Online Presence: SSL Protection
How to boost sales with “safe-shopping” validation.
By Joe Dysart
One of the easiest ways to increase sales at a website is to have the site authenticated as a “safe-shopping” location by a third-party, e-commerce security provider.
Retailers with online stores equipped with this authentication are able to display a universally recognized padlock icon during a transaction, which tells consumers that their shopping experience is protected with highly encrypted software.
The padlock also confirms that the third-party security provider verifies the website as legitimate, and the consumer’s credit card is essentially insured when engaging in transactions at that site.
Some security providers are also signifying “safe shopping” at a website by changing the browser address bar color to green during a transaction—a very dramatic and effective way to get the message across.
Technically speaking, both “safe-shopping” signifiers confirm a store site is equipped with some version of SSL, or secure socket layer, protection.
Initially developed during the advent of e-commerce, SSL is continually evolving to provide an ever-more-secure environment for consumers and merchants, protecting them from web thieves looking to steal credit-card numbers and other valuable information.
Currently, SSL protection offered by Verisign, the pioneer in the field, runs $399 to $1,499 a year, depending on the level of shopping protection a storeowner wants or needs. Storeowners who sign with Verisign under one of its packages receive protection on an unlimited number of transactions.
As the oldest provider of SSL protection, Verisign represents the high end of the market. Similar protection packages other major players offer, including Thawte, InstantSSL, Entrust, Baltimore and Geotrust, can be much less expensive.
Detailed reviews on major SSL providers are at SSL Shopper, an incredibly useful site for retailers evaluating SSL technology for the first time. The site also offers a “tools” section that retailers can use to troubleshoot, test, check and verify their SSL applications.
No matter which SSL provider a retailer ultimately chooses, going with a package that offers “green bar”—or extended validation SSL—protection is the best bet. There’s just something greatly reassuring about the appearance of that green bar when a shopper makes a purchase.
Here’s a list of some of varying forms of SSL protection available:
- Self-Signed Certificate: The lowest level of SSL security, retailers can create self-signed certificates with software tools available on the web. Such certificates guarantee transaction encryption, and web thieves cannot steal credit-card information. However, there are no other guarantees with this certificate.
Most importantly, no third-party validation of the certificate is involved. Therefore, the consumer cannot be sure the business behind the address is legitimate. Another major problem with self-signed certificates is that many browsers refuse to recognize the certificate as authentic and will issue the consumer a warning.
Even so, retailers may find that a self-signed certificate that generates the universally recognized padlock or similar icon indicating a “safe-shopping” experience may be all the reassurance their customers need. Stores with web designers technically capable of creating a self-signed certificate may want to check out this self-signing tutorial on the web.
- Low-Assurance Certificate: Another entry-level SSL protection, low assurance only verifies to customers that they are in fact shopping at a particular website address site. The certificate provides customers assurance that they are in fact inputting credit-card data at the stated web address (e.g., at YourPetStore.com). The certificates also validate transaction encryption.
However, a low-assurance certificate does not independently verify that “YourPetStore.com” belongs to a business known as YourPetStore.
- High-Assurance Certificate: One of the most common certificates, this protection confirms for consumers that they are indeed shopping at YourPetStore.com. In addition, the service provider verifies it has independently verified that YourPetStore.com is also a valid business registration on the web.
- Wildcard Certificate: Retailers who plan to sell on the web with a number of sub-domains may be interested in this solution. Such certificates verify the authenticity of all of a site’s sub-domains, such as Greatvalue.YourPet.Store.com, Preferred.Customer.YourPet.Store.com, etc.
- SGC Certificate: This solution enables a retailer to protect consumers using older browsers with lax security. Older browsers released before 2000 often used 40-bit encryption, rather than the 128-bit encryption found on current browsers. Essentially, SGC certificates automatically take on the load of “upgrading” the security on older browsers.
- Extended-Validation Certificate: The most sophisticated certificate available to date, EV SSL, offers all the security of less-secure certificates, as well as “phishing” protection. This new safeguard attempts to ensure that a hacker cannot use a replica of a store website to dupe consumers into believing that they’re shopping at the actual online store. EV SSL is also the security protection that offers a “green-bar” verifier.
Among the adherents to EV SSL are retailers such as OverStock.com and DebtHelp.com. According to a 2006 study released by Verisign, Overstock.com saw an average 8.6-percent more transactions completed with consumers using Internet Explorer 7 after implementing EV SSL. In addition, DebtHelp.com reported a similar increase of 11-percent more transactions among the same users after switching to EV SSL. <HOME>
Joe Dysart is an Internet speaker and business consultant based in Manhattan, N.Y.
Industry Professional Site: Comments from non-industry professionals will be removed.