homepage Welcome to WebmasterWorld Guest from 50.16.130.188
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Google / Google AdWords
Forum Library, Charter, Moderators: buckworks & eWhisper & skibum

Google AdWords Forum

    
Does Adwords prohibit ecommerce sites that don't use SSL?
Site claims a 'secure checkout' but doesn't, is this a ToS violation?
Nashie




msg:4277712
 10:11 am on Mar 7, 2011 (gmt 0)

I found a site last week and added a product to the basket and found to my surprise that on the credit card order form page, there was NO SSL (despite allusions to this - a graphic which said 'safe and secure').

I'd be charitable and assume that this was an oversight, but given I had to insist they remove CSS and HTML they'd stolen from my site two weeks ago, and given what other competitors have told me about them- I think they are simply trying to dupe users with lies about secure checkouts that they don't actually have.

I'd found the site via an adwords advert. Does Adwords have a policy that insists on SSL for e-commerce sites?

 

Eschatonic




msg:4277807
 3:18 pm on Mar 7, 2011 (gmt 0)

I can't find a reference to any such policy with a quick search of their help pages, but then it's not an issue I've come across before so I could have just missed it or it could be buried deep in the T&Cs.

Either way, Google have pretty strong opinions in general about sites which look scammy or spammy. It might be that if they investigated your complaint that they'd give the site a massive QS slap for deceiving users. I suggest sending them some feedback using this form:

[adwords.google.com...]

Or alternatively speak to one of their Support staff more directly.

Nashie




msg:4277830
 3:51 pm on Mar 7, 2011 (gmt 0)

I've spoken to them directly on Friday and it sounded like it does violate ToS, but to my surprise it's still on there.

I would be surprised if it remains on there as instances of credit card fraud because of the lack of SSL encryption does not inspire trust in the quality of Google's PPC results.

netmeg




msg:4277842
 4:12 pm on Mar 7, 2011 (gmt 0)

How far did you get into the process? Because, depending on the way it's coded, you may not need the SSL to kick in until AFTER you enter your credit card information and hit 'submit'; the point at which data could be sniffed is while it's being posted to the next page in the cart, not as you are typing your credit card number into the field. So it's entirely possible that a page with credit card entry fields would be non-SSL, while the next page (usually a "review your order" type page) and subsequent pages would all be SSL.

SSL does slow things down, so it may have been coded that way, although nowadays I find it's easier to just take the performance hit and make the entire cart SSL, to ease people's minds.

Nashie




msg:4277867
 4:49 pm on Mar 7, 2011 (gmt 0)

The credit card form is on standard http:// - but more importantly the PHP script the form is being posted to is http:// as well. So there's no SSL protection when the credit card number is posted.

If I append https firefox generates a warning for an 'untrusted connection'.

Nashie




msg:4278286
 12:26 pm on Mar 8, 2011 (gmt 0)

It's still being served on adwords and I am very surprised.

Honestly thought that an unsecure checkout would be viewed as undermining user's trust in the quality of sites using adwords. Odd.

LucidSW




msg:4278346
 3:06 pm on Mar 8, 2011 (gmt 0)

Advertising on Adwords and SSL have nothing to do with each other. I know of no rule that says you must have SSL on your site. Yes, I'm sure Google would like all sites using Adwords to have SSL but I don't see how they can check this. Frankly, I don't see this as a big problem. Any reputable checkout software like PayPal and many others that thousands of sites use will be SSL.

Nashie




msg:4278357
 3:45 pm on Mar 8, 2011 (gmt 0)

Since landing pages are manually reviewed- I'm not sure why it's a huge stretch to check that there is some form of secure checkout. This check could easily be performed when a new PPC account is created, it requires probably 30 seconds of checking.

I must also clarify that although in this instance I have used the term SSL, the issue is that the checkout I am referring to is not secure in any way, shape or form- it does not use Paypal, worldpay or any other 3rd party vendor. It is literally a php mail form with no security. I have a feeling the transactions are being processed manually.

I've just been going through the adwords content guidelines and there seems to be a policy for everything but an insistence upon some form of secure transaction system for e-commerce sites. I think that the lack of any kind of secure checkout facility undermines confidence in the quality of the sponsored listings.

Eschatonic




msg:4278361
 3:51 pm on Mar 8, 2011 (gmt 0)

I think that the lack of any kind of secure checkout facility undermines confidence in the quality of the sponsored listings.


You should probably let Google know that. They may choose to add a policy about it if they agree with you.

Nashie




msg:4278399
 4:39 pm on Mar 8, 2011 (gmt 0)

Thanks for all of the replies :)

LucidSW




msg:4278886
 3:30 pm on Mar 9, 2011 (gmt 0)

> Since landing pages are manually reviewed

I don't think each and every page is manually reviewed. That would take up a huge resource.

> It is literally a php mail form with no security.

I would have an issue with that as well. I would let Google know of your concerns but what, if anything they can do about it, I don't know.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google AdWords
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved