In the following three part series I will discuss the need for security when operating an eCommerce website, or indeed any web site that captures the end user’s personal information. The series will discuss what web site security is and the technologies involved, the user experience and what and end user would (or should) be looking for to give them piece of mind that a web site is secure and finally some of the specific things that need to be considered (including potential pitfalls) when running a secure web site.
Web Site Security, HTTPS and SSL
As an important part of setting up and running an ecommerce website, the acquisition of a Secure Certificate should be considered. A secure certificate enables the use of something called https (Hypertext Transfer Protocol Secure). This is a combination of the Hypertext Transfer Protocol (HTTP), which is used for transmitting web pages, with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. HTTPS connections are necessary when securing personal information exchange and payment transactions on the World Wide Web.
The user experience
As an end user of a website, whenever a web page asks you for sensitive information, you need to be able to identify if the page is secure or not. The ability to recognize a secure web connection is extremely important, as online fraud cases have increased substantially from year to year.
With regard to web pages, what exactly does "secure" mean?
Whenever you view a website, information is sent from your computer to the web server and back from the web server to your computer. This information is normally sent in "plain text", meaning anyone would be able to read it should they see it. This is an issue when you consider that each piece of information transmitted passes through many computers (servers) to reach its destination. Every time you send your log-in details (traditionally email and password) or card payment details this “plain text” could potentially be intercepted and easily read.
The solution to this problem is to encrypt the data before transmission. The Secure Sockets Layer (SSL) was created for this purpose. SSL uses a system of key exchanges between your web browser and the web server you are communicating with. This is done in order to encrypt the data before transmitting it across the web. A web page that has an active SSL session is what is meant by the term "secure".
Whenever you are visiting a web page that asks you for personal or sensitive information you need to check that it is secured!
Part 1 Summary
Hopefully from the first part of the blog series, you will now have an idea about what website security is and some of the terminology involved. In the next part of the series I will cover how you would check a website’s security credentials as an end user. This is also something that is worth knowing about in detail as a (secure) website author/publisher.