For online retailers whose brands may not be as far reaching as the nationals, creating immediate trust is often the difference between clicking on a product or the back button. And while trust building should occur throughout the site, it's most critical when the user approaches the actual purchase. To avoid shopping cart abandonment, using an SSL based URL address can bring more confidence to a skittish buyer…and some protection for the retailer against frivolous credit card chargeback claims. So, exactly what is SSL?
What is SSL's main advantage to a retailer? The confidence that it instills in consumers who are deailing with just about any type of financial transactions.
SSL stands for secure sockets layer (more on what that is later) and was invented by Netscape, one of the early browser companies, to provide more security for website visitors. It works on the principle of encryption, a way to "scramble" (turning the actual text, numbers and other information into what appears to be a jumble of symbols, numbers and letters) the actual traffic between a users browser and a server. Once a user accesses an SSL-secured page, the traffic back and forth is encrypted so that even if it is intercepted, it will be essentially useless to the data thief. What is SSL's strength is that it works at a very high level in encrypting what is known as the "packet scheme", essentially the structure of how information is digitally transmitted, so all of the information in a session is protected. SSL is used to protect the critical information behind virtually every type of internet transactions including:
The process is made possible by providing what is known as a "key" to the user from the server. In this way, only the user's computer and the server have the means to decode or reinterpret the data correctly. There are levels of encryption, which essentially provide more data scrambling, but also take more time (and computing power) to decode, thus slowing the page downloads to the browser. As an online shopping site owner, one of the first steps in bringing SSL to your website is to actually apply for what is known as an SSL certificate. What is SSL's source for certificates? Usually a certification authority whose job it is to authenticate certificate holders and also to protect the encryption keys setup by them to encode and decode the information that is passed between user and merchant. There are a variety of types and levels of these as well, with accompanying costs that can range from $30 to $1,500 per year or more. Some of the issues that go into the pricing of these SSL certificates include:
Customers are doing more online and also are becoming more aware of the need for online security. A recent survey of nearly 5,000 adults in 22 countries revealed that nearly 92% had made an online bank transaction and 80% had made an online purchase within the last month. The same survey revealed an increase in consumer awareness of issues like viruses, email scams (phishing) and Spyware. Largely because of these higher online transaction levels, consumers are becoming more aware of security notations that SSL brings including the familiar "lock" at the beginning of the secure the url in their browser, trust symbols, like Commodo, displayed on a page and the familiar addition of "s" to the beginning of a website address or URL as in HTTPS. Web buyers are also increasingly becoming more aware of SSL specifically, in part due to the efforts of SSL vendors to publicize their benefits.
What is SSL's bottom line value to a merchant? It depends on your perspective, but here are the pro's and cons of applying SSL to a site:
A key issue is whether you wish to host your own SSL server. For those who maintain their own data servers, the SSL installation process can be quite complex. There are certainly cost and control advantages to doing this, but there are quite a number of steps that have to be performed including:
1. Installation and validation of encryption software on the server
2. SSL Certificate generation (must be signed by trusted certificate provider or will generate warnings)
3. SSL Certificate import
4. Enabling SSL support on the server
5. Change ports to monitor SSL connection
6. Configure SSL host(s)
The site will also have to be monitored and maintained, including the renewal of your certificate. All of this can be eliminated by using a hosted shopping cart, like UltraCart, that provides SSL services.