Secure Socket Layer, better known as SSL, and Transport Layer Security (TLS), are secure protocols used to transfer encrypted data through the Internet. Many websites on the Internet utilize SSL security to keep data transferred between them and the end user secure. Securing data is one of the first steps in avoiding crimes like identity theft from happening and is a great way to improve conversions by building trust between websites and users.
SSL encryption is a long and complicated process, but can be simplified into layman’s terms. A web browser starts by requesting the web server to identify itself. The web server responds by transmitting its certificate back to the web browser. The web browser then verifies that the certificate is authentic and issued by the proper web server. Once the credentials are verified, a secure encrypted browsing session begins.
Why is this extra layer of security needed? Without SSL the data between a computer and a website can be ready by anyone who can intercept it. A great example is users who use public WIFI or public networks where their data can be intercepted by anyone technologically savvy enough to watch network Internet traffic. SSL also helps stop something known as ‘DNS hijacking.’ That is when a virus redirects requests for a website from the legitimate server to an illegitimate server. A certificate will only work on the authentic server and a browser will not allow a connection with an un-trusted server.
That’s before mentioning how most users are taught not to enter their information on a website that isn’t secured, featuring either the lock, green bar, or other information showing that the browser trusts this website. Most new user tutorials and many websites teach users not to trust a website without an SSL certificate, which makes them an important part of building trust on the web.
Of course, all of this requires a website to have an SSL certificate. There are a lot of positive and negative consequences to using SSL security.
The positives have mostly been outlined. A site with an SSL certificate and proper encryption is trusted by users. It prevents their data from being stolen and gives them peace of mind. It can also reduce complaints and refunds from occurring. Users who feel that a site is to blame for their identify theft may feel the need to perform a chargeback. A website’s reputation can be damaged terribly by such things.
Yet, there are negatives associated with SSL security as well. The biggest issue in getting an SSL for your website is the price. SSL certificates can have hefty fees, especially ones signed by the most trusted certificate authorities. Prices can run up to £700 a year for a single server. This can cut greatly into a website’s profits. Inexpensive options exist, such as self-signing, but many browsers will pop-up an unattractive warning whenever a certificate isn’t signed by a trusted authority.
SSL certificates also slow down traffic between a user and a website. Extra time is needed to establish the secure connection and it may frustrate some users that it’s taking them longer than normal to load a web page. There is also the issue of needing to keep the certificate in working order. Should something go wrong then the website would be inaccessible until the problem is fixed, such as renewing a certificate.
While there can be problems, securing a website that transfers sensitive information with an SSL certificate is generally a good idea. The positives do outweigh the negatives and turning traffic away because a site isn’t secure generally isn’t a good thing. However, that’s up to each website administrator to decide if SSL certificates are right for them.