Do You Need a Site Security or Safe Checkout Badge in Squarespace?
I recently got a request from a client to add an icon, seal, or badge that would tell their customers that it was safe to pay through their Squarespace shop page. As this was an entirely new request for me, I had to do some digging to find the answer. And it wasn’t easy! Safe checkout badges aren’t readily available in Squarespace and it wasn’t a concept I had even given much thought to before.
After digging through forums, blog posts, and back end security certificates, I found a lot of ideas to work from. But no truly clear answers and definitely no posts from Squarespace or other users discussing this concept fully. So I figured, with all the information I had gathered, there was probably someone out there who could benefit from it. While this info might be a snoozer for most people, you might be one of those who also wants an answer. So, here you go!
(Disclaimer: This is in no way intended as advice, either related to design or legal. Assess your options and make the choice that feels right for you.)
What is a Safe Checkout Badge?
You’ve probably gone to checkout on a website and seen some kind of graphic that says the shopping cart is “encrypted” or “trusted” or some other buzz word designed to inspire ease of mind. If you saw one of these badges, you’d probably immediately recognize it.
So what’s the point? Once upon a time, the internet was new and so were credit cards. If you entered your credit card number into a form on a website, there was no guarantee that a hacker couldn’t steal that number. It was a huge risk to take.
Even today we are constantly hearing news about credit card numbers being leaked. You’ve probably experienced someone getting a hold of your card number at least once in your adulthood. It really sucks and makes us feel violated and more worried about the world around us.
Over many years, developers have found very complicated ways to send credit card numbers through websites that are highly encrypted and resistant to theft. But there’s always a risk. (That’s just the way life is though, isn’t it.)
So websites started including badges on their checkout pages attempting to prove to customers that they could trust their credit card number gathering process. For some reason, these badges make us feel safer and more willing to fork over our hard earned cash.
What Do the Badges Actually Do?
Well the short answer is nothing. Honestly, anyone online can grab a graphic and plunk it on their checkout page. If you have no clue what to look for, you might blindly trust that graphic without knowing whether it was speaking truth or not.
And this leads me to why Squarespace doesn’t offer such at thing at this point in time.
If you’ve built a site in Squarespace, you’ve likely been prompted to turn on your site security or SSL (Secure Sockets Layer - you can geek about what that is here). Basically, it’s the thing that changes your domain from the beginning of HTTP to HTTPS. You’ll also notice the little lock icon on the far left side of the URL. Google is beginning to demand that websites be secure, so if your site doesn’t have SSL turned on it might be penalized and hidden from visitors. (Definitely turn it on if it isn’t on!)
One of the amazing perks of Squarespace is that they offer a free secure site certificate for every single website built on their platform. Unlike a platform like Wordpress, you don’t have to install any plugins, pay any fees, or figure out how to get it all to play nicely. You just click the enable button and go!
Currently, the SSL provider for Squarespace websites is Let’s Encrypt. (You can find out who provides the security certificate for any website by clicking the lock icon in the URL and then clicking on “Certificates” when the drop down menu appears.)
Digging through the Let’s Encrypt forums, you’ll discover that their team links to an article that details the argument against security seals that I gave above (read that article here). Basically, by putting “trust seals” on websites we’re training to consumers to blindly trust websites that have those seals without knowing what they mean or if they’re even legit.
So, Let’s Encrypt doesn’t offer these badges as a matter of ethics. Before you contemplate just popping their logo onto your website, you might want to know that it’s a protected trademark. That means that you can’t use it without express permission (and could potentially face a lawsuit for doing so.)
This turns out to be true for most companies, as the majority of logos, graphics, or badges are protected by copyright and are only available to those that have permission (if at all). It’s a good idea to do your research!
Also, the SSL certificate doesn’t mean that the company has looked at your website. It only means that it’s been put through software and determined to not contain malware, viruses, or other bad bugs. So this company doesn’t want to give the impression that your website specifically has been checked by a real human that works there. It hasn’t.
So What if You Want Something on Your Website Anyway?
At this point, we’ve only really discussed the site security. When it comes to checking out in an online shop, you’re probably not actually putting credit card numbers into the website itself. For example, on Squarespace the standard credit card processing company is Stripe (though you have an assortment of choices). Once a website visitor clicks the “Purchase” button, the window that opens is directly connected to Stripe, not Squarespace.
Luckily, you can read all about the security that Stripe offers here. Essentially, they are PCI-certified at the most rigorous level, meaning that they are probably as safe as the internet gets at this point in time.
You can add a “Powered by Stripe” badge to your site with a little blurb about PCI certification, if that helps you sleep better at night. There is a similar badge that can be added for Paypal, if that’s your thing.
Generally speaking, the data shows that consumers really like these badges and are more likely to continue checking out if they see something that indicates safety.
If you’ve made it this far...congrats! You’re ultra committed to your website’s security!
This article is really just an ultra basic skim on this topic and you can deep dive into any one of these areas. But it’s helpful to understand for your own site, for helping to drive more sales (or to stand by a particular set of ethics), and to be a better consumer yourself.
So, should you add a badge? That’s entirely up to you. Just make sure you don’t infringe on any copyrights and do what feels best for you and your ideal customer. Do your research, consider your options, and then pick the one that balances ethics and business.
And if all of this confuses you, that’s okay. It’s a really tech geeky sort of thing. Feel free to book a free 30-minute call with me to see if I can help. Through my support services process, I can dig in to see what’s happening on your Squarespace site and explain the options to you.