Why the Effect of EV SSL on Web Behavior Is Hard to Test

Online businesses like measurement. We like to know how the decisions we make on our websites affect bottom line results, and a whole industry of analytics tools exists to help us do so.

Possibly the most basic and most important of these tools is the split test, often called an A/B test. Split testing is simply where an otherwise homogenous group of site visitors is split into two or more groups, each of which receives a different set of content. Because the groups are homogenous, any significant, measured difference in behavior between the two groups is attributable to the changed content. By comparing the two groups’ behavior, split testing can show you which of these sets of content is most effective in driving the desired online behavior. For an online shopping site, that means completed transactions, average transaction value, and revenue per shopper. For many businesses, we would look at leads generated or services used. Advertising-driven sites will care about page views, time on site, and advertising units served. And so on.

Extended Validation (EV) SSL certificates are a weird animal when it comes to split testing. The presence or absence of an EV certificate affects the user experience in that the company-branded green address bar is either present or absent. It appeals to the intuition that the presence of the company’s name along with a prominent green signal up at the top of the browser interface might have an impact on user behavior. Split-site testing routinely shows that much more subtle differences make a meaningful difference.

And a difference doesn’t have to be massive to be worthwhile. E-commerce professionals understand this fact as they routinely discover and implement changes that can result in single-digit percentage improvements or smaller. Certainly, a big, green company name in the browser has that kind of potential. Definitely worth the test.

Unfortunately, testing itself is phenomenally difficult. That’s because certificates aren’t the same as web content. The certificate is part of the underlying technology stack of a server, meaning you can’t just have a couple of them sitting there and switch from one to the other. The basic server operating systems we use don’t contain that functionality. So, to perform a bona fide split test, you would have to have the two homogenous groups encountering different servers, one group presented with an EV certificate, and one not.

Now we run into a host of additional problems. First, you have to have more than one server delivering content or you’re done. And if you do have more than one server, you now have to deliberately configure two parallel clusters and put in some kind of round-robin routing between them, with one cluster featuring EV and the other an OV or DV certificate.

That’s a meaningful roadmap item to be added in an industry where there is always a big parking lot of projects trying to get onto the roadmap. That means the cost of testing the effect of EV is the opportunity cost of whatever additional roadmap item got bumped to deliver the EV test instead.

That’s a lot to ask for, especially since the upside/downside math on EV is so compelling. The opportunity cost of that lost roadmap item is so much higher than the real cost of upgrading to EV.

Therefore, organizations that understand the issues behind EV either take the leap of faith and deploy EV or don’t. Either way, split testing of EV SSL certificates just doesn’t get done.

So how can a business evaluate the potential benefit of EV? There are three basic paths forward.

1. Take the leap of faith. EV is a very minor additional expense and a very minor inconvenience. Since the upside potential is quite high, the math is pretty compelling, and a lot of sites consider that to be good enough.
2. Look at other available evidence for guidance on your own expectations. Some companies have managed to measure the impact of company-branded green address bars in other ways. And some outside firms have tested consumers’ responses to EV. This evidence isn’t a direct test on your site, but it’s still evidence, and most sites are probably safe extrapolating from this evidence to justify using EV on their own sites. I’ll write more about the existing evidence in future posts.
3. Be paralyzed with indecision. This is the worst option by far. The incremental cost of EV is trivial, and the upside potential is significant. In most cases, it will be a waste for businesses not to act on this opportunity, even if they can’t definitively prove the ROI of the choice.

To learn more about EV SSL, including trust indicators displayed in browsers, download the Sectigo White Paper, “Extended Validation SSL: Your Key to Maximizing Online Trust.”