What is an SSL Certificate and Do I Need One for My Website?

by in Uncategorized

If you have an E-commerce website the answer is definitely YES – you need an SSL certificate!

Nowadays we often hear about cases of someone having their identity or credit card number stolen. Many of these incidents happen because websites don’t use SSL.  Each website that is used for gathering and transmitting customer’s information should use an SSL certificate in order to guarantee the safety of this information.

Why Do You Need SSL?

SSL stands for Secure Sockets Layer and it is a method of encrypting data as it travels across the Internet to ensure that private information remains secure.  Because of how Internet is designed, when users send private information to a website, it may go through a dozen of other servers and networks before reaching the destination. At this point any of them could intercept your customers’ information unless it is encrypted.

What Kind of Information Must be Protected?

The rule of thumb is that you want to protect any information that could lead to monetary loss or legal consequences if privacy is compromised.  Below are some examples of when you are advised to use SSL:

  1. You have user authentication (Passwords and Logins) to allow access to restricted information
  2. You process Financial Information (online orders, credit card numbers, bank accounts, etc.)
  3. You transfer or store sensitive data: Social Security Numbers, IDs, Birth Dates, License Numbers, etc.
  4. You work with any kind of Medical Information
  5. You work with any kind of Proprietary or Confidential Information, Legal Documents, Contracts, Client Lists, etc.

Some websites go as far as protecting entire Customer Account areas and all of sign-up forms used to collect information from customers.

How Does SSL Protect Customers?

SSL protects your online transactions and helps increase trust in your website in three essential ways:

  1. An SSL Certificate enables encryption of sensitive data during online transaction so it remains protected.
  2. The SSL Certificate is unique credential identifying the owner of the website.
  3. The identity of the certificate owner is verified before the certificate is issued so that your customers know that you are who you say you are.

Why Not Use SSL for the Entire Website?

After realizing the benefits of SSL, the obvious question is “Why not use SSL for the entire website”? The answer is simple: encrypting and decrypting data uses time and computer resources, making such connections slower. There are many applications where SSL encryption is not necessary and would simply put extra load on the server and cause pages of your website to load longer.

How Can I Tell If the Connection is Secure?

Before submitting sensitive information (for example, completing a purchase online) there are several things you can check to make sure the information is secure:

  1. Check to make sure that the URL in your address bar begins with HTTPS and not HTTP. That extra “s” is important, as it stands for “secure.” Newer browsers will also highlight the address bar in green when the connection is secure. You can see what it looks like by reading this post in a “secure mode”:
  2. Check for the “Lock” icon.  There is a de facto standard among web browsers to display a “lock” icon somewhere in the window of the browser. (Usually in the address bar or in the top left or right corner of the screen, depending on your browser). You can get more information from the SSL certificate (including contact information) when clicking on that lock icon.
  3. Some websites also display a “security seal” that tells you who the certificate is issued by and allows you to verify the identity of the website by clicking on the seal.

How Do I Get an SSL Certificate?

Start by asking your Web Developer and/or Hosting Company.  There are three steps to making full use of an SSL certificate:

  1. First you need to purchase an SSL certificate from a trusted SSL Vendor. Your Web Development of Hosting Company can recommend one. Typically, there is an annual fee to obtain a certificate and the SSL issuing authority may have to verify your identity or the identity of your business before issuing it.
  2. Once issued, the SSL certificate will need to be installed on your server in order for the secure “HTTPS” connection to work. This is handled by your hosting company and usually if you get the SSL through your hosting provider, they will take care of it as well.
  3. Finally, your web development company will need to configure your website in a way to make use of the secure connections when necessary (for example, when logging in or completing a purchase in your online store).