SSL - The Indispensable Ecommerce Tool

[mandy]

SSL - The Indispensable Ecommerce Tool
By Eric Lester

The next horror story about stolen credit card information is probably a few weeks away. Customers are more concerned than ever about the security of their online shopping experience. Is your store secure?

The reports of identify theft and credit card fraud are everywhere. Consumers are becoming more security conscious every day. That security consciousness translates into a reluctance to provide credit card information online. This directly impacts anyone with an online storefront. Having the security of an SSL certificate protecting your storefront gives customers a reason to feel safe when making an order. This article will cover the basics of SSL certificates.

What is SSL?

SSL stands for "Secure Sockets Layer." An SSL certificate provides encrypted communication between the client (the customer's web browser) and the server, when transmitting their personal information and credit card numbers. This is accomplished through the use of a "handshake" between the client and the server, wherein the server's identify is confirmed and the connection is secured using, most likely, 128 bit encryption. The encryption "key" is virtually impossible to break, making the communications between the client and server very safe.

How to Get a Certificate

SSL certificates are offered by a variety of "authorities", including the well-known Verisign. Other authorities include GeoTrust and Thawte. At a very basic level, the service provided all these certificates is exactly the same. One certificate will encrypt the data between the server and client just as well as the next. Most simple online storefronts will require nothing more complex than a basic SSL. Prices rise and vary when dealing with "value added" services from the authorities. Store owners seeking only the secure certificate would be wise to do their homework before investing in something beyond their needs.

Installing Your Certificate

Many website hosts provide SSL certificates as add-ons for reduced prices. Customers are not restricted to only using a host's preferred SSL vendor, though. SSL certificates work independently of the hosting company in almost all cases. Usually the installation process is stated either via a website's control panel software, or by contacting a host's technical support. Sufficiently advanced control panel systems can lead a customer through the process without requiring the intervention of technical support. Once installed, the certificate is invoked automatically any time someone accesses the site using a secure protocol, such as "HTTPS" instead of "HTTP." Anyone requiring assistance with the installation of an SSL certificate should not hesitate to contact their hosts support department.

Design Considerations

When designing a site using an SSL certificate, there are a few rules to keep in mind. Any page that's called securely must have all graphics, scripts, and media elements called securely as well. Ever visited a "secure" site and seen a warning to the effect that some elements on the page are "not secure"? This is caused by having some external file, such as a graphic, called without using the "HTTPS" protocol. The certificate may still be fine, the page design is merely inaccurate for SSL. All external elements must be called using "absolute" links, those that include the full URL, such as "https://www." There are no exceptions, even one small graphic called using a relative link or without the HTTPS will create the "not secure" error.

Conclusions

SSL certificates are a requirement no one looking at ecommerce can ignore. Consumer awareness of Internet fraud is at an all-time high, and only those consumers who feel safe using a store will buy. Most certificate authorities will provide graphics that can be added to a website to promote its use of their SSL product. An advertisement for them, but a helpful way to promote the store's security consciousness as well. A "can't miss" product will miss if no one feels safe ordering it.
-------------------------------------------------------------
About the Author:

Mr. Lester has served for 4 years as the webmaster for ApolloHosting.com and previously worked in the IT industry an additional 5 years, acquiring knowledge of hosting, design, and search engine optimization. Apollo Hosting provides website hosting, ecommerce hosting, vps hosting, and web design services to a wide range of customers.

Established in 1999, Apollo prides itself on the highest levels of customer support.

Note: These articles are provided for general interest and content purposes only, and should not be construed as "support" materials. Apollo Hosting does not guarantee the information contained within. All articles are free to reprint so long as they remain unchanged, the "About the Author" section remains, all hyperlinks are preserved, and the rel="nofollow" tag is not added to the hyperlinks.

Article Source: http://EzineArticles.com/?expert=Eric_Lester

[rose]

Is your store secure?

Data theft usually occurs on the server not during the transmission of data to the server.  SSL isn't going to save your ass from a database hack.