Security and privacy are more important than ever. Security is important for online payments, but also when you leave (personal) information as a customer at a web stores. Customers expect that you carefully handle this information and the legislator also obliges you to do so. There are several requirements for the storage of this data, but this article is about the data exchange security itself: SSL is one of the techniques.
What does SSL mean?
What is SSL doing exactly? We know the term SSL or Secure Connection from different banks and government campaigns, or the WhatsApp message that the conversation is “encrypted.” Also browsers show clearly when a website uses SSL, with a small lock or even a green address bar. What does that mean? These indicators show that the connection between the visitor and the website is secure. If compare to traditional mail: A non-secure connection (without ssl) is like a postcard where the text can be read by all persons who see the card sender to recipient. SSL, on the other hand, is like a sealed letter, in an encrypted language. Only the sender and receiver have the key to decrypt the message.
- SSL: Secure Socket Layer, the technical term for the secure connection layer;
- Certificate: The key recognized by your browser and used to protect the connection;
- Https: Safe handling of requests by the browser to a website;
- Domain: The domain name of the website (example.com);
- Extended validation: Extended certificate (which provides the green address bar with company name).
SSL in practice
How does SSL work in practice? To use SSL as a web stores, you must go to a Certificate Authority to request an SSL Certificate. If you work with Shopify, Lightspeed or another SaaS Platform, they will assist you or even provide it. You can not create a certificate yourself, only a Certificate Authority has the ability to give you a certificate that is recognized by browsers as valid, to obtain one, you must first prove who you are. This is done, for example, by checking your email and company information. Or (in case of Extended Validation) also via a phone call to your registered business number. Once your data is confirmed, you will receive a certificate that will be installed on your webserver. Your programmer or hosting company will be able to do that and from that moment on, SSL is in place (‘https: //’). This certificate is linked 1-on-1 to your company and to your domain name, so you cannot change it.
SEO & Appearance
Customers increasingly attach values to privacy, and for this reason, Google has included https in its ranking factors. However, there are hundreds of factors that help determine how your site ranks in search results, which makes it difficult to measure the exact effect (but that applies to all ranking factors). For your store, it is also important to show that you are serious about your business and privacy of your customers. To run a shop without SSL is not acceptable anymore.
Browsers, especially Firefox and Chrome, are increasingly looking at the privacy guarantee of websites one visits. When you can enter data on a website, browsers will warn users if their data is entered on a potential unsafe site. In the checkout process, where your customer leaves his data, SSL is thus a requirement. Not only from your customer’s point of view but the obligation is also legally required.
Request and transfer
Because SSl certificates are connected to a company, it is important to determine how it is transferred in case of an acquisition. In the case of an asset / liability transaction, the entity will change, and the certificates will also be renewed and provided with a different company name. Please arrange this in advance of the scheduled transfer date. When a company as a whole is sold, it is important to keep an eye on when the certificates expire (sometimes after 1, 2 or 3 years) and if you (as a new owner) have all the information to renew the certificates (for example: credentials of the Certificate Authority).