homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Google / Google AdWords
Forum Library, Charter, Moderators: buckworks & eWhisper & skibum

Google AdWords Forum

Does Adwords prohibit ecommerce sites that don't use SSL?
Site claims a 'secure checkout' but doesn't, is this a ToS violation?

 10:11 am on Mar 7, 2011 (gmt 0)

I found a site last week and added a product to the basket and found to my surprise that on the credit card order form page, there was NO SSL (despite allusions to this - a graphic which said 'safe and secure').

I'd be charitable and assume that this was an oversight, but given I had to insist they remove CSS and HTML they'd stolen from my site two weeks ago, and given what other competitors have told me about them- I think they are simply trying to dupe users with lies about secure checkouts that they don't actually have.

I'd found the site via an adwords advert. Does Adwords have a policy that insists on SSL for e-commerce sites?



 3:18 pm on Mar 7, 2011 (gmt 0)

I can't find a reference to any such policy with a quick search of their help pages, but then it's not an issue I've come across before so I could have just missed it or it could be buried deep in the T&Cs.

Either way, Google have pretty strong opinions in general about sites which look scammy or spammy. It might be that if they investigated your complaint that they'd give the site a massive QS slap for deceiving users. I suggest sending them some feedback using this form:


Or alternatively speak to one of their Support staff more directly.


 3:51 pm on Mar 7, 2011 (gmt 0)

I've spoken to them directly on Friday and it sounded like it does violate ToS, but to my surprise it's still on there.

I would be surprised if it remains on there as instances of credit card fraud because of the lack of SSL encryption does not inspire trust in the quality of Google's PPC results.


 4:12 pm on Mar 7, 2011 (gmt 0)

How far did you get into the process? Because, depending on the way it's coded, you may not need the SSL to kick in until AFTER you enter your credit card information and hit 'submit'; the point at which data could be sniffed is while it's being posted to the next page in the cart, not as you are typing your credit card number into the field. So it's entirely possible that a page with credit card entry fields would be non-SSL, while the next page (usually a "review your order" type page) and subsequent pages would all be SSL.

SSL does slow things down, so it may have been coded that way, although nowadays I find it's easier to just take the performance hit and make the entire cart SSL, to ease people's minds.


 4:49 pm on Mar 7, 2011 (gmt 0)

The credit card form is on standard http:// - but more importantly the PHP script the form is being posted to is http:// as well. So there's no SSL protection when the credit card number is posted.

If I append https firefox generates a warning for an 'untrusted connection'.


 12:26 pm on Mar 8, 2011 (gmt 0)

It's still being served on adwords and I am very surprised.

Honestly thought that an unsecure checkout would be viewed as undermining user's trust in the quality of sites using adwords. Odd.


 3:06 pm on Mar 8, 2011 (gmt 0)

Advertising on Adwords and SSL have nothing to do with each other. I know of no rule that says you must have SSL on your site. Yes, I'm sure Google would like all sites using Adwords to have SSL but I don't see how they can check this. Frankly, I don't see this as a big problem. Any reputable checkout software like PayPal and many others that thousands of sites use will be SSL.


 3:45 pm on Mar 8, 2011 (gmt 0)

Since landing pages are manually reviewed- I'm not sure why it's a huge stretch to check that there is some form of secure checkout. This check could easily be performed when a new PPC account is created, it requires probably 30 seconds of checking.

I must also clarify that although in this instance I have used the term SSL, the issue is that the checkout I am referring to is not secure in any way, shape or form- it does not use Paypal, worldpay or any other 3rd party vendor. It is literally a php mail form with no security. I have a feeling the transactions are being processed manually.

I've just been going through the adwords content guidelines and there seems to be a policy for everything but an insistence upon some form of secure transaction system for e-commerce sites. I think that the lack of any kind of secure checkout facility undermines confidence in the quality of the sponsored listings.


 3:51 pm on Mar 8, 2011 (gmt 0)

I think that the lack of any kind of secure checkout facility undermines confidence in the quality of the sponsored listings.

You should probably let Google know that. They may choose to add a policy about it if they agree with you.


 4:39 pm on Mar 8, 2011 (gmt 0)

Thanks for all of the replies :)


 3:30 pm on Mar 9, 2011 (gmt 0)

> Since landing pages are manually reviewed

I don't think each and every page is manually reviewed. That would take up a huge resource.

> It is literally a php mail form with no security.

I would have an issue with that as well. I would let Google know of your concerns but what, if anything they can do about it, I don't know.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Google / Google AdWords
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved