When it comes to ecommerce, security is paramount. To ensure security, most websites utilize something called SSL encryption to protect any data passed between a website and a shopper (and vice versa). However, SSL encryption requires a secure form of communication between a website and a customer, and that secure form of communication is known as HTTPS.
Generally speaking, every ecommerce website should utilize SSL for the shopping cart and checkout process. Many sites should also consider using SSL for the entire shopping experience, as it can benefit rankings and raise conversion rates.
Here’s more information on HTTPS, SSL, and their benefits to both etailers and consumers.
HTTP Is Just A “Style” For Web Communication
In the early days of the web, the architects of the Internet agreed upon a website-client communication standard that became known as HTTP, or HyperText Transfer Protocol. This new standard enabled HTML websites and all the technologies that followed, and HTTP is heavily utilized today. In fact, you’re almost certainly using HTTP to access this blog.
But if there’s a problem with HTTP, it’s that the “packets” of data shared over HTTP can be secretly “sniffed” and then copied by some 3rd party. Sometimes, this packet sniffing threat is no big deal: For example, we don’t worry about packet sniffing when it comes to our site, because we’re not collecting any private info. People are just reading – we’re not asking for credit card numbers, home addresses, etc. For this reason, plain jane HTTP is just fine for websites that don’t collect consumer info.
But, if we were transmitting medical or financial records to you, or if you were sharing your credit card info with us, you would absolutely want to use a secure method of communication between the website and your browser that protects against packet sniffing. This communication method/protocol is known as “HTTPS,” and every ecommerce website should have HTTPS.
- Websites that collect consumer data (like credit card numbers, address info, etc.) need HTTPS
- Websites that transmit personal, private information (like medical or financial records) also need HTTPS
- Website that don’t collect or transmit private information do not need HTTPS
How You Setup HTTPS – The Broad Strokes
HTTPS – which stands for HyperText Transfer Protocol Secure – is an encrypted standard for website-client communication. In order to send information via HTTPS, an encryption system known as SSL is utilized. SSL is sort of like a “voucher” system for communications.
It may be helpful to imagine SSL as a bouncer at a bar. In order to get inside the bar, you hand your driver’s license to the bouncer, who then verifies that your license is legit and lets you in the door. In this analogy:
- The “bar” is the website you’re trying to access
- The “bouncer” is the HTTPS protocol
- Your driver’s licence is the SSL certificate, a form of identification that both you and the bouncer know to be legitimate
This is a bit of an oversimplification, but it’s conceptually correct. SSL certificates serve as the “proof” that a communication attempt is legitimate.
In terms of setup, ecommerce website owners who want to use SSL must:
- Buy and register an SSL certificate from an SSL provider
- Register the SSL certificate in the name of the website
- Work with the SSL provider to verify that the website is legitimate, so the certificate can be “signed”
SSL certificates are issued for a specific period of time (typically, SSL’s are sold on an annual basis). This certificate is installed on the ecommerce website (easier than it sounds), and then HTTPS connections can be established. Communications are protected from almost everyone (well, everyone who isn’t the NSA).
Do Retailers Really Need An SSL Certificate?
As previously mentioned, HTTPS (and therefore an SSL certificate) is almost always required for ecommerce websites. This is because:
- There are legal requirements (privacy regulations) businesses are expected to follow.
- HTTPS is almost always required by payment processors. When your company accepts credit cards online, you agree to follow specific rules passed down by the credit card processor, one of which is to use HTTPS.
Still, there are situations where HTTPS communications aren’t necessary. If, for example, you run all your transactions thru a 3rd party payment system (like PayPal), you may not need your own SSL certificate. If you run all your transactions thru a 3rd party shopping cart hosted on a different website (like Shopify), than you do not need to get your own SSL certificate.
But even if you don’t technically need HTTPS to be compliant with the law or rules passed down by your credit card processor, HTTPS is still a good idea:
- Consumers trust HTTPS. They know it’s secure and they’re more likely to buy from you if you use it.
- Privacy laws and regulations aren’t 100% clear about what businesses are supposed to protect. If, for example, you collect people’s email addresses on your website (say, as part of a newsletter sign-up form), privacy laws could be read as to require your company to use HTTPS when collecting that info.
- Google seems to favor sites that utilize HTTPS ever so slightly, ranking them slightly higher than sites that do not use HTTPS.
The first reason – that consumers trust sites which utilize HTTPS and are more likely to buy from them – is really the only reason any eCommerce website owner or manager should need to invest in an SSL certificate. Not to mention, SSL certificates are generally very affordable.
Summing Up: SSL Certificates Are Smart For Ecommerce
While there are some costs involved with buying and installing an SSL certificate on your website, as well as a very slight performance penalty (HTTPS is about 50 milliseconds slower in terms of load times than HTTP), there are a lot of great reasons to use HTTPS:
- Consumers trust sites that use HTTPS and are more likely to buy from them
- HTTPS protects your business from legal problems
- Google (and likely Bing) might give your website a small ranking boost if you started offering HTTPS
NOTE: Before you force everyone visiting your website to use HTTPS, be sure to understand the SEO impact of redirecting all your HTTP links to HTTPS. Contact us if you don’t know what that means and/or aren’t sure about how it will impact your site.