Today, Internet is not a very safe place. Information transmitted online could be read by anyone having access to the internet. Malicious people (known as crackers) have developed several ways to learn and obtain sensitive information which visitors are exchanging with your website, for example passwords or credit card numbers. These people present a modified version of your website to the customers who are completely uninformed about your website, in order to collect some vital information from you.
In order to counter such circumstances, a special Internet protocol called SSL (Secure Sockets Layer was created (when speaking of viewing Web pages over SSL, often the term HTTPS is used).
SSL is a global standard security technology developed by Netscape in 1994. SSL is all about encryption. It creates an encrypted link between a web server and a web browser. The link ensures that all data conceded between the web server and browser remains confidential and secure and is recognized by millions of consumers by a secure padlock, which appears in their browser.
The SSL protocol is used by millions of e-Business providers to protect their customers, thereby ensuring confidential online transactions. In order to be able to use the SSL protocol, a web server requires the use of an SSL Certificate which is provided by Certification Authorities (CA) who in most cases also offers additional products and services to aid e-Businesses to demonstrate that they are trustworthy. Consumers have grown to correlate the ‘golden padlock‘, that appears within their browsers display, as an indication of trust in the web site. This simple fact allows e-Business providers an opportunity to leverage increased trust level to turn visitors into paying customers – as long as you are aware, which type to choose.
SSL certificates are generally used with ecommerce shopping carts, or anywhere from where you want to collect information from a user securely on your website. If you use a secure server certificate with a form; and that form emails the results to you; keep in mind that the email is not secure.
Online transactions are not considered to be safe by most of the users. With the advent of hacking incidents, and unauthorized sharing of personal data with third parties, the users have become even more careful while making online transactions. So for businesses which have ecommerce presence or have corporate internet and where the users and company’s data security is of paramount importance, the most significant way is SSL certificate.
You would require a Web SSL Certificate, if:
- You have an online store or accept online orders and credit cards.
- Your business partners log in to confidential information on the internet.
- You have offices that share confidential information over the internet.
- You process sensitive data such as address, birth date, license, or ID numbers.
- You need to comply with privacy and security requirements.
- You value privacy and expect others to trust you.
Although the certificate authority market is quite diverse, you purchase the same according to your need and budget; there are many offerings in different price range, with the Open Directory Project identifying 22 third parties offering the service and more than 20 root certificates bundled into Internet Explorer and Firefox—it is dominated by a few major firms.
According to a June 2005 survey from Netcraft and similar January 2007 tallies from Security Space, the largest vendors are: VeriSign plus its Thawte subsidiary (www.verisign.com), Equifax via its GeoTrust subsidiary (www.equifax.com), Comodo (www.comodo.com), GoDaddy/Starfield (www.godaddy.com), Entrust.net (entrust.net), and Digicert (www.digicert.com). Together these six have approximately dominated 95% of the market, depending on the measurement methodology, Verisign Still holds the largest market share of 72%, comodo approx 18%, Geotrust at 3.43%, Entrust approx 2.5 %, GoDaddy approx 1% and rest about 3 to 4%.
Although there is no functional difference between the SSL certificates issued by these recognized CAs, vendors do establish product distinctions through a variety of added features and in the level of company validation.
As with most services, competition has proven beneficial for Web site operators, with large number of vendors pushing down the costs for business-class certificates. Given their potential abuse by phishers and scam artists, businesses should avoid using the bargain basement and domain only products. While those wishing to provide highest level of security to their users should consider the new EV certificates.