SSL is absolutely essential for any website collecting sensitive information online. On your computer, you can see it as the little padlock in the bottom right-hand corner of your browser, when you send or collect information online.
If you go to an unsecured website, you transmit information over many computers and networks, practically inviting hackers to steal this information – like passwords and credit card information. Obviously, that’s not something you want to fall prey to. SSL ensures that this does not happen.
What is SSL?
Secure Sockets Layer or SSL, was introduced in 1994 and has been declared as the standard for securing E-commerce transactions. SSL is a protocol that encrypts credit card numbers and other sensitive information by scrambling the data so it can not be accessed by eavesdroppers. More than likely, you have visited a few sites protected with SSL encryption as it is typically indicated by a URL that starts with HTTPS opposed to HTTP and a padlock icon located on the top or bottom of the web page.
SSL ensures safe transactions:
To make sure that no hacker can intercept and misuse information being collected online, SSL does two things:
How does SSL communication work:
- Encrypts it with a hidden key on the user’s computer before the information is sent out;
- Sends the key to the receiving computer using another encryption system called RSA. With this key the information collected online can be decoded.
A 128-bit public encryption key and a 1024-bit private RSA key are unbreakable today. They are also part of most web browsers and web servers.
- Provides visible authentication:
Before an SSL session is established, the server it connects with needs to have a digital certificate – a kind of unique digital identification to establish its authenticity. Digital certificates are issued by a Certification Authority, after performing several checks to confirm the identity of the organization to which it is issuing the certificate.
An SSL digital certificate generates a public key for your customers and a private key on your server that works as a kind of official, online stamp for your enterprise. This private key needs to be kept secure, along with a back-up. A user can check to see if a secure session has been established by looking at the web address: in a secure session, the ‘http:’ portion of the web address changes to ‘https:’
This basically ensures that nobody can tamper with the data or information that is already online. Your customers will know that the contents of your website – or any information they have transmitted to it online – cannot be tampered with. It assures them that they are doing business in a safe environment.
This means that online collection of sensitive information is secure and cannot be intercepted or read by anyone except the computer it was intended for.
Data integrity and data privacy are integral to the functioning and success of any website handling or facilitating online financial transactions – and that’s what e-commerce is all about.
Once a secure session has been established, the public key is used by customers, to encrypt the information being sent online. This information is then decoded instantaneously through your server’s private key.