e-commerce 101 - e-commerce and Security

Is it safe to accept customers' credit cards over the Internet?

Absolutely. StoreSense uses Secure Socket Layer (SSL), also known as secure order protection, secure certificate or digital certificate. Developed by Netscape, SSL is a protocol for securely encrypting and transmitting electronic information between web servers across the Internet, and is the most popular method for ensuring the secure transmission of credit card data and consumer information.

Why is SSL important?

Every time an e-commerce transaction is conducted on the Internet, personal confidential data like credit card numbers or social security numbers are exchanged among the shopper, the merchant and the appropriate parties involved in the transaction process like a payment processor. This information is susceptible to interception by unauthorized third parties and malicious attacks by computer hackers. SSL protects against these risks. At the same time, it also authenticates or validates the ownership of a website and ensures that the submitted data is supplied to the rightful storefront owner and the appropriate parties involved in the purchase transaction.

SSL is a critical requirement for conducting responsible, competitive e-commerce. Many savvy shoppers will not make purchases at web sites that lack the level of security expected from e-commerce sites today. In fact, merchants with SSL-enabled sites may likely witness an increase in business simply by providing consumers the peace of mind that their personal information and consumer data is safeguarded.

How can a shopper tell if an e-commerce site is secured with SSL?

Web sites hosted on web servers that are secured with a valid SSL certificate will display a security lock icon at the bottom of the web browser screen. The icon will change from the opened position to the locked position upon entering a secured area of the site. In addition, when a secure server connection is established between the user's web browser and the merchant's web server, the URL will display "https://" in its address. The "s" represents "secure."

In an e-commerce web site without SSL, there will be no security lock icon, and the URL address will also not display the "s" after "http." The browser will sometimes even show a window screen alerting the shopper that he or she is entering and leaving a secure area, usually during the checkout process.

Locked Security Icon Unlocked Security Icon

How does SSL work?

SSL protocol requires the installation of an SSL digital certificate on a web server that wants to establish secure server connection with a consumer's web browser. The digital certificate is necessary for authentication of the web server to the web browser.

At the same time, SSL protocol encrypts consumer information that is transferred from the web browser to the web server using a unique session key. When the information is presented to the web server, an encryption process takes place in which the session key is matched with the public key installed on the web server. This process, successfully completed, authenticates the web server and the information is transferred securely. The entire process is seamless to the shopper.

This process is continued as the transaction data is passed along to a payment processor, which then coordinates the transfer of monetary funds between the customer's credit card bank and the merchant's bank account.

How do I obtain SSL?

Check with your Internet Service Provider (ISP) or Merchant Account Provider to see if SSL is included with their real-time transaction processing solution. SSL is often offered as part of a payment processing solution from the service provider.

SSL can also be obtained directly from an SSL provider. Bear in mind that SSL certificates are domain-name- and host-name-specific. You will need a certificate for each domain name you want to secure with SSL.

When applying for SSL, a specific web server certificate key will need to be generated and installed on the web server that hosts the web store. Most web hosts will apply for an SSL on your behalf, and inform you when it has been issued and installed. If you apply for SSL directly, you will need to forward the SSL information to your web host.

Further information can be found at the following SSL authorities: