Remember that announcement that Google made back in 2014? Well, it finally came to fruition in 2017. For those of you who missed it or have forgotten about it, here’s a quick refresh; Google announced that it will introduce a new ranking metric, as of 2017, that will favour websites that have an SSL certificate, effectively marking down sites that do not.
An SSL (Secure Sockets Layer) is a standard security technology that allows sensitive information like passwords and credit card details to be transmitted through secure channels over the internet so they aren’t stolen.
Seems pretty important, right?
Well, as of this year, Google is set to label all websites that do not have a valid SSL certificate and, meaning that even if you don’t accept sensitive information, you should still be considering an SSL.
How do I know if my website has an SSL?
Ever noticed the little padlock icon that appears in the URL bar for some websites? If your website does have an active SSL, this padlock will be green and have, depending on the type of SSL (more below), either the word “Secure” or your company name next to it.
In Google’s Chrome browser, users are able to select “mark non-secure origins” in their settings, which displays as a padlock with a red X over it on sites without an SSL. As of the next release, scheduled for 31st January 2017, Google will reportedly enable this setting as default.
Why should I get an SSL?
First and foremost, we all want to live in a safer world and don’t want our personal details stolen. If your website contains an online form that requests the entry of sensitive data, the SSL prevents potential hackers accessing this data when transmitted over the internet. Having that green padlock in your URL bar will reassure users that they are safe to enter their information.
Further adding to the point of security; when information is submitted into an online form, it will often pass through multiple “stops” before it reaches its destination. The more “stops” the data has, the more likely it could be intercepted by a third party. The SSL certificate encrypts the transmitted data rendering it useless to anyone without the correct encryption key.
Still not convinced? Well, how about this … With their announcement, Google made changes to their indexing algorithm to favour SSL sites in search engine rankings. So, if your site is secure, this will be shown higher in search results than sites that aren’t. This is based on the valid assumption that customers will want a brand they can trust.
This has sparked questions as to how this will affect SEO and PPC marketing, but the only sure way to ensure that your marketing strategy and web rankings are unaffected, it’s important to have an SSL in place.
When an SSL certificate is received, it’s also issued with a server certificate. This certificate shows that the SSL certificate provider can be trusted. Users can also view these certificates to check the site is up-to-date and verify that the information they will enter is safe and goes to your site and not an imitation site. Promoting online trust with current and potential customers should also be a priority.
If your site accommodates online card payments, to meet with current Payment Card Industry compliance, your business needs an SSL certificate with encryption of at least 128-bit. Without the certificate, a site will not be able to take credit card payments. Customers, today more than ever, use online credit card payment and will want a site they can trust when entering their payment details.
Which SSL do I need?
If you’ve read this far, you’re probably now convinced that your website needs an SSL. But, which one do you need? Well, here are the 3 main types offered by most providers:
Domain Validated (DV) Certificate
A DV certificate is checked against the domain registry and is typically the cheapest to purchase; used in instances where there is no need to identify organisational information. The recommended use for this type of certificate is to protect internal systems, however these can be used for public sites as well. The main drawback is that the user cannot verify information about the organisation itself.
Organisation Validated (OV) Certificate
OV certificates can be trusted, as organisations are authenticated against business registry databases hosted by the government. These certificates contain legitimate business information meaning that they are suitable for business use.
It is a standard type of certificate that should be used on a commercial website. They conform to the X.509 RFC standards and contain all the information the user needs to validate the organisation.
Extended Validation (EV) Certificate
A step up from the standard OV certificate, an EV certificate provides a vetting process that is much stricter than the former. The process is to help reinforce trust when using an EV certified site.
An EV certificate will trigger a visible Green Bar in the URL of your browser to easily distinguish the site as secure. These certificate types help to prevent fraudulent users impersonating or phishing on your website. The Green Bar can only be triggered with an EV certificate in place.
Many providers also offer a “Wildcard” option of each certificate, meaning that all sub-domains are also protected, for example, a Wildcard would protect www.yourdomain.com and www.subdomain.yourdomain.com.
The announcement has good intentions and will help make the web an overall safer experience for everyone. Google have started their proposed ‘penalisation’ of sites as of this month and if you haven’t already got a valid SSL, this is something you can’t put off any longer!
To help promote a safer web and to make sure your web ranking is unaffected, it is urged that you get an SSL for your site now.
And keep an eye out for that green padlock in the URL – your users will be!
Enjoyed this article? Sign up to our blog to receive regular content straight to your inbox from Billian HQ!