SSL: Your Key to E-commerce Security
What is SSL?
Since its introduction in 1994, SSL has been the de facto standard for e-commerce transaction security, and it's likely to remain so well into the future.
At the other end of the equation, and of greatest importance to e-commerce site builders, is the SSL certificate. The SSL certificate sits on a secure server and is used to encrypt the data and to identify the Web site. The SSL certificate helps to prove the site belongs to who it says it belongs to and contains information about the certificate holder, the domain that the certificate was issued to, the name of the Certificate Authority who issued the certificate, the root and the country it was issued in.
How to Get an SSL Certificate ... The Wrong Way
There are two principal ways of getting an SSL certificate: you can either buy one from a certificate vendor or you can "self-sign" your own certificate. That is, using any number of different tools (both open source and proprietary) you can actually sign your own SSL certificate and save the time and expense of going through a certificate vendor.
Technically speaking, the data may be encrypted, but there still is a fundamental problem with self-signing that defeats part of the purpose of having an SSL certificate in the first place. Self-signing a certificate is like issuing yourself a driver's license. Roads are safer because governments issue licenses. Making sure those roads are safe is the role of the certificate authorities. Certificate authorities make sure the site is legitimate.
Self-Signed certificates will trigger a warning window in most browser configurations that will indicate that the certificate was not recognized. VeriSign admits that there are a lot of people that will click through anyway just like there are a lot of people that will click through an expired SSL certificate as well.
A site that conveys trust is also more likely to be a site that makes (more) money. There is research that suggests that having a recognizable SSL certificate may, in fact, have a direct correlation to increased e-commerce sales. VeriSign, in particular, has done some research that shows that users who visit sites that have a recognizable trust mark (like the VeriSign Secure Site seal) are more comfortable shopping on those sites and have fewer abandoned shopping carts and better repeat purchases.
Choosing an SSL Certificate Vendor
According to GeoTrust Lockhart there are several things that buyers should look for when purchasing a certificate:
- Reputation and credibility of the CA (How long have they been in business? Do they have lots of customers?)
- Ubiquity of the root (is it embedded in all of the popular browsers?)
- Root is owned by the CA (and not chained to someone else's root)
- Lifecycle management tools (how easy is it to install, renew, reinstall, and revoke if compromised, etc.)
- Ease of acquiring the certificate
- Who is doing the vetting (is it the CA itself, or in the case of some resellers, do they delegate this to their resellers?)
You are who you say you are. You have nothing to hide and you are running a legitimate e-commerce business that you want consumers to trust and feel comfortable doing business with The SSL certificate system exists to help promote the security and integrity of e-commerce for everyone. In an era where phishing scams run rampant and trust is king, a proper SSL certificate may well be your key to e-commerce success.
Did You Know...
Ninety-three percent of online shoppers surveyed by VeriSign reported that they felt it important for an e-commerce site to include a trust mark of some kind on their site.
Adapted from E-commerce Guide.com
Sean Michael Kerner is a regular contributor to ECommerce-Guide.com.
|Key Terms To Understanding SSL
This Webopedia study guide describes the different parts of a computer system and their relations. Read More »Webopedia Polls
The trend for the past two years has been for shoppers to spend more online during the holiday season. How do you typically shop for holiday... Read More »How to Create a Desktop Shortcut to a Website
This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Read More »
- Watch Datamation's editor James Maguire moderate roundtable discussions with tech experts from companies such as Accenture, Dell, Blue Jeans Network, Microsoft and more »
Tape clearly is on the decline. But remember, legacy systems can hang for a shockingly long time. Read More »Apple Pay Promises to Strengthen Payment Security
Experts believe that Apple Pay and other competitive payment systems will be far more secure than cards, even cards equipped with EMV chips. Read More »Internet of Things Shaping IT's Future
To make the IoT both work and pay off, IT is juggling upgrading and building app-centric networks, mapping out new data center architectures and... Read More »