Ecommerce expert Benjamin Dyer explains that although an SSL certificate can be very useful for an online shop, it’s not the only security precaution you need
What is SSL?
An SSL certificate allows your website to display the secure padlock when people visit it. One of the first lessons you learn when you shop online is to look for this padlock as proof a website is secure.
There are two reasons people like SSL certificates:
- Security. An SSL certificate scrambles data which is sent across the internet, making it difficult for anyone who intercepts the information to read it.
- Trust. If your website displays the secure padlock when people visit it, or shows a green bar in the web browser (see picture), it implies trust.
With these in mind, here’s my guide to the myths of SSL. Read it carefully to understand why other security precautions are just as important as SSL.
Myth one: SSL certificates provide user security
The whole point of an SSL certificate is to protect sensitive data as it travels between a customer’s web browser and your website server. However, there is no knowing how that data is stored or what happens to it once it has reached its destination.
Myth two: SSL certificates are unbreakable
Like any security precaution, it would be a mistake to regard SSL as unbreakable - especially when there’s evidence to the contrary. For instance, a group of hackers broke one form of SSL encryption using 200 Sony PlayStations.
In short: the message here is that you shouldn’t assume your website is hacker proof just because you have an SSL certificate.
Myth three: SSL proves a website is authentic
Having an SSL certificate on your website means that, at some point, one of the Certificate Authorities which issue SSL certificates has validated your identity, or that of your business.
However, there are many types of SSL certificate. They can cost from as little as £20 a year all the way up to thousands of pounds. Unsurprisingly, the level of validation varies with each certificate type. A cursory check might not be enough to confirm a website is reliable and trustworthy enough to do business with.
Myth four: an SSL certificate is all you need to accept credit cards
SSL is ideal for scrambling credit card information as it’s sent across the internet. But it’s what happens next that is important - and remember, SSL has nothing to do with keeping data secure once it’s been received by your website.
In fact, if you store credit or debit card data yourself, you need to comply with the Payment Card Industry Data Security Standard (PCI-DSS).
Becoming PCI-compliant is a huge undertaking, so the simplest approach is to use a PCI-compliant payment service provider (PSP) like PayPal, Worldpay or Sellerdeck.
If you go down that route, you don’t need your own SSL certificate, as your PSP will encrypt payment card data for you. It’s still a good idea to get one though, to add extra security and build trust with your customers.
Go beyond SSL certificates
SSL certificates have been with us for a long time. They remain the best, most secure way to prove your website’s identity and protect data while it’s being transferred. However, for your customers’ sakes, it’s important you go beyond an SSL certificate and take further precautions to secure your online shop.
Written by Ben Dyer, former CEO of SellerDeck.
Browse topics: The internet