A Beginners guide to SSL
Antonio Villas-Boas was born in London and now lives in New York City. He is passionate about technology and has recently started his own tech blog, tonyvstech. Since starting his blog, he has been featured in The Tech Block for his article on the upcoming Windows 8 update.
Antonio’s goal is to become a authority in the world of technology and today writes with Symantec to give a beginners guide to SSL Certificates.
So you want to set up an e-commerce business, but internet security eludes you. Fear not, small business owner, it’s really not that bad. The best place to start is to obtain an SSL certificate for your website. An SSL (Secure Sockets Layer) certificate is a small piece of code that e-commerce businesses integrate into their websites. A certificate serves two main purposes:
1) SSL certificates reassure customers by verifying and authenticating trustworthy e-commerce businesses
Trust makes all the difference in the world of online business*. With an SSL certificate, customers will be much more comfortable with divulging sensitive information, such as credit card details, on an e-commerce site that has been verified and authorized by a Certificate Authority (CA). Consumers tend to be well aware of the dangers of online scams, so reputable e-commerce businesses use this tool to instill confidence in customers that they are legitimate. Anytime there is a padlock symbol on the very left of a browser’s address bar at an e-commerce site’s checkout page, it is an indication of that business’ authenticity.
For all small e-commerce businesses, this doesn’t mean you should obtain any cheap SSL certificate you find on the web. Scammers can actually obtain certificates from no-name CAs that hand them out indiscriminately, providing victims with a false sense of security. It’s important to obtain a certificate from a trusted CA that follows strict rules and policies to determine who gets a certificate and who doesn’t. Symantec is a good example of a trusted CA, with the added bonus that consumers already associate it with internet security products that they know and trust, such as Norton Anti-Virus.
2) SSL certificates include encryption of sensitive data, such as credit card details
It’s all well and good for a customer to know that an e-commerce business is trustworthy and won’t misuse sensitive information. However, trust alone won’t protect customers’ sensitive information from lurking cybercriminals. Symantec’s SSL certification includes data encryption which scrambles sensitive data using a myriad of complex 128 or 256 bit coding algorithms which can only be decoded by the intended recipients. For a more detailed description of how SSL encryption works, take a look at this video.
Encryption AND authentication provided by an SSL certificate from a trusted CA is the best way to go. Many shopping cart systems, such as www.opencart.com, may provide SSL encryption to protect data, but no authentication to prove a business is legitimate. What good is encrypted data if the intended recipient is a credit card thief?
Does your business need an SSL certificate?
For any e-commerce business that needs to process sensitive customer payment data, there are very few negatives for SSL certification. High quality certificates from trusted CAs are easy to obtain too (if a business is, indeed, legitimate), so the cost is small compared to the added value of customer trust.
No matter how good an e-commerce business’ products or services are, no online consumer should be filling in the credit card box unless they see the SSL certification padlock symbol on the very left of their browser’s address bar. It’s just not worth the risk, and customers who are in the know about online security will be wary of any site that doesn’t provide this service.
As I mentioned above, using a CA that people will recognize, such as Symantec, is your best bet. Not only do they offer varying levels of SSL certification depending on an e-commerce business’ size and needs, they also provide malware scanning to actively defend a website and its customers from cyber-threats.
Does my non e-commerce website or blog need SSL certification?
If you’re just blogging or maintaining a website that doesn’t involve the handling of online payments or other sensitive customer information, you probably don’t need SSL certification. If your business depends on credit card payments, then SSL certification is well worth looking into!
I think it is the cost of SSL that is stopping SME to use them. Quite a few getting around it by using secure system like PayPal, Google and now Amazon Payments.
Consumers are quite relaxed as long as they don’t have to put card information during checkout process with SME which they have not heard of.
You need SSL if you have any sort of login system. The reason is without SSL any time someone logs into the site they just exposed their user name and password to everyone who is spying on the network. It also makes session stealing possible and lots of other bad things like replay attacks. I’d even argue TameBay should have SSL so Dan and Chris can update the blog when not a home with piece of mind.
You can get SSL certs for as cheap as $15 per year and they’ll do everything the OP is referring to except EV. But even EV is fairly cheap from someone like Comodo.