Mike's Online Shopping Guide

Secure Socket Layer (SSL)

These days there are thousands of commercial sites on the web willing to sell you something. This offers nearly unlimited online spending opportunities. The question for most of us want to know before diving in is, "Is it safe?" A better question might be, "Is shopping online any less safe than giving your credit-card number over the phone, fax or even to a food server or sales clerk?"

The simple answer is no. If you shop smart, your biggest concern about making a cyber-buy should probably be whether you're exceeding your credit limit. Assuming the company you are buying from uses encryption (most commonly known as SSL) to scramble your sensitive information, it is just as safe to buy online as it is to buy at the store.

What is the SSL protocol?
The SSL (Secure Sockets Layer) protocol was designed to enable encrypted, authenticated communications across the Internet. Each time a document travels between two computers through the Internet, its contents are sent via unencrypted packets that could potentially be intercepted by anyone with the proper tools.

However, when you use the SSL protocol to encrypt that communication prior to its delivery, the packets become scrambled and will be useless to anyone that would attempt to intercept them. In Netscape Navigator or Internet Explorer, you can verify that an SSL connection is being used when the URL begins with “https” How does SSL improve the way communications are transmitted through the Internet? SSL provides 3 important things: Privacy, Authentication, and Message Integrity.

Privacy:
The data is encrypted so it cannot be interpreted by third parties. Even if the data intercepted, it cannot be decrypted by third parties without your private key (which you must keep safe and away from all other parties).

Authentication:
The ability to send and receive information on a website using SSL involves obtaining an SSL server certificate. Several steps are taken to ensure that the certificate being issued is representative of the organization to which it was assigned. We will verify that the business applying for a certificate exists and is a legitimate enterprise.

Message Integrity:
Through the use of SSL, parties can verify that the encrypted information originated from the original intended source, and the message has not been tampered with. When visitors view information from https://www.YourCompany.com, the accompanying SSL server certificate will specify clearly that the certificate belongs to YourCompany with details such as YourCompany's description and general location.

So what is an SSL Certificate?
A chunk of information (often stored as a text file) that is used by the SSL protocol to establish a secure connection. SSL server certificates contain information about who it belongs to, who it was issued by, a unique serial number or other unique identification, valid dates, and an encrypted “fingerprint” that can be used to verify the contents of the certificate

Most importantly, it's a good idea to translate your common sense about shopping to the web: If intuition tells you a run-down store with odd hours warrants a red flag, an amateur-looking web site should make you equally skeptical. Make sure any web company you order from has a geographic address as well as an email one, and don't use your credit card at a site you are not familiar with -- just as you wouldn't send a check to an unknown business.