If you are involved in ecommerce, you have probably come across the term “SSL certificate.” An SSL certificate is basically a way to assure visitors to your business Web site that it is a secure place to do business. SSL stands for Secure Sockets Layer, and it is an encryption protocol that helps hide information from third parties who might try to steal personal information from your customers. There are two main functions fulfilled by a SSL certificate:
1. Most importantly, it encrypts information during online business transactions. This means it turns information into a code that can only be read if the other person has the key. It keeps your customer’s information safe; anyone trying to steal credit card or other personal payment information would only get meaningless numbers and letters if they didn’t have the proper encryption code.
2. The best SSL certificates also include information about you, the ecommerce Web site owner. This allows customers to verify that you are who you say you are, making you appear more trustworthy. Savvy online shoppers like to check for a SSL certificate to ensure that their information is protected.
If you have an online store – or even you just use a virtual terminal to accept credit card payments – you should have a SSL certificate. Otherwise, you could lose customers since they may not trust that their transactions will be safe.
How a SSL certificate works
Using a secure sockets layer certificate is a lot like using a security envelope to protect private information. Imagine if you sent a check or a credit card number in a clear plastic envelope that everyone could see into. Anyone could steal the information and use it! Even a plain white envelope is susceptible; in the right light someone could read your account numbers. Using eCommerce websites without an SSL certificate is basically like sending information in a way that anyone can read it. The SSL certificate is like having a security envelope with an extra, opaque layer to ensure privacy.
There are two keys used with the SSL certificate. The first is a public key. It is used to turn the private payment information into a code that others can’t understand. The SSL certificate recognizes the servers and browsers involved, and then secures the transmission. The public key is used to hide the information through encoding. A second key, a private key, is used to decode the information. A unique key is issued so that only those with the proper keys can get the information. You can get certificates of varying security, ranging from 40 bit encryption (low security) to 128 bit encryption (pretty good security; standard) to 256 bit encryption (the best security currently available).
The Internet uses the term “port” to describe where information is sent. Most of the time, during unsecured transactions, the port used is 80. Information is sent in packets over the Internet, and the front of the packet has the port number so that the information is properly directed. For secure transactions with a SSL certificate, the port is 443. However, it is possible to bind your SSL certificate to a different port if you like. This makes it even more specific to your ecommerce Web site. When configuring a port for your SSL certificate, you need to make sure that you understand what goes into it, as well as any coding that might be required. Your operating system will help determine how this is done.
Limitations to a SSL certificate
It is important to realize that there are limitations to a SSL certificate. While the SSL certificate provides a high level of protection, there is always a way around just about anything. The company that issues the certificate, the level of encryption that you pay for and the capabilities of your ecommerce software and the capabilities of the Web browsers being used by your customers. However, for the most part, a SSL certificate is a good idea for businesses because it provides protection. Even if that protection ends up being limited, it is better than no protection at all.
You can get a SSL certificate from an issuing company, or you can share one with your ecommerce Web host. It is important to carefully consider your needs before deciding which SSL certificate to get, and what level of security you want. You can get a SSL certificate for between $10 and $1,500 per year, depending on the features you prefer and the level of security you choose.