Online security is important.
With all the current news about identity theft, data breaches and similar risks, clients and donors are asking very smart questions about Databank donation forms.
Specifically, are Databank donation forms secure and why is the little green lock which indicates a secure page not always visible?
Yes, Databank donation forms are secure
The answer to the first part of that question, are they secure, is quite simple. Yes!
All Databank forms are secured using modern encryption techniques. You can verify this by looking at the address of your forms. You can see the address starts with https, this means it is secured using SSL and TLS.
Additionally, a little green lock is pictured alongside the URL, indicating the site is secured with SSL.
But, even though the form is secure, it may not appear that way to your online visitors.
|The s in https stands for secure. It is a signal that the webpage being viewed has been secured using modern encryption techniques.|
But where's the lock on my donation form?
If you have your forms embedded in your site using an iframe, they may not appear to be secure. When this happens, it is because while the form is secure, the page where that frame is being displayed is not.
When a browser displays the green lock, it is saying that everything on this page is secured with SSL. So even though your form is secure, if your website is not, the green lock will not display.
When a website has both http and https content, it is no longer considered secure.
Is there a risk to having my secure iframe in a non-secure site
There is some.
1) One risk is what's called a "man-in-the-middle attack". This is where a third-party inserts itself between your website and the end-user. In a fully secure https site, this doesn't happen because all traffic is encrypted. But a secure page embedded in an insecure page can still open itself up to certain versions of this.
2) Conversion rates are lower with pages that do not display https security. As donors become more aware of online security, they are increasingly looking for proof that their transaction is secure.
3) Search rankings are negatively affected by not having a secure site. In 2014, Google officially announced that having SSL / https enabled on your website will give it a minor boost in search results.
So what can I do about it?
There are a few options available if you would like to make sure that your donation forms give the appearance of being as secure as they already are.
1) Display the GeoTrust logo on your donation form.
While this will not make your own website secure, it will give a visual cue that your form has been secured using modern encryption techniques.
|You can turn on the Secured by GeoTrust seal in the Properties tab of your Form.
Please note, this seal cannot be customized. It is the seal of authenticity from GeoTrust and must be used as is.
2) Use a standalone donation form rather than embedding it.
All Databank forms are secure and use https. Sending people to a standalone form will send them away from your website, but they will see that you are sending them to a secure site for the donation. Your form templates can be customized too so that they match the look and feel of your site.
3) Get an SSL certificate.
Getting an SSL certificate for your website is the only way to have your secure Databank donation form embedded in your website and still display the secure green lock donors are looking for.
Interested in finding out more about getting an SSL certificate? Your site's hosting provider will be able to help. Note that you should get an SSL certificate that matches your site's name, even though it may cost more money than other options. The cheapest route, to use your hosting provider's general SSL certificate, can cause browser warnings because the certificate name and the name of your site don't match.