With your Internet identity established and your site built and hosted, it's time to turn your online storefront into a thriving e-commerce business. To do it, you must win your customers' trust. Eighty-five percent of Web users surveyed reported that a lack of security made them uncomfortable sending credit card numbers over the Internet. E-merchants who can win the confidence of these customers will gain their business and their loyalty, and an enormous opportunity for grabbing market share and expanding sales.
The Risk of E-Commerce
In person-to-person transactions, security is based on physical cues. Consumers accept the risks of using credit cards in places like department stores because they can see and touch the merchandise and make judgments about the store. On the Internet, without those physical cues, it is much more difficult for customers to assess the safety of your business. Also, serious security threats have emerged:
Spoofing: The low cost of website creation and the ease of copying existing pages makes it all too easy to create illegitimate sites that appear to be operated by established organizations. Con artists have illegally obtained credit card numbers by setting up professional looking websites that mimic legitimate businesses.
Unauthorized disclosure: When purchasing information is transmitted "in the clear," without proper security and encryption, hackers can intercept the transmissions to obtain customers' sensitive information like credit card numbers.
Unauthorized action: A competitor or disgruntled customer can alter a website so that it malfunctions or refuses service to potential clients.
Eavesdropping: The private content of a transaction, if unprotected, can be intercepted en route over the Internet.
Data alteration: The content of a transaction can be not only intercepted, but also altered en route, either maliciously or accidentally. User names, credit card numbers, and dollar amounts sent without proper security and encryption are all vulnerable to such alteration.
To take advantage of the opportunities of e-commerce and avoid the risks, you must find the answers to questions like:
"How can I be certain that my customers' credit card information is protected from online eavesdroppers?"
"How can I reassure customers who come to my site that they are doing business with me, not with a fake set up to steal their credit card numbers?"
The process of addressing these general security questions boils down to these goals:
Authentication: Your customers must be able to assure themselves that they are in fact doing business with you, not a "spoof" site masquerading as you.
Confidentiality: Sensitive information and transactions on your website, such as the transmission of credit card information, must be kept private and secure.
Data integrity: Communication between you and your customers must be protected from alteration by third parties in transmission on the Internet.
Proof of communication: A person must not be able to deny that he or she sent a secured communication or made an online purchase.
The Trust Solution: SSL Certificates for Authentication and Encryption
Digital certificates for your website (or "SSL Certificates") are the answer for these security questions. Installed on your Web server, a SSL Certificate is a digital credential that enables your customers to verify your site's authenticity and to securely communicate with it. SSL Certificates allow your e-business to provide customers with the world's highest level of trust. A SSL Certificate assures them that your website is legitimate, that they are really doing business with you, and that confidential information... such as credit card numbers transmitted to you online is protected.
How SSL Certificates Work
SSL Certificates take advantage of the state-of-the-art Secure Sockets Layer (SSL) protocol, developed by Netscape. SSL has become the universal standard for authenticating websites to Web browser users, and for encrypting communications between browser users and Web servers. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate, or SSL Certificate, enables SSL capabilities.
SSL server authentication allows users to confirm a Web server's identity. SSL enabled client software, such as a Web browser, can automatically check that a server's certificate and public ID are valid and have been issued by a certificate authority. SSL server authentication is vital for secure e-commerce transactions in which, for example, users send credit card numbers over the Web and first want to verify the receiving server's identity.
An encrypted SSL connection requires that all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, protecting private information from interception over the Internet. In addition, all data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering that is, for automatically determining whether the data has been altered in transit. This means that users can confidently send private data, such as credit card numbers, to a website, trusting that SSL keeps it private and confidential.
The SSL Certificate process works as follows:
A customer contacts your site and accesses a page secured by a SSL Certificate (indicated by a URL that begins with "https:" instead of just "http:" or by a message from the browser).
Your server responds, automatically sending the customer your site's digital certificate, which authenticates your site.
Your customer's Web browser generates a unique "session key" to encrypt all communications with the site. The user's browser encrypts the session key itself with your site's public key so only your site can read the session key.
A secure session is now established. It all takes only seconds and requires no action by the customer. Depending on the browser, the customer may see a key icon becoming whole or a padlock closing, indicating that the session is secure.
SSL Certificates come in two strengths: 40-bit and 128-bit (the numbers refer to the length of the "session key" generated for each encrypted transaction). The longer the key, the more difficult it is to break the encryption code. 128-bit SSL encryption is the world's strongest: according to RSA Labs, it would take a trillion years to crack a 128-bit session key using today's technology.
Your Privacy and Security Statement
A vital component of every e-commerce website is a comprehensive Security and Privacy Statement that describes exactly how your business secures information and uses it. This is extremely important to your customers.