All About SSL (Secure Socket Layer) – for the web design impaired..
Posted by Lindsayanng on February 2nd, 2009SSL (secure socket layer) is essentially an encrypted tunnel that you pass all infomation that goes from your customer to your database through. SSL IS NESSECARY TO HAVE A SUCCESSFUL STORE. Just check out any e-commerce store, when you go there you will see that they have SSL. I also just recently got a forward from my grandma (she is the MASTER of forwarding useless stuff) that was telling all her other not-so-techy friends that you should never purchase from a website that does not have the “https” beginning and does not have the little lock. So now that there is a wide spread e-mail being passed around, it is more important than ever.
You know a website has SSL when you go to any page that collects personal data (including email, passwords, shipping, and payment info) and the url changes from http://website.com to https://website.com You also see a little padlock in the browser and some even change color on secure pages.
SSLs are not expensive, and you can get a FREE shared SSL from most hosts.
A shared SSL is an OK solution. Basically, when your SSL is shared, ALL of the pages on your site that should be secure (login, create account, shipping, payment, etc) will change from
http://yourdomain.com
to
https://server123.hostname.com/~yourdomain
this is not ideal because it can freak out customers who obsessively check the URL to make sure they are not getting scammed. When the .com name changes, even though your name is in that url at the end, they might not trust it because people don’t know too much about how this stuff works.
With a dedicated SSL (which costs about $70 a YEAR with a dedicated IP address) your url changes just from
http://yourdomain.com
to
https://yourdomain.com
BUT, this has nothing to do with credit card information. BY LAW YOU ARE NOT ALLOWED TO STORE CREDIT CARD DATA UNLESS YOU MEET CERTAIN STANDARDS OR REQUIREMENTS. You need to be PCI COMPLIANT
You really SHOULD try to become PCI compliant even if you don’t store credit cards.
However, if you have a merchant account (either from a bank, card processing company or something like paypal) chances are they will do all of that for you since they are the only ones that really need to SEE the customer’s credit card number.
With a merchant account, you need a SECURE GATEWAY. These sometimes come with a merchant account, and sometimes you have to pay for them. Depends on the company. I have heard just about everything from just about every company. One bank wanted to charge me $800 for a secure gateway, while I have heard that others got theirs for free when they signed up for their merchant account. Paypal lets you use theirs, I have paypal’s website payments pro to be the best start-up option.
The secure gateway is similar to the SSL where the customer inputs their data and that data is transmitted through encryption. But instead of sending the data to you, that part of the data (cc info) goes to the company that is processing the credit card. There also is not change in url or webpages. This is done behind the scenes.
So basically, thats it.. Thats what you need to be secure. MOST people dont care.. they think they will not be victims to hackers.. but guess what, if a customer gets their info stolen from your site and you did not take the proper precautions, its YOU that will pay, because 9 times out of 10, the person who did the stealing of the info is untraceable and from another country.
