Secure your Online Ordering with SSL Certificate.
Still this day and age people are very insecure about ordering anything online. Still though many people order and give their credit card data over the phone they still are doubtful upon ordering online. This stuff will show you what to look for to see if it is safe to order online, the common process on how things are processed online, and the securities required.
What The Web User Should Know:
Everybody recognizes to appear for the padlock on the bottom of the web browser. If not that says you that the web page is secure. Along with that padlock on the bottom of the web browser your web page should display https:// instead of http://. (The “s” points of view for “secured”)
How is a web page secure?
If you're going to run an online store or e commerce Web site, you should be aware of HTTPS - or Hypertext Transfer Protocol with Secure Sockets Layer. HTTPS is a protocol to transfer encrypted data over the Web.
There are two primary differences between an HTTPS and an HTTP connection work:
HTTPS connects on port 443, while HTTP is on port 80
HTTPS encrypts the data sent and received with SSL, while HTTP sends it all as plain text
Most Web customers know that they should look for the HTTPS in the URL and the lock icon in their browser when they are making a transaction. So if your storefront is not using HTTPS, you will lose customers. But even still, it is common to find Web sites that collect money including credit card data over a plain HTTP connection. This is very bad.
As I said above, HTTP sends the data collected over the Internet in plain text. This means that if you have a form asking for a credit card number, that credit card number can be intercepted by anyone with a packet sniffer. Since there are many free sniffer software tools, this could be anyone at all. By collecting credit card information over an HTTP (not HTTPS) connection, you are broadcasting that credit card information to the world. And the only way your customer will learn it was stolen is when it's maxed out by a thief.
What about types of Browsers?
Internet Explorer used to control 90% of the market for web browsers, so naturally hackers and cheaters were attracted to attacking that browser to obtain information. So the safe alternative was to use a different browser like Firefox that was not very popular. But as Firefox gains popularity they will become a target as well. Their goal was to gain 10% of the market, and they are now pushing 20% according to statistics of people.
You would be interested in knowing that with a properly configured web site with the correct shopping cart script for collecting credit card information that connects to a merchant account gateway, the credit card number is never seen by the webmaster. It's true! I cannot see the process of filling out the information, and when I visit my merchant account online to view transactions I'm not shown the full credit card number. "But be warned on how people can work around this!"
How can they process a credit card that is insecure and/or see my credit card number?
If the page is unsecured. (HTTP instead of https and the lock is open on the bottom of the browser)
If they use a simple online form to ask for the information instead of a script. (When the information is emailed out instead of processed) Even if the form is on a HTTPS page it would still be secured, but as soon as it is mailed it becomes unsecured and if anything happens the web site owner could lose his merchant account and not be able to apply for a new one EVER AGAIN! I've seen customers use this way to process cards and manually enter them at their store. Needless to say I refused to create a site that operates this way for liability issues.
What's the process involved for getting a SSL Certificate?
Fill out the required information of name, address, phone number, etc.
You will get a 'phone authentication' call recording your voice stating
your name for security and asking you to enter a 4 digit code that would be provided for you.
After that has been verified you can install the SSL Certificate.
After you’ve Got Your HTTPS Certificate
Your hosting provider will need to set up the certificate in your Web server so that every time a page is accessed via the https:// protocol, it hits the secure server. Once that is set up, you can start building your Web pages that need to be secure.
Here are some tips for using HTTPS:
Point to all Web forms on the https:// server. Whenever you link to Web forms on your Web site, get in the habit of linking to them with the full server URL including the https:// designation. This will insure that they always are secured.
Use relative paths to images on secured pages. If you use a full path (http://www...) for your images, and those images are not on the secure server, your customers will get error messages that say things like: "Insecure data found. Continue?" This can be disconcerting, and many people will stop the purchase process when they see that. If you use relative paths, your images will be loaded from the same secure server as the rest of the page.
Secure only the pages that request and collect data. It is possible to run your entire Web site on https://, but it slows down the connection and some SSL providers charge you on the bandwidth secured. You should only secure those pages that collect data.
