Since we frequently get asked, “Why do I need an SSL for my online store?”, we thought it was high time we included a blog post about SSL, explaining what it is and why it’s important. Click here if you need a refresher of hosting terminology.
First of all, what exactly is an SSL? Well, it stands for Secure Sockets Layer and it refers to the encryption of sensitive data when a customer logs in or makes a purchase online. SSL is necessary because the information your customers send to you on the Internet (e.g. credit card numbers, usernames and passwords, and other sensitive information) must travel from computer to computer to reach the server hosting your company’s website. Any computer in between the customer’s computer and your server can see this data and hack it. You may not think that this directly affects you, but consider this: if your customers don’t have a secure pathway through which to communicate with you and transfer funds to you, they won’t trust you! And you’ll lose their business. The cornerstone of a business relationship is TRUST. An untrustworthy business will soon be out of business.
However, if you install an SSL Certificate on your server, it will establish a secure connection with the customer’s browser and encrypt the sensitive information so that no computer can read it except your server. An SSL certificate will also verify that customers are sending information to your server and not to a hacker’s server (disguised as yours). You can prevent these kinds of breaches ONLY by purchasing an SSL Certificate from a trusted SSL provider (who will conduct several background checks on your company) and by using a proper Public Key Infrastructure (PKI), which establishes the standards for your SSL Certificate and verifies that it is authentic.
Your customers will be aware of this added security in several ways. Most obviously, they will see that the standard HTTP is changed to HTTPS, automatically telling the browser that the connection between the server and the browser must be secured using SSL. A padlock also appears, showing that a secure connection has indeed been established. If the padlock is open or there is no padlock, the site is not secured.
By way of example, here is PayPal, opened with Google Chrome:
By clicking on the padlock, you can see the details of the secure connection.
Now click on “Certificate Information.” First you’re shown the general information about the certificate issued to PayPal.
The letters “CA” indicate that VeriSign is a Certificate Authority. Every Certificate Authority has a Root Certificate, which issues SSL Certificates to organisations. The Root Certificate must be embedded on the customer’s browser (e.g. Chrome, Internet Explorer, Firefox, etc.) in order for the issued certificate to be trusted. If not, the customer’s browser will display error messages, which results in an immediate lack of confidence in your company’s website. You risk losing business from the majority of your customers.
To see the “chain of trust”, click the “Certification Path” tab. Now you can browse the details of each certificate, culminating in VeriSign, the Certificate Authority itself.
To sum up, you DO need SSL for your online business. Yes, it’s not cheap, and yes, it requires more server resources, but we believe that the factors of trust and security far outweigh the extra cost. If your customers trust you, they’ll willingly give you their financial and personal data. You’ll have a good reputation in the business world and sales will increase. It’s a win-win for everyone!
A multimedia and design professional with a healthy obsession for all things web. James’ passion for web design sees him stretching his creative imagination to eternal limits and forever sees him thinking outside the box, even if it is not work related. James’ ideas are original and innovative, and implementing them into the world of the web to create aesthetically enjoyable websites is what he does best.