Paul Granger is a GlobalSign contributor. Today he’s offering his perspective on how Google’s Quality Score and Chrome 62 HTTP browser treatment changes will affect online business owners and how they can prevent any negative effects.
Chrome is the most popular web browser at the moment and a new update is about to change the game for many business owners.
It might very well mean a drop in conversions and return visits to your website. Improving trust in your website and increasing security is the only way to make sure that this doesn’t happen.
What's Changing With Google?
A focus on security is making Chrome a much more effective tool for browser users. Google has started to improve user safety by making more efforts to let them know which sites are fully secured and safe* to both browse and input their details on, and which aren’t.
Starting in Chrome 62, (which was released to stable for desktops on October 17, 2017 and will be rolled out over the next few weeks), any HTTP pages that collect data (e.g. login details, financial or banking info, search queries, registrations) will be marked as “not secure”.
(source: Chromium Blog)
There are obvious benefits to these changes. Browsers will have a safer experience avoiding unsecured sites. As a consequence, businesses with secure websites are going to attract more interest and a higher click-through rate. It’s more than just a browser change too. Google is also going to consider security more thoroughly when it comes to how their search engine works.
In both SEO and PPC advertising, like AdWords, it is some internet marketers’ theory that the sites fitting Google’s security requirements are going to see an increase in their Quality Score. On the other hand, if you fail to, your Quality Score will go down. This means that your SEO is likely to suffer, with your web pages getting pushed further down in query results. It also means that competitors with higher Quality Scores are going to succeed in more AdWords bids than you.
How This Affects Trust in Your Online Business
Already, the changes that Google has made in signposting secure websites has drastically changed user behavior. According to Google, since they started flagging HTTP sites that collected password or credit card information (back in Chrome 56), there has been a 23% decrease in traffic leading to those types of insecure pages on desktops.
The Chrome 62 changes are only likely to see that rate increase since the scope of affected pages has expanded (pages with any kind of form field will be flagged), and businesses are going to suffer unless they can take the initiative and secure their sites now.
When a customer sees that a business’s site is marked as “not secure”, they then go on to think that the business itself isn’t to be trusted. While this flag only applies to input fields on the website right now, many users are going to extrapolate and assume that it means the whole website, and maybe the whole business, is untrustworthy as well.
They start to judge whether or not that business isn’t just another online scam. Some legitimate businesses are going to get caught up in these misconceptions, so you have to make sure yours isn’t one of them.
In case you’re thinking, “well, my site doesn’t collect any information, so I don’t have to worry about this...”:
- There are many reasons to secure your site besides browser treatment.
- At some point, Google plans to flag all HTTP sites with a red warning triangle symbol and the “Not Secure” label, so it’s not worth banking on the idea that your site will not be affected.
(Source: Google Security Blog)
How Customers See Whether Your Site Is Trusted
Secured pages have “HTTPS” addresses, while unsecured sites have “HTTP” addresses. Chrome also shows a padlock with the word “Secure” after it in the URL bar.
Example secure website in Chrome.
These prominent symbols are intended to immediately communicate to users whether or not it’s safe* to enter any details in the forms on the website. Note: Depending on the type of security certificate the site is using, the URL might also show the name of the company.
How to Secure Your Site
Every business should operate with a secure site, especially those with websites that request any visitor information, such as email addresses, usernames and passwords, and most importantly, financial details. Even if your on-site queries are something as simple as a search bar to help with on-site navigation, if the site isn’t secure, then it will get flagged according to Chrome’s new requirements.
Securing your site in this case means moving to HTTPS. This requires an SSL Certificate and a properly configured server. SSL provides a secure channel between the website’s server and the browser and encrypts data transmitted between the two.
Not sure which type of SSL Certificate you need? Check out this guide.
How Identity in SSL Can Help
There are three main types of SSL Certificates and while they all encrypt the connection, they vary based on the amount of identity information that is verified and included in the certificate. Domain Validated (DV) Certificates are the most basic and only verify domain ownership. Extended Validation (EV) and Organization Validated (OV) Certificates authenticate the business the operates the website, showing that that the site is not only secure, but that it belongs to exactly who it’s supposed to belong to.
EV Certificates display this verified company name directly in the URL, while OV Certificates require the visitor to view the certificate details.
Example website with EV Certificate in Chrome
With more and more phishing, or imposter, sites acquiring free DV Certificates in an attempt to look more trustworthy, it is more important than ever for companies to establish their brand identity online. SSL, and more specifically EV SSL since it brings the brand name front and center, is the only way to do this.
This is essential for high-profile sites that are targeted for phishing scams that attempt to redirect your customers to spoof sites.
Chrome 62 Is Here – Act Now So You Don't Lose Visitors!
There are definitely going to be businesses hit by the changes in Chrome 62 that are going to lose potential customers and more as it continues to be rolled out. By following the advice above, you can make sure that you’re not amongst them. But you have to act quickly. Get an SSL Certificate today!
*Note from GlobalSign: We’ve written about this in the past, but just because a website is encrypted, doesn’t necessarily mean it’s safe. With the rise of free SSL services, many phishing sites have started implementing low assurance DV Certificates to make their sites look more trustworthy and achieve the “secure” label in Chrome. We are working hard to educate both users about how to spot phishing sites and businesses about the importance of identity in their online presence.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign