Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Creating peace of mind for shoppers, what security options are available?

supastoked

By supastoked
in General Support

Recommended Posts

supastoked

supastoked

Posted
Posted

Hi again,

I posted another question and was going to add this, but since its off topic i decided a new thread would probably be better :)

 

One of our clients is just starting off on a new business venture and is wanting to offer first time buyers some sort of reassurance that the store is safe and secure. They are only accepting paypal and nochex at the moment, so i'm guessing SSL is probably overkill since they are taken offsite to make the actual payment. Is there any benefit to them adding SSL now, even though they arent accepting payments on the site?

 

Also, i've seen the "hacker safe" badges spread over the web and have mailed to ask about pricing, etc - but havent had any reply back from them.

 

Any other options / services that can help in this regard?

 

Any ideas / suggestions would be much appreciated!

 

Thanks,

Chris

kieran_mullen

kieran_mullen

Posted
Posted

Even if you purchased SSL,what would you encrypt? You could encrypt the entry of email phone or address but I think it wold be overkill. "Hacker Safe" is cheesy. It sounds like an invitation to me. Why dont ebay etc have "hacker safe" on there? Paypal.com has a buyer protection program and a logo should be good enough for now.

 

KM

supastoked

supastoked

Posted
  • Author
Posted

Hi Kieran,

Thanks for the reply! Yeah, thats why i put the post on to see if there were any other options available and if anyone had any suggestions for how to handle this. I realize having the SSL is only encrypting the users data, hence why i said its probably overkill. The hacker safe was just a side thought of me trying to explore what options are available and what other OSC users impressions were of using such a service. I just wanted to be armed with options when i chat to the client, as they are a bit concerned about being a new store front, having some sort of reassurance for buyers..

 

Hope this clears up the reason for my post :)

Cheers,

Chris

Chris Smith

Chris Smith

Posted
Posted
Hi Kieran,

Thanks for the reply! Yeah, thats why i put the post on to see if there were any other options available and if anyone had any suggestions for how to handle this. I realize having the SSL is only encrypting the users data, hence why i said its probably overkill. The hacker safe was just a side thought of me trying to explore what options are available and what other OSC users impressions were of using such a service. I just wanted to be armed with options when i chat to the client, as they are a bit concerned about being a new store front, having some sort of reassurance for buyers..

 

Hope this clears up the reason for my post :)

Cheers,

Chris

 

SSL is not a overkill! Many people will not register their personal details on a site without the SSL, and when you think that you can get a decent one for under ?100 per year I don't see any problems in getting one if not to only put the certificate on the index page. Hacker safe cost from $1,800 per year and they say that web sites can see on average 15-40% increase in sales.

 

Please re-think the SSL! and remember the SSL is not there just to protect the user it also protects you from them!!! ask jpwebber for any advice regarding the SSL aswell.

 

Regards

 

Chris :thumbsup:

supastoked

supastoked

Posted
  • Author
Posted

Hi Chris,

Thank you very much for taking the time to reply! This is exactly the sort of dialog i was hoping for, seeing both sides of the fence!!

It'll be great to hear what other seasoned OSC users have to say ;)

Cheers,

Chris

Druid6900

Druid6900

Posted
Posted
Hi Chris,

Thank you very much for taking the time to reply! This is exactly the sort of dialog i was hoping for, seeing both sides of the fence!!

It'll be great to hear what other seasoned OSC users have to say ;)

Cheers,

Chris

 

People want to see that padlock. If they don't, well, would you pass your confidential info across the web to an unsecured site?

No Good Deed EVER Goes Unpunished

boxtel

boxtel

Posted
Posted
People want to see that padlock. If they don't, well, would you pass your confidential info across the web to an unsecured site?

 

SSL only secures (up to a point) the transmission of data between client and server, not the site itself.

That can still be wide open.

Treasurer MFC

kieran_mullen

kieran_mullen

Posted
Posted
People want to see that padlock. If they don't, well, would you pass your confidential info across the web to an unsecured site?

