Announcement

**NicolaUK** · 26-Jul-2009, 11:01 PM

For the costs involved you are better off using a PSP and negating the need to be PCI/DSS compliant.

**Duncan Rounding** · 27-Jul-2009, 06:22 AM

Many use SSL on their checkout pages but still use a PSP to collect and process credit payments. Some merchants believe their conversion rates are better because the customer feels more confident to enter there address details when they see a padlock on a secure page. Shared SSL will do this for you but there is often a speed consideration as shared SSL can sometimes be quite slow.

**JFro** · 27-Jul-2009, 09:22 AM

ok...let me explain the situation a bit more. We use a PSP to collect the payment, but the customer types their address in on our site, before they get to the PSP (I asked the web developer why this was, and they seemed to think it was normal procedure). This address page does not have a padlock. As well as this, the antivirus programs like Norton and AVG have browser add-ons that display a green tick or grey question mark next to the page listing on Google. Our site has a grey question mark, which looks a bit sad!

So, my question is, what will happen if I tick the enable SSL tickbox on Actinic? And how easy would it be to add SSL to Actinic?

**leehack** · 27-Jul-2009, 09:26 AM

If you ticked the box, then it would be expecting the settings to be added for it to work. If you don't have them, then don't tick it. Adding one is quite easy usually, although in most cases people do not bother.

**fergusw** · 27-Jul-2009, 09:34 AM

To get SSL working in Actinic you need 2 things:
1. A valid SSL certificate installed on your hosting area (with unique IP address)
2. The "tickbox" selected and the correct SSL network settings in Actinic.

With these 2 things you'll get what you need.

Whether you buy the SSL, obtain a unique IP and install the certificate yourself or get your current hosts to do it for you is really down to your own technical ability and the access you have to the server and the time you have to learn/install etc.

**JFro** · 27-Jul-2009, 09:39 AM

Ok, thanks. Its interesting that you say that, becuase I always look for the padlock when I am shopping online...the website may be secure without it, but I cannot be sure of that. I shall investigate further!

**leehack** · 27-Jul-2009, 09:48 AM

Look for the padlock when providing sensitive data such as your credit card number for sure, however your address is not something that you generally need to protect, it's available to find out in more places than you could ever imagine.

People who want SSL certs (in my experience) are usually those who will not provide you with their sort code and account number, but will happily send you a cheque, completely oblivious to what is actually on the cheque.

**pinbrook** · 27-Jul-2009, 09:52 AM

Quite often your own behaviour is a good indicator.

As far as SSL is concerned i have used it on sites that use PSP and not noticed any difference in sales levels, others have said they notice fewer drop outs with it in place. I feel as long as you have a message at the top of the checkout pages describing site security youcan keep most people.

On the page where people type in address say something that says you will be forwarded to secure pages for taking payment - if you focus people on the fact the pages where CC detail is processed is secure you will be able to gloss over the address page. There is no info processed there that isnt already in the public domain.

At the end of theday its purely personal choice , if you want ssl and are happy to pay for it then you dont loose by installing it

**JFro** · 27-Jul-2009, 10:20 AM

Thanks both - very helpful

From what you have said, we probably wouldn't get an extra �50-�200 worth of orders by adding a SSL, so it wouldn't cover its cost.

It reminded me that we mentioned recently about giving people an option to pay by cheque, which thinking about it more...could mean that we could catch those not wanting to enter their address by asking them to print off and send their order by snail mail. It also amazes/amuses me how prepared people are to pay by card over the telephone rather than online

**OllyBug** · 27-Jul-2009, 10:52 AM

We use shared ssl and a psp for the very reason that a lot of our customers are being told (by TV and the press) to watch for the padlock whenever entering sensitive data. What really is meant by sensitive data is your card number and not your necessarily your address. I don't think the press etc do enough to push the idea of PSPs - I had never heard of them before setting up my online shop! As others have said, it won't harm you to use SSL but you don't need it. My host offers dedicated SSL for 3.99 +Vat a month and even though we don't use it, it is probably worth it

We also get a lot of CNP transactions over the telephone but this is because people want to talk to a human and quite often a lot can be said from a business from the person on the phone. It also gives you an indication on your aftersales relationship too. Of course though as far as secuirty is concerned you should be answering the call on one line and have a CnP terminal on a another so you will never write details down!

Announcement

Security Certificate (SSL)

Security Certificate (SSL)

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment