All About SSL (Secure Socket Layer) – for the web design impaired..
SSL (secure socket layer) is essentially an encrypted tunnel that you pass all infomation that goes from your customer to your database through. SSL IS NESSECARY TO HAVE A SUCCESSFUL STORE. Just check out any e-commerce store, when you go there you will see that they have SSL. I also just recently got a forward from my grandma (she is the MASTER of forwarding useless stuff) that was telling all her other not-so-techy friends that you should never purchase from a website that does not have the “https” beginning and does not have the little lock. So now that there is a wide spread e-mail being passed around, it is more important than ever.
You know a website has SSL when you go to any page that collects personal data (including email, passwords, shipping, and payment info) and the url changes from http://website.com to https://website.com You also see a little padlock in the browser and some even change color on secure pages.
SSLs are not expensive, and you can get a FREE shared SSL from most hosts.
A shared SSL is an OK solution. Basically, when your SSL is shared, ALL of the pages on your site that should be secure (login, create account, shipping, payment, etc) will change from
http://yourdomain.com
to
https://server123.hostname.com/~yourdomain
this is not ideal because it can freak out customers who obsessively check the URL to make sure they are not getting scammed. When the .com name changes, even though your name is in that url at the end, they might not trust it because people don’t know too much about how this stuff works.
With a dedicated SSL (which costs about $70 a YEAR with a dedicated IP address) your url changes just from
http://yourdomain.com
to
https://yourdomain.com
BUT, this has nothing to do with credit card information. BY LAW YOU ARE NOT ALLOWED TO STORE CREDIT CARD DATA UNLESS YOU MEET CERTAIN STANDARDS OR REQUIREMENTS. You need to be PCI COMPLIANT
You really SHOULD try to become PCI compliant even if you don’t store credit cards.
However, if you have a merchant account (either from a bank, card processing company or something like paypal) chances are they will do all of that for you since they are the only ones that really need to SEE the customer’s credit card number.
With a merchant account, you need a SECURE GATEWAY. These sometimes come with a merchant account, and sometimes you have to pay for them. Depends on the company. I have heard just about everything from just about every company. One bank wanted to charge me $800 for a secure gateway, while I have heard that others got theirs for free when they signed up for their merchant account. Paypal lets you use theirs, I have paypal’s website payments pro to be the best start-up option.
The secure gateway is similar to the SSL where the customer inputs their data and that data is transmitted through encryption. But instead of sending the data to you, that part of the data (cc info) goes to the company that is processing the credit card. There also is not change in url or webpages. This is done behind the scenes.
So basically, thats it.. Thats what you need to be secure. MOST people dont care.. they think they will not be victims to hackers.. but guess what, if a customer gets their info stolen from your site and you did not take the proper precautions, its YOU that will pay, because 9 times out of 10, the person who did the stealing of the info is untraceable and from another country.
This is some text prior to the author information. You can change this text from the admin section of WP-Gravatar Someone who is relatively new to web design. I am new enough to still remember how absolutely frustrating it was to try and get anything done in this field, but have also been around long enough to be able to help those that are where I was a year ago.
Aside from web design, I run the office of my dad's engineering business, and do book keeping by trade.
I love my pets.. All 6 cats, 1 peg legged dogs, and 1 hedgehog. LOVE THEM!!
Oh yea, and my husband. He lets me chase my dreams and I let him do the same. We are happy people because of it. Read more from this author
if you look at the footer of my website, there is a link to where I got the template.
And thank you for your kind words!!!
Thank you for sharing your gift of simple explanations for those of us who are completely overwhelmed by all the choices to make when creating a new ecommerce site. This post was very helpful, but I was wondering – since a dedicated SSL requires a dedicated IP – can you get a dedicated IP on a shared server, or do you have to go with a VPS or dedicated server? (My apologies if you’ve already explained it somewhere else. I just found your site so haven’t had much time to look through all of it yet.)
yes… you CAN have a dedicated IP On a shared server.. that is what I have on one of my websites and it works very well.. Hostmonster makes it SUPER easy.. but yes.. you CAN do it.
SSL is very important for an eCommerce website to have. Not only does it allow you to securely and safely process internet data, but consumers do look for that little “SSL” protected image when sending information.
Most consumers these days expect to see the little SSL protected image, if it is not there, websites may potentially lose the sale!
Can you explain what you mean by “PCI compliant” please? (I know what it is, but your tutorial doesn’t cover it or link to where a reader can find more info).
Gary, PCI compliant means Payment Card Industry compliant. Bascially ther have rules and regulations when it comes to these things and all people who use it need to be PCI compliant.
PCI compliant is usually used in payment gateway
@Web Design Wembley: Thanks – as I said, I know what it is; it was more of a rhetorical question or a hint at the author to furnish the article with a bit more information for the “idiot” readers.
I don
your blog came to my attention by word-of-mouth, and I was skeptical at first. So I visit your blog… And i think that this is really a nice blog! I really liked your blog!
Really nice page you made there. Some of your posts really impressed me. I will definitely visit your blog again!