I have an ecommerce site that handles all the credit card processing except for the actual verification of funds. For that I redirect to Authorizenet that then redirects back to my site with the results. This is all done in encrypted mode.
Here is the problem. When the Information is redirected to the authorizenet site the browser pops up a window with a security alert. Here is a URL to the captured pop up window:
This alert scares customers away. How can I prevent this from occuring?
Did you purchase the SSL certificate, or is that provided by Authorize.net?
Usually that message means that your browser isn't aware of the issuing authority for the certificate. Way back when, there only used to be a few companies that issued SSL certificates (VeriSign and Thawte, for example). IE and Netscape shipped with knowledge of these companies, so whenever they came across a certificate from one of them, they knew it was okay.
Over time, more companies have started issuing certificates, however. Older versions of the browsers aren't aware that these companies exist, so they pop up a message like you've shown us asking the user if they should proceed.
Newer versions of the browsers ship with knowledge of these companies, so they don't have a problem.
You're right, it does tend to scare off buyers. Hence, these certificates are usually cheaper than the ones you can get from Thawte or VeriSign. That's the wrinkle -- do you pay more, and keep everyone happy, or pay less, and run the risk of scaring away business.
I hope this helps.
[edited by: TallTroll at 4:32 pm (utc) on July 9, 2002]
Since the warning occurs as they are leaving the secure directories on my site (https://mysite.com) and being redirected to authorizenet's secure path, I would assume that this problem is caused by authorizenet's SSL certificate. I use a shared SSL on the server that I believe is Twarte.
It sounds like there is no solution for this problem?
If its authorizenet's SSL that causing the message then unless you can talk them into changing who they get their SSL from, then there probably is not a fix. What version of MS are you receiving the popup on? IE users seem more prone to upgrade to the newer versions sooner. So it may just be a matter of time before this is a mute point for you.
Its my customers that get the message and I would expect the normal distribution of browser types. The ones using older browser are probably the least savvy and most easily scared off.
I originaly received the message as well about two years ago. But I said to accept the certificate and I believe it stored that away and I no longer see the message as a result.
I have taled with Authorizenet, but they are not helpful at all.
If it's Authorize.net's certificate, there's not much you can do about it then, short of move to another service or the card processing in-house.
That's one unfortunate problem with the web -- you can't force your visitors to drag themselves into the 21st century. Our site still gets hits from people running Netscape 2.x. That browser is probably about 6 - 7 years old.
At somepoint, however, you need to draw a line in the sand and say "you're either moving forward, or being left behind."
Ultimately, having more than 2 certificate authorities is good for all of us -- the competition lowers the prices. If the user community keeps relatively current on their software (within 2 - 3 versions of current), you don't have a problem. It's the people who don't know better, or worse yet, the zealots who won't upgrade because they shouldn't have to that make life tough.
Here's my suggestion to solve your problem:
Short of that, you're looking at some expensive and time consuming alternatives.
Hmmm, that is a good idea. Right now I have a message that everyone sees alerting folks to the potential problem.....although I don't think anyone reads it. I can change it so that only old browser see the message.
I wonder if there is a way to know how many customers are actually seeing the pop up security alert?
My suggestion would be to look at the web site for the issuing company. Usually they will say on their site something like "Browser Support" which will list the browsers that it handles smoothly. It will probably be something like "Internet Explorer 5.5+ and Netscape 4.7+".
You can use that info to warn only customers who don't meet that requirement.