SSL, or Secure Socket
Layer encryption, is one of the most widely used methods
of encoding used today. Developed originally by
Netscape, this is what all e commerce sites use to
encrypt financial information and other personal or
private information a it is transferred over the
Internet, in emails or other transmissions in which data
could be stolen. In fact, any merchant who wishes to
sell anything on the Internet or accept any personal or
financial information must be PCI compliant, which
requires an SSL certificate.
The SSL certificate is a version of the Public key
encryption technique. This “certificate” is the base of
the TLS, or Transport Layer Security method. There are
different ways to tell if a website uses SSL encryption.
For example, the easiest is by looking tat the address
bar. If the URL begins with “https:” then it is
encrypted and secure, which is what the extra “s” stands
for. In addition, on any form on which you need to enter
personal information, such as your social security
number or your financial information, there should be a
padlock symbol above the information field and at the
bottom of the browser window as well. Another way is by
looking for the seal of a trusted certificate authority
prominently displayed on the website, at the bottom of
the pages.
A user’s web browser uses a public key to check the
certificate for authenticity. It does this by using its
key to match the information to the private key, or SSL
certificate held by the site. The browser uses three
criteria to tell if the SSL is valid including whether
the SSL certificate is expired or revoked, whether the
SSL certificate came from a valid and trusted
Certificate Authority and whether the certificate
actually belongs to the website in which the browser is
checking on. If any of these items are not present or
are matched incorrectly, the browser may not allow the
user to enter the site and displays a message stating
the certificate may not be valid or trusted.
A trusted certificate authority issues the SSL
certificate. The CA is the company that tells the
website visitors the web site owner is who he claims to
be. For example, when someone is web browsing and they
visit a website, before they give any personal, private
or financial information, they want to know the site and
its owner can be trusted with the information. If the
seal on the page states they have a valid SSL
certificate, then the web site visitor can go to the CA
and find the information about the website. The CA
essentially vouches for the website and web master and
lets people know they can be trusted to do business
with.
If any of these signs are missing from a web page, then
it cannot be trusted. While the SSL certificate is not
the only way to encrypt the information, it is required
by law to do business on the Internet. Anyone doing
business and accepting financial information without it
is not PCI compliant, meaning they have no legal right
to accept payment for anything. Always check for the
proper credentials before giving your information to
avoid a scam.
British and
young? Check here for
young drivers car insurance or look at
churchill car insurance.
Copyright Devon
Institute 2006 All Rights Reserved |