There can be little doubt that online security is a hot topic at the moment. The European Commission has recently spoken about its desire to put consumers at the centre of financial service delivery and says it wants to continue tightening up consumer protection.
Meanwhile, the UK’s Payments Council has discovered that concerns about security are among the most common barriers discouraging people from using the internet for shopping or banking.
So, how can businesses go about establishing strong security for their websites, and how can they inspire confidence among consumers?
The Great Online Migration
Technological development is changing the retail landscape for homes and businesses. More products and services are being bought and sold online, and it’s becoming difficult to underestimate the degree to which online activity is transforming the retail financial service market.
That’s because most consumers are quick to realise the benefits of performing their chores online. Once they begin using digital banking and purchasing services, they are likely to continue doing so.
What this means is that businesses will be judged on the experience of their digital delivery, and that retailers and small businesses will face increasing pressure to show that they are secure and safe to use.
The Payments Council has issued a new guide, ‘Pay Your Way’, as part of its consumer education campaign. This includes basic details as to what consumers should look for to ensure a website is secure.
As knowledge builds of online security, it’s going to become second nature to check for the presence of an SSL certificate from a respected provider such as Thawte.
So, where do small businesses begin, and what might influence their choice of security certificate?
The Difference Between ‘SSL’ Certificates
Security on the web is normally carried out using SSL (or secure sockets layer) technology, which enables a link between a server and a user. You may notice the signs of this protection in place if you see a green validation bar in your browser or ‘https’ in the hyperlink.
Security certificates normally paid for every year, and should be professionally integrated into your website. The level of security you require will depend on the type of data that is being exchanged.
If a user is filling in and submitting an enquiry form or an expression of interest, it is unlikely that you’ll need more than a basic certificate.
If sensitive information such as card numbers are being exchanged, however, a more comprehensive certificate with stronger encryption will normally be needed.
One of the basic certificates is the Domain Validation (DV) SSL Certificate.
Here, the certification authority checks the right of the applicant to use the specific domain (username / password) and enables encrypted connections to a business’s server. This is the extent of the security, and these certificates tend to be among the cheapest available.
They are not normally considered suitable for the exchange of sensitive details or for applications at risk of cyber attack.
- Allows encrypted connections.
- Fast issuance time.
- Limited security.
- Not suitable for sensitive data exchange.
The next tier is an Organisation Validation (OV) SSL Certificate. Here, the certificate authenticates a whole organisation in addition to its domain checks.
This certificate will also verify that your site is protected by the issuer if users decide to check the certification details.
OV certificates are more expensive than DV certificates, but are suitable for the secure online exchange of sensitive information.
- Secures sensitive information.
- Verifies a site’s security.
- Strong value.
- Not as comprehensive as an extended validation.
The top tier of security involves an Extended Validation (EV) SSL Certificate. Here, the authority undertakes a thorough check of a user’s right to access a specific domain, while it also verifies that an organisation follows high security protocols.
These certificates offer high visibility to users, with a green bar and padlock appearing in the browser to assure users that the site operates under high protection.
They also carry a much higher annual fee, but businesses may consider the message of confidence they instil with a high value security certificate to be worthwhile, as these are likely to encourage customers to proceed with their transactions.
- Secures sensitive information.
- Thorough user and organisation checks performed.
- Visible authority to users.