I recently received a pamphlet in the mail warning me about identity theft and reminding me that it is always important to do whatever it takes to protect my good name. If you get the mountain of spam (which I do) that includes credit card applications, you’ll know what I’m about to talk about. Just as someone can easily raid your trash can for these apps (and apply for a credit card in your name), thieves also have ways to steal your identity from websites when you shop online. When you consider the amount of online shopping going on these days, it’s a real smorgasbord for theft!
You may have heard terms like 128-bit encryption, SSL certificate, or Secure Sockets Layer in terms of online fraud protection, but what exactly do these terms mean?
Wikipedia defines an SSL (Secure Socket Layer) as…”a cryptographic protocol that provides secure communications on the Internet for such things as web browsing, email, Internet faxing, instant messaging, and other data transfers”.
In a nutshell, the SSL protocol allows applications to communicate over the Internet in a way designed to prevent eavesdropping, tampering, and message forgery. This translates into safe shopping for your customers.
An SSL Certificate is an electronic passport that establishes the credentials of an online entity. Allows your web browser to build a secure (encrypted) connection. You will know if the page you are visiting is secure if you see the lock icon in the status bar of your browser. You will also notice that the website address will start with “https” instead of “http”.
What does an SSL certificate contain?
* The name of the certificate holder (Individual or Company).
* The serial number of the certificate and the expiration date.
* Copy of the public key of the certificate holder.
* The digital signature of the issuing authority of the certificate.
How do you know if your website needs an SSL certificate?
This question comes up frequently, so I’ve put together a quick list of questions you can ask yourself (about your website) to determine if you need one to process your online transactions.
1. Do you need to collect personal or credit card information from your online customers?
If the answer is yes, you should verify that the information you collect is protected. As a merchant, you are responsible for protecting your customers’ personal information when they shop with you. By doing so, you are also protecting yourself from anyone who knowingly intercepts this information.
If you are using a shopping cart and collecting your customer information, determine if you are:
- store credit card information in your shopping cart (for offline or manual processing),
- pass the transaction to a third party (PayPal, 2checkout.com) for processing,
- pass the transaction through an Internet merchant account gateway with Authorize.net, Verisign, or another popular processing gateway.
2. Are you processing offline or manually?
Manual or offline processing is best described as collecting sensitive information from your customer online and then entering that information into a physical or virtual “point of sale” machine or program to process the transaction. The POS machine can be in your office (physical) or online (virtual).
If you’re doing this, your shopping cart will most likely request and then store this information so you can work with it at a later date. If so, you will need an SSL certificate installed on your website to ensure that your customers are protected from eavesdropping when entering sensitive information requested by your website.
3. Are you using a third party payment processor?
Some examples of third party processors are PayPal and 2Checkout.com. If you are using a third party service, such as PayPal Standard or 2checkout.com, the customer will typically be transferred to the third party website to complete their purchase transaction and enter any sensitive information.
Although you must have an account with PayPal or 2checkout.com, it allows them to process the transaction through your bank on your behalf. In other words, your relationship is with PayPal and not with the bank. In these cases, you most likely won’t need to purchase an SSL, as the third-party website completing the transaction will already have one installed.
*It is important to note that PayPal offers different types of accounts; some of which can be set to run in the background and render locally on your website. Always check what type of account you have when making decisions regarding the security of your website.
4. Do you have an Internet merchant account?
If you have an Internet merchant account through a major bank, you will need an SSL certificate installed on your website. This is because the customer’s purchase is completed without leaving your website. In essence, the transaction is handled “internally” by your website and the responsibility for protecting your information rests with you.
Just to be clear, PayPal accounts are not considered Internet merchant accounts. This is because your relationship in this situation is with PayPal and not directly with an Internet Merchant (bank) that is handling your processing transaction.
If you answered “Yes” to questions 2 or 4, you will definitely need an SSL certificate for your website.
Where can I buy an SSL certificate?
Usually the company that hosts your website can help you purchase and install an SSL certificate. Start by contacting your web host and ask if they can help you. You can also search the Internet for terms like “SSL Certificate” or “buy an SSL certificate”.