Here you can learn more about Internet security, PCI DSS and detailed information on the products we offer. You can check this section of the website regularly for news regarding the security stanards and helpful information regarding your website·s security.

    * What is SSL?
    * When do we need a SSL certificate?
    * How to protect our clients?
    * How does the SSL technology work
    * Useful Information
    * For your online store
    * User Safety

1. What is SSL?

SSL ( Secure Socket Layer) is a security protocol, developed by Netscape. It·s a method of encrypting  traffic between a browser and a server (for example website or application). SSL certificates are used by millions of business all around the world: online stores, social networks, websites with payment options, e-mails and online banking.

After becoming an industry standard, the SSL technology is used for securing sensitive information, transmitted through the web. That includes confidential information, message integrity and validation. The SSL certificate does that by deploying SHA1 type of data encryption (http://en.wikipedia.org/wiki/SHA-1)

It·s crucially important to know who·s the company that receives your information after it·s submitted online. Encrypting data is just the first step of making a secure data transfer online. Secondly, the customer should know who is the company that stands behind the website. Otherwise we the whole process can end up like this: customer – website – unknown company. Trust only those SSL certificates that provide ownership/company information, followed by the highest level of encryption. This type of SSL certificates are called High assurance SSLs, and are issued by the X.509 standard  (http://en.wikipedia.org/wiki/X.509).

Low assurance SSL certificates

The most significant part in issuing an SSL certificate is played by the Certificate Authorities, which are responsible for establishing the corporate identity of the acquirer of the SSL certificate. For low assurance SSL certificates, Certificate Authorities rely on gathering up information from WHOIS. The is virtually no guarantee what so ever, that this information will be accurate. This is a major flow of these certificates, which makes them perfect to be used by cyber criminals for doing malicious activities online.

Let·s look at the following example: Our task is to recognize which website belongs to the company ABC:  Www.ABCompany.com or www.ABC-company.com. The resemblance of these two domain names is obvious. That brings up a question – if one of them is owned by ABC company, that means the second one might be a fraudulent website, aiming to do malicious activity.
We should do a thorough investigation, if we want to establish the corporate identity of the website we have opened. If this website does not provide any company details or uses a low assurance SSL certificate, we can easily become a victim by just looking at the golden padlock at the bottom of the browser. By far, all fraudulent companies buy low assurance certificates only – these SSLs are relevantly cheap and are issues for 10 minutes.

Solution

The problem we have put so far is the reason for creating the Extended Validation certificate – a.k.a The Green Bar SSL. It provides corporate details, for the company standing behind a certain website.

When a website uses the EV SSL, every user., browsing with MS Internet Explorer will 7.0 (or higher) or Mozilla Firefox 3.0 (or higher) will notice that their URL bar on top will turn Green. This Green Bar technology gives the following information: website ownership information, SSL issuer and company that verified the corporate identity of the acquirer.

As a result, there will be upgrades to the SSL technology in time, additional layers of security will be added, mathematical algorithms of encryption will evolve and follow best known practices.  Following these changes of how the SSL technology work, millions of consumers around the world will feel secure in the matter of exchanging data online.

back to top

When do we need a SSL Certificate?

The SSL certificate allows a secure online data transmission between a website and a customer. There are different types of information that users need to secure online. So called “Cyber Criminals” are those individuals, from which we should be protecting out customers. Protecting sensitive data online is vastly growing issue, so we need to be aware of all the threats there are online. Your website needs an SSL certificate when:

  • there is a contact/inquiry form
  • there is a customer login area (social networks, e-mail portals, online stores)
  • there is a online payment page, directly through the website
  • e-mail communication

How to determine if we are on a secure website?
You can use these methods or a combination, so you can make sure your data transfer is secured:

  • the Golden Padlock at the bottom of your browser, alongside with an HTTPS in your browser·s URL
  • when the URL in our browser turns green: we can identify the company, that owns the website
back to top

How to protect our customers?

Statistics show that Cyber criminal activity has increased with up to 40% in 2008. That·s a definitive sign for one thing: in the event of an economic recession, the easiest way for cyber criminals to do business is through stealing valuable information. That includes: credit cards, personal data, corporate data, etc. Secondly, we can conclude that our online customers are getting more cautious and less confident. Every company should carefully pick their security measures for building trust and confidence in their potential customers. COMODO·s “Corner of Trust” technology, brings trust on the table, attracts visitor·s attention and provides confidence and positive reaction.  Using the Green URL bar on your website (COMODO EV SSL) and integrating your corporate identity in the browser·s URL, provides your visitors with top security level.

back to top

How does the SSL technology work?

The SSL certificate protects sensitive data transfer and increases the trust in a website in three steps:

  1. The SSL certificate encrypts sensitive information during secure data transfer between a customer and a website
  2. Every SSL certificate contains ownership information, for that company to which it has been issued (except  DV SSL certificate)
  3. COMODO CA verifies the corporate of the acquirer of the SSL certificate

What happens when a customers lands on a website that has an SSL?

