So your web site administrator says you need a SSL. What is a SSL Certificate? Why do you need one? Chances are, if you’ve set up a registration system or an e-commerce store for your site, you’re going to collect credit card information. Securing that on your web site requires what’s known as a Secure Sockets Layer (SSL) certificate. This certificate signs your web site as your company name, so someone buying something from you can safely know their data is going right to you and not being swiped by a third party.
Why is this important? Securing and guarding customer information during a web site
transaction is critical for establishing and maintaining trust among your customers.
How do I know if my site has SSL? If you are processing any kind of transaction (registration,
purchase, information gathering) and the URL has https:// to start it, it’s secure. If it does not, it’s not, and that data can be intercepted and used against your customer.
What kinds of organizations need SSL?
If you collect any kind of funds (credit card, e-check) for anything (registration, purchase, donation) you need SSL
If you collect any protected financial or health information, you need SSL (and a whole lot more, but we will get to that in a later post)
If you collect anything that someone wouldn’t write on a post card and mail for everyone (and your mail carrier) to see, you need SSL.
Some examples of things clients collect that require SSL:
- Social security numbers
- Health plan group codes/plan codes
- Business EIN/FEIN numbers
- Date of birth
- Credit card numbers
- Birth city
- Mother’s maiden name
You might be surprised by date of birth, birth city and mother’s maiden name. But there is so much publically available information about you online, that if someone could just get ONE of those, plus that openly available information, they could establish accounts in your name.
A client had their social security number stolen when the State of Michigan’s (then) Department of Labor and Economic Growth published microfiche images of business applications which contained social security numbers, name, address and other critical information (they have since blanked this information out of the available data.) The unraveling of this problem took a week, and the effects lasted for years.
What goes into a SSL?
Your basic business contact information is used to register a SSL. So this says to the server that this
business, with a website at this IP address is associated with this company. As long as those match, a SSL warning will not be displayed and your user will not question that their data isn’t secure.
Your web hosting manager/project manager will install the cert for you. There is an annual fee (it varies from $30-60 depending upon the web hosting site.) It takes a day or two to get the site moved to it’s own dedicated IP address, and the cert configured.
Secure data – that your customers see and expect from trusted web sites, is a minimum requirement for everyone who takes protected information online. Ensuring that reputation continues unsullied, look at the SSL as one more critical piece you need to have deployed.
If you’re looking to sell online (services or products) and need SSL, you’re also going to need to have a good strategy for growing your internet business. Download this step-by-step guide to internet marketing and jumpstart your success!