If someone at a dinner party started talking to you about secure sockets, you’d probably try to find a different seat before the next course arrived. Yet the Secure Sockets Layer protocol is a surprisingly important aspect of the internet since it provides the security we demand from online retailers.
SSL certificates were originally designed to create a secure communication channel between a host server and a recipient device, specifically for the duration of an ecommerce transaction. This was done by making the host and recipient exchange uniquely generated identification keys, which only these two devices recognised. The keys ensured that every byte of data transmitted was encrypted and decrypted safely, so third parties couldn’t eavesdrop or steal information. As a result, known issues like man-in-the-middle cyber attacks were hugely reduced.
Shop ‘til your connection drops
SSL certificates were quickly embraced by online retailers, who didn’t want customer records falling into the wrong hands. While a secure connection was maintained, people could browse and buy at will without worrying about being spied on or having transactions monitored.
A number of methods were established to identify the presence of a secure connection:
- A subtle change in a website address, from HTTP to HTTPS
- The presence of a padlock in the browser’s address bar
- The browser bar turning green.
Most of us recognise these three identifiers, and observant readers might be wondering why this article keeps referring to SSL certificates in the past tense. Quite simply, that’s because they’ve now been replaced by the newer Transport Layer Security protocol. SSL certificates date back to the mid-1990s, and a defunct web firm called Netscape. As vulnerabilities emerged in the iconic Netscape Navigator web browser, revised versions of SSL were released. Eventually, TLS replaced it altogether in 1999. Yet the original name stuck, and people still use the term SSL to describe a TLS connection.
The biggest differences between SSL 3.0 and the first generation of TLS involved the retrospective elimination of vulnerabilities and improvements to the algorithms used to generate encryption keys. And if you didn’t understand any of that, it’s enough to know SSL and TLS both refer to the electronic handshake that opens a communication channel between an external server and a personal device. Any self-respecting ecommerce platform these days will ensure that purchases are made securely, while many websites open HTTPS connections for every site visitor – even those who merely want to browse.
What if my site doesn’t use SSL or TLS?
To be blunt, you won’t last very long in the current ecommerce market. Customers don’t always understand how cybercrime actually happens, but they do appreciate that an insecure website is vulnerable to data loss and surveillance. And perceptions matter online since internet shopping is impersonal at the best of times. There are no smiling shop assistants ready to answer queries, and no physical proof of a purchase being made. You don’t instantly get the goods or services you’ve paid up front to receive, and most ecommerce transactions are automated. Many people find it difficult to hand over debit card details to an unfamiliar website, but a secure ecommerce portal at least instills some confidence.
Even if you do manage to attract patrons onto your site, you’re placing them at risk:
#1. Anyone monitoring an insecure purchase could redirect the purchaser’s browser to a separate web page. The customer might not notice, unwittingly providing card information or directly making a payment into a fraudster’s bank account.
#2. The criminals may let a transaction go through while quietly noting down address and payment credentials. Having acquired CVC codes and expiry dates, they could set off on an ecommerce shopping spree of their own.
#3. An insecure website might be hacked, and used to display offensive or pornographic content. It may be infected with malware, which downloads itself onto user devices. Malware comes in many shapes and guises, but its intentions are rarely noble.
#4. Another problem involves user data being stolen. Again, personal details can be used in all sorts of nefarious ways, from email marketing lists to junk mail. No company wants to be responsible for the next Yahoo or Equifax-style disaster.
Google and Bing now prioritise HTTPS websites in their search results, so the absence of SSL or TLS security damages a website’s SEO performance. And since certificates are provided free with UK2 Business Hosting packages, there’s no excuse for not embracing the attendant benefits. We will generate an authentic SSL certificate on your behalf, help you install it and even ensure it works smoothly when consumers need to switch between normal web browsing and a more secure connection. There’s simply no excuse for leaving your website and ecommerce portals insecure…