Have you ever wondered what an SSL is? In this article, we will discuss what an SSL is, why it's important and what ArtStorefronts is doing to protect your customer's sensitive information.
First, lets define what an SSL is:
An SSL (Secure Socket Layer) is a standard encryption technology that establishes a secure connection between a server and an endpoint. Typically, in e-commerce, this encrypted connection is found between the e-commerce website and a payment gateway's server. An SSL allows things like credit card numbers, social security numbers or login information to be transmitted securely.
Why is an SSL important? "Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to."1
Why do I have to use or have an SSL? SSL's are required for any website that is collecting, transmitting or storing personal information from customers. Every E-commerce website that collects sensitive customer information such as payment card details or social security numbers is required by law to be PCI compliant.
What's PCI? How can I be PCI compliant? "The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment."2 Ensuring that you have an SSL is the biggest step towards following PCI compliance standards. At ArtStorefronts, we have provided a shared SSL for anyone that uses us to process transactions. Art Storefronts is fully PCI compliant, meaning website owners do not need to separately handle PCI compliance for their hosted website. As the hosting provider, Art Storefronts manages all necessary compliance obligations, ensuring a secure operating environment for your e-commerce site. External scans for PCI compliance are not permitted by the platform for security reasons.
What's the difference between a Shared SSL and a Private SSL? A Shared SSL is installed globally on our servers and all ArtStorefronts websites have access to this SSL. This certificate is self-signed and works with our server name, which hosts all of the *.artstorefronts.com websites. A Private SSL is issued for your domain specifically, and is not shared on the server with other websites. The security certificate will show that it was issued directly for your domain and this will show in the browser's address bar.
How do I check and see if I have an SSL installed on my website? To see if you have an SSL installed on your website, or to check the details on your certificate, you can use one of the following resources: https://www.sslshopper.com/ssl-checker.html https://www.sslchecker.com/sslchecker https://www.geocerts.com/ssl_checker This will confirm that you have an SSL installed on your website and the type of encryption used.
What about site-wide HTTPS? I heard this is important and I need this, is that true? Site-wide HTTPS is a relatively new SEO indicator Google made a call for back in 2014. Currently, site-wide HTTPS is not a requirement, and Google has indicated that this affects less than 1% of queries, and is currently less valuable to robots than high-quality content. Currently, ArtStorefronts does offer Site-wide HTTPS as a feature.
What if I want a private SSL installed on my website? Can I do this? ArtStorefronts does not allow for 3rd party user-installed Certificates on the servers, but we have installed a site-wide SSL for all of our customers.
Do I need to do anything to make sure my site stays safe? No! You're covered by our SSL that we automatically update and keep current on our servers. We are committed to keeping our customer's and your customer's information private and secure. We take this matter very seriously and ensure that our security standards are kept up and within the required protocols for e-commerce transactions.Art Storefronts ensures that all website sessions are conducted over secure HTTPS connections, and e-commerce transactions are handled in a secure manner. However, users are encouraged to liaise with their payment gateway for specific compliance obligations related to payment processing.
What is the role of a payment gateway in PCI compliance? While Art Storefronts provides the hosting infrastructure and transactional security, the payment gateways are responsible for managing the security and compliance of credit card information. It is advisable to confirm specific compliance provisions directly with your payment gateway provider.
What are some best practices for addressing PCI scan issues? Occasionally, system scans for PCI compliance may highlight issues that need resolution. It is critical to ensure that ports 80 (HTTP) and 443 (HTTPS) remain open for secure website functionality. When necessary, initiate a new PCI scan or request a rescan from the scanning organization to update results.
Are external PCI compliance scans allowed on Art Storefronts? For security purposes, external PCI scans are not permitted. However, rest assured that Art Storefronts manages comprehensive internal security measures to ensure compliance with PCI standards.
If you have any questions, or want to find out more about SSLs, please email us at CS@artstorefronts.com and we'll be happy to help you out!
Sources: