In this Guide: Site Security - SSL & You
Summary
SSL Security is a must when you are operating an online business. Customers are becoming increasingly aware of the advantages of SSL security and will often not purchase online from non-secure stores. In this guide, we explain what SSL is, why you need it, and how to obtain it.
What is SSL?
The SSL (secure sockets layer) protocol is the web standard for encrypting communications between users and web sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data.
SSL provides you and your customers with the confidence that private data sent to a web site, such as credit card numbers, are kept confidential. SSL certificates can provide non-forgeable proof of your web site's identity, and customer confidence in the integrity and security of your online business.
What do we mean by “secure”?
SSL uses a system of exchanges between your customers' browser and your server in order to encrypt the data before transmitting it across the web. Web pages with an active SSL session is what we mean when we say a web page is “secure”.
Anytime you view a web site, information is sent from your computer to the web server and from the web server to your computer. The transmission of this information is normally sent in plain text, meaning anyone would be able to read it should they see it.
Consider this the next time you type in a password or your credit card number on a web site. The solution to this problem is to encrypt the data. SSL was created for this very purpose.
ALL WEB PAGES ASKING FOR SENSITIVE INFORMATION SHOULD BE SECURED USING SSL!
Why you need security for your site?
When customers visit a web site to make an online purchase, they want to know who they'll be paying and that the personal information they submit to the site cannot be intercepted. This is the purpose of an SSL digital certificate.
Use of SSL and a digital certificate enable a web browser (your customer) to communicate securely with your web site, assuring the customer of 3 things:
- That the web site really is who it claims to be.
- That credit card numbers, etc. are encrypted and cannot be intercepted.
- That the data sent and received cannot be tampered with or forged.
How to tell if a web page is secure
There are two general indications of a secured web page:
- Check the web page URL
Normally, when browsing the web, the URL's (web page addresses) will begin with the letters “http”. However, over a secure connection, the address displayed should begin with “https” - note the “s” at the end.
- Check for the “Lock” icon
There is a standard among web browsers to display a “lock” icon somewhere in the window of the browser (NOT in the web page display area).
For example, Microsoft Internet Explorer displays the lock icon in the lower-right of the browser window:
As another example, Mozilla's FireFox Web Browser displays the icon in the lower-left corner:
The Lock icon is not just an image. Click (or double-click) on it to see details of the site's security. This is important to know, there are sites that are built with a bar at the bottom of the web page to imitate the lock icon of your browser! So it is necessary to test the functionality built into this lock icon.