Announcement

**Darren B** · 23-Nov-2009, 03:47 PM

I did try it for a few months and found it made no difference to the number of orders i processed.

I used a PSP for processing payments so it was only the address details that were taken under ssl.

So IMHO its not worth it, but someone else might beg to differ on this

**bangers** · 23-Nov-2009, 03:51 PM

cheers darren,
anymore comments appreciated.

I should point out that my client is small, taking �300-�400/day, and around 12/15 orders/day,

regards
lee

**Mark H** · 23-Nov-2009, 04:00 PM

We use SSL for the checkout, but we will probably not bother renewing when the certificate expires. Before we used SSL, I recall we had only one customer out of several thousand comment that they hadn't proceeded through checkout because of this so they wanted to order over the phone.

The most important thing IMO is to have a professional looking website which creates trust, and to explain up front (even before checkout) that you are using a secure compliant PSP to take CC details.

For the level of orders you mention I can't see any reason not to just use decent shared hosting, don't bother with SSL, and use a good PSP.

**bangers** · 23-Nov-2009, 04:26 PM

I'll be honest I was expecting everyone to come back and say it's great can't believe you haven't done it before. Very interesting so far,
cheers
Lee

**cbarling** · 23-Nov-2009, 04:44 PM

I was with you a while ago, Lee. I thought that it was a no brainer. However, the last time the same question was asked, the concensus was again that it didn't seem to make much difference.

Chris

**TraceyHand** · 23-Nov-2009, 04:46 PM

Originally posted by Mark H View Post

We use SSL for the checkout, but we will probably not bother renewing when the certificate expires. Before we used SSL, I recall we had only one customer out of several thousand comment that they hadn't proceeded through checkout because of this so they wanted to order over the phone.

which, of course, is soooo much safer!

Oh, the naivity of customers, eh!

**Mike Hughes** · 23-Nov-2009, 04:59 PM

I put my the checkout of one of my sites on SSL 4-5 years ago after a couple of customers complained (even though I was using a PSP so it was only the address that wasn't encrypted).

I haven't seen any difference in conversion rates so I'd be hard pushed to recommend it to others. I do get a nice SSL logo badge but to be honest I doubt if I'd renew the SSL if it wasn't included with my 1and1 hosting plan.

I suspect this could have been more of an issue in the 'old' days of ecommerce. I still remember when online users were being urged to check for the golden padlock.

Nowadays though:

- The golden padlock has moved so no-one knows where it is anyway.
- PSPs remove the need for payment details encryption.
- Everyone knows that the Credit Card companies protect you against fraudulent use by others.
- People are familiar with online purchasing and far less cautious.

This bit though worries me:

It is likely they'll still move onto a psp site.

Never mind 'likely' they have to use a PSP whether using SSL or not. There's no way they're going to be able to put in the effort to achieve PCI compliance so will have to use a PSP.

Mike

**bangers** · 23-Nov-2009, 05:03 PM

Don't worry mike, calm down. i kinda know what I am doing, i mean move to psp's own server like traditional sagepay paypal worldpay etc rahter than stay on their server and communicate with a psp from there.

I gotta say though, I'm really surprised at the response so far I never felt it would lean so far towards not bothering about it.

**Mike Hughes** · 23-Nov-2009, 05:24 PM

Don't worry mike, calm down. i kinda know what I am doing,

I was surprised.

This could all kick off again though. I've seen some recent cases on forums of UK people ordering camera equipment from US based scammers using their debit cards to pay. This could be a sign that things have swung too far to the 'don't worry' side of things and/or the scammers are looking at new ways of getting card details. There could be a bit of a security push in favour of SSLs again, even though they don't really make much difference.

Mike

**bangers** · 23-Nov-2009, 05:36 PM

Cheers Mike,
I guess you could argue that it only takes something like your example running on bbc news or something like that - with a bit of eduction on the newish green and blue bar for security and a day or two of dropped sales and the ssl would have paid for itself.

**Mike Hughes** · 23-Nov-2009, 05:58 PM

the newish green and blue bar for security

true, though this does of course cost more than the standard SSL. I haven't bothered with this and neither has Amazon ( I just checked). I guess it could be argued that Amazon doesn't need to have it's identity checked.

I think people are moving towards 'social proof' rather than technology anyway. Hence the interest in stuff like FeeFo and Review sites. The first thing I'd do if I was unsure of a site is a search for forum posts on it. The trouble with SSL and all the rest is that anybody can join in for a small fee. People's personal experience is probably more important.

Mike

**saucysal** · 25-Nov-2009, 04:08 PM

I'm a loner then

I would appear to be the only business that prefers to have a security certificate (dedicated) for the Checkout, even though all payments are made on SagePay.

I find that there are still customers who have been scaremongered by the media into thinking that checkouts need to have a padlock, security certificate, https in browser window. To some extent they are right in wanting some protection as they are giving their name and address, telephone and email details in our Checkout, and this could be considered to be confidential information.

I find that customers do not read what you say anywhere on the website, so saying that payments are made on a psp would not necessarility be read, and if read, not necessarily understood.

I consider that the small amount we pay for the certificate is worthwhile if it reassures customers, and prevents even a small numbers of drop-outs.

Sarah

**bangers** · 25-Nov-2009, 06:43 PM

Cheers Sarah,

Actually one of my clients was tapped up by someone working for an ssl company saying "i would have ordered but the site wasn't secure" when I sent my response that it was secure once payment was needed they sent it to the customers who said "this was a common response from designers" but "that they really ought to have better systems in place""...oh by the way I can supply this for you if you wish".

Can you point to improvements in orders though?

I kinda think why not really, doesn't cost that much to run but the other responses were so adament that it had absolutley no effect that it is hard to agrue against it.

No one has come forward and said that it has had a real effect on orders.

thanks for you comments

Lee

**leehack** · 25-Nov-2009, 06:52 PM

For the past 2 years i have seen SSL certificates do more harm than good, i detest them. Slow performance and the dreaded download secure items message are more than enough to make me never want to see one again. It makes no sense to risk damaging relations with most of your clients, because this is an issue for the minority.

It will only save you �50-150 admittedly if you don't have one, that money spent on marketing would yield more return IMO.

Announcement

does having your own ssl secure server increase orders?

does having your own ssl secure server increase orders?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment