SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. To be able to create an SSL connection (usually a 256-bit certificate encryption and 2048-bit key encryption), your web server requires that an SSL Certificate be installed. The certificates comes in an array of flavours, but they all essentially provide the same result. There are both free and paid SSL options... but the free domain validated SSL certificate are usually more than suitable for most financial practitioners (early on, anyhow, and they're certainly better than nothing).
A short time ago we conducted a crude (and automated) survey of Sydney mortgage broker websites to determine if their websites were SSL compliant. Of all the parameters our survey assessed it was the lack of SSL compliance that gave us genuine concern with over 77% not delivering a secure website to their online visitors. We were a little reluctant to accept that startling figure as accurate until we compared it against a smaller sample of Brisbane data... and they weren't doing much better with 73% serving insecure websites. To get a broader idea of how the industry was performing as a whole we recently assessed all non-franchise and non-bank lenders. The result: only 17% of surveyed mortgage brokers websites are serving a valid secure website.
If you don't have a website you have bigger problems to deal with. If you have marketing representation and still don't have a website, you have bigger problems once again.
Why SSL Is Important To The Finance Industry
Most websites have a generic privacy policy where they talk about privacy and data-collection, and it usually includes a paragraph that describes the measures taken to ensure data is kept secure. If you don't have an SSL certificate you're violating your own policy in an industry that demands information be kept private. For our financial clients, we'll often advocate that they aim to adhere to the same privacy practices as banks and other institutions - this way they're effectively providing an equal (or greater) level of service. The finance industry is compelled by legislation to do all that is reasonable to protect user privacy... and we're failing. Failing to comply with this very basic and Kindergarten-level website privacy expectation has very serious commercial implications. Think of how your indemnity insurer might respond to a privacy violation if you've chosen to ignore a basic industry standard.
The green SSL badge adds a measure of trust to your website and brand. It's so necessary that Google have added SSL compliance as an SEO ranking signal. More important is that if you're not serving a website with an installed SSL certificate, Google will return a page indicating that your website may be unsafe. From our article on "Your Website Is As Important As Ever", we wrote the following:
Depending on what survey you choose to believe, up to eighty-five percent of online prospects conduct online research before they make a purchase, just over ninety-percent begin by using a search engine, and 70 percent will read product reviews before making any decision. On average, a consumer will visit three competitors before making any contact with you, and 48% won't even consider doing business with you if your website doesn't (or shouldn't) exist. So, if you're actively marketing for clients, there's a good chance your potential clients will visit your website, and if you've attracted a cold visitor to your business your website serves as their first impression. A hard cold fact that most of our peers fail to acknowledge is that a bad website experience translates to fewer conversions.
"A bad website experience translates to fewer conversions". How do you think this might look to your online leads:
If you select "Advanced" there's an option to proceed to the website, but it's marked as "unsafe". This is what 83% of mortgage brokers are potentially serving to their online visitors.
Google announced their "Secure Web" back in September of 2016 - providing everybody plenty of time to make the necessary changes. Initially, Chrome would just mark non-secure pages containing password and credit card input fields as Not Secure in the URL bar. However, Google now serves a non-secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields.
There are times when there are references to non-secured elements from a website that has had a certificate installed. In those cases, unsecured scripts, images, forms, and other elements simply need to reference the https source to have the green 'Secure' badge reappear. The image below shows the website of one of those that considers themselves our competition. The unresponsive and awfully designed WIX website shows the missing 'Secure' badge in the URL address bar. It's a two minute fix.
The Industry Standard
We recently made contact with various aggregators, the MFAA, FBA, and other stakeholders suggesting that they put standards in place for the consumer-facing components of all broker businesses (such as a website, social, and marketing) to better comply with the underlying expectations of their Credit Licence (as we do by default for our own clients). While we don't expect a reply (they rarely respond), we expect that they'll act upon our advice (they always do).
If the recent Productivity Commission Report (Competition in the Australian Financial System) has shown us anything, it's the complete lack of understanding the document authors have of the industry. The looking-glass logic that landed on the distorted conclusions shows that we can't rely on industry body representation, aggregators, or anybody else to set standards. The industry itself needs to take the initiatives necessary to prove its continued legitimacy, and we need to avoid providing the regulators with the ammunition necessary to diminish consumer trust in what we do. The little-picture items such as SSL compliance that are usually the ones that have big-picture consequences... and we'd love to see the industry take the lead.
Our Email Campaign
A few days ago we sent an informative (non-salesy) email to our entire Australian broker database. Of all the non-franchise businesses that unsubscribed, a massive 96% of them had unsecured websites. We contacted each list deserter individually with a screenshot of the warning message and specific instructions on what they should do to ensure compliance (while it's outside the scope of this article, 74% signed back up to the list). Of the replies we received, it was clear that many brokers simply didn't understand the importance of the secure website... and others had no idea what we were talking about.
Ironically, the insecure page (as pictured above) was more attractive than the actual website.
If you're curious why I take this issue seriously, it is only because it's one of a thousand issues I take seriously. Marketing is more than what you do; it's about who you are as a brand.
To remedy non-compliance, simply call your web host (those that host your website) and talk about the various SSL options available. The certificate will likely be installed by the time you finish your phone call. Ensure your non-secure website redirects to the secure https version to ensure you mitigate the SEO risks associated with duplicate content.