One Simple Security Warning Can Ruin Sales
When it comes to online shopping, customers are always one click away from abandoning their purchase. Add to this the abundance of surveys that show consumers are leary of submitting their payment information, especially when they are unsure of the security of the website. This is why it is so important to ensure that the checkout process for your ecommerce store is safe and does not cause the dreaded browser warning:
What causes security warnings?
There are a number of factors that can cause a browser security warning. Any time a user sees a warning, it calls into question the security of the site. And these are the types of questions EVERY merchant must avoid.
Insecure calls to images, js, or css
This is why you must test your entire checkout process in both IE and Firefox, to make sure there are no security warnings. Remember, a majority of people use Internet Explorer, so you cannot ignore it.
How do you find these insecure calls?
- This is where Firefox comes in handy. On your secure page in Firefox, go to:
Tools -> Page Info -> select the “Media” icon
This will show you every image/js/css call on this page. Make sure each one starts with https://
It will be easy to spot the insecure calls, and fix them.
Secure URL does not match the domain of the certificate
An SSL certificate is normally issued to one specific domain name (unless you have a wildcard certificate). The www. prefix is considered part of the domain name. So, if your SSL cert. was issued to www.your_domain.com, but you make your secure calls via:
this will cause a security warning in most web browsers:
Make sure the URLs you use in your secure pages always match the certificate domain exactly. You can check the domain that is attached to an SSL certificate by clicking the “padlock” in your browser and clicking “View Certificate”.
Expired SSL certificate
Once an SSL certificate expires, it will issue a warning to every person that goes to a secure page that the certificate is expired. This will scare away many potential buyers. Make sure your SSL certificate is always valid. You can always check the expiration date by clicking on the padlock and clicking “View Certificate”:
Make sure you get your SSL certificate from a trusted vendor. A good vendor will go to great lengths to notify cert. owners when their SSL certificate is about to expire.
SSL certificate not installed properly
This can be a tricky one, as some browsers (like Internet Explorer) may not complain, whereas others (like Firefox) will warn that the SSL security is not valid. The most common occurrence is when you forward an SSL certificate to your web host but forget to include the intermediate certificate, or forget to send the detailed installation instructions that cover how the intermediate cert. should be configured.
If you have a GeoTrust or Verisign based SSL certificate, Verisign offers a certificate validation tool that can verify if your certificate is installed correctly.
Third Party SSL certificate is expired
** Remember that third party images/js calls must also be secure on a secure page to avoid any security warnings.
One of the more common mistakes we see is merchants using Google Analytics changing the URL for secure pages incorrectly. They change:
which is incorrect. The actual secure URL is:
Making your website portray an image of safety and security at all times to every visitor will help maximize your sales and cut down on cart abandonment. What else can merchants do to make their stores appear more secure?