One of the challenges Internet-based organizations and businesses struggle with is the secure transmission of confidential information but, at the same time, consumers are being asked to exchange more personal information online. Because of this dilemma, whether you are a business owner or a private individual, you need to know how to tell whether your session on a website is secure.
Secure Sockets Layer (SSL) is at the heart of encrypted Web transmissions. SSL was created by Netscape in 1994 and it is the leading security method used on the Internet. The protocol is designed to accomplish three things:
- Validate the identity of a website
- Create an encrypted connection between the browser and the web server
- Ensure any transmitted data is received without error
In layman's terms, SSL is a digital handshake that makes sure all parties involved are who they say they are.
Information for Website Owners
Even though the most common use of SSL is on ecommerce sites, any site where personal data is being transmitted should also use a secure connection. SSL certificates are sold by various providers, and they can differ in two main areas:
- Encryption level and certification standard - Currently 128-bit encryption is the industry standard, so any service that provides that level has met the minimum requirement. However, higher levels of encryption are available. If the provider doesn't reveal the encryption rate, stay away from them.
- Certification Authority (CA) - Basically, a CA is a company - like VeriSign - that certifies that a site is in fact what it claims to be. The certificate will show the browser information like company name (i.e. LoveToKnow), address, and other information about the site proving it is authentic.
DigiCert.com suggests researching the warranty's dollar amount and exactly what is verified. In general, pay for as much verification as you can afford and get a large enough warranty to cover any potential fraud users could incur (since they will receive the payment from the warranty).
Although only a handful of companies that offer SSL certificates are well-known, many SSL certificate providers exist. However, less expensive options are not always best -- some have been compromised.
A Necessity for E-Commerce
If you own a website and conduct any kind of transactions on the site that includes the use of personal information -- like social security numbers, credit cards or account numbers -- you need a SSL certificate. This will ensure the safety of any transmitted data, protecting it so it is not compromised or hacked.
Besides safeguarding the data, a SSL certificate will also build trust with your customer base. With identity theft being an ongoing problem on the Web, shoppers are becoming more savvy about the need of a secure transmission for their personal and financial information.
Information for Consumers
Since you may not be able to tell is if site has a SSL Certificate -- although many have a small graphic displaying the fact -- whenever you shop online double check and make sure the site is secure before you click buy.
Look at the URL
The most common way to determine if a site is engaging in a secure session and has a SSL Certificate is to look at the beginning of the URL. When you are in the 'make a payment'-type process, does the URL start with https or http? If https is being used then the session is being managed by a security protocol and the transmission to and from the Web server is encrypted. Some sites will also display a green address bar and/or a lock icon in the browser in addition to https.
Emails with Offers
With the overwhelming amount of email people get, spam sometimes makes it into an email box -- and some of the email looks convincingly real. You can take a couple of steps to avoid being scammed. First, hover over the link you are being directed to and look closely at the URL or hover over the sender's name (upper left corner). Scammers obviously try to make the links seem as genuine as possible, but a quick clue to look for is whether the suffix at the end of address matches the real site. Also never presume that because a URL in the email starts with https that they are a legitimate site.
Additional Security Tips
In a perfect world you would conduct all your personal business from a computer you own and know is secure, but times do occur when a public computer must be used for private information. If you are in this situation, always remember to log out and close the browser when you are finished. If you are using Wi-Fi at a public facility, presume it is unsecured, and do not transmit any personal data unless you are using a virtual private network (VPN) connection to access the Web.