Online Security

Online security begins with SSL, which stands for 'Secure Socket Layer'. What does this mean?

Secure Socket Layer (SSL) is a protocol originally developed by Netscape for the purpose of transmitting private documents over the internet. The SSL protocol encrypts data so that the information is known only to the sender and the recipient. It creates a secure link between a website and a visitor's browser.

Development of SSL technology helped enable e-commerce because credit card numbers and other sensitive personal information could be sent over the internet without being stolen by hackers. The following article goes over what it is good for, who offers it, how you recognize it and how much it costs.

How It Works
An SSL Certificate is issued by a Certifying Authority (CA). There are several CAs that are well-recognized, such as VeriSign and Network Solutions. Once the approval process has been hurdled, the CA provides 128 bit to 256 bit website encryption security.

Before issuing a certificate, the CA rigorously authenticates the requestor’s domain control and, in the case of High Assurance SSL Certificates, the identity and, if applicable, the business records of the certificate-requesting entity. The authentication process assures customers that a website protected with SSL Certification can be trusted.

Types of SSL
There are three types of SSL. Each includes data encryption and triggers the browser to display a closed padlock and the 'https' prefix in the browser address window. Not all provide the same level of validation. Here are their names and how they are validated:

1. Organizationally Validated (OV) SSL Certificates

2. Domain Validated (DV) SSL Certificates

3. Extended Validation (EV) SSL Certificates

Organizationally Validated SSL
The CA for the Organizationally Validated SSL performs a rigorous validation procedure which may include checking business credentials, such as Articles of Incorporation and verifying the physical and web addresses so that the business is verified as legitimate.

This type of SSL Certificate is excellent for a business conducting online transactions and accepting sensitive data, such as credit card numbers.

Domain Validated SSL
This is a less rigorous validation procedure. The CA checks that the name and contact information matches the registration information in the database.

There is no requirement to validate the legitimacy of the business. This type of certificate is a good choice for businesses where customers will not be transmitting sensitive data.

Extended Validation SSL
In 2007, a third type of SSL validation was created. These SSL certificates adhere to industry-wide certification guidelines which were developed by the Web Browser vendors and Certificate Authorities.

The application process is more thorough and the validation criteria are more rigorous. Applicants are limited to certain kinds of businesses and government agencies. Fancy bells and whistles include a color-coded address bar on the browser to indicate an authentically validated site. It is green when full website security and encryption is in place and turns red when it encounters a known phishing or untrustworthy site.

The EV SSL Certificates offer the greatest level of website security available today.

SSL Pricing
In the past, SSL Certificates have been available at a cost of thousands of dollars per year. The rise of multiple resellers has created competition that has brought the prices down. Although they can still be price-y, they are much more affordable.

For example, Network Solutions offers several plans, each with a 4-year contract: DV for $49.99 per year, OV for $99.75 per year, fast OV for $149.75 per year, unlimited OV subdomains for $494.00 per year and EV for $399.50 per year.

VeriSign, a very well-recognized CA offers extended warranties with their SSL certificates with validations covering 1, 2 or 3 years. Their certificates are generally priced much higher than others.