Ecommerce and SSL’s: Protecting Ourselves in Cyberspace

August 31, 2009

It’s something we hear about every single day. We’re warned in TV commercials, in radio advertisements. Newspapers talk about it in-depth, news programs run specials on it as it becomes more popular. Identity theft. It’s something we hear about every single day, but we never think it can happen to us.

It’s something we hear about every single day. We’re warned in TV commercials, in radio advertisements. Newspapers talk about it in-depth, news programs run specials on it as it becomes more popular. Identity theft. It’s something we hear about every single day, but we never think it can happen to us.

One common thread that runs through a good majority of these reports of identity theft is the occurrence of such involving the internet. With ecommerce, or, specifically, using our credit cards online becoming so commonplace, how do we make sure that we aren’t one of the unlucky ones that falls into this trap?

Well, there are a few simple rules that we can follow that will certainly help:

Only use your credit card or bank account information on websites that you trust
Never enter any personal information through email, even via links clicked through emails
Always check the URL’s in which you’re entering your personal information to ensure it’s the URL you’re intending to be on
Make sure you’re only using a secure server on BOTH ends; meaning your connection is secure as well as the website’s.
We can tell when a website has taken extra measures to protect your information when there is an “S” after the HTTP in the URL, so the address will appear as “HTTPS://,” and there will be a small “lock” in the bottom corner of your browser window signifying that this is a secure window you’re operating on and that your information is safe via an SSL, or a “Secure Socket Layer,” which has become an international standard on the internet for exchanging sensitive information between a website and the computer communicating with it.


As long as your server is secure, and your website has an up-to-date SSL, you should be in the clear. But just to ease, your mind, we’ll explain in further detail just how the SSL process works:

A browser requests a secure page (usually https://)
The web server sends its public key, with its certificate, to the browser.
The browser checks that the certificate was issued by a trusted party, that the certificate is still valid, and that the certificate is related to the site contacted
The browser then uses the public key to generate an encryption key and sends it to the server along with the URL required - encrypted
The web server decrypts the encryption key using its private key, and then uses the key to decrypt the browser's request
The web server sends back the requested data, encrypted with the key
The browser then decrypts the data sent using the key, and displays the information
The encryption using a private key/public key pair ensures that the data can encrypted by one key can only be decrypted by the other key
The keys are similar in nature and each is based on prime numbers
Their length in terms of bits ensures the difficulty in decrypting the messages
It is necessary to keep one key secret (the private key) and to distribute the other key (the public key) to everybody. This ensures that anybody can send you an encrypted message that only you will be able to decrypt - you are the only one to have the other key pair
In the opposite situation, others can certify that a message is only coming from you, because you have encrypted it with you private key, and only the associated public key will decrypt it correctly.
Sound complicated?

Don’t be overwhelmed, or confused, and most importantly, don’t give up on ecommerce! As long as you follow the basic rules, your information, and in turn, your presence on cyberspace should be secure and comfortable.