Posted by Sharon Robb on Mon, Jan 18, 2010 @ 12:26 PM
I've put this blog off - it can be confusing stuff. But frankly, given the number of merchants involved in online sales or ecommerce - now's the time. You need an SSL certificate if you sell online, supply a site log in, process sensitive data or simply want to instill trust.
SSL was introduced in 1994 - and stands for Secure Socket Layer. SSL is the standard for ecommerce transaction security enabling encryption of all of your customers sensitive data, including credit card and other uniquely identifying information. Todays recommended minimum encryption standard is 128 bit and in order to provide this you'll need a SSL certificate with SGC (server grade cryptography) capability.
SSL Certificates. This digital certificate sits on your secure web server and is used to to perform the actual encryption. Each certificate has what is called a private and public key. The private key encrypts data, the public key deciphers it. When a customers web browser points to a certified domain - the SSL technology authenticates both the domain and the browser. A unique session "key" is established as is an encryption method and a secure transaction can be made.
There are different types of SSL Certificates such as -
- organizational validated (ov)
- domain validated (dv)
- most recent - extended validated (ev)
SSL Certificates trigger the browser to display a closed padlock and the https prefix in the browser window. With an EV certificate, besides a more vigorous application process, the browser bar is color coded green to indicate the top validation in SSL and turns red when an unsecure or untrustworthy site is encountered.
Where do you get an SSL certificate? XBS recommends SSL certificates issued by CA's or certificate authorities. These businesses verify your domain name, your business and your authority to apply for such a certificate amongst other things based on the type of certificate applied for.
Your e-commerce payment gateway can make life a little simpler by providing you, the online merchant, with a customizable payments page hosted on their site. This is the least expensive method, as it uses the gateways SSL certificate (shared) instead of your own. In addition, the gateway's server stores the sensitive data on it's own PCI DSS compliant server leaving the merchant risk free (regarding data storage). There's a few cons though, the biggest one being your customer leaves your site at the time of payment, as well as a loss of control in the order process. This might be a great, cost effective approach for a new online merchant.
If you have a busy site though - you'll probably want your own payments page with your own SSL Certificate. Pricing is all over the place, and providers offer a variety of types of certificates - so due diligence as usual. Your web developer or merchant account provider (XBS) can easily assist you in your purchase. Certificates must be renewed. Some gateways such as authorize.net provide certificates at deeply discounted prices through partnerships with providers.
SSL technology is not an option for ecommerce merchants, it's a must have. This article only touches on the basics of secure socket layer technology. Statistics show that our customers are becoming internet savvy and will increasingly refuse to do business with ecommerce merchants who don't display SSL basics and signage.
So be secure and prosper.
Posted by Sharon Robb on Tue, Nov 17, 2009 @ 03:45 PM
The payment gateway is a secure financial service that can route the funds from a businesses check and credit card transaction or sale to the same businesses bank account - my words.
In more depth? the payment gateway facilitates the transfer of payment information between the payment interface (retail terminal, website shopping cart, virtual terminal, etc.), the card associations (Visa, MasterCard, Amex, Discover), the card issuing bank for authorization of the payment transaction and finally - the merchant bank, for funding!
The payment gateway encrypts data for security (PCI DSS) and check card validity (provide authorization for the transaction). This activity is seamless or invisible to the merchant and customer and remarkably takes place in just seconds.
Gateways today come with real time reporting on credit card transactions visible through a web portal by the merchant. Most include shopping carts and virtual terminals or are compatible with popular shopping cart packages and softwares.
A payment gateway can be used in retail store processing, internet credit card processing and many other types of processing.
In ecommerce or internet credit card processing for example, payment data is forwarded to the payment gateway via your websites shopping cart and a secure (SSL) connection. The payment gateway facilitates seamless, fast, credit card transactions and in the end, merchant funding (money in the bank). The time from sale or transaction processing, to authorization and batching out (product shipped) to merchant funding is typically 2-3 days.
There are a quite a few payment gateways for merchants to choose from such as Authorize.net, Sage, eprocessing network and more, each with unique features, capabilities, add-ons and costs, so sorting through which one is best for your business requires research or professional advice.
The payment gateway is just one piece in a complete credit card processing solution.
It's easy to see how complete merchant solutions for processing electronic payments i.e. coordinating your best options with best business practices by connecting a variety of virtual services such as financial (payment gateways, ach processing, merchant accounts) and telecom (landline and cell phone service) to hardware or equipment, softwares and websites, to banks (several in one transaction!)for secure transfer of electronic funds (think Star Trek) with seamless security and speed - might seem tricky, even overwhelming.
It is!