Is it safe to accept customers' credit cards over the Internet?

Absolutely. Storefront uses Secure Socket Layer (SSL), also known as secure order protection, secure certificate or digital certificate. Developed by Netscape, SSL is a protocol for securely encrypting and transmitting electronic information between web servers across the Internet, and is the most popular method for ensuring the secure transmission of credit card data and consumer information.

Why is SSL important?

Every time an e-commerce transaction is conducted on the Internet, personal confidential data like credit card numbers or social security numbers are exchanged among the shopper, the merchant and the appropriate parties involved in the transaction process like a payment processor. This information is susceptible to interception by unauthorized third parties and malicious attacks by computer hackers. SSL protects against these risks. At the same time, it also authenticates or validates the ownership of a website and ensures that the submitted data is supplied to the rightful storefront owner and the appropriate parties involved in the purchase transaction. SSL is a critical requirement for conducting responsible, competitive e-commerce. Many savvy shoppers will not make purchases at websites that lack the level of security expected from e-commerce sites today. In fact, merchants with SSL-enabled sites may likely witness an increase in business simply by providing consumers the peace of mind that their personal information and consumer data is safeguarded.

How can a shopper tell if an e-commerce site is secured with SSL?

Web sites hosted on web servers that are secured with a valid SSL certificate will display a security lock icon at the bottom of the web browser screen. The icon will change from the opened position to the locked position upon entering a secured area of the site. In addition, when a secure server connection is established between the user's web browser and the merchant's web server, the URL will display "https://" in its address. The "s" represents "secure." In an e-commerce website without SSL, there will be no security lock icon, and the URL address will also not display the "s" after "http." The browser will sometimes even show a window screen alerting the shopper that he or she is entering and leaving a secure area, usually during the checkout process.

Locked Security Icon	Unlocked Security Icon

How does SSL work?

SSL protocol requires the installation of an SSL digital certificate on a web server that wants to establish secure server connection with a consumer's web browser. The digital certificate is necessary for authentication of the web server to the web browser. At the same time, SSL protocol encrypts consumer information that is transferred from the web browser to the web server using a unique session key. When the information is presented to the web server, an encryption process takes place in which the session key is matched with the public key installed on the web server. This process, successfully completed, authenticates the web server and the information is transferred securely. The entire process is seamless to the shopper. This process is continued as the transaction data is passed along to a payment processor, which then coordinates the transfer of monetary funds between the customer's credit card bank and the merchant's bank account.

Further information can be found at the following SSL authorities:

Equifax, Thawte, VeriSign