Secure Sockets Layer certificates provide encryption for data transmitted over your domain. Purchasing an SSL certificate for your domain allows you to provide your customers with a safe and secure transaction while shopping on your website or transmitting their private data over the Internet. Providing your customers with secure transactions will increase customer confidence in your store and may lead to increased sales. Not using SSL may result in stolen customer data that will lead to lost sales and low customer confidence.
The SSL certificate validation process varies depending on the type of certificate you choose to purchase. Domain Validation (DV) certificates are only validated by computers and only verify that the domain name is owned by the person applying for the certificate. By comparison, Extended Validation and Organization Validation certificates are validated by humans. Both EV and OV certificates require verification that your business exists, a business license or corporate charter and a physical address. Extensive validation lets customers know that your website and business can be trusted.
SSL provides encryption that will protect the identity of users, passwords, credit-card transactions and sensitive data. When a customer is shopping in your store, her browser requests a secure SSL connection with the server. The server sends a certificate to the customer’s browser. The customer’s browser validates the certificate, creates a session key and encrypts the certificate with the key. The server then decrypts the session key and establishes an encrypted session to enable the customer to complete her online transaction.
The PCI Security Standards Council was established to set the industry standard for credit-card security. If your website is sending credit-card data over the Web, you must use SSL to remain in PCI compliance. PCI requires that servers use at least 128-bit encryption and that servers that use weak encryption rates are not used for secure transactions. Specific standards can be found on the PCI Security Standards Council’s website (link in Resources).
Wildcard SSL Certificate
Wildcard SSL certificates allow you to secure any transactions that take place on your domain and any subdomains associated with your domain. Nonwildcard DV, OV and EV SSL certificates do not cover all of the subdomains under your domain. While Wildcard SSL certificates cost more, they ultimately cost less than purchasing new SSL certificates for every subdomain you might want to use on your domain.