If you’ve ever shopped online you’ve heard of 128-bit encryption or “HTTS” security. This is the process of taking the customer to a secure server to protect and encrypt your sensitive information (like logins, banking or credit card information) and making it nearly impossible for anyone to retrieve that information as it’s being entered on the website.
As a business owner who sells products or services online, this is a critical part of the overall transaction process – one that could make or break the transaction.
A Step Back In Time
The online security industry has greatly changed in the last 10 to 15 years in a way that can greatly benefit your business. Originally if you wanted to sell your products online you would have your website developer create a shopping cart for you who would link your bank account and some form of credit card processing tool – leaving YOU entirely responsible for collecting, authorizing and approving (or declining) the transaction. This left you (the business owner) extremely vulnerable to information theft as it’s fairly easy to monitor and steal information that is openly accessible or not encrypted. Over the years many companies like Thawte, Verisign, GeoTrust, Comodo and Symantec started to create SSL services to help online vendors process transactions through their secure servers. For their services you would pay anywhere between $150 to $1500 per year to ensure your transactions were secure.
Back then, this was a must if you were selling online as browsers were eventually built to reject you from entering any secure information with a big pop up alert saying the page wasn’t secure! However, now many companies have entered the online shopping industry like Paypal and Google Checkout who completely takeover the transaction, once the information needs to be secured. Simply put, the transaction looks somewhat like the flowchart below. Seamlessly, the transaction would go onto Paypal’s or Google’s secure servers to accept your credit card information after you added all the products to the cart and once the transaction is complete, it would redirect you back to your site.
Originally many “payment processors” like Paypal and Google existed, however, over the last 10 years or so, they’ve become the standard for online payments and have created a lot of consumer confidence when it comes to online shopping. Now a days, seeing the “Paypal” or “Google” checkout icons reassures consumers and do not cause any uncertainty or hesitation for a customer to complete the transaction. Their fees are extremely reasonable (for example selling a $10 item would cost you around $0.60) and their services provide you the piece of mind not to have to worry about your site’s security, your server’s protection and renders the need for an SSL certificate virtually pointless (putting more money in your pocket).
Any Exceptions To The Rule?
I will add a little caveat! As I mentioned above, the transaction process flows from your website to the payment processor (Paypal/Google) and then back to your website. However, before paypal can authenticate the transaction, most of the time the customer has to enter some information on your website in order to pass on the details. Often this information is name, address, phone number and email. We refer to this information as “non-sensitive” information or information that, if stolen, wouldn’t affect you financially in the form of credit card fraud or identity theft.
Keeping this in mind, we’ve worked with various clients who kept detailed records of their customers clients and wished to have this information fully secured and not prone to theft. For example, if you are a government agency keeping a database of secret agents or undercover operatives, you’d want to ensure their details are entered on a secure site. Quite often, in our discussions with the client, we’ll assess the “sensitivity” of the information gathered on the website and advise the client on whether or not an SSL certificate is required. For most online shops, however, an SSL certificate is a thing of the past and an unnecessary cost.