For more information visit: ClickSSL.com
What The Web User Should Know:
Everybody recognizes to appear for the padlock on the bottom of the web browser. If not that says you that the web page is secure. Along with that padlock on the bottom of the web browser your web page should display https:// instead of http://. (The “s” points of view for “secured”)
How is a web page secure?
If you're going to run an online store or e commerce Web site, you should be aware of HTTPS - or Hypertext Transfer Protocol with Secure Sockets Layer. HTTPS is a protocol to transfer encrypted data over the Web.
There are two primary differences between an HTTPS and an HTTP connection work:
HTTPS connects on port 443, while HTTP is on port 80
HTTPS encrypts the data sent and received with SSL, while HTTP sends it all as plain text
Most Web customers know that they should look for the HTTPS in the URL and the lock icon in their browser when they are making a transaction. So if your storefront is not using HTTPS, you will lose customers. But even still, it is common to find Web sites that collect money including credit card data over a plain HTTP connection. This is very bad.
As I said above, HTTP sends the data collected over the Internet in plain text. This means that if you have a form asking for a credit card number, that credit card number can be intercepted by anyone with a packet sniffer. Since there are many free sniffer software tools, this could be anyone at all. By collecting credit card information over an HTTP (not HTTPS) connection, you are broadcasting that credit card information to the world. And the only way your customer will learn it was stolen is when it's maxed out by a thief.
What about types of Browsers?
Internet Explorer used to control 90% of the market for web browsers, so naturally hackers and cheaters were attracted to attacking that browser to obtain information. So the safe alternative was to use a different browser like Firefox that was not very popular. But as Firefox gains popularity they will become a target as well. Their goal was to gain 10% of the market, and they are now pushing 20% according to statistics of people.
You would be interested in knowing that with a properly configured web site with the correct shopping cart script for collecting credit card information that connects to a merchant account gateway, the credit card number is never seen by the webmaster. It's true! I cannot see the process of filling out the information, and when I visit my merchant account online to view transactions I'm not shown the full credit card number. "But be warned on how people can work around this!"
How can they process a credit card that is insecure and/or see my credit card number?
If the page is unsecured. (HTTP instead of https and the lock is open on the bottom of the browser)
If they use a simple online form to ask for the information instead of a script. (When the information is emailed out instead of processed) Even if the form is on a HTTPS page it would still be secured, but as soon as it is mailed it becomes unsecured and if anything happens the web site owner could lose his merchant account and not be able to apply for a new one EVER AGAIN! I've seen customers use this way to process cards and manually enter them at their store. Needless to say I refused to create a site that operates this way for liability issues.
What's the process involved for getting a SSL Certificate?
Fill out the required information of name, address, phone number, etc.
You will get a 'phone authentication' call recording your voice stating
your name for security and asking you to enter a 4 digit code that would be provided for you.
After that has been verified you can install the SSL Certificate.
After you’ve Got Your HTTPS Certificate
Your hosting provider will need to set up the certificate in your Web server so that every time a page is accessed via the https:// protocol, it hits the secure server. Once that is set up, you can start building your Web pages that need to be secure.
Here are some tips for using HTTPS:
Point to all Web forms on the https:// server. Whenever you link to Web forms on your Web site, get in the habit of linking to them with the full server URL including the https:// designation. This will insure that they always are secured.
Use relative paths to images on secured pages. If you use a full path (http://www...) for your images, and those images are not on the secure server, your customers will get error messages that say things like: "Insecure data found. Continue?" This can be disconcerting, and many people will stop the purchase process when they see that. If you use relative paths, your images will be loaded from the same secure server as the rest of the page.
Secure only the pages that request and collect data. It is possible to run your entire Web site on https://, but it slows down the connection and some SSL providers charge you on the bandwidth secured. You should only secure those pages that collect data.
For more information visit: ClickSSL.com
0 comments:
Post a Comment