SSL, or “secure sockets layer”, is a method of encryption, used to keep sensitive information secure online. Whenever web users access a website, a connection is created between their browser and the website’s servers. If this connection isn’t properly encrypted, then hackers can easily intercept it, and steal any data being transmitted between the two parties. You can easily tell if a website has an SSL certificate- in the address bar, a green padlock will be shown (if the SSL certificate is present and installed correctly), to let you know that the website in question is safe and secure and any data that you enter on this website will be fully encrypted when sent to the recipient. SSL certificates are vital to take payments details directly on a website (but not essential if you are being redirected to a payment provider’s website to input this data e.g. PayPal). However, they are also highly recommended on websites that request any private personal data such as date of birth etc from customers. This is because the customer’s sensitive data will be transmitted on the open internet where it can be intercepted and if no SSL cert is in place this is sent in plain text. So it is imperative that website owners do everything you can to stop that data falling into the wrong hands. With secure encryption methods, hackers will not be able to decrypt any intercepted data they acquire in attempts to use for fraudulent purposes.
So who needs an SSL certificate?
It’s not just eStores that can benefit from SSL certificates, any website that asks visitors to input personal information should make sure that they are completely secure. For instance, many people use the same username and password across multiple websites. Even if hackers couldn’t do much with access to someone’s account on your website, chances are they will use that information to try and hack into other accounts, such as Facebook or PayPal, where they will be able to do a lot more damage. Not only are credit/debit card fraud attempts rampant nowadays but also identity fraud attempts, so due diligence on the part of both website owners and users is extremely important. Users are getting more and more security savvy as time goes on, and nowadays, most will look for an SSL certificate as a sign that a website is secure. Google also prefers SSL websites, as it takes steps to keep its users safe. Chrome, Google’s Browser, users are now often given an alert before visiting a website that lacks an SSL certificate, to let them know that the website is insecure and other browsers are following this trend. What’s more, when it comes to Search Engine Optimisation, SSL websites are now favoured by search engines and therefore can potentially receive a better organic ranking than those without (assuming all other scorings are the same). Since 2014, Google have been highly recommending that other websites use SSL encryption. However, they’ve actually started to take extra steps towards making the internet a safer place. As mentioned above, SSL-certified websites have a green padlock next to their URL. However, Google have recently started to make their warnings about websites without SSL encryption more prominent, and this move looks set to go even further in the near future. Soon, it will be hard to miss when websites lack a proper SSL certificatemeaning if you’re yet to get one, it could be time to consider this.
Sometimes you may notice a yellow triangle image over a grey padlock on a https:// website, this means that there is a SSL certificate installed on that page but your browser is reporting some errors with it. This could be either an issue with your browser not being updated, or your computer date or time being incorrect, but more often it is that some elements on the website are not being served from the https:// address, example some scripts or images. If it appears to be the latter and the company or website otherwise looks reputable it could be worth emailing or ringing them to let them know so they can rectify this as it could just be an oversite with an image on the page like their logo or a newly added image that they failed to add the https:// to on that page. If you see a grey padlock with a red ‘x’ through it, this means there is no SSL certificate on that page. This is usually followed by a very clear warning on the browser page that you have to click to proceed to website agreeing you know it’s not secure. As mentioned before the green padlock is the only fully secure indication, which means that website has a valid and correctly installed SSL certificate and all elements on the page are being served across https:// and any data you enter and send on that page will be fully encrypted in transit.
Does a secure website always mean it’s safe ?
However unfortunately, a secure website doesn’t always mean it’s fully safe, this may sound contradictory but as with everything else, scammers try to exploit this sense of safety we feel with a green padlock by purchasing SSL Certificates for their fake or phishing websites. Phishing websites are websites setup maliciously to obtain sensitive information such as usernames, passwords, and credit card details for fraudulent reasons. Now these are usually discovered quickly and revoked, but only after they have had a window of opportunity to try to capture and scam some people. Usually these links will be sent in emails or from online ads so when checking a website, especially before you considering entering any sensitive data, check the website address also after checking for the green padlock, this is where you will spot the difference in a fraudulent website. Read the full web website hostname that appears there to ensure it is legitimate, here is an example, a website that might be posing as a PayPal website, could use an address like this:
So it has ‘paypal.com’ in it the website address (known as URL), but the .com is not the real TLD (Top Level Domain) of this address, if you look along the address, you will see that the domain is actually ‘.login’. So we need to check the full name between the initial ‘https://’ and the next forward slash ‘/’ to spot these tricks that scammers use. In the example above, the domain registered with the SSL cert is ‘com-password-reset.login’, then for this link, they prefixed with other characters to look like PayPal.com website. So, if you spot this you know you are dealing with a fake and dangerous website, you should close that browser window immediately.
So how do we keep secure and safe online ?
For website owners, a SSL certificate is a must if it is a transactional website or asking for any financial or personal data, but is also a positive step for virtually everyone else asking users for their personal data. If you don’t already have SSL encryption on your website, it could be worth considering as many browsers are now highlighting these websites as insecure more prominently which can instill distrust from users. When browsing the web, firstly check for the https:// and green padlock before entering any sensitive data, but also take a look over the website address to be extra careful to ensure it is not only secure but also the reputable