Security for your Visitors
Although statistics show that online retail is growing exponentially, many people are still questioning whether the personal info they share on the internet is safe. The simple answer is: it's as safe as it's ever going to be.
As with most technologies, someone, somewhere, will find a way to exploit it. And this trend holds true with the internet as well. Although online fraud scams continually evolve, internet security protocols are very good at reducing the risks. The biggest security problems we face on the internet today are due to negligence from two ends: websites refusing to use proper security protocols when gathering information from visitors, and from the visitors themselves, when they submit personal information to unknown or untrusted websites.
As an owner of a website that collects personal and/or financial information, there is only one way you can make that data safe during transfer, and that is to be a trusted SSL (Secure Socket Layer) Certificate holder.
What is SSL?
An SSL certificate is a unique "electronic ID", assigned to a specific domain. With this ID installed, it proves that the webpage on that domain belongs to that domain, and ensures a unique encryption system (up to 256-bit) for all data exchanged between the visitor to that domain. The certificate confirms that a particular online entity is what it claims to be when a user attempts to send confidential information to it. If the Certificate is valid, the information is then allowed through, using a secure encrypted connection to the certificate holder's Domain Name Server (DNS).
- Information the Certificate Validates:
- The Certificate Owner.
- Certificate Serial Number and Expiration.
- The Certificate Holder's Public Key.
- Digital Signature of the certificate-issuer.
Once properly installed onto a website, the padlock Icon is shown in the Browser status bar, indicating to your visitors that any exchange of information is secure, and allowing them to be confident making any purchases.
Is the SSL system fraud-proof? It's impossible to say yes, since someone may find a way around it tomorrow. However, it is the most secure method for data exchange on the internet to date, and is the most effective at stopping "Phishing" and "Pharming" scams. It also happens to be the most affordable method of securing data exchange, which is a blessing for small business owners attempting to enter the Online Retail market.
Which kind do I need?
You'll notice that there are two options listed on the Hosting Packages page for SSL Certificates. There are actually more options available, regarding higher security levels and multiple-domain accounts, but these are the typical two. The Lite SSL certificate is obviously the cheapest alternative, using a 128-bit encryption with a single root certificate. Known as a 'Shared Certificate', these provide the bare necessities for SSL protecting your site, and are ideal for low-volume/low-profile online vendors, or for companies trying to tighten up security on their email servers. The second SSL certificate offers higher protection for companies dealing with larger amounts of personal and financial data, such as those using large online shopping cart systems. Once RocWorx has talked with you about your website's needs, we will be able to better determine which level of security you need to provide for your customers.
What is a dedicate IP?
Most hosting servers, such as ours, uses a 'dynamic IP' system, which allows for the re-using of IP numbers (the numeric designation of a particular domain name) as they become available, or as needed, such as when the physical location of servers are moved. Your hosting provider may change source servers for any number of valid reasons, and the change is usually unnoticable. A Dedicated IP, however, is a numeric representation of your domain that never changes (until YOU want it to). This is how SSL certificates know which server is trusted. Instead of relying on the domain name itself (yoursite.com), it relies on the physical IP address that the certificate was originally signed to. If the two do not match up, the security protocols refuse to validate. This way, a visitor is sure that the information they are sending is going to the individual(s) that actually own and operate the receiving domain. You can't install an SSL certificate unless you have a dedicated IP to sign it to.
Where do I get SSL, and what do I do with it?
There are a number of SSL certificate vendors online, but RocWorx not only has a direct working relationship with the most trusted providers available, we can also set up a dedicated IP for your domain, install the certificates for you, and automatically renew those certificates for you every year. If you are considering an E-Commerce hosting package with us, CONTACT US, and we will make sure all steps are fulfilled in securing your online sales, and your customer's trust.