We recently ran into an issue with the latest release of Internet Explorer from Microsoft, IE7. Several of our dealers did not use SSL certificates because they only collect information that isn’t sensitive in nature. For a short “credit application” they chose to only ask customers for info such as name, address, email, and phone number. This information is public for most people anyway, so there really wasn’t a need to encrypt it on the website.
With the new IE7 it seems to be more important to secure any contact forms or credit applications, no matter how public the information may be. Not important because you need to protect information that’s probably public anyway, but important because it can actually deter customers from entering their info in the first place. Even with a “shared” SSL certificate which still encrypts info, customers are being told to be extremely cautious. Take a look at a warning screen someone sees now when they go to a page that is encrypted by a shared SSL:
Even if someone isn’t giving up confidential info, it’s pretty strong to see Microsoft telling you that you should leave the page. If you didn’t know the technical specifics of why you were seeing that message, would you enter any information? What if it was a more in-depth application that asked for your Social Security Number? I know I wouldn’t, even if it was a reputable car dealer I’ve done business with in the past.
The solution to this is simple. We recommend all of our customers get an SSL certificate, which we purchase on their behalf and install on the web server. Certificates can be purchased for just a couple hundred dollars through some reputable and trusted companies. Think of it this way: if you get one person to fill out your online credit application and get them financed, will the money you make on the back-end of the deal offset the minimal investment? We leave the choice up to our dealers, but if I were a dealer it would be a no-brainer.