An SSL certificate is an essential element of running an online business. Online security is a primary concern—both for consumers and for ecommerce business owners. Merchants who want to conduct business online safely turn to SSL certificates. But what is an SSL certificate, and why should every ecommerce business have one? We turned to the experts to find out.
SSL Certificate Vs. TLS Certificate: What’s the Difference?
Two different terms commonly describe web certificates: SSL and TSL. SSL (Secure Socket Layer) is the original security protocol developed by Netscape in the 1990s. “It’s a protocol designed to create a more secure browsing experience on the Web,” explains Michael Burk, senior director of product management at ecommerce platform provider BigCommerce.
[Don’t miss this ecommerce article: 14 Essential Steps to Launching an Ecommerce Business]
The SSL certificate was also intended to provide trust and confidence for consumers. When visitors came to a website with an SSL certificate, “they would know that if they transmitted information from their computer to the website’s server, it was being done in a secure way,” Burk says.
Installing an SSL certificate on a website bypasses the typical “http” found at the beginning of the website’s URL. Instead, it displays “https.” That, says Burk, serves as “the shopper’s signal that all of their information is transmitted over that secure protocol.”
The SSL protocol has been updated, and the latest version is called Transport Layer Security, or TLS. “People use the two terms interchangeably,” says Dean Coclin, who serves as both the senior director of business development at cyber security firm Symantec, and as a member of the steering committee at the CA Security Council. However, he notes, “nobody sells the old version of the SSL certificate. That’s obsolete now.”
SSL certificates come in three different levels:
- Domain Validation (DV): While this lowest level of authentication offers encryption, the certificate holder is vetted only to confirm they have the right to use the domain name on their application.
- Organizationally Validated (OV): This level validates the applicant through the Dun & Bradstreet database or other third-party source. It also enables encryption and ensures a much stronger form of authentication over the DV certificate.
- Extended Validation (EV): Organizations choose this level when they require the most stringent security. EV level SSL certificates provide consumers with a visual cue as they browse the Internet. “Depending on which browser you use, they turn either the address bar or the lock green,” says Coclin. For EV certificates, the issuing authority does a deep dive to verify the site is what it claims to be. The visual cue also indicates that all data is encrypted in transit—in both directions.
Why Do SMBs Need an SSL Certificate?
Cyber-attacks on businesses of every size are on the rise, and they show no sign of letting up. Every online merchant—who values customer trust and a thriving business—must consider adding an SSL certificate.
“If you handle transactions that involve credit card or other personal data, certificates are a must,” says Coclin. “The threat of hackers intercepting communication on the Internet is very real, and if that communication includes credit card data or social security numbers, you do not want to send that in an unencrypted form.”
Here’s another reason to adopt an SSL certificate: some browser platforms have hinted they may soon put a visual indicator in the address bar to signify a website is not secured by a certificate. “We’ve had indications that Google Chrome will be the first to do it later this year,” says Coclin. With online security concerns at an all-time high, few consumers will want to visit an unsecured website.
[Editor’s Note: See New Site Security Indicators In Chrome, a Google doc posted by the Chrome Security Enamel team. Mr. Coclin also noted that non-https sites will show a circle with exclamation point].
In addition, many payment gateways that process credit card and other financial information now require merchants to transmit sensitive data via https. It’s possible for small businesses to leverage their ecommerce provider’s SSL certificate—if they don’t have their own—but that approach has a downside.
“The checkout is always secured via SSL,” Burk explains. “But when you have your own SSL certificate, that checkout process can live on your own store domain.” Customers of merchants who haven’tsecured their own SSL certificate will be redirected to a secure checkout page hosted by the ecommerce platform.
Why does that matter? Customers who stay within the merchant’s website are more inclined to complete their purchase. “One factor is fewer page loads; another is that they’ve built some trust in your ecommerce site. They want to complete the purchase with you—not sent to a less-familiar URL,” says Burk.
Trust matters to consumers, and Burk says that testing by BigCommerce merchants and by other SSL providers shows that SSL certificates help drive higher conversion rates.
Buying SSL Certificates: Simple and Budget-friendly
You can purchase SSL certificates through several channels. One such route is a certificate authority, and seven of those major players—Comodo, DigiCert, Entrust, GlobalSign, Go Daddy, Symantec, and Trustwave—comprise the CA Security Council.
Certificate costs are relatively low, and they rarely present a barrier for even small businesses. “We have healthy competition among the certificate authorities, and resellers sometimes offer even a better value,” says Coclin. Most ecommerce providers offer SSL certificates as part of their solution and you can typically add a certificate even if your account has been active for a while.
[Learn more about online security: 7 Password Managers for Small Business]
Julie Knudson is a freelance writer whose articles have appeared in technology magazines including BizTech, Processor, and For The Record. She has covered technology issues for publications in other industries, from food service to insurance, and she also writes a recurring column in Integrated Systems Contractor magazine.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|