Secure Sockets Layers and Encryption for ECommerce

Posted by Webmaster - July 28, 2012 - Blog - No Comments

Encryption is what allows users to safely browse and buy online. Without encryption, data would be so openly vulnerable to theft that nobody would feel safe buying on the internet.

There are a few encryption tools that every eCommerce site should be familiar with. These tools will help you protect your website, as well as protect your users from people looking to steal their information.

==> Secure Sockets Layer

Secure Sockets Layer (SSL) is one of the most important online technologies for online transactions.

When data is sent over the internet, by default it’s visible for everyone to see. If a hacker intercepts that data, they’ll freely be able to see what’s being sent and received. For example, they could read passwords or credit card numbers as plain text.

People often overestimate how difficult it is to intercept data. Even a low level hacker or “script kiddie” who doesn’t know how to write his own programs can easily download software from the internet to intercept your data. If they’re sitting next to you at a WiFi cafe on an open connection, they’ll be able to read everything you send and receive from the net.

With 128-bit SSL technology, however, this can’t happen. Here’s how SSL works.

First, the server that the SSL certificate sits on verifies that your server is indeed yours, not someone posing as you. Then a link between you and your customer is established. This link is called the “handshake.”

Once the handshake is established, the two of you will be able to send and receive data in an encrypted format. Even if a hacker is able to intercept your data, they won’t be able to read it due to the encryption.

Note that 40-bit SSL encryption can be cracked. Generally, only 128 bit is considered secure.

==> Other Types of Encryption

Generally, any sensitive data you need to store on your server should be encrypted. That includes customer addresses, credit card numbers and so on. If your database should be broken into, all the hacker will have is an unreadable database, rather than plain text information they can use.

Passwords shouldn’t be stored in encrypted form at all. Instead, only a one-way hashtag should be stored. In other words, instead of storing real passwords, store a code that can only be resolved to using the right password. That way, even if you do get hacked, the passwords simply don’t exist on your system.

As a rule of thumb, anytime you’re storing data as plain text or sending or receiving data as plain text, there’s opportunity for a hacker to break in. Use encryption whenever you’re sending sensitive data and use encryption whenever you’re storing sensitive data.