- Tips & issues when adopting SSL (cont.)
- Do the benefits of site-wide SSL outweigh the issues?
- Extended validation SSL: what is it?
- Other takeaways from site-wide SSL experiment
- Netcraft SSL Survey – brand popularity
- Market share of SSL certificates
- Validation categories as percentages of the market
- Securing your site with SSL
Tips & issues when adopting SSL (cont.)
Speed: The encryption and accessing of the key that is necessarily part of a private connection is going to slow down your site a bit. You can implement SPDY (an open source protocol developed mostly by Google) to adjust the processing of HTTP traffic for a little acceleration; however, the latency is something you want to consider in contrast to the obvious advantages of site-wide SSL.
Do the benefits of site-wide SSL outweigh the issues?
Clearly site-wide SSL is not entirely positive. However, here are a few reasons it makes sense regardless of the challenges it presents, from Web developer Andrea Whitmer – and these are simply effects she noticed from a case study of her own site:
- Her bounce-rate went down, she assumes because people immediately trusted her site more. Now, let’s not gloss over this detail. A reduction in bounce rate is important – it’s a factor typically listed in top 5 and top 10 lists of key metrics for online success. (In fact, Tony Haile of Chartbeat says that 55% of visitors will spend 15 seconds or less on your site.)
- There were fewer questions from people related to payment. In other words, people moved more seamlessly through the sales funnel.
- The process was helpful simply in terms of testing.
It is also worth noting – actually it’s very important – that the type of SSL certificate Whitmer was using was an extended validation (EV) cert. Let’s address what an EV certificate is briefly.
Extended validation SSL: what is it?
OK, so a secure sockets layer certificate will encrypt transmission on pages of your site where it is implemented, but it does something else: validates the website owner for better credibility. That’s why an extended validation certificate is often sought by site owners. It isn’t valuable for a higher degree of encryption but for a higher degree of validity and, in turn, trust.
This is visual and obvious. If you have ever been to any site that has EV active, such as PayPal, you will see the address bar turn green and the name of the verified company appear in your browser. These elements are additional to the lock symbol and https protocol. There are numerous case studies by Symantec and others, but the positive impact should be obvious just considering buyer psychology and the importance of online trust. Here’s an example: Overstock.com saw an 8.6% reduction in shopping cart abandonment in a Symantec case study.
However, there is another aspect that is helpful as well, according to the nonprofit Certification Authority Browser Forum (CA/B Forum) – the industry group that defines extended validation parameters. “The secondary objectives… [of certificates] are to help establish the legitimacy of an entity claiming to operate a Web site,” says the organization, “and to provide a vehicle that can be used to assist in addressing problems related to phishing, malware, and other forms of online identity fraud.”
Specifically related to phishing, consider this: if a site uses phishing and accurately mimics your site to steal your or your customer’s information, the green address bar and business name supplied by an EV SSL may be the only way for someone to tell it’s your site. What that means is that you could prevent phishing attacks, one of the major forms of online fraud, by instructing users (perhaps through a notice on the site) to only proceed if they see the EV indicators populate.
Other takeaways from site-wide SSL experiment
Whitmer notes that she was at first skeptical about whether site-wide SSL would help in the search engines (since it does improve your search rankings, according to Google itself) because there weren’t immediate improvements as she’d thought there would be. Nine months after she transitioned, she had much better search traffic than she did previously; but she points out that there were many other changes to the site made in the meantime that could have also boosted her rankings.
All in all regarding search rankings, she said that it could be a good tactic if you set it up in the right way – although this aspect obviously isn’t a benefit that she can strongly argue.
In closing, Whitmer does advocate site-wide SSL for anyone with a site that is similar to hers. “For me, sitewide SSL has been worth the effort because of my future plans for my business,” she says, “as well as the current pages on my site using forms to collect information from visitors.”
Netcraft SSL Survey – brand popularity
As touched on in the first part of this piece, Netcraft conducts a monthly SSL Survey, assessing the number of SSL certificates that exist on public-facing websites. Again, the numbers from its survey account for the total number of certificates – not taking into account that the same cert is sometimes used on multiple sites (which creates browser errors anyway and is not considered valid use).
Market share of SSL certificates
As of January 2015, nearly one-third of SSL certificates were Symantec brands (Symantec, GeoTrust, Thawte, or RapidSSL). GoDaddy was in the second position, and Comodo in third. Those three SSL providers supplied the vast majority of certificates – accounting for greater than 75% of the market. Other brands followed in this order: GlobalSign, DigiCert, StartCom, Entrust, and Network Solutions.
Note that all of the certificates we sell at Total Server Solutions are from the industry’s most trusted brand, Symantec.
Validation categories as percentages of the market
There are three types of assurance that are standardly recognized within the industry – and as such, supported with the given parameters of the validation type by all the major browsers (via their agreements within the CA/B Forum, mentioned above).
“Domain-validated certificates simply validate control over a domain name,” notes Netcraft. “Organization-validated certificates include the identity of the organization; and Extended Validation certificates increase the level of identity checking done to meet a recognized industry standard.” The shorthand for each of these SSL certs are DV, OV, and EV.
The domain-validated cert is the last expensive. Since businesses probably vastly under-value the role of an SSL certificate in terms of adding credibility and trust to their site, this cheapest variety is by far the best seller with nearly 70% of all sales. Meanwhile, extended validation, the most expensive but least appreciated cert, represents under 5%. The rest are OV.
Now, just consider this argument that the EV SSL is the way to go even though it is currently the least popular version: As mentioned above, Symantec does a case study of Overstock.com, via an independent third-party research group, and finds that there is an 8.6% decrease in abandoned shopping carts in EV-enabled browsers.
Consider that Overstock is already a highly recognized brand (so assumedly the credibility boost is lower than for most sites) and that this was essentially a split-test. An EV cert costs less than $300 more per year with a top brand from Symantec, GeoTrust. Simply put, if you do the math, this investment often makes sense.
Securing your site with SSL
Are you interested in what site-wide SSL might do for your conversion rate or bounce rate? Or do you just need a cert to encrypt your logins or ecommerce? Keep your transactions and communications secure with our SSL certificates at Total Server Solutions.