  1. The web browser sends an authentication request to the web server
  2. The web server returns a copy of the SSL certificate back to the web browser
  3. The web browser checks if the SSL certificate is within the list of trusted vendors. If there is a match, the browser replies  back
  4. The web server sends out a digital confirmation for an SSL connection to be initiated
  5. A secured SSL connection has been established

Encryption protects sensitive data, during online data transmission

The web server and the web browser both rely on the SSL technology for establishing a unique encrypted Chanel for communicating securely over the Internet. Every certificate has a public and a private key. The public key is being used for for encrypting data, while the private key is for decrypting it. When a browser is using this technology the level of encryption is determined  by the type of certificate used, the web browser version, the operating system and the type of web server. That·s why the encryption level of an SSL certificate varies up to 256bits.
A high encryption level give  288  more mathematical combinations than a 40bit one. That equals about a trillion more combinations. With the average computer speed nowadays, a hacker who has the equipment and the tools, would spend years in trying to break that SSL connection.

back to top

Useful Information

Building customer confidence
Key point in building an online store is how it builds a relationship with customers and how it gains their trust. This includes how the website operates with customer·s· personal data, how the transaction goes, how the information is transferred from the customer to the website itself. Besides the great look, that a website should have, the merchant should also visually indicate the tools used to protect customers private data. COMODO has developed special indicators that help online businesses show their secure way of treating sensitive data transfer: COMODO Corner of Trust technology with mouse-over effect, Hacker-free Logo, COMODO EV SSL with a Green URL bar technology, BuyerTrust – when customers purchase physical goods online. Paypal conducted a survey, which clearly shows that an online store can increase a company·s revenue with up to 20%.  This is achieved through simply lowering the shopping cart abandonment rate. There are many variables in maximizing this result, but all major corporations agree on the subject: the higher security level and trust maintained on a website, the higher the sales go.

back to top

For your online store

There is a vast number of online merchants out there and there·s virtually no product that it·s been offered online. In many cases the online stores even outsell the physical store and this tendency is growing as new technologies are implemented. Raising the number of  transactions and the revenue that websites generate online, naturally every online merchant should be looking for improved ways of protecting their customers. By official statistics every year the online cyber crimes and the number of online thefts is rising rapidly. The economic share of online industry is growing every year which inevitably leads to higher percentage of crime, forgery and theft, committed online. Every online merchant should take serious steps in increasing their online security on weekly, monthly and yearly basis to ensure that the online store is well-secured and protects customers from cyber criminal activity. These regular website security checks are defined and mandated by the major credit card issuers as “Payment Card Industry Data Security Standards”, a.k.a. PCI DSS regulations. You can read more about PCI DSS here.
            Generally we can divide online transactions in two fragments by the regularity of payments: online stores with one time payments and Online portals with recurring payments. Most cases would require the Merchant to store sensitive information including credit card data. There are 12 strict guidelines for having that information stored on a server, and they are regulated by all major credit card issuers. Merchant Banks are obligated in requesting a quarterly report on the security level, maintained on an e-commerce website. Denial of compliance with the PCI DSS regulations can lead to serious penalties, which are listed here  https://www.pcisecuritystandards.org/merchants/index.php and can seriously harm small to medium size businesses.
            One time credit card transaction online can be done in two ways: redirecting your customers to a third party (payment gateway company) or with integrating a virtual POS terminal directly on the website. If an online merchant chooses option #2, these requirements have to met:

  • SSL certificate with highest validation level
  • PCI Scanning Device – software that performs vulnerability scans
  • Payment Gateway – software for completing the transaction
  • Merchant Account for collecting payments

The rule of “Higher trust, lower shopping cart abandonment rate”also applies here.

Main Issues:

  • “My website works perfectly fine and I don·t have an complaints from customers”. This is the most common reaction to online merchants. The fact of the matter is that every potential buyer online would instinctively close your website and go to the competition, before even thinking of submitting his concern to an unsecured website.
  • “Why would I have to pay for website maintenance?” That·s a question that also concerns our colleagues from the web design/development industry. The truth is that every website needs maintenance, especially e-commerce stores. That way both merchant and customers are ensured that the website works seamless and undisrupted. In the majority of cases problems occur with small to medium size websites that noone is looking after. An e-commerce store has no way of successfully going through background security scans without being maintained regularly.
  • “Out company has a small website and noone would be interested in hacking us”. Wrong. Small to medium size businesses are the most vulnerable section on the market. Investing in online security is not top-priority for them. Every hacker knows that being a large corporation mean that there is 24/7 security experts that look after the system·s integrity and safety. Small merchants on the other hand cannot afford to do that, so they become a potential victim, especially if they neglect their regular security tests. That way of doing business puts a serious threat to online users.
back to top

User Safety

Protecting our credit card information and personal data is the most important subject when we shop online. Nobody would like to spend days on the phone with his credit card company, doing theft investigations and refunds. The best way to avoid this situation is initial preparation, before we make payment and commit to the Terms of Service of a website.

Step1. Always familiarize yourself with who is the owner of the website. You can do that by using – WHOIS database information, Dun and Bradstreet, The Legal section on the website, what SSL does the website have and does it provide company information.

Step2. Feeling of the website. This is a relatively vague term, but we all know what it means. We should be checking competitor websites, other online stores, just to get a better idea of how they generally do business online. Having a better idea of what we should expect from an online store, lowers the chance of someone stealing our information.

Step3. Buying a product. Having an SSL certificate is a must. Look around to make sure you are on a secure location. Visual indicators are also helpful, but you should always make sure that they work.
The Green Address Bar in combination with the golden padlock on the bottom of your browser is the most trusted way to shop online.

back to top

 





© 2011 - 2019 GetSSL. All Rights Reserved. | Terms of Service | Privacy Statement | Cookies

We use "cookies" in order to make your web surfing better.
I accept all cookies   More information   Terms of Service   Privacy Statement  
EV SSL