What is HTTP & HTTPS?
HTTP (Hyper Text Transfer Protocol) is an online procedure for exchanging information between two computers. Any information that is sent over HTTP can be intercepted and read by a third party. For customers sending their credit card details to you, sending said details via HTTP is a security risk and may create a barrier to making a booking on your site.
The addition of HTTPS ( Hyper Text Transfer Protocol Secure) to your website means that any data exchanged between two computers is encrypted so even if the transaction is intercepted by a third party, it cannot be read.
How do I change my website from HTTP to HTTPS?
See the useful Links section at the end of the article
I use a widget for my bookings. Is that secure?
The ResDiary booking widget always uses HTTPS. Even when placed in an HTTP site, it will automatically redirect to an HTTPS hosted page protecting your customer from security threats or fraud during the booking process.
How do you safeguard online payments?
The payments of deposits and secure storage of credit card details via ResDiary Guarantees (aka tokenization) are all processed securely via Stripe. Stripe is the leading international payment provider giving you and your customers ultimate protection and peace of mind.
Please note: Google Chrome Autofill
If a customer is viewing an HTTP site on Google Chrome and uses autofill functions to fill in their credit card details, Chrome will warn them about an insecure connection through the booking process. This will definitely result in a high level of abandoned bookings where the booking requires credit card details or payments.
To overcome this, you must make the following changes to your website:
- Change the iframe src property on the restaurant website to use https e.g.
<iframe frameborder=”0″ src=”https://widget.resdiary.com/CheckAvailability.aspx?Id=3861&theme=rd” allowtransparency=”true” style=”width: 300px; height: 460px”></iframe> AND
- Change the restaurant website to https and install the correct ssl certificate on the server.Ensure that this is done for all pages on your site, particularly the page that contains the booking widget.
- OR re-direct from the restaurant website to the restaurant’s own (free) mobile optimised web page on www.resdiary.com
Only once both of those things are done will users be able to use Google’s autofill for CC details. Otherwise Chrome will warn about an insecure connection. Just doing point 1 above is not enough and only doing point 2 will mean the widget iframe will not load.
Useful Links for more on Best practices when using HTTPS
- From Google Support ‘Secure Your Website with HTTPS’ Learn More
- Ignite Visibility – ‘Guide to switching from HTTP to HTTPS for SEO’ Learn More
- designModo- ‘How to Move a WordPress Website from HTTP to HTTPS’ Learn More
- There’s almost no excuse for restaurants to not have https now. There’s a free service available that can grant certificates so they don’t need to pay for them: https://letsencrypt.org/. A restaurant can install a simple tool on their website that handles their certificates and renewals for them automatically.