Sponsored by:

Higher Turnover Websites

the #1 Provider of Car Salesman Websites and Dealership Sites

Please note that comment moderation is being used on this blog. This means that you are free to comment on any posts, however they will be reviewed prior to being posted on the live site. We welcome any legitimate comments, but comments including links to your own sites (i.e. "link spamming" or "comment spam") will be marked as spam and will not be published. If you have comments that will be useful to other readers, feel free to post them, otherwise go spam someone else's blog!

Tuesday, December 12, 2006

Importance of Having a Secure Credit Application on your Auto Dealer Site

Most people are aware of the identity theft threat. In case you’re not, here’s a crash-course: Any time you submit information over the internet, it is possible for a third party to intercept that information. This is true for almost any information someone submits, whether it’s ordering flowers online, booking a plane ticket, or applying for financing on an auto dealer website. What can someone do with the information they collect? Well that depends. If the site that is supposed to receive the information has a security certificate (also known as an SSL certificate), there’s not much the “bad people” can do. The SSL actually encrypts whatever is being sent so it’s no use to anyone other than the intended recipient. Anyone with a website can obtain an SSL, and the issuing companies do extensive checks to ensure the person/company purchasing the certificate is legit. Essentially you’re paying for a trusted name that vouches for your own business legitimacy.

We recently ran into an issue with the latest release of Internet Explorer from Microsoft, IE7. Several of our dealers did not use SSL certificates because they only collect information that isn’t sensitive in nature. For a short “credit application” they chose to only ask customers for info such as name, address, email, and phone number. This information is public for most people anyway, so there really wasn’t a need to encrypt it on the website.

With the new IE7 it seems to be more important to secure any contact forms or credit applications, no matter how public the information may be. Not important because you need to protect information that’s probably public anyway, but important because it can actually deter customers from entering their info in the first place. Even with a “shared” SSL certificate which still encrypts info, customers are being told to be extremely cautious. Take a look at a warning screen someone sees now when they go to a page that is encrypted by a shared SSL:

Even if someone isn’t giving up confidential info, it’s pretty strong to see Microsoft telling you that you should leave the page. If you didn’t know the technical specifics of why you were seeing that message, would you enter any information? What if it was a more in-depth application that asked for your Social Security Number? I know I wouldn’t, even if it was a reputable car dealer I’ve done business with in the past.

The solution to this is simple. We recommend all of our customers get an SSL certificate, which we purchase on their behalf and install on the web server. Certificates can be purchased for just a couple hundred dollars through some reputable and trusted companies. Think of it this way: if you get one person to fill out your online credit application and get them financed, will the money you make on the back-end of the deal offset the minimal investment? We leave the choice up to our dealers, but if I were a dealer it would be a no-brainer.

No comments: