Information Centre

SSL (Secure Socket Layer) is a server-side service that encrypts data submitted by an online form. It's a critical element of ecommerce transactions.

SSL is commonly used in conjunction with shopping carts to secure the transmission of sensitive data, such as credit card information and other payment details.

When a browser requests an SSL page, usually indicated by a web address (URL) beginning "https:" instead of just "http:", it automatically asks the server for a digital Certificate of Authority (CA) to authenticate the server's identity. 

If there is a problem with authentication of the certificate or elements on the page, the browser will usually generate a warning; alerting the user to the fact the page, or elements of it, may not be secure. 

If authentication is successful, a locked padlock icon will appear in the person's browser, usually on the browser status bar at the bottom right hand side or next to the browser address bar. In the case of an unsuccessful authentication or insecure elements being hosted on the page, the padlock icon may have a cross through it or the padlock is displayed as being broken or unlocked.

Once successful authentication takes place, the browser viewing the page will automatically encrypt any data sent to it, such as the submission of a form. The type of encryption used is usually 128 or 256 bit and is very secure. The server then decrypts that information once it is received using a secret key. In a similar manner, any information sent by the server over an SSL connection is also encrypted and then decrypted by the user's browser. 

The whole authentication, encryption and decryption process is seamless and automated - there is nothing the user needs to do. 

An insecure checkout page is one of the major factors contributing to shopping cart abandonment. Offering a payment process secured by SSL not only helps protect your customers' confidential information, it inspires confidence in potential customers; which can in turn increase your online sales. 

HANDY TIP: As mentioned, if there is a problem with authentication of an SSL certificate or elements on what is meant to be a secured page are detected as being insecure, the browser will usually generate a warning - but not always.

It's the padlock icon in a browser that acts as a real indicator of whether a page is secure or not. Simply being able to access a page via https: doesn't necessarily mean all is well.

For example, some browsers won't flag non-critical issues such as an image on a page being referenced via http instead of https or through a relative path. Others, such as Internet Explorer, will generate an alert window which can be very off-putting to someone considering a purchase. However, most browsers will indicate an issue via the padlock icon - but even this isn't 100% assured.

Sometimes web site owners may be blissfully unaware of a problem on their secure pages if they aren't using Internet Explorer due to an absence of alerts under certain conditions. This is why it's important to check all secure pages in multiple browsers; particularly Internet Explorer, Firefox, Chrome and Safari - and not just watch for alert windows, but the status of the padlock icon.