In a perfect world, every website would be SSL encrypted; there would be no concerns about submitting credit card information through a Web form. In reality, many websites are lagging far behind, without using encryption.
The biggest problem is customers don't know their credit card information isn't being safely transmitted when a website isn't using SSL.
SSL is no longer optional
As a business owner, it is your responsibility to protect your customers wherever possible. This includes securing your website with SSL. SSL stands for "secure sockets layer" and provides a secure, encrypted connection between a web browser and the server being interacted with.
Since information submitted through Web forms passes through multiple channels prior to reaching its destination, there is great risk involved when that information is not encrypted. SSL encrypts data submitted through Web forms. Even if the data is intercepted, it can't be read.
Are you putting your customers at risk for identity theft?
Skimping on SSL encryption has the potential to destroy a customer's financial life. If your visitors submit their credit card information through an unencrypted connection, they're more likely to become a victim of identity theft.
According to the credit experts at Lexington Law, "When you fall victim to identity theft, your credit score also falls. Typically, a criminal will open accounts, apply for new loans or lines of credit under the name of their victims, and then not pay the bills. When this happens, scores plummet. Credit inquiries also impact your score and bring it down by a few points each time a lender checks your credit report."
Identity theft is worse than a fraudulent credit card charge
When someone steals credit card information and makes an unauthorized purchase, it's easy to file a claim and be refunded by the bank. Recovering from identity theft isn't as simple. The damage is often realized when it's too late, and the victim's credit reputation has been destroyed.
Although consumers can file a fraud alert to let creditors and potential landlords know their identity has been stolen, it doesn't restore their credit score immediately. The unauthorized, unpaid bills can remain on their credit report for years and it's a hassle to clean up.
While a fraud alert will be visible to anyone checking their credit report, they'll have a lot of explaining to do when applying for lines of credit, renting an apartment or applying for a job.
If one of your customers winds up a victim of identity theft because you didn't secure their credit card information, you could be putting their ability to gain employment at risk.
It's common today for hiring managers to check a person's credit prior to hiring them. As Brian Larsen discovered, having bad credit can trump your expertise in your industry.
Working as a banker for 14 years, he failed to land a job for three years. Potential employers used the short sale of his home listed on his credit report to determine that he was high risk. They concluded that because he had missed four mortgage payments that ended in a short sale, he was likely to take a bribe.
Employers need to look out for their business, but good people are getting the short end of the stick. Larsen wasn't a victim of identity theft, but his story is a good example of how employers will use a poor credit report to deny employment.
It takes time to resolve identity theft, so even when items on the credit report are inaccurate, landlords and hiring managers won't know it.
How to know if you need an SSL certificate
You need SSL if you're collecting sensitive information like logins, passwords, financial information, personal data, proprietary information, legal documents, client lists or anything else that should remain confidential.
Obtain your SSL certificate ASAP
Not all SSL certificates are the same. In fact, there are different types of SSL certificates that exist for different purposes. Some certificates cover one domain; others cover multiple domains.
Certificates also vary based on the level of validation needed. There are domain, organization, and extended validation certificates that all serve different purposes.
Your Web host provider likely offers SSL certificates for a decent price. If they'll set it up for you, it's worth paying extra. Just be sure you get the right certificate. Don't buy it online; talk to a live representative to be sure you're purchasing the correct certificate.