SSL, or secure socket layers, is commonly misunderstood.
SSL is the technology to authenticate the connection between your browser and the server hosting a website. This usually happens through 3rd parties whose job is to gather proof of identification of the person or company who owns the domain for the website. You may have heard of a few of these companies. Some of the popular SSL providers are Geo-Trust, Norton, GoDaddy, Verisign and Comodo. If you haven’t heard of them, you may recognize a couple of their logos below:
The system is based on a ‘circle of trust’. The browsers ‘trust’ certificates from certain vendors, who in turn, ‘trust’ or ‘sign’ certificates for others, for whom they can validate identification. When a site is authenticated through an SSL certificate, the browser displays an HTTPS instead of an HTTP. HTTPS stands for Hypertext Transfer Protocol Secure. Notice the “secure,” which is the “S” in HTTPS. Traditionally, online banking, shopping websites, government websites, and any other website where there is an increased sensitivity of capturing personal information has utilized HTTPS.
Does SSL make my site safer or prevent hackers from obtaining my information?
The answer is yes and no. This is where the misunderstanding comes in. You would assume HTTPS by its own name would mean you are safe and secure. Unfortunately, you are not. If a website is compromised via a hack, having it reside on an SSL secured server would be like having an alarm system in your home when the burglar is already inside.
SSL certificates are reasonably easy to obtain and a hack could redirect to you to a phishing page with a valid SSL certificate. This is an important point as the malicious website could easily reside on HTTPS because the domain name is registered to the hacker. I see mischievous stuff all the time, specifically websites pretending to be something they’re not.
Have you ever seen the Facebook ad for the pill Limitless, which the movie was supposedly based on? If you click on the FB ad you will go to a page that surprisingly looks like NBC with logo and all. The domain is nbc.superyoutoday.com. The website is not owned by NBC but it uses NBC in the subdomain and it has an SSL certificate.
Why? Because the fraudsters own superyoutoday.com. Hopefully you know this is a phishing scheme or unethical way to sell a pill that’s probably equally as tainted.
I am digressing so let me get to the point. Why would a dealer want SSL?
SSL is better than no SSL. I would compare it to having an ID card or driver’s license issued. Can you imagine the fraud if the DMV issued driver’s licenses without proof of identification? Eek. We would be living in a world akin to Back to the Future 2 or Mad Max. As the web gets more cluttered and bad people try to find ways to take advantage of good, the problems that exist with identity theft and fraud can only expect to get worse. SSL will help.
Why should a dealership’s website use SSL?
This is what you’ve been waiting for, right? There are a few key reasons:
- Browsers are demanding it
- Analytics and SEO
- You will have to read next article dedicated to #3 which will be big news
Browsers are demanding
Okay, so let’s talk browsers. Internet Explorer, Chrome, Firefox, Opera, and Safari are the most popular browsers. The main job of these browsers is to grab content from servers and deliver the content back via HTML so that we consumers can view and utilize websites or apps on our devices. During the process of delivering this content, the browser collects a lot of data about the user. This can include, but is not limited to, the user’s IP address, geography, device type (user agent), timestamp, http referral, sound, and video.
With a little ingenuity it’s feasible to collect enough information to identity visitors. Technology like fingerprint.js and the like help in these efforts. As the web develops more, data is becoming available via the browser and it could be used for malicious marketing and more. Therefore, in Q1 2016, many of the popular browsers will not allow websites to collect much of this data unless they reside on HTTPS.
That’s right. Geolocation, video (webcam), audio, and more will not be available any longer to you if your website is on HTTP. Just a quick audit of websites in our space revealed that nearly 100% are not using SSL. Therefore, this is a major problem and it is not isolated to our industry. Just as we marketers were starting to use geolocation data and video chatting, poof! It’s gone.
Unless, of course, your website is on SSL.
Another problem with dealer websites is the use of 3rd-party plugins that are not using SSL. Even if your site is using SSL, you may still get left out of the party because your chat or trade-in provider is not using SSL. Browsers will block non-SSL content if the site is loaded via SSL; this could impact your analytics, remarketing, or other 3rd-party integrations.
Analytics and SEO
Raise your hand if you’re seeing an increase in direct traffic while reviewing your analytics data? Okay, put your hand down, this is an article, but I’m glad you’re still with me. Did consumer behavior change so drastically that visitors research for website URLs and type those in direct? Sure, some of it is coming from the URL bar playing double duty as a search bar, but do you know the other part? It actually has to do with SSL. Generally, when a referral comes from an SSL website to a non-SSL website the http referral is omitted. The direct bucket in almost all analytics tools plays double duty too, like a lost and found area. In other words, if Google analytics doesn’t know where the data should be placed, it goes in the direct bucket.
As many of you heard, Google announced a little over a year ago that sites using SSL may get preferential treatment in search rankings. After much analysis of websites rushing to make this change, the search results were not remarkably different. Therefore, the news faded and was quickly buried with another algorithm update and self-driving car announcement. My take on this is that Google couldn’t deliver both the best search results and make a change this drastic. The reason is simple; just because a website is on SSL doesn’t mean that website would provide the best answers for the user’s search query while using Google’s search engine. Therefore, Google would intentionally have to provide worse answers. That would never happen.
However, I do believe as more websites become enabled with SSL we will start to notice a difference. I also believe if Google had a choice to show two similar results today, they would rank a secured site higher. Therefore, while not an immediate cause for concern, it’s with fair certainty if you want to stay on top of search engine rankings, start the move to HTTPS.
Please keep an eye out for my next article which will offer even more compelling reasons to use SSL.
(To be continued)