Jump to content

Dutch Webshop Security Question


Recommended Posts

  • 1 month later...

I must recommend SSL for many reasons.

1. security - even for instance in paypal case the real payment is handled by paypal website - in most of the cases paypal included sensitive information is still sent in clear text - like customer name and address phone etc...

Other than payment methods when registering the password is sent through the network in clear text if you don't have a ssl cert installed

2. customers will be confident buying on your website if you have a ssl certificate. Most companies that sell ssl certs will offer logos to place on your website assuring your clients you run a secure website and you DO CARE about security and privacy


Hope it's clear enough - questions, let me know

Link to comment
Share on other sites

I have to agree with marcelm. When I started with osCommerce I bought an SSL certificate although with offering Paypal and bankwiring there wasn't really a need for it. After a couple of years I didn't renew it because of those reasons and I haven't found any differences in customers behaviour. Once you are handling sensitive data, not adresses and thelike, I certainly would get an SSL certificate.

Link to comment
Share on other sites

wheeloftime, you and marcel have a good point, and I need to agree with you.

after all ssl may be a matter of taste and price. nowadays a ssl cert price is starting as low as 10-20$/year or may be free depending on the hosting plan.

if someone hijacks customer data and password may not be critical

in some cases (I've personally met the situation 3 times) on the pcs a trojan can listen to network traffic and steal username/password in case the traffic is not encrypted(no ssl)

in this way even admin password can be stolen if you are infected with a similar trojan (ftp details too if you are not using ssh or secure ftp). it's theoreticaly possible.

so a ssl may not be required but it's recommended

Link to comment
Share on other sites

Hi Radu,

Though I have, luckily, no experience with keyloggers on a local machine it is my understanding they intercept your keystrokes on exactly your very own local computer. An SSL certificate will merely encrypt data sent from your hosts server and not from a local computer so it is of no use at all when a local computer gets infected with something nasty. I agree that the prices for SSL certificates are fairly low nowadays and shouldn't be a problem for a serious shop owner.

Kind regards,
Howard

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...