Merchants still need to up their game when it comes to online security.
And part of that means making sure you’re using SSL (secure sockets layer) technology to protect sensitive information from getting into the wrong hands.
First, let’s talk about that KRACK problem.
A couple of years back, a researcher in Belgium made a disturbing discovery: the primary method we use to secure wireless communications—called WPA2, or Wi-Fi Protected Access 2—is not as safe as we thought. We now know that significant flaws exist that enable hackers to intercept private information during the “4-way handshake,” a process in which encryption keys are sent back and forth between the client and the access point prior to connecting to a Wi-Fi network.
Simply put, the 4-way handshake is a way to verify that each party knows the password without sharing the actual password. But back to those encryption keys. Say you’re using a public Wi-Fi connection to check your email or do a little online shopping. By taking advantage of these newly discovered flaws in the WPA2 security method and using key reinstallation attacks, or KRACKs, any hacker within range can steal your information while you go about your business.
Basically, by interrupting the 4-way handshake, they can gain access to your credit card information, chat and email messages, passwords and more. And if that’s not bad enough, hackers also might be able to install malware or ransomware.
Scary stuff, especially when you consider that KRACKs affect almost every device that uses Wi-Fi.
So what does all of this have to do with SSL?
Only SSL-secure websites protect users who have a compromised Wi-Fi network. Think of SSL as an extra layer of security for your site—one you absolutely need so you’re not relying on wireless encryption alone. SSL technology protects information shared over the internet by taking plain text and turning it into something only the user and the website can understand, which means installing an SSL certificate on your web server lets your customers know their login information, personal data, credit card numbers and other sensitive information will be protected. When an SSL certificate is installed on your site, the “http” application protocol will change to “https,” with the “s” indicating the site is secure.
Here are 4 reasons why you need an SSL certificate:
1. It encrypts your data. This is especially critical if your site takes credit card payments or if you transfer sensitive information, such as health care records or banking information. SSL establishes an encrypted link between a web server and a browser. Without it, information shared across a public Wi-Fi connection can be seen—and stolen—by enterprising hackers.
2. It establishes trust. Seeing the little padlock symbol lets customers know they can purchase goods or services from your website and their personal data and credit card information will be protected. SSL also provides authentication, meaning your customers can be sure it’s really you they’re sending their information (or payment) to and not a phishing scam.
3. It boosts your Google ranking. According to the search engine, websites with an SSL certificate will rank slightly higher than those without. Every little bit counts.
4. It raises conversion rates. Trust is a big factor when it comes to converting visitors into customers; this is especially true for smaller businesses that may not have the loyal following of larger brands. An SSL certificate builds trust and establishes your site as a reputable business.
Your protection is our priority. Worldwide, 3 billion people use the internet. But the ease and convenience come with a price: the potential for cybercriminals to steal and use our private information. No doubt your website makes use of account login information for your online store—which means there’s a good chance those accounts are tied to credit card numbers and other confidential customer information.
SSL is just one more step in making sure sensitive material is encrypted so you can give visitors the peace of mind that comes with a safe and secure online experience.