- Business and Employment»
- E-Commerce & How to Make Money Online
SSL: Keeping Online Consumers Safe
Is your ecommerce site secure?
SSL: Keeping Online Consumers Safe
Many consumers find shopping online a major convenience when they are pressed for time or simply do not have the energy to go to an actual shopping mall. However, in the age of identity theft, it is imperative to keep the consumer’s personal information secure when shopping online.
Secure Socket Layer (SSL) is an encrypted technology used to keep the consumer’s information safe when performing an online transaction. SSL is relevant to online business owners who know the value of keeping their customers credit card information, birth date, address, telephone number, license number, social security number, or any other type of information safe from an online hacker. If you, the business owner values the privacy of the consumer entrusting their information to you, then SSL is a technology you should consider.
How SSL Works
Without SSL sending personal data into the World Wide Web is akin to writing all of your credit card numbers, social security number, and any other sensitive information on the back of a post card and mailing it through Royal Mail. An SSL certificate provides encryption of the data while sending it through a secure private channel. The encryption is akin to placing the information into an envelope to guard the information from unintended viewers.
An SSL certificate consists of 2 keys: one to encrypt and one to decipher. The public key encrypts the information and the private key deciphers it once it reaches its destination. When encrypted, the message is appended with a message authentication code (MAC).
A secure connection is established through a handshake technique where the server is authenticated as secure. Once the handshake has occurred it virtually encrypts and marks every transaction as secure until its told otherwise. The URL will change from HTTP to HTTPS to indicate a secure network.
The minimum secure SSL encryption recommended for ecommerce transactions is the 128-bit SSL certificate; however, the industry is migrating towards TLS protocol which is 1028-bit and 2048-bit security certificate.
In order for a business to perform secure transactions, the business owner has to obtain a SSL certificate from a third party company to verify its credibility as a company. There are several companies that can verify a company and issue a certificate for authentication: VeriSign, Thawte, Geotrust and InstantSSL.
Each company will verify the existence of the business, the ownership of the domain name through which the company is operating, and the authority of the individual within the company to apply for the certificate. This is done to ensure that no one is fraudulently operating under a company’s name that has no authorisation to do so. Furthermore, it establishes liability of a company if someone’s information is compromised.
Verisign SSL certificates are one of the most widely recognized, largest, and oldest of the providers listed that issue SSL certs. They thoroughly investigate their clients and provide insurance to establish the trust of the consumer purchasing through their secure networks. They have competitive pricing and a considerable amount of the authentication market share.
GeoTrust is comparable to VeriSign in price and service and comes highly recommended in the authentication industry. Both GeoTrust and VeriSign are the most expensive in the industry, but they offer insurance or warranty in the event that your customer’s information is stolen. With insurance, your company will have some protection that a lawsuit will not affect your bottom line, tremendously.
Thawte.com is less thorough than VeriSign, but their prices are competitive and they are a recognized source of authentication on the web.
GoDaddy.com is fairly easy to obtain and their prices are much less expensive than most authentication services. They do offer warranty, but not as much as some of the other companies, which could leave the owner’s business in jeopardy if they are held liable for a breach in the customer’s information.
InstantSSL by Comodo Corporation is also competitively priced and are noted for their efficient processing times and good customer service.