The Internet of Things has changed the way businesses and consumers think about security. According to identity theft protection services provider Lifelock, research confirms that one in four people have experienced identity theft. When you build a website for your e-commerce site, you have to take rigorous steps to protect your company and the data that you collect from customers.
Defending yourself against malicious code designed to damage your hardware or software and cyberthieves who are looking for data to sell on the black market is challenging. It’s hard to know where to start, but one thing every e-commerce business can do to protect their clients is to use Secure Sockets Layer (SSL) certificates.
What Is an SSL Certificate?
SSL is an electronic protocol that helps make communications over computer networks secure by ensuring that the content provided originates from a verified sender. In other words, when you interact with a favorite online retailer, like Amazon, or a payment processor, like PayPal, you can be confident that you are dealing with that company and not an impostor.
Depending on the type of certification applied for, business owners have to go through various stages of vetting before they can install the certificate on company web pages and connect to a secure server on the web.
How Can Consumers Tell if a Website is Certified?
The most common applications are for payment transactions, email, data transfer, and user logon protocol. Users want to know that data is encrypted in order to protect against unauthorized access. They also want to know when they visit a website, especially when making online purchases, that the company has carefully investigated third-party players.
Here are some obvious signs that a page is using SSL certification.
- The address bar will have a green background color to indicate a higher level of security vetting, called Extended Validation. Some addresses include the name of the SSL authentication service (image source).
- A tiny padlock appears on the left-hand side of the browser bar. If there isn’t a padlock, or the symbol is “broken,” visitors will know that the company isn’t using SSL. If you want to know more about the type of certificate attached to a webpage, click on the tiny lock and a pop up will appear that provides information about the company associated with the website.
- You’ll find an SSL image, typically at the bottom of the webpage. Custom images are available, but most contain a padlock, “SSL” or “Security,” and other information that indicates a certificate.
- The URL starts with “https” to indicate that you are connected through a secure server. Hypertext Transfer Protocol (http) is a system for transmitting data on the web, and the “s” at the end is the security indicator. Http was the standard before websites started transmitting confidential information (such as credit card data).
Starting the Application Process
Every certification authentication company operates a little differently and offers their own levels of enterprise certificates and value-added services. Most providers offer business owners standard and extended certifications along with tools designed for companies who need to manage multiple certificates or have special security challenges. Naturally, this process will also depend on your web hosting provider, such as Bluehost.
First you need to vet potential Certification Authorities (CA). Read reviews or get recommendations from business colleagues. Talk to potential vendors about their experience and request verifiable references. Ask for client names so you can visit a few websites and check out the certificates yourself.
- Once you have selected a vendor, send a request for certification and pay for the certificate.
- Every company has its own protocol, but after you make the initial payment, the CA will provide you will more information about how their own verification processes work and how long it will take to receive approval. Digicert says they can usually get approval within an hour, but times may vary depending on the complexity of your organization and how you plan to use your SSL certification.
- After approval, install the certificate and start connecting via secure web protocol.
Benefits and Disadvantages of SSL Certification
All consumers expect their information to be protected when they shop online for products and services. Displaying SSL certification symbols indicates that your enterprise is concerned about identity theft and online security—which is essential for building trust with your customers.
On the downside, you will have an additional expense, although most CAs offer cost-effective solutions for small business owners who want to build a website that includes shopping cart capabilities. Money aside, there are other considerations, like the fact that search engines frown on certification failures.
“Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search-ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”
Google explained on its security blog that initially the new ranking signal would be pretty lightweight compared to other factors, like high-quality content and diligently avoiding duplicate content, but over time they expect it to become more significant in the ranking algorithm.
Some people suggest that companies who don’t invest in SSL certification may be at a disadvantage compared to those who maintain SSL certification, especially where organic search is concerned.
Ready to Make the Switch to HTTPS?
Small business owners who operate an e-commerce site must ensure that payment transactions are always completed over a secure connection to limit exposure. However, even enterprises that don’t have shopping cart capabilities need secure connections if they require employees or customers to log on to access articles or files. Any time your company shares information on the web, you need to protect your network and guests from exposure.
The advantages of using SSL certification far outweigh the disadvantages. If you ask customers to choose between a company that is SSL certified and one that isn’t, why would they choose to expose their personal information?