Other Payment security

Why Is SSL a Must for Every E-Shop?

2018 October 19


Why Is SSL a Must for Every E-Shop?

Millions of people worldwide prefer buying goods and services without stepping out of their homes. The number of e-сommerce websites is constantly increasing as well as the need for secure online card payments. E-shops are not difficult to set up, but every seller has to deal with the challenge of ensuring data protection and winning customers’ trust. Websites can achieve this by using SSL.

What is SSL?

SSL (Secure Sockets Layer) certificate is a reliable and efficient method to maintain privacy, security and buyer’s confidence in your online shop. It is a standard technology for establishing an encrypted link between a web server and a client (a web browser).

SSL connection protects online transactions and ensures that confidential and sensitive information (e.g. credit card information, user login credentials, personal data) is encrypted and transmitted securely.

Why do I need SSL?

Information sent from your customer to you and vice versa is transmitted from one computer to another. Such sensitive information as credit card or personal data is seen to third parties if the connection is not encrypted.

  1. As a seller, you need SSL to keep the data encrypted and protected from any man in the middle so that nobody except the intended recipient could understand it.
  2. You can also be sure that the intended server receives the information and not a fraudster.

Important: SSL is now a must!

If you are planning to sell products or services online, you have to implement SSL on your website. There are two primary reasons why. First of all, as mentioned above, it protects all the sensitive data transmitted between you and your customer. Moreover, since July 2018 Google Chrome flags all websites without SSL as Not Secure. This will certainly harm your website’s ranking and push your potential customers away.

How does SSL connection work?

The SSL connection is established with the help of three keys: the public, the private, and the session key.

SSL connection scheme

  1. Your customer’s browser connects to your SSL-secured web server (website).
  2. Your server sends a copy of its SSL Certificate with the server’s public key. The browser checks that the certificate is not expired or revoked, and that it is used by the website that it has been issued for. It also checks whether the certificate was issued by a trusted certificate authority.
  3. The browser creates and sends a symmetric session key using the server’s public key.
  4. Your server decrypts the symmetric session key using its private key and starts the encrypted session.
  5. The server and the browser encrypt all transferred data with the session key.

If a browser identifies that the certificate is expired or not valid, it will warn the user/customer that the website is not secure.

How can I make my online shop secure?

  1. You must create a Certificate Signing Request (CSR) on your server. It is a file that contains your details which is later submitted to a Certificate Authority. Your server creates a private and a public cryptographic keys. You should not disclose your private key by any means.
  2. You should submit your CSR to a Certificate Authority (CA) and get an SSL certificate. A CA issues digital certificates to organizations or legally accountable individuals. There are many certificate issuers; however, web browsers trust only those CAs that they have on their list.
  3. After the CA issues an SSL certificate, you should install it on your server.
  4. Your SSL certificate must be tied to an intermediate certificate which is already on the trusted list of your customer’s web browser.
  5. Your web server is now able to establish an encrypted link between the website and your customer’s web browser.

What does an SSL certificate include?

A typical SSL certificate contains your domain name, company name, address, city, state and country. It also includes the expiration date of your certificate and information about the CA that has issued it. Note that since February 2018 the maximum duration of SSL certificate validity is set to 2 years.

How can buyers identify secure online shops?

The first sign of absence of SSL is the warning instantly shown by Google when a visitor opens an unsecure website. If your website is protected, it normally displays a lock icon and begins with https rather than http. In order to build customer confidence in your website, you can display a trust seal on your website as well to show that it was verified by a Certificate Authority.

https vs http

Running an e-commerce business can be easier with the help of such security measures as SSL. It guarantees the security of your transactions and boosts your sales by building more trust in your online shop. In addition, you can activate 3D Secure to prevent fraudulent activities in your online store.

Update: TLS 1.0 and 1.1 deprecated

Cardinity would like to update all of our current customers that as from June 1st, 2020 TLS 1.0 and 1.1 will no longer be supported

We recommend that all merchants turn off TLS 1.0 and TLS 1.1 as soon as possible. All combinations of client servers and browser servers should use TLS version 1.2 (or a later version) to make sure that all connections can be made without issues. We strongly encourage all of our merchants to check which version of TLS they are currently using in order to avoid any issues.

Newer versions of the TLS protocol enable more modern cryptography and are broadly supported across modern browsers.

Open a merchant account for free
and start processing payments with Cardinity!