that you would have given them for free.
Encouraging Users to Conform
Conformity focuses on socially acceptable behaviors. Your design should highlight how use of your product is in-line with the social groups that potential users belong to. Apple does this in their iTunes application when they display the top 10 albums and singles users have downloaded (Figure 4). A user logging in and seeing those lists is likely to explore some of this music if they think others are doing the same. Apple's top 10 lists also serve to suggest to users that many people are using iTunes to download popular music—enough that their purchases can be categorized into lists. iTunes will also show recommend music based on affinity analysis—recommendations based on what others who have made similar purchases have gone on to buy.
Figure 4: Top 10 lists are a great way to use conformity to encourage users' exploration of your product.
How to design for conformity
You should identify opportunities to use a similar method as Apple to encourage conformity. Are there ways you could also display a top sellers list that shows users that your product is among the top of your field? Perhaps you can include a list of the top features of your application user's access. This would encourage other users to explore these areas.
You address conformity in your design when you include elements like:
- Top 10 lists.
- Affinity recommendations (recommendations based on relationships between users).
- Feeds/updates showing what others are doing.
- Peer review and recommendations.
If you have members of diverse interest groups that use your product, you can:
- Create pages where members of these groups can engage in a discussion about your product—similar to Facebook's page.
Reference this area when you market your product and on various pages throughout the experience "See what other members of our Fans of XYZ are talking about."
You need to consider how your design influences people to use your product. Compliance and conformity are two influence techniques you can easily account for in design. Compliance involves individuals agreeing to do something because they are asked to do it. You design for compliance when you ask a user to engage in a task. Conformity involves an individual following what others are doing. Your design accounts for conformity when you show users what others are doing. You can practice addressing each of these influence techniques in your design, pulling in the elements that are most suitable to your users.
Influencing Users: Compliance and Conformity
By Victor S. Yocco
This article is excerpted from Design for the Mind.