Increasing
online security for your customers by using SSL
The internet is now the medium that everyone wants a
piece of. Whether it’s to find information at the touch of a button, open your
business to a global market, buy almost anything you can think of, or simply
watch the latest pop video, more and more people are getting online and
exploiting its benefits.
But with the increase in the use of the internet,
comes the enviable rise in online fraud and identity theft.
Let’s imagine the security risks if you had your bank statement sent to
you in a see-through envelope. Anyone who saw the envelope could see your bank
account details as well as your name, address and other private information. A
serious case of identity fraud could then ensue. Of course this shouldn’t
happen as letters are hidden by solid envelopes.
And that’s what needs to happen when we enter personal information
online. It too needs to be hidden from potentially prying eyes. But with the
number and ability of online hackers increasing exponentially, this has become
more and more of a challenge for the e-commerce industry.
So, is there an answer to ensuring that we can buy and sell online in a
safe and secure environment? Yes there
is – and that answer is the SSL certificate.
What
is an SSL certificate?
SSL
is an acronym for Secure Sockets Layer and is a network protocol supported by
all popular web browsers. SSL works by establishing a private
communication channel when a user enters sensitive data into a website e.g.
credit card details. The information is then scrambled into a language which makes
it virtually impossible to decode.
How
does SSL work?
When a business requests an SSL
certificate from a Certification Authority such as Verisign
or Rapid SSL, they will be issued with a secret key which needs to be kept
securely on their web server. Once they receive the SSL certificate, it also needs
to be installed on the web server; effectively matching up the SSL certificate
to the SSL key. Because the SSL key is only ever used by the web server, this process
is a means of proving that the web server has permission to use the SSL
certificate.
In order for a secure communication
channel to take place using SSL, an ‘SSL handshake’ has to take place. This
involves the browser which the customer is using to enter the sensitive data e.g.
bank account details, sending a request to the server to check whether the SSL
certificate matches with the SSL key. If it does then the web server will
authorise an SSL session to take place with the browser and the user can enter
their details safe in the knowledge that their information cannot be deciphered
by a hacker. This process takes only a split second and should cause no
interruption to the user.
Who needs an SSL certificate?
You
should seriously consider using an SSL certificate if your business:
·
processes
credit or debit payments online
·
stores or
transmit with personal information such as addresses, dates of birth, ID
numbers
·
has a
login area on your site
·
wants to
be seen to be complying with the latest online security
How
secure is SSL?
How strong
the encryption of the data is can vary depending on the SSL provider, but it is
usually 128 bit. This is good enough to ensure that most data can’t be decoded
even by the most advanced hackers with the best available technology and
hardware.
How do you know if a website is using an SSL
certificate?
You can
tell if a web site is using an SSL certificate by checking for the padlock
symbol on the website. Also, when you go to make a transaction your browser
will
indicate that it is using an SSL secured session by changing the ‘http to http’s.
To view the certificate, users just need to click on the padlock icon.
What happens if I lose my SSL key and/or
certificate?
Should you lose either the SSL Key or
the SSL certificate you will no longer be able to use SSL on your web server
and you will need to purchase a new one. Or you can ask the company you
purchased your SSL certificate from to issue you with a replacement
certificate.
Storm
Internet can provide an SSL certificate solution for your website. For more information please contact
solutions@storminternet.co.uk
