Zencart SSL/TLS – do you really need it?

Ehh? SSL? What is it?

SSL: Secure Sockets Layer (this is the predecessor of TLS)
TLS: Transport Layer Security

What are they: cryptographic protocols that provide security and data integrity for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end. (wikipedia)

Why is it important (technically): The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. (please view the wikipedia link above for more info)

4 Reasons for you to use SSL/TLS:

  1. Because it helps you to protect your customers’ data (you care about that, do you? Well, you should)
  2. Because it creates a sense of confidence (it makes people think their data is relatively safe, whether it is really safe or not is another matter )
  3. Because it is cheap (For SSL Certs starting from 10usd per year you can check NameCheap). If you can spend a few more bucks per year and get some more customers, why not?
  4. If you want to accept CC directly on your site, you MUST have SSL

Great, then using well-known SSL Cert such as VeriSign will make your sales skyrocket?

Erm, maybe not. When you go into hotels do you really care about the brand of the locks they are using for the rooms’ doors? Most people don’t really care about the SSL cert you use, as long as you have it then that’s okie. So you have to take several things into consideration here:

  1. Your business size. Frankly speaking if you are making several hundreds per month then you wouldnt want to go for a cert that would cost over 1 grand, do you?
  2. Your customer base. Say if you are using VeriSign, do your customers realize that you are using the best out there or it just looks to them like any other Cert?

Important things to take into consideration:

  1. SSL connection is slow, so do NOT enable it on every single page. Basically you want to enable it on pages where the information presented/submitted is sensitive.
  2. SSL is not the bulletproof shield against hacking attempts, you still have to take all other preventive measures (keep your softwares up-to-date, handle customer’s info with extra care and strict rules, ….)

No related posts.

Leave a Reply