Is your e-commerce site secure?

Is your e-commerce site secure?

I recently provided an SEO review of an e-commerce site, and while I was able provide some insight into boosting their visibility one thing surprised me. The site doesn’t have an SSL (Secure Socket Layer) certificate, anywhere.  Now granted the site wasn’t handling payments as this was going via Paypal, which does offload the credit card risk, however you still required an account in the shopping cart before you could place an order.  Without SSL enabled the information you provide for this account will travel over the Internet in plain text, so anyone can read it.



Now why do you need to encrypt (which is what SSL does) for your session.  To answer this I would ask the question how much do you value your privacy.  In the post Snowden/Wikileaks world I would say quite high and why not, we are getting inundated with information regarding government eaves dropping.  This however is not the greatest risk in my opinion, it is more the identity theft scenario that I’m concerned about.


Identify theft?

This is where someone else poses as you, and all they need is some basic details about you. While you Social Media account will unlikely provide your home address, when you created an account in a shopping cart where you expect delivery of a product you will likely enter your home address, plus your name and likely a phone number.  Now put this together with your birthdate, which you put into your Facebook account and then a possible attacker has a snapshot of your identity.  Remember what your bank and almost every government department asks for as a security answer?  Yes it was your name and date of birth, your home address and your phone number.


Now What?

Well if you have a website and want your potential customers to trust you then you need to think seriously about adding layers of security, the biggest being an SSL certificate. So if you haven’t already done so then now would be a good time to think seriously about it.

At Altair Hosting we support SSL certificates from creation through to hosting.  At the present it is manual though we are in the process of rolling out an automatic service. If you want to know more please get in touch.

Leave a Reply