So you’ve taken on the challenge of getting into the ecommerce world; you’re in the process of creating a website to vend your product and/or service; now you need to figure out how to keep the sensitive information (i.e. credit card numbers) from getting high jacked by those shaded internet types.
A certificate authority (CA) is a company that specializes in safeguarding sensitive digits by providing encryption-code layers to websites. They’re important protocols in the ecommerce world. Who doesn’t know someone that’s been a victim of identity theft or credit-card thievery?
It’s tempting to cut costs and go with a low price (or even a free) CA to provide you with SSL services (Secure Socket Layer: cryptographic protocols used to transfer secure information). You’ve made a significant investment in the startup of your website, so it’s understandable that you want to save a buck or two. However, is a cheap CA a good business decision?
Remember though, it’s important to first understand if you even need an SSL service. According to one of the latest review written on HostJury, Marc Martin states:
HostGator used to be a good hosting company until they started becoming too big … I want to have a blog using a dedicated ip [internet protocol address], but I was informed that the only way I could get one was if I used a free SSL Cert. Why would someone want an SSL on a blog?” (Why indeed. An SSL is for ecommerce not for blogs!)
“Fine,” Martin continues in his review. “I tried to SSL the WordPress Admin, but that's when I was informed that the SSL Cert. is only good for one page per URL. Stupid, really! [They] force you to use a SSL Cert that is only good for one URL!”
For those you who do want to find SSL service for your online store: it’s important to weigh your options, figure out your price range, but most of all, make sure your customers feel safe enough to plug in their debit or credit card numbers into your website.
The most secure (and incidentally the most expensive service per volume) is a Dedicated SSL. A well-known provider of dedicated SSL services is Symantec. Their dedicated SSL services start out at $399 US dollars for a year of validity, and they offer impressive server stats for high-volume clients. (although we have discussed overpriced slick marketing on SSL certs in the past)
A less expensive ecommerce services competitor to Symantec, GoDaddy, offers this service for as little as $49 for a dedicated SSL. However, Symantec’s NetSure warranties (like insurance for losses related to security breaches) are in the $1,000,000-range, whereas GoDaddy warranties guarantee only a tenth of that 7-figure number. Subscription rates can be seen as insurance premiums in the SSL business.
If you’re domain reseller, managing an umbrella of hosting and security to multiple ecommerce stores, you will want a Shared SSL service. This is a more economic option, and GoDaddy offers shared SSL service for up to five domains at an affordable $90 per year. The downside to sharing an SSL is that the umbrella company/webhost will have their company logo in the URL graphic rather than their client’s logo.
Wildcard SSL services are another important option to weigh. While the aforementioned dedicated services are considered as more secure, they’re only for single domains. Ecommerce stores that require the use of subdomains (e.g. shop.acme.com and cart.acme.com) may want to consider a wildcard service. The subscription for wildcard runs more expensive than dedicated, with GoDaddy charging about $200 per year for SSL services for a single domain with unlimited subdomains. However, going back to Symantec, that wildcard SSL subscriptions costs two grand for a one-year subscription. (You can see that the ratio is about 1:10 for subscription and security when comparing GoDaddy to Symantec.)
There are even free CAs out there, such as CAcert and StartSSL. However, they aren’t recommended for high-volume ecommerce sites, as they’re often riddled with technical glitches and don’t offer the guarantee insurance that the paid providers promise. If you’re looking into a free CA to transport your customers’ digits, you may instead want to look toward an escrow service such as PayPal, or a reseller who already has a CA subscription.
In any case, do you’re research before spending big bucks on an SSL-certificate subscription. However, if you’re taking direct credit/debit card payments or storing really sensitive data, there is merit in choosing a credible name in the SSL world.
About the Author
Al Barrus is an ex-patriot from the greater Seattle area who now lives in Saltillo, Mexico, a few hours south-west of Laredo, Texas. He first started his work in writing when he enlisted in the US Army at the age of 18 in 2002, during which time he worked as a uniformed print and photo journalism soldier in Baghdad and Fallujah. After parting from his military obligations in 2007, Al attended The Evergreen State College in Olympia, Washington, where he graduated with a Bachelor of the Arts in 2011. Later that year he moved to Mexico where he teaches English and lives happily with his wife Verenice.