Although you may have considered a free SSL certificate for your ecommerce website, always remember: you get what you pay for. Check out this post to learn five reasons why a free SSL certificate may be a bigger risk than you realized.
An SSL Certificate is a necessary part of your online store, especially in terms of security, because it protects sensitive information being transferred between a browser and a server. Often times, this sensitive information is your customers' credit card information, so a less reliable SSL certificate could greatly damage both your business and its reputation.
You've probably seen offers of free SSL certificates, and as an online business owner, it makes sense to want to save money. But before you settle for one of those, you should know that not all SSL certificates are created equal.
The free SSL certificates that some ecommerce providers offer are free because they're shared. That is, the SSL certificate is registered with the ecommerce provider's domain, and it's shared among all the businesses that decide to use it. The benefits of a free SSL certificate are clear. (It's free.) But that free SSL certificate comes at a cost to your business that they don't often mention.
Here are five reasons why you should be wary of free SSL certificates:
1. They set off browsers' security alarmsOften times, when an ecommerce site uses a shared SSL certificate, a pop-up warning will appear when visitors try to go to the checkout page. That's because the SSL certificate is only configured to work with the ecommerce provider's server's domain name, and not yours. Browsers know that this can mean something is amiss, so they'll always warn the user. And it's not limited to just one kind of browser. All of the major browsers will have these warnings.
These pop-ups, small as they are, can have a huge impact on your store's image and customers' perception. Even if you've taken major precautions to make a top-of-the-line online store, these warning pop-ups will make it look like otherwise.
2. They make websites look fraudulentThe way that a website works with a free SSL certificate makes it look like a scam website, and people take notice. When you have a free SSL, customers who want to check out are directed to a page on your ecommerce provider's domain instead of staying on your domain.
For example, say you have a customer browsing your store, www.store.com. They like what they see and decide to make a purchase. When they hit the checkout button, however, they'll be directed to a URL on a different domain, something like www.store.ecommerceprovider.com. Outside of having an unfamiliar URL, often times this page won't match your ecommerce store's branding either.
You can't blame a customer for being on edge. This practice of luring people in with a reputable front, and then sending them to a seedy domain is so frequently used that major banks recognize it and actively warn their customers of it. So online businesses that utilize free SSL certificates run the risk of being misidentified as fraudulent.
3. They weren't meant for ecommerceThe fact of the matter is that free SSL certificates weren't originally created to protect credit card information in ecommerce websites. Instead, free SSL certificates were intended to provide a secure connection to a server that isn't typically seen by the public. For example, say you’d like to log in to your store's admin dashboard. A free SSL certificate would be adequate protection for that kind of situation.
However, dealing with credit cards is much more complicated business. A lot more is at risk, and it deserves a higher level of security, preferably one specifically built for processing payments. Furthermore, if free SSL certificates were really suitable for ecommerce, you'd see popular online retailers using them. Instead, you'll notice that the large majority of top online businesses offer checkout on their own website.
4. They have more points where they could be compromisedAs mentioned earlier, free SSL certificates are free because they're shared. Although sharing can be caring, in this case, it just puts a lot of businesses at a greater risk. Think about it this way, if a shady character gets the server's SSL private keys, then all of the businesses utilizing the free SSL certificate are compromised. On top of that, the information from an even greater number of credit cards are potentially exposed as well.
Looking at it from the hacker's perspective, if he's going to take the time and effort into figuring out how to compromise a certain SSL certificate, which option has the larger pay off? A paid SSL certificate that would only give him access to one business? Or a free SSL certificate that could give him access to thousands of businesses? (Hint: it’s the free one.)
5. They can hurt your customer trustScams are a sad fact of doing business online, and more than a fair share of your customers have either heard about ecommerce fraud or have experienced it firsthand. In fact, one of the most popular reasons for cart abandonment is fear of fraud. All of these aspects of free SSL certificates, the warning pop-ups, URL changes and more, can make a customer feel significantly less safe, leaving your business with a low conversion rate and an even lower level of customer trust.
A lack of customer trust begets further problems, like a little to no brand loyalty. And with the near-endless number of options an online shopper has, they can just as easily take their business elsewhere.
Although free SSL certificates don't seem to cost you anything initially, in the long run, they could end up costing you a lot. Whether it's in terms of safety, perception of your brand or even level of customer trust, a private SSL certificate can better provide for your business.
-Gracelyn Tan, Volusion