Most online shoppers are very careful about who they trust providing their information to and for good reason. Internet crime can be costly for customers and businesses alike. That’s why so many businesses rely on SSL (“Secure Socket Layer“) certificates to defend customer data. But who needs an SSL certificate and what are they good for?
What is an SSL Certificate?
SSL certificates are files that allow you to safely encrypt data and send it over a secure connection. This achieves two things. It enables businesses to encrypt sensitive data, like credit card numbers, so that prying eyes can’t prey on their customers. It also helps the protected business show customers that their site is worth trusting since SSL certificates offer visitors visible authentication of their data security. That assures them that their sensitive data is being sent to the correct source rather than to a criminal enterprise.
Who Needs an SSL Certificate?
Not every site will require an SSL certificate, while for others it is essential. SSL certificates are all but mandatory for basically any type of e-commerce website. Internet merchants are responsible for protecting customer information and failure to do so can result in severe ramifications for a business. If you store credit card information for offline processing you absolutely need an SSL certificate to secure all transferred data.
Ecommerce sites are not the only sites that need to be concerned with security. Does your site use a username or password login? If you don’t use an SSL certificate, hackers can access user names and passwords in plain text. Because so many people use the same password information across several domains, this makes your visitors vulnerable to several forms of fraud.
What about Payment Gateways?
If you use a third party payment gateway (e.g., PayPal, WePay) for your ecommerce, your site won’t come into contact with customer card data and so an SSL certificate isn’t required. However, if you accept payment information on your site and then forward it to a 3rd party payment gateway, you will need an SSL certificate. Simply put, you only need an SSL certificate if customer data is entered into a field on the site while your domain name is in the address bar.
Failure to remain PCI (“Payment Card Industry“) compliant can lead to severe fines as well as having other financial implications. Every business on the Internet that accepts, stores or transits cardholder information is responsible for its own compliance. Although SSL certificates are not mandatory for PCI compliance, they do allow businesses to achieve the 128-bit encryption requirement for protecting customer data. More on PCI compliance can be found at “Why PCI Compliance is Vital to Your Business“.
If your site is a collection of family photos or a blog that without user logins, then you probably won’t have any need for an SSL certificate. However, if you handle customer information via login or for payment processing, having an SSL certificate protecting that data is absolutely critical.
Several website hosts provide a shared SSL certificate that may avoid your having to purchase your own for protection. That said, shared certificates don’t contain your organization’s name and that doesn’t offer visible security assurances to visitors. But as compared to no encryption whatsoever, a shared certificate is very much preferable.
Top Photo Source elhombredenegro (https://www.flickr.com/photos/77519207@N02) under http://creativecommons.org/licenses/by/4.0