Safe Internet Shopping

How to tell if a page is secure

The payment area of a payment site uses SSL (Secure Socket Layers). When you see the padlock in a corner of your browser window you know that the page is secure and that all your communications with the site are encrypted. The padlock shown is from Internet Explorer. Other browsers use a slightly different image but the security is the same.

Click and/or Hover on the padlock and a Security Certificate will pop up. This will give you all the security information, guarantee the identity of a remote computer and tell you the site owners name and the Security Certificate issuer.

What is SSL?
Since its introduction in 1994, SSL has been the de facto standard for e-commerce transaction security, and it's likely to remain so well into the future.

SSL is all about encryption. SSL encrypts data, like credit cards numbers (as well other personally identifiable information), which prevents the "bad guys" from stealing your information for malicious intent. You know that you're on an SSL protected page when the address begins with "https" and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox in the address bar as well).

Your browser encrypts the data and sends to the receiving Web site using either 40-bit or 128-bit encryption. Your browser alone cannot secure the whole transaction and that's why it's incumbent upon e-commerce site builders to do their part.

SSL Certificates
At the other end of the equation, and of greatest importance to e-commerce site builders, is the SSL certificate. The SSL certificate sits on a secure server and is used to encrypt the data and to identify the Web site. The SSL certificate helps to prove the site belongs to who it says it belongs to and contains information about the certificate holder, the domain that the certificate was issued to, the name of the Certificate Authority who issued the certificate, the root and the country it was issued in.

SSL certificates come in 40-bit and 128-bit varieties, though 40-bit encryption should not be used as it is less secure. For full two-way 128-bit encryption to occur, according to SSL certificate vendor VeriSign, you need a certificate that has SGC (server grade cryptography) capabilities.

Not all SSL Certificates are created equal
SSL certificates can either be bought from a certificate vendor or they can "self-signed".

Technically speaking, the data may be encrypted, there still is a fundamental problem with self-signing that defeats part of the purpose of having an SSL certificate in the first place. Self-signing a certificate is like issuing a 'self-certified' driver's license. Roads are safer because governments issue licenses. Making sure those roads are safe is the role of the certificate authorities. Certificate authorities make sure the site is legitimate.

Self-Signed certificates will trigger a warning window in most browser configurations that will indicate that the certificate was not recognized. VeriSign admits that there are a lot of people that will click through anyway just like there are a lot of people that will click through an expired SSL certificate as well.

There is research that suggests that having a recognizable SSL certificate may, in fact, have a direct correlation to increased e-commerce sales. VeriSign, in particular, has done some research that shows that users who visit sites that have a recognizable trust mark (like the VeriSign Secure Site seal) are more comfortable shopping on those sites and have fewer abandoned shopping carts and better repeat purchases.

Conclusion
The site is who they say they are. They have nothing to hide and are running a legitimate e-commerce business that wants consumers to trust and feel comfortable doing business with them. The SSL certificate system exists to help promote the security and integrity of e-commerce for everyone. In an era where phishing scams run rampant and trust is king, a proper SSL certificate is one crucial key to e-commerce security and safety.