Customers shopping online need to be certain that you take the protection of their data seriously. Secure Socket Layer (SSL) is the standard security technology for establishing an encrypted link between a web server (where the payment is taken) and a browser (where the payment information is entered).
Encryption is the technical process that allows data to be transmitted securely over computer networks. It masks data so that unauthorised sources are unable to read or intercept it.
Browsers supporting SSL display icons such as a padlock in the bottom task bar or a blue key to indicate that a secure session is in progress. 256-bit encryption is the highest standard of security on the market at the moment.
Why you need SSL:
SSL Certificates are issued to either companies or legally accountable individuals. Typically, an SSL Certificate will contain your domain name, your company name and full address details. It will also contain the expiry date of the certificate and details of who issued the certificate.
When you have an SSL Certificate installed, your payment site will display:
If you want to take customer payments on your own site (‘https’), then you need to purchase an SSL Certificate. Although depending on the eCommerce platform you have or are considering, you may find an SSL Certificate included.
As a customer enters the secure area of a website to make payment (https), the browser will retrieve the SSL Certificate and check that it has not expired, it has been issued by a trusted certification authority and that it is being used by the website for which it has been issued. If it fails on any one of these checks, the browser will display a warning to the end user.
To obtain a SSL Certificate you must become validated by a relevant certificating authority. Once your certificate is installed on your server, customers can view your authenticated information by clicking on the padlock symbol in the browser and this will automatically display your qualifications to the public.
A recent development has been extended validation (extended validation is restricted – ask your SSL Certificate issuer for types of companies and sectors included). This turns the browser bar green (in newer versions of browsers) telling the visitor instantly that the site has the highest level of assurance.
SSL Certificates can be successfully installed on most websites, but your site must have a dedicated IP address. The validation process is fairly straightforward and can take as little as an hour to be carried out.
Applying for an SSL certificate? You need:
Ordering an SSL certificate is relatively simple if you create a certificate signing request (CSR) and submit your WHOIS (ownership and contact information associated with each domain name) record and company validation documents.
The provider and type of certificate will dictate the length of time it takes to receive it. Times range from minutes to several weeks
Certificates issued with very little validation (usually automated). Simply prove that you own the domain by replying to an authentication email or call. These are low-cost but less secure and not so attractive to potential customers
These are a relatively new type of certificate and not available to all businesses. There is a more detailed verification process and is a more expensive option. Turns the address bar green in modern browsers.
SSL certificates are exclusive to each domain name will display warnings if you try to use them with a variation of the url. Wildcards can be used to secure an unlimited amount of subdomains from a single domain name.
SAN certificates also allow you to secure multiple hostnames but not an unlimited number. Each hostname is specified in the Subject Alternative Name section of the certificate. The hostnames can be internal and include several different domain names.
Code Signing Certificates
These are different from other types of SSL certificates. They allow you to sign an application or executable so that users know the identity of the organisation that made the application and know that it wasn’t tampered with.
Self Signed Certificates
These can be created for free by yourself, but your users will receive a warning that the certificate is not trusted.
Please login using your email address
Sorry, your login details were incorrectclose
© Copyright 2013 Electronic Payments, All Rights Reserved 99 Giles Street, Edinburgh | Scotland, EH6 6BZ | 08000 248 620