ssl certificate

[brickie]

could someone advise me on findinding the correct certificate for an online store(oscommerce)

 

i can get cheap standard type class 1 ssl certificate which will give secure padlock in browsers.

as i will be using paypal,google checkout,etc. to take payments from customers,

i believe these transactions will take place on their servers? am i correct in thinking this?

 

therefore, if im not directly taking their card details etc, will a class 1 standard certificate cover me for everything else?

 

thanks in advance,

gav.

[Guest]

Gavin,

 

A class 1 SLL will prevent the data transmission from being decrypted in transit to and from your payment processor. The information provided by the customer while on those sites will be covered by that sites SLL.

 

Chris

[brickie]

Gavin,

 

A class 1 SLL will prevent the data transmission from being decrypted in transit to and from your payment processor. The information provided by the customer while on those sites will be covered by that sites SLL.

 

Chris

 

thanks, so would this type of certificate would be secure enough for my own website ?

 

i just want to make sure before i set this up.

 

regards,gavin

[MrPhil]

If you're using standard third-party payment systems (most PayPal plans, etc.), their site will be invoked with SSL (https:) and they are responsible for data security on customer financial data they handle. Your browser already has the ability to encrypt data for transmission to and from an SSL-protected site such as PayPal.

 

Your site, if it's not directly handling customer credit card data via a payment gateway and merchant account (or some PayPal plans that have you handle the credit cards yourself), doesn't have to have SSL protection. However, customers will feel more secure (i.e., more likely to open an account and make a purchase) if you have SSL protection on customer information such as name and address, password entry, etc. If you do go to a payment gateway/merchant account or certain third party plans where you do handle credit cards yourself, you will be required not only to have specific levels of SSL protection, but a whole lot of other data security requirements (see PCI-DSS).

 

Many hosting plans offer a "free" SSL certificate, but require you to access your site via their server names. That is, https://neptune.serverco.com/~youraccount instead of https://www.yoursite.com. That alone is enough to scare off some customers, so it may be worthwhile to obtain a basic private SSL certificate.

[brickie]

If you're using standard third-party payment systems (most PayPal plans, etc.), their site will be invoked with SSL (https:) and they are responsible for data security on customer financial data they handle. Your browser already has the ability to encrypt data for transmission to and from an SSL-protected site such as PayPal.

 

Your site, if it's not directly handling customer credit card data via a payment gateway and merchant account (or some PayPal plans that have you handle the credit cards yourself), doesn't have to have SSL protection. However, customers will feel more secure (i.e., more likely to open an account and make a purchase) if you have SSL protection on customer information such as name and address, password entry, etc. If you do go to a payment gateway/merchant account or certain third party plans where you do handle credit cards yourself, you will be required not only to have specific levels of SSL protection, but a whole lot of other data security requirements (see PCI-DSS).

 

Many hosting plans offer a "free" SSL certificate, but require you to access your site via their server names. That is, https://neptune.serverco.com/~youraccount instead of https://www.yoursite.com. That alone is enough to scare off some customers, so it may be worthwhile to obtain a basic private SSL certificate.

thankyou for the detailed reply im a bit clearer on how it works now.

i may invest in a basic ssl solution as you say, it will add to customer confidence.

 

regards,

gavin