Why SSL in e-commerce is so important
With high-profile hacks and security breaches being a frequent item in the news these days, consumers are
much more guarded than ever about disclosing their financial information on a website they’ve never used
before. They know the risk of fraud is great if an online store doesn’t seem to have all the necessary
security precautions in place to safeguard their data.
They are right to be cautious because without the HTTPS protocol enabled on your site, customer information
is highly susceptible to being intercepted by man-in-the-middle phishing attacks. As a result, if there is
even the slightest doubt in a customer’s mind that your online store is untrustworthy, chances are they
won’t risk making a purchase, losing you a valuable sale. That’s why implementing data encryption in your
e-commerce security is a no-brainer, and that’s where SSL comes in.
SSL certificates play a substantial role in giving consumers peace of mind. Seeing that your
site has been SSL certified, they can be certain that your brand is one they can trust. In fact, it’s become
a standard to the point that it engenders trust from the first moment your site loads. Take a trip to any of
your favorite retail sites, from Amazon to eBay, and you’ll find that all legitimate online stores have an
While SSL is a critical first step when it comes to the security of your online store, there are numerous
other steps that must also be taken to keep customer data safe. These steps include requiring that customers
can only register with strong passwords with a minimum number of characters and a combination of letters,
numbers, and symbols; setting up address verification system (AVS) and card verification value (CVV) to
verify the cards of your customers; installing and maintaining a firewall configuration to protect user
credit card data; and using up-to-date anti-virus software on your network.
While the first two steps can be easily implemented on a WordPress site by using a good login form plugin and
adding a secure shopping cart plugin, for the latter two a security expert should be consulted, particularly
if you aren’t well versed in IT security.
Combined with other key security features, installing SSL is the right move for any e-commerce website.
How SSL protects customer information
SSL protects sensitive customer information by scrambling data as it travels from a customer’s browser to
your e-commerce site. It does this through the SSL handshake, encrypting customer information until it
reaches the source, where it is then decrypted. During this process, the customer’s browser examines the
validity of a website’s SSL certificate first.
When its validity is confirmed, a secure connection is established through the browser’s public key and the
website’s private key. Both keys generate a session key, which encrypts all transmitted data during a
When customers give sensitive information to an e-commerce site that has SSL enabled, it cannot be
intercepted by anyone. This protection not only keeps your customers’ banking information and contact
details secure, but it also makes sure no one corrupts their information before it gets to you, the business
SSL and PCI compliance
If you plan on taking credit card transactions on your site (which is more likely than not on an e-commerce
website), the payment cards industry (PCI) requires that your website has an SSL certificate, as per the
rules set out in the PCI Data Security Standards (PCI DSS). An independent body known as the PCI Security
Standards Council enforces these rules and requirements. It is made up of payment card companies like Visa
According to the PCI DSS, enterprises that take credit card transactions must have a trusted SSL certificate
from a certified certificated authority in the latest secure version installed on their e-commerce site. It
also states that credit card information cannot be taken on a page that does not have HyperText Transfer
Protocol Secure (HTTPS) enabled, and that your site is ultimately responsible for the security of your
customers’ credit card information.
As we mentioned earlier, without SSL customers’ information is susceptible to man-in-the-middle phishing
attacks. This hazard is why encrypting the transmission of cardholder data is a key component of PCI DSS’s 12 essential security standards for PCI compliance.
Since it is such an integral part of PCI compliance, it won’t be a surprise to learn that all major
e-commerce platforms and retailers integrate SSL on their sites extensively. Visit any of your favorite
retail sites and you’ll notice that they are all SSL-certified.
Let’s take Amazon as an example. When you visit the Amazon website you’ll notice the “https” prefix at the
beginning of the web address, as well as the SSL padlock symbol. When you click on the padlock you can see
Amazon’s SSL certificate, which features information such as what organization issued it, dates it is valid
from, company information, and its public key.
How SSL gives consumers confidence
As we mentioned earlier, SSL informs customers that your site is trustworthy. If they decide to buy something
from your site, they will be safe in the knowledge that their sensitive data won’t be subject to misuse from
malicious third parties. Having SSL enabled assures you that you won’t lose business to your competitors due
to security concerns.
SSL wins customer confidence through several visual indicators. These indicators are:
HTTPS: Every site with SSL will have the “https” prefix at the beginning of the web
Lock symbol: Every site with SSL features a padlock symbol somewhere in the address
bar. When you click on this symbol, you’ll have access to the website’s SSL certificate.
Green Address bar: Some websites with SSL will have a partial or entirely green
address bar and will also feature the name of the enterprise running the site.
Site seal: Some sites may also feature a seal from the authority that granted the
No warning messages: If a site doesn’t have SSL enabled, most modern web browsers,
including Google Chrome, will warn users that said site may not be secure and will not allow them to
One or a combination of all these visible symbols of trust will immediately ease customers’ concerns about
e-commerce security threats as soon as they load your website. If they see that you don’t have e-commerce
encryption enabled through SSL, it’s likely they’ll bring their business to another online store that does.
The importance of SSL type and e-commerce websites
There are a variety of types of SSL certificates on the market, all of which have the same level of
encryption, so you can be safe in the knowledge that your customers’ information is out of danger, no matter
which you opt for. One thing that does differentiate SSL certificates is their level of validation.
Validation level refers to how extensive the background checks of the certificate authority
(an organization that provides SSL certificates to individuals and businesses) are. There are three levels
of domain validation, which are:
Domain validated certificates (DV SSL)
Organization validated certificates (OV SSL)
Extended validated certificates (EV SSL)
With DV SSL, a CA checks that an individual or business has ownership of the domain they are looking to
protect. Checks are more extensive with OV, with CAs also vetting of the individual or company itself. EV is
the most extensive of the three validation levels, with CAs also looking into the legalities of the company,
as well as its physical location and operational existence.
DV tends to be the quickest and cheapest of the three; however, it’s recommended that any site dealing with
financial transactions should have at least an OV validation. Although the level of encryption is indeed the
same for all three, DV SSL doesn’t confirm who you or your business is. The connection may be secure, but
customers could be handing over sensitive information to just anyone. Having an OV SSL will add another
layer of legitimacy to your online store, boosting customer confidence as they will be safe in the knowledge
that you are who you say you are.
For more information on the different types of SSL, read our article on the subject.