When customers buy something from your store, they share their private data — name, email, credit card details — with you. As a merchant, you want to keep this vulnerable data secure from hackers, scammers, and data thieves. That is crucial for building trust with your audience.
You can and should protect your customer data and increase the trust in your business with HTTPS protocol and an SSL certificate. Not only can those tools improve security and increase your trustworthiness, they can also help your store rank better in search engines.
If you sell online with Ecwid, you’ll be pleased to know that your customer data is already protected. Yet, using an SSL certificate can have a few additional benefits.
In this post, we’ll show you how the HTTPS protocol and SSL certificates work, and how you can get them for your website.
Understanding SSL Certificates and the HTTPS Protocol
On the internet, all data is transferred from device to device according to certain rules or protocols.
For websites, this protocol is called HyperText Transfer Protocol (HTTP). It transfers the data that your customers enter on your website to the server that hosts your website, and then it helps to send the response to the browser. For example, the user presses a button and a new page opens, or they fill in the email registration form and see the confirmation of a successful registration.
The problem with HTTP is that it doesn’t protect any data that’s transferred from browsers to servers. Any data going through HTTP is essentially “naked”.
A good analogy is to think of two students passing notes across a classroom. Any of their classmates can read, copy, or even replace the note. It’s the same with your customer data: a villain can steal credit card details and money from it.
That’s why a new protocol was created for protecting data: HTTPS (HyperText Transfer Protocol Secure). With HTTPS, all data transfers between a user and a web server are encrypted. This encryption is so complex that it is nearly impossible to hack and use the data.
In order to use the HTTPS protocol, your site first needs an SSL (Secure Socket Layer) certificate.
An SSL certificate is essentially a key for encrypting data. It protects data on three levels:
- Data encryption. Hackers won’t be able to see what information a user entered on the site or to track user actions on a page. Think of it as a note written with a cipher — it can only be read by someone who knows the key.
- Data integrity. Hackers can’t replace or distort the transmitted data. Further, without knowing the key, it is impossible to write, edit, or manipulate the data, just like in a ciphered note situation.
- Authentication. SSL ensures that a user is on a trusted site and not on a hacker’s page. If just two participants know the key, they are sure to know from whom they received the note. A stranger cannot pass their own note and get the information by cheating.
You can see if a site is protected by an SSL certificate via the HTTPS protocol in the URL address. Most browsers indicate it visually in the form of a lock icon:
SSL certificates are distributed by special organizations — certification centers.
Who Should Use SSL (and Why)
SSL is required for sites where users were entering sensitive information — such as credit card details. E-commerce stores that do not want to lose their customers have been using the HTTPS protocol for a while already.
But often, online stores only protect registration and checkout pages with SSL, because those are the only places where their customers share personal data. The rest of the website often works on the insecure HTTP.
Today, HTTPS is a must for every web page. There’s a number of reasons for it.
Browsers flag unprotected sites
Chrome and Firefox, two of the most popular browsers in the world, visually mark sites that don’t use SSL.
For now, only a gray information icon is visible. But in the future, browsers plan to change the security indicator to a red triangle for pages on HTTP. Your customers are used to seeing this as a “warning” indicator.
Consequently, not using SSL can make people afraid of buying from your website.
Using SSL improves rankings
Back in 2014, Google announced that it would consider using SSL as a ranking signal. This meant that sites using SSL would get a boost in search engine traffic.
Payment service requirements
A growing number of payment services have HTTPS as a requirement for working with them. For example, Apple Pay works only with HTTPS.
It increases trust
“Concerns over payment security” is one of the top 10 reasons for shopping cart abandonment. When you add an SSL certificate to your store, you visually communicate to users that their payment data are safe.
More trust, of course, equals more sales.
If you want your customers to easily find your store in search engines and trust you more easily, don’t put off switching to HTTPS.
How to Get an SSL Certificate and Switch to HTTPS
To switch to HTTPS, you first need to buy and install an SSL certificate on the website. This process can be either simple or more complex for some stores, depending on the kind of site you have.
1. You’re using an Ecwid Starter Site
Anyone who has registered with Ecwid gets a website with a built-in online store. This site is completely free for all users.
You might know this as the Ecwid Starter Site.
If you use this site, then you already have an SSL certificate by default. An online store on an…