Is it essential to have a secure certificate for my website?
As of November 2017 (yes it has just turned 2018 so you’ve missed it) anyone browsing the internet using Chrome who uses a form on your site will be shown an alert to say submitting the form is insecure without an SSL certificate enabled!
Chrome already marks the site as insecure in the browser bar…go and check if you don’t believe me!
This should really be a concern to anyone who has a website without an SSL certificate enabled.
You’ve probably heard of encryption, or seen the green address bar of an SSL certificate, and wondered “Do I need an SSL certificate on my site?”
Most online shoppers are very careful and want to know that their information is safe, in fact there has been some pre-christmas TV advertising to inform people to stay away from sites that don’t have a certificate installed. Using an SSL certificate provides two important things:
Encryption of sensitive data like card numbers and personal info
Some assurance to your customers that you are trustworthy (the process of getting an SSL certificate won’t guarantee this, but it can make it more likely which is part of the reason why visitors have this perception)
To find out if you need an SSL certificate for your site, answer these questions:
Is my site an e-commerce site that collects credit card information?
For most e-commerce sites, you absolutely need an SSL certificate! As an online seller, it is your responsibility to make sure the information you collect from your customers is protected. This will shield you and your customers by making sure that no one can intercept and misuse credit card information.
Your customers provide you with very important and personal information that allows access to their hard earned money. If a thief gets access to your customer’s credit card information because you didn’t take the necessary precautions, it can be devastating to you and to your customer.
Your customers need to know that you value their security and privacy and are serious about protecting their information.
More and more customers are becoming savvy online shoppers and won’t buy from you if you don’t have an SSL certificate installed.
If you accept credit card information and store it in a database so you can process it using an offline POS machine or charge it manually on your merchant account’s website, then you definitely need an SSL certificate to secure the credit card data as it is transferred.
You also need to be very careful with the data when it is stored on your servers. Learn more about PCI Compliance and SSL and the requirements of protecting stored credit card information.
Do I use a 3rd party payment processor such as Paypal?
If your e-commerce site forwards visitors to a 3rd party payment processor (like PayPal) to enter the credit card information then you don’t need an SSL certificate because your website won’t touch the credit card information.
Just make sure none of the credit card details get entered when the address bar still shows your domain name.
Please note that PayPal allows you to accept the credit card information on your site or forward visitors to their site. If you accept the credit card information on your site, you need an SSL certificate.
Do I have a login form on my website?
If your users enter a username and password to login to your site without an SSL certificate, an attacker can easily see their username and password in clear text. This would allow someone else to impersonate your visitor, but it allows for a far more dangerous possibility:
Because users often use the same password on many sites (including their bank accounts), an attacker can potentially compromise many other accounts.
If you let people store a password with you, you must take responsibility for protecting it, even if the security of your own site isn’t critical.
It is true that most login forms don’t currently use SSL. This means that most login forms are vulnerable. With the number of cheap SSL certificates available, it is becoming more and more worthwhile to secure login forms.
If you want to forego the SSL certificate without having to worry about securing the login information, you can also use social media accounts, or other technology that lets users log in on a another site and return to your site.
Learn more about creating a secure login form.
Do I need my own SSL certificate or can I use a shared SSL certificate?
Many hosting providers will include a shared SSL certificate that you can use instead of buying your own. As long as it doesn’t give any errors on your site, this will be great for securing login information or other sensitive information.
However, a shared SSL certificate doesn’t provide as much assurance to your visitors because it doesn’t include your organisation or website name in it and may display a warning.
In short, if your website is a collection of pictures of your pet dog with a small blog and doesn’t require visitors to log in, you probably don’t need SSL. If you have a login form or send or receive private customer information, then you need SSL.
If you run an e-commerce website where people provide you with credit card information directly on your site, you absolutely need SSL.
Where do I purchase an SSL certificate?
So you’re now sure that you need SSL for your e-commerce or other type of site. How do you know what type of certificate to purchase? Which SSL provider should you buy from?
YZ DESIGNS offer all of our clients SSL as standard and when you host your website with us, it automatically gets installed with a green padlock symbol.
If you don’t have an SSL certificate installed on your website even though we are hosting it, get in touch so that we can get things set up for you. This does involve some work and a small charge will apply, but as we mention in this post, it can be very much worth your while.