SSL for ECommerce

Building an eCommerce store without SSL would be like opening up shop in a war zone—no matter the quality of the product you are selling, customers won’t feel safe doing business with you. When making an online transaction, customers need to know that their sensitive information is being transmitted securely to a trusted web site. If web users have apprehensions about sending their credit card information to your web site, your potential customers may go elsewhere, and sales will be lost. SSL certificates provide a way to build trust between you and your customers by securing transactions and signifying that your site has been deemed trustworthy by an online trust authority.

SSL stands for Secure Sockets Layer and has been the standard for secure internet transactions since 1994. SSL is a protocol for encrypting the data sent between a user’s web browser and the web site he is visiting. Normally, information sent from a web browser to a website is sent in plain text, easily read by anyone who happens to be listening. By using SSL, you can provide your potential web customers with peace of mind, knowing that when they type in their credit card information and click
“submit,” their information will be transmitted safely and securely to your web site to be processed.

The benefit of SSL is two-fold. First, secure certificates which make SSL possible must be obtained through issuing authorities such as VeriSign and Thawte. These authorities will only issue certificates to companies they find legitimate and trustworthy. Through the issuing process, customers can be assured that your web site is trustworthy because a trusted authority has given its stamp of approval. Second, by using SSL, data is sent in an encrypted form, so it cannot be easily deciphered by anyone but the intended recipient.

Who Needs SSL?
Any web site that sends or receives sensitive information such as credit card numbers should use SSL. All sections of the web site need not be secure, only the pages transmitting the sensitive data.

How It Works (The Technical Details)
1. A customer comes to a web site and begins the check-out process. The check-out process will transfer the customer to a secure page indicated by https:// in the URL and a padlock or key icon in the browser, signifying that the connection is secure.

2. The web site sends the customer’s browser a digital certificate, and the customer’s browser checks to make sure the certificate is authentic.

3. The customer’s browser and the web site exchange encryption keys which allow them to transmit encrypted data that can only be decrypted with these keys.

4. An SSL connection is established, and the browser and server begin communicating securely.

How to Get Started Using SSL on Your Web Site
Contact your webmaster and request a CSR (Certificate Signing Request). The CSR is a block of unreadable text that you will need in order to get a secure certificate. Go to a trusted authority (We recommend www.verisign.com or www.thawte.com.) and purchase a secure certificate. During the check-out process, you will be asked for your CSR. After you have been verified by the issuer, you will be sent a digital certificate. Give this certificate to your webmaster to install. (Note: Your site must have a unique IP address to use SSL. If you do not know if you have a unique IP, contact your webmaster.)