Contact Us          Submit a News Story          News Archives          Home
   

Google
E-Commerce News

eCommerce is all about trust

June 7, 2005

The e-commerce industry is all about making sales on the Internet and modern ways to find new sales channels. It's difficult to make more money when consumers don't feel safe executing an online transaction on a website. That's where Secure Sockets Layer (SSL) comes into play. Understanding how SSL affects e-commerce business can help you to unlock more money from your clients.

Since its introduction in 1994, SSL has been the defacto standard for e-commerce transaction security and is likely to remain so into the future.

SSL is all about encryption. SSL encrypts data, like credit cards numbers (as well other personally identifiable information) which prevents the "bad guys" from stealing your information for malicious intent. You know that you're on an SSL protected page when the address begins with "https" and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox in the address bar as well).

Your browser encrypts the data and sends to the receiving website using either 40-bit or 128-bit encryption. Your browser alone cannot secure the whole transaction and that's why it's incumbent upon e-commerce site builders to do their part.

At the other end of the equation, and of greatest importance to e-commerce site builders is the SSL certificate. The SSL certificate sits on a secure server and is used to encrypt the data as well as to identify the site. The SSL certificate helps to prove the site belongs to who it says it belongs to and contains information about the certificate holder, the domain that the certificate was issued to, the name of the Certificate Authority who issued the certificate, the root and the country it was issued in.

SSL certificates come in 40-bit and 128-bit varieties, though 40-bit encryption has been hacked. As such, you definitely should be looking at getting a 128-bit certificate.

Though there a wide variety of ways in which you could potentially acquire a 128-bit certificate, there is one key element that is often overlooked in order for full two-way 128-bit encryption to occur. According to Chad Kinzelberg, VP Security Services at SSL certificate vendor VeriSign, in order to have 128-bit encryption you need a certificate that has SGC (server grade cryptography) capabilities.

There are two principal ways of getting an SSL certificate: you can either buy one from a certificate vendor or you can "self-sign" your own certificate. That is, using any number of different tools (both open source and proprietary) you can actually sign your own SSL certificate and save the time and expense of going through a certificate vendor.

Though, technically speaking, the data may be encrypted, there still is a fundamental problem with self-signing that defeats part of the purpose of having an SSL certificate in the first place.

"The problem is 'how does the rest of ecosystem know the site is legitimate?'" explained VeriSign Kinzelberg. "Self-signing a certificate is like issuing yourself a driver's license. Roads are safer because governments issue licenses."

"We're making sure that the roads are safe. This is the role of the certificate authorities. Certificate authorities make sure the site is legitimate," he added.

Self-Signed certificates will trigger a warning window in most browser configurations that will indicate that the certificate was not recognized. VeriSign Kinzelberg admits that there are a lot of people that will click through anyway just like there are a lot of people that will click through an expired SSL certificate as well.

"We, as an industry, want to educate people that that's the kind of thing they should not be doing. It's not safe e-commerce activity," Kinzelberg said.

A site that conveys trust is also more likely to be a site that makes (more) money.

There is research that suggests that having a recognizable SSL certificate may in fact have a direct correlation to increased e-commerce sales. VeriSign in particular has done some research that shows that users who visit sites that have a recognizable trust mark (like the VeriSign Secure Site seal) are more comfortable shopping on those sites, have fewer abandoned shopping carts and better repeat purchases.

Trust Statistics from VeriSign

* 93 percent of online shoppers surveyed by VeriSign reported that they felt it important for an e-commerce site to include a trust mark of some kind on their site.

* 64 percent have abandoned a shopping cart/basket because they didn't get a sense of security and trust when it came time to provide payment information.

* 75 percent of online shoppers will only make purchases through sites that include a trust mark.

Joan Lockhart, VP of Marketing at SSL certificate vendor GeoTrust, argues that the price of an SSL certificate, from the least expensive provider to the most expensive provider, is a miniscule cost in the overall scheme of e-commerce.

"The margin on a single transaction could pay for the cost of a certificate, so it's not really about ROI," Lockhart said. "It's about conveying trust to your consumers."

According to GeoTrust Lockhart there are several things that buyers should look for when purchasing a certificate:

Reputation and credibility of the CA (Have they been in business for awhile? Do they have lots of customers?)

Ubiquity of the root (is it embedded in all of the popular browsers?)

Root is owned by the CA (and not chained to someone else's root)

Lifecycle management tools (how easy is it to install, renew, reinstall, and revoke if compromised, etc.)

Ease of acquiring the certificate

Who is doing the vetting (is it the CA itself, or in the case of some resellers, do they delegate this to their resellers?)

You are who you say you are. You have nothing to hide and you are running a legitimate e-commerce business that you want consumers to feel comfortable doing business with and trust. The SSL certificate system exists to help promote the security and integrity of e-commerce for everyone.

In an era where phishing scams run rampant and trust is king, a proper SSL certificate may well be your key to e-commerce success.

Source: e-Commerce Guide



Advertise on E-Commerce News

Advertise on E-Commerce News and increase your site's visibility while boosting your sales.

If you have a product or service that deals with the ecommerce or ebusiness field, advertising on E-Commerce News can bring you new sales leads and close new marketing channels. This news portal is read by over 25,000 people a week.

Businessmen and woman that either own an ecommerce website, an ebusiness franchise, a B2B commercial exchange or by people in all walks of life that need to keep abreast of this fast-changing field. For more information on the many advantages of advertising on our news portal or to request pricing information, please send us an email and a marketing representative will be glad to answer you promptly.

Contact | Submit News | News Archives | Home


Copyright E-Commerce News, 2005. All rights reserved.

 
Avantex offers professional Web hosting services at wholesale-only prices. Get the best Linux or Windows hosting package for your eCommerce website. Learn more by clicking here.