10 replies to this topic

[Julia]

Hi everyone,

I've come across a problem I perhaps wouldn't have encountered if not for Google analytics.

I have a client' site I've been doing some work on that (I think) shares a secure certificate. When you add something to the shopping cart and hit checkout the URL changes from the original site (for example www.mysite.com/Merchant2/merchant.mvc? to www.host.whateverhosting.mysite.com. blah,blah). This causes problems tracking with Google's Urchin (not sure whether I'd have the same problem with ClickTracks) in that I can't see anything once they leave the site's own domain.

Also, I wondered if this sort of set-up causes any other problems (SEO, usability etc. or worse) I should be aware of.

I hope I've explained it well enough.

Thanks Julia

[dmcconkey]

I can't speak for SEO or Google Analytics, but I can speak for useability. To me this is a big turn-off.

Half of SSL is authentication. The other is encryption. You want your users to trust that their credit card numbers won't be lifted. Encryption covers that, and you're set in this case.

However, you also want your users to trust who that CC# is going to. With a shared cert on another server, you're counting on your customers to not care about that.

Have your client buy a cert. If they're serious about e-commerce, then $150 or so isn't a big deal.

-Dan

[Julia]

Thanks Dan,

So buying a secure certificate will solve the problem, yes? What if a site is hosted by the designer who provides the shopping cart, certificate and everything else through a company he or she owns? Even the domain name is in the designer's company name.

[dmcconkey]

So buying a secure certificate will solve the problem, yes?

Not sure you had a problem, per se, I was just letting you know my preference. If your sales are through the roof, no problem.

What if a site is hosted by the designer who provides the shopping cart, certificate and everything else through a company he or she owns? Even the domain name is in the designer's company name.

Any time I'm on domain A and "Go to checkout" takes me to domain B, that's a turn-off for me. This is common. Many hosts or developers share their certificate.

The first turn-off is that it instantly gives away the size of your business. Why advertise to your customers that you can't afford your own cert?

The second turn-off is that it bypasses 50% of why we use SSL. The (perhaps poor) analogy is that, when I hand my credit card to the Grocery Store cashier, she tells me that she needs to call her cousin, read him the number, and have him process it. I wouldn't feel comfortable about that.

Granted, most online vendors use merchant accounts that use a similar handshake. The big difference is that I gave my CC# to the merchant, and the cert assures me of that. Without a proper cert, I have no idea who I just gave my CC# to.

Again, though. My personal preference.

-Dan

[sonnyyu]

Ok, 2 sites share ssl certificate;-

1. www.mysite.com/Merchant2/merchant.mvc
2. www.host.whateverhosting.mysite.com

All you have to do is get wildcard ssl certificate for "*.mysite.com". Google "wildcard ssl certificate" for more information. Just keep in mind neither all ssl vendors nor webmasters are able to do wildcard ssl certificate. the education is required.


My $0.019

[Jill]

Personally, I think it's very common these days and I doubt that the average user would care (or even notice).

Regarding your analytics, I wonder if you can put your tracking code on the thank you pages on the other server? In fact, I'd be curious to know if it works as I was thinking of trying something similar (if I can) to my newsletter sign up which happens on another server.

[Julia]

Thanks everyone,

Jill: I'll try and put it on the pages on the other server but that may bring up another issue: If I put the code on the purchasing pages does Google through the analytics have access to that secure information? Not that I would expect them to do anything with it but it is people's credit card info. Just a thought!

[Jill]

I don't believe that code gives them access to any info other than visitor stuff, like browser, etc.

[Randy]

One thing to watch out for is to make sure the page doesn't throw some sort of error message in browsers.

I'm not familiar with GA having not had time to play with it yet, but if you pull anything (an image, external css file, external javascript) into the page from a non-secure location the default setup for some browsers will throw a warning that some data on the page is not secure. Buyers will run away if they see this sort of thing.

So make sure to test it in several browsers!
<edit to add>
One thing you should be able to do, and which I do on my own sites, is to do no tracking on the SSL side of things, but make sure after the purchase the customer is sent back to a Thank You page on the original domain. You can pass any data you need from the checkout pages back to this page (don't send the CC number though!) and tie everything back together at this point.

[Jill]

but make sure after the purchase the customer is sent back to a Thank You page on the original domain.

Good idea, that would do the trick!

[Julia]

Thanks. You're all so helpful. I'll try what you suggest Randy.

Julia