Here you can learn more about Internet security, PCI DSS and detailed information on the products we offer. You can check this section of the website regularly for news regarding the security stanards and helpful information regarding your website·s security.
SSL ( Secure Socket Layer) is a security protocol, developed by Netscape. It·s a method of encrypting traffic between a browser and a server (for example website or application). SSL certificates are used by millions of business all around the world: online stores, social networks, websites with payment options, e-mails and online banking.
After becoming an industry standard, the SSL technology is used for securing sensitive information, transmitted through the web. That includes confidential information, message integrity and validation. The SSL certificate does that by deploying SHA1 type of data encryption (http://en.wikipedia.org/wiki/SHA-1)The most significant part in issuing an SSL certificate is played by the Certificate Authorities, which are responsible for establishing the corporate identity of the acquirer of the SSL certificate. For low assurance SSL certificates, Certificate Authorities rely on gathering up information from WHOIS. The is virtually no guarantee what so ever, that this information will be accurate. This is a major flow of these certificates, which makes them perfect to be used by cyber criminals for doing malicious activities online.
Let·s look at the following example: Our task is to recognize which website belongs to the company ABC: Www.ABCompany.com or www.ABC-company.com. The resemblance of these two domain names is obvious. That brings up a question – if one of them is owned by ABC company, that means the second one might be a fraudulent website, aiming to do malicious activity.
We should do a thorough investigation, if we want to establish the corporate identity of the website we have opened. If this website does not provide any company details or uses a low assurance SSL certificate, we can easily become a victim by just looking at the golden padlock at the bottom of the browser. By far, all fraudulent companies buy low assurance certificates only – these SSLs are relevantly cheap and are issues for 10 minutes.
The problem we have put so far is the reason for creating the Extended Validation certificate – a.k.a The Green Bar SSL. It provides corporate details, for the company standing behind a certain website.
When a website uses the EV SSL, every user., browsing with MS Internet Explorer will 7.0 (or higher) or Mozilla Firefox 3.0 (or higher) will notice that their URL bar on top will turn Green. This Green Bar technology gives the following information: website ownership information, SSL issuer and company that verified the corporate identity of the acquirer.
As a result, there will be upgrades to the SSL technology in time, additional layers of security will be added, mathematical algorithms of encryption will evolve and follow best known practices. Following these changes of how the SSL technology work, millions of consumers around the world will feel secure in the matter of exchanging data online.
The SSL certificate allows a secure online data transmission between a website and a customer. There are different types of information that users need to secure online. So called “Cyber Criminals” are those individuals, from which we should be protecting out customers. Protecting sensitive data online is vastly growing issue, so we need to be aware of all the threats there are online. Your website needs an SSL certificate when:
How to determine if we are on a secure website?
You can use these methods or a combination, so you can make sure your data transfer is secured:
Statistics show that Cyber criminal activity has increased with up to 40% in 2008. That·s a definitive sign for one thing: in the event of an economic recession, the easiest way for cyber criminals to do business is through stealing valuable information. That includes: credit cards, personal data, corporate data, etc. Secondly, we can conclude that our online customers are getting more cautious and less confident. Every company should carefully pick their security measures for building trust and confidence in their potential customers. COMODO·s “Corner of Trust” technology, brings trust on the table, attracts visitor·s attention and provides confidence and positive reaction. Using the Green URL bar on your website (COMODO EV SSL) and integrating your corporate identity in the browser·s URL, provides your visitors with top security level.
The SSL certificate protects sensitive data transfer and increases the trust in a website in three steps:
The web server and the web browser both rely on the SSL technology for establishing a unique encrypted Chanel for communicating securely over the Internet. Every certificate has a public and a private key. The public key is being used for for encrypting data, while the private key is for decrypting it. When a browser is using this technology the level of encryption is determined by the type of certificate used, the web browser version, the operating system and the type of web server. That·s why the encryption level of an SSL certificate varies up to 256bits.
A high encryption level give 288 more mathematical combinations than a 40bit one. That equals about a trillion more combinations. With the average computer speed nowadays, a hacker who has the equipment and the tools, would spend years in trying to break that SSL connection.
Building customer confidence
Key point in building an online store is how it builds a relationship with customers and how it gains their trust. This includes how the website operates with customer·s· personal data, how the transaction goes, how the information is transferred from the customer to the website itself. Besides the great look, that a website should have, the merchant should also visually indicate the tools used to protect customers private data. COMODO has developed special indicators that help online businesses show their secure way of treating sensitive data transfer: COMODO Corner of Trust technology with mouse-over effect, Hacker-free Logo, COMODO EV SSL with a Green URL bar technology, BuyerTrust – when customers purchase physical goods online. Paypal conducted a survey, which clearly shows that an online store can increase a company·s revenue with up to 20%. This is achieved through simply lowering the shopping cart abandonment rate. There are many variables in maximizing this result, but all major corporations agree on the subject: the higher security level and trust maintained on a website, the higher the sales go.
There is a vast number of online merchants out there and there·s virtually no product that it·s been offered online. In many cases the online stores even outsell the physical store and this tendency is growing as new technologies are implemented. Raising the number of transactions and the revenue that websites generate online, naturally every online merchant should be looking for improved ways of protecting their customers. By official statistics every year the online cyber crimes and the number of online thefts is rising rapidly. The economic share of online industry is growing every year which inevitably leads to higher percentage of crime, forgery and theft, committed online. Every online merchant should take serious steps in increasing their online security on weekly, monthly and yearly basis to ensure that the online store is well-secured and protects customers from cyber criminal activity. These regular website security checks are defined and mandated by the major credit card issuers as “Payment Card Industry Data Security Standards”, a.k.a. PCI DSS regulations. You can read more about PCI DSS here.
Generally we can divide online transactions in two fragments by the regularity of payments: online stores with one time payments and Online portals with recurring payments. Most cases would require the Merchant to store sensitive information including credit card data. There are 12 strict guidelines for having that information stored on a server, and they are regulated by all major credit card issuers. Merchant Banks are obligated in requesting a quarterly report on the security level, maintained on an e-commerce website. Denial of compliance with the PCI DSS regulations can lead to serious penalties, which are listed here https://www.pcisecuritystandards.org/merchants/index.php and can seriously harm small to medium size businesses.
One time credit card transaction online can be done in two ways: redirecting your customers to a third party (payment gateway company) or with integrating a virtual POS terminal directly on the website. If an online merchant chooses option #2, these requirements have to met:
The rule of “Higher trust, lower shopping cart abandonment rate”also applies here.
Protecting our credit card information and personal data is the most important subject when we shop online. Nobody would like to spend days on the phone with his credit card company, doing theft investigations and refunds. The best way to avoid this situation is initial preparation, before we make payment and commit to the Terms of Service of a website.
Step1. Always familiarize yourself with who is the owner of the website. You can do that by using – WHOIS database information, Dun and Bradstreet, The Legal section on the website, what SSL does the website have and does it provide company information.
Step2. Feeling of the website. This is a relatively vague term, but we all know what it means. We should be checking competitor websites, other online stores, just to get a better idea of how they generally do business online. Having a better idea of what we should expect from an online store, lowers the chance of someone stealing our information.
Step3. Buying a product. Having an SSL certificate is a must. Look around to make sure you are on a secure location. Visual indicators are also helpful, but you should always make sure that they work.
The Green Address Bar in combination with the golden padlock on the bottom of your browser is the most trusted way to shop online.