Something that a lot of e-commerce users don’t understand are SSL certificates and secure websites and how all of that fits together.
Here are some basic facts about secure websites:
Communication
- All sites with SSL certificates are using secure communication. Your information is not likely to be intercepted by a third party while you are on a site using an SSL certificate.
- There are different types of certificates, but all do exactly the same thing when it comes to communication (There are two different levels of security, 1024 bit and 2048 bit, some companies are suggesting that 1024 bit be phased out starting this year).
Validation of the Business
Another function of SSL certificates is validation of the business. The higher the level of SSL certificate, the more information the issuer asked of the business.
- Low Assurance: To get this level of certificate, you need to have access to email on the domain.
- High Assurance: At this level of assurance, the issue will verify the business exists using one or more methods. This is the lowest level where you know that the site you are dealing with actually is a business and they are the business you suspect they are.
- Extended Validation (EV): At this level, the merchant has been asked to submit paperwork showing who they are and the issuer has verified information about the business. When using a site with EV level security you can be assured that the business on the other end is legit.
Credit Card Security
SSL Certificates do not indicate that the site is PCI complaint (Payment Card Industry standards for security) and do not guarantee that your credit card information will not be stolen! In fact, even an EV certificate says nothing about the company you are dealing with and their PCI compliance.
Here are some EV certificates links: