I can't find a reference to any such policy with a quick search of their help pages, but then it's not an issue I've come across before so I could have just missed it or it could be buried deep in the T&Cs.

Either way, Google have pretty strong opinions in general about sites which look scammy or spammy. It might be that if they investigated your complaint that they'd give the site a massive QS slap for deceiving users. I suggest sending them some feedback using this form:

[adwords.google.com...]

Or alternatively speak to one of their Support staff more directly.

I've spoken to them directly on Friday and it sounded like it does violate ToS, but to my surprise it's still on there.

I would be surprised if it remains on there as instances of credit card fraud because of the lack of SSL encryption does not inspire trust in the quality of Google's PPC results.

How far did you get into the process? Because, depending on the way it's coded, you may not need the SSL to kick in until AFTER you enter your credit card information and hit 'submit'; the point at which data could be sniffed is while it's being posted to the next page in the cart, not as you are typing your credit card number into the field. So it's entirely possible that a page with credit card entry fields would be non-SSL, while the next page (usually a "review your order" type page) and subsequent pages would all be SSL.

SSL does slow things down, so it may have been coded that way, although nowadays I find it's easier to just take the performance hit and make the entire cart SSL, to ease people's minds.

The credit card form is on standard http:// - but more importantly the PHP script the form is being posted to is http:// as well. So there's no SSL protection when the credit card number is posted.

If I append https firefox generates a warning for an 'untrusted connection'.

It's still being served on adwords and I am very surprised.

Honestly thought that an unsecure checkout would be viewed as undermining user's trust in the quality of sites using adwords. Odd.

Advertising on Adwords and SSL have nothing to do with each other. I know of no rule that says you must have SSL on your site. Yes, I'm sure Google would like all sites using Adwords to have SSL but I don't see how they can check this. Frankly, I don't see this as a big problem. Any reputable checkout software like PayPal and many others that thousands of sites use will be SSL.

Since landing pages are manually reviewed- I'm not sure why it's a huge stretch to check that there is some form of secure checkout. This check could easily be performed when a new PPC account is created, it requires probably 30 seconds of checking.

I must also clarify that although in this instance I have used the term SSL, the issue is that the checkout I am referring to is not secure in any way, shape or form- it does not use Paypal, worldpay or any other 3rd party vendor. It is literally a php mail form with no security. I have a feeling the transactions are being processed manually.

I've just been going through the adwords content guidelines and there seems to be a policy for everything but an insistence upon some form of secure transaction system for e-commerce sites. I think that the lack of any kind of secure checkout facility undermines confidence in the quality of the sponsored listings.

I think that the lack of any kind of secure checkout facility undermines confidence in the quality of the sponsored listings.

You should probably let Google know that. They may choose to add a policy about it if they agree with you.

Thanks for all of the replies :)

> Since landing pages are manually reviewed

I don't think each and every page is manually reviewed. That would take up a huge resource.

> It is literally a php mail form with no security.

I would have an issue with that as well. I would let Google know of your concerns but what, if anything they can do about it, I don't know.