We have been obsessing over HTTPS for SEO for the past two years, since Google made the announcement that HTTPS is, and could be more of a ranking factor, but have we been missing the key point?
Trust – You can’t see the issues behind the login box, I don’t know what you are doing with my creditcard, my password, but if you get the front end, the encryption, the right certificate, if the browser suggests I should trust you, I am far more likely to trust you with my personal financial details.
But if the status bar has warnings on it, if a password box screams out this connection isn’t private, my initial thoughts would be that they have probably got it wrong on the back end too.
I spent a little time playing with the examples at https://badssl.com and showing them to friends (it is more challenging with the guys I work with as they tend to understand it better), interesting the results were quite mixed – some, if they felt it was a trusted organisation (Apple for instance, who have got it wrong) – people assume that Apple knows best, but a site with little awareness it is quite a different occasion.
Do you need “Extended Validation”
EV or Extended validation certificates include the company name in the green box, they in theory would give you more reassurance because it is telling you exactly the company you are interacting with however it seems to make little difference, and actually often having the organisational name in there, rather than the brand name can put people off (surprising how many company names are quite different to the brand, which is what goes into the EV).
Without doing extensive MVT tests, many people would be happy to browse but certainly not login and start any funnel unless they felt they were protected, their information and that password they also use for every other service – this isn’t an MVT test I would probably run as I would now just be pushing to switch as efficiently as possible.
In 2014 Globalsign carried out a survey with these results –
End users inherently don’t trust websites. Encryption isn’t an option it is a requirement.
- 75% are aware of security risks when visiting a website.
- 77% are concerned about their data being intercepted or misused online.
- 55% are worried about identity theft on the Internet.
On top of that Arnout Hellemans did a test on Oudermatch moving from http to https, here is what he found:
“Moving to https and http/2 gave us more speed (-/- 30% in load time) and we got 10% more step one sign-ups homepage > first step. Is this due to SSL trust or Speed? I guess they both helped the trust because you feel more comfortable webpage loads fast.”
Data breaches are increasingly common, snooping and packet interception is on the rise and users data is increasingly comprehensive, with GDPR coming in 2018, you need to make sure your information security is a step up from TalkTalks was, this isn’t a front end thing, this is a throughout end to end, typically your SEO agency won’t be able to help with this unless they have specialist developers (Salt who are hosting TIO July 2017 interestingly make this one of their products).
By Gerry White