 

Confidential info is already encrypted. Names and Addresses are not considered confidential.

 

Reason why we shred bank statements and bills (account numbers) rather than every piece of junk mail that comes to the door r every piece of paper that has your name on it.

 

Oh man too late I just shreded all my business cards...

abra123cadabra

abra123cadabra

Posted
Posted

First of all, a SSL cert is affordable and it gives this extra bit of security for your visitors. Furthermore it encrypts the connection between you as the shop owner and your webserver, which is most likely to be located somewhere else.

 

As to what data you need to protect, I would always go that little bit further just to be on the safe side in case of some legal action against you. Phone numbers, names, addresses, email addys, date of birth etc. are certainly personal data which you have to protect.

 

abra

The First Law of E-Commerce: If the user can't find the product, the user can't buy the product.

 

Feedback and suggestions on my shop welcome.

 

Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong.

Guest

Guest

Posted
Posted

We put in SSL from the moment you enter the site. Give the customer the feeling of a high level of security and protects thier acctual information in our forms.

 

Its not over kill and its not expensive in comparision not having somone on your site because they dont trust it,

in my opinion.

 

Many of our potential and active customers noticed that change and acctually sent us emails thanking us for taking the extra measures.

 

Scott

spax

spax

Posted
Posted
ssl everything ? that slows everything down and it just plain stupid

 

I would say unecessary, rather than stupid.

 

I agree with abra. For what they cost, compared to the peace of mind they will give to some, it may be stupid not to have SSL.

boxtel

boxtel

Posted
Posted
I would say unecessary, rather than stupid.

 

I agree with abra. For what they cost, compared to the peace of mind they will give to some, it may be stupid not to have SSL.

ssl is an illusion successfully marketed by the angencies who sell the certificates.

No self-respecting hacker would think of trying to intercept client-server transmissions when it is so much easier to target that stationary webserver where all information is readily available.

Treasurer MFC

Druid6900

Druid6900

Posted
Posted
ssl is an illusion successfully marketed by the angencies who sell the certificates.

No self-respecting hacker would think of trying to intercept client-server transmissions when it is so much easier to target that stationary webserver where all information is readily available.

 

That's quite true, regarding the hackers.

 

So, if you use a payment method that retains the customer's information, then you should take more elaborate precautions.

 

That's one of the reasons that I use PayPal only, I can pass off the liability to them by having the customer go to their secured site to make the payment while no CC info is retained on the server I host on, freeing me from that liability. Sure it costs me to accept payment, but, no where near what it might cost if I'm sued because confidential information was hacked from my database.

 

As for the claim of illusion, that may or may not be true. I have a shared SSL, so, it's not costing me anything to provide secured communication and, if that makes people more comfortable shopping on my site, then that works for me.

 

I'd rather have the padlock and the sale than have them leave because it isn't there. Just another cost of doing business.

No Good Deed EVER Goes Unpunished

spax

spax

Posted
Posted
ssl is an illusion successfully marketed by the angencies who sell the certificates.

No self-respecting hacker would think of trying to intercept client-server transmissions when it is so much easier to target that stationary webserver where all information is readily available.

 

Amanda, that's not the point, is it?

 

A lot of users are very nervous and suspicious of websites in general. Actually entering personal details onto one, let alone credit card info, is a real leap of faith for some.

In these days of ID theft, I think it wise to allay paranoid fears as much as you can. A cheap SSL cert could do that for some. And whether you think it is a grand illusion or not, I'll bet most would rather shop at an online store that has one, rather than one that hasn't.

Victor Wise

Victor Wise

Posted
Posted

Hello,

 

I agree with most of the points mentioned on this forum as well as obtaining your own SSL.

 

Since paypal is secure, why not include the folowing text with a graphic of a padlock somewhere between the email field and the button to go to the paypal site. 'Your order is safe and secure'

 

The point is, they will see it right when they would be getting nervous about giving private information.

Best Regards,

 

 

Victor Wise

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...