Security is always a hot topic, especially in ecommerce. Sensitive credit card numbers can easily get in the hands of the “bad guys” if your site is not secure.
If your ecommerce site uses Stripe or PayPal you already know that they use SSL on their end, when processing payments on your ecommerce site. That doesn’t mean that your site is fully protected. SSL certificates are needed because they encrypt communication between the server and the customer purchasing from your site.
How do you know you need an SSL certificate?
Ask yourself these questions:
- Does my site sell ANYTHING?
- Does a user have to log into my site?
- Does my site interact with credit card numbers: collecting, processing or storing?
- Golden rule: do you like your payment information to be kept confidential?
If you answered ‘yes’ to any of the questions above, you definitely need an SSL certificate.
What type of SSL certificate do you need?
Here’s a quick break down of the types of SSL certificates:
- Extended Validation (EV) – The Certificate Authority (CA) does an extensive background check of the company/individual applying, so there is human intervention. Using third parties, the CA verifies the applicant owns the domain where the SSL will sit, verify applicant’s physical existence and check government records. Benefits: encryption, secure site seal, geolocation and other pertinent information on the business will be displayed when a user clicks the seal. This builds trust from your customers.
- Organization Validation (OV) – Acquiring this type of SSL requires less of the background check portion. But the authority still checks to make sure the applicant is the rightful owner of the domain. Benefits: encryption of credit card data, secure site seal and some information about the company displayed. Again, having the extra information builds trust from your customers.
- Domain Authenticated Validation (DV) – No extensive background check but the applicant must be the owner of the domain in application. This is typically automated. Benefits of this certificate are the encryption and the display of country code where the business operates.
How do you get an SSL certificate?
You can purchase SSL certificates from your hosting provider, in most cases. Beware of shared SSL certificates on some servers. This means you share a domain name with anyone else who wants to use SSL, and can get tricky. Shared SSL is not what you’re looking for.
In summary, your ecommerce site needs its own SSL certificate(s). Relying solely on your point-of-sale provider to be secure is not enough. You can never be too careful with sensitive credit card information.
I’d love to know your experience with SSLs on your own ecommerce site, or a client site. What tips can you share with us?
It should be obvious that a SSL is required when a site collects, processes or stores credit card details – in fact it is a PCI requirement.
However we also agree with you, and have long pointed out to our customers, your first two points (A site that sells anything and where any user logs into the site) should mean that a SSL is also installed. This means ANY E-Commerce site and ANY WordPress site should use a SSL