My initial reaction was "you're kidding me right!?"

But that's my opinion. I think they're very important especially now that most folks have been trained to look for them. You'd be foolish to open a store and not offer secured transactions.

You absolutely must have SSL Cert if you want to take payments online. Customers are savvy enough to expect it.

does their presence or absence affect sales?

Definitely! If I'm in a shopping cart and there's no certificate, I abandon the cart and never return to the site. Period.

And if it's a site I'm not familiar with, I'll probably click the link to verify the certificate.

However, I go back and forth as to whether I consider sites with a VeriSign cert as being so stupid for spending so much money, or sites with a non-VeriSign cert as being so cheap. (And for the record, I am in the "so stupid" category for my sites. :) )

I definitely think a cert is important

I also believe that it should be a top level cert such as verisign or thawte.

<added>technically speaking adding https does slow down the communication between your server and the user, but it won't be significant unless you have very high volumes of traffic. At which point I would hope you make enough for a dedicated server and ssl accelerator.

Funny thing I just did a test in my office today on this very issue. our bussiness is developing internet sites, so we should or the employees here should know how to check to make sure a site is secure...wrong...

I found a website that dosen't use a secure certificate when you enter your personal information or credit card numbers with cvv, but has an image lock on the page not in the browser to make it seem secure.

I tried 4 here in the office to see if any would see the issue not one looked in the browser for the secure certificate not one looked for the secure https.

A couple assumed it was because the could see a lock image a couple didn't even have a clue what to look for.

I think we give to much credit to the public really understanding what is secure and what isn't.

I wouldn't do it without one but from what I see it may or may not have make any difference.

I'm with you bwnbwn,

I don't think the public has a clue what the secure certificate is.

Perhaps they feel more secure seeing one though.

it will affect sales though if you don't have one and someone gets some personal data from a transaction.

I agree, the end user knows little but that doesn't mean we shouldn't educate and protect them.

>> I don't think the public has a clue what the secure certificate is.

They may not know what an SSL is but I'll bet most of them have been trained to look for that little lock symbol in IE. I don't profess my belief to be fact so I encourage you to test it. Get 10 or 20 people you know to perform an experiment to see if they know enough to check for security!

Also consider the market sector. If you're selling to little old ladies then perhaps you can get away with it but if you're selling to the techno crowd I'd bet dollars to donuts they'll notice if there isn't an SSL installed.

jatar_k, lorax, I completely agree with what you say. I myself would never try to do it without a secure certificate, heck the expense is nothing compared to the possible loss.

looking at 90 bucks a year for a certificate this really is a no brainer so to answer your question amythepoet to what I would do is

Get a certifiate and keep your business as secure as possible.

A better question would be... is it worth buying your own ssl cert vs. using a ssl shared cert (most hosts offer shared ssl). Are people just looking for the little lock? Are they seeing some weird url instead of [your-domain.com...] and making a run for the hills?

wrkalot excellent point
that really is a tough one to answer I got my own but used a shared one for years. I really didn't see an increase in sales with mine versus a shared one.

I did get faster connect speed and processing speed.

Thanks, I do have the little lock installed , and yes everytihng is secure

Why is this even a discussion? If you have a site that would need a secure certificate you should at least be able to afford the $35 GoDaddy one.

Yes they are worth it. We use an SSL certificate from Comodo. They might be more expensive than some, but well worth it.

The one I have from thawte is a whole lot more than $35. :(

They may not know what an SSL is but I'll bet most of them have been trained to look for that little lock symbol in IE.

lorax in case you missed bwnbwn's comment,

I found a website that dosen't use a secure certificate when you enter your personal information or credit card numbers with cvv, but has an image lock on the page not in the browser to make it seem secure.

This is just rude and appalling, and insults the intelligence of the buying public. :-(

On further investigation it gets even worse - I found a site that does have an SSL cert, but the form submits credit card info to a non-secure server-shared version of a mailto script!

Really it boils down to education I guess, you would think that when someone's entering information involving their money they would be more careful. Quie often when CC info or other sensitive information gets stolen, people can't even recall exactly what they did.

>> the fake lock symbol

Yes... there are people who - for one reason or another - are less than honest. You are absolutely right in that consumer education is the key difference. They either know what to look for or they don't.