Keeping it Secure

Site Security & Privacy

credit-cardIf you take payments online it is a necessity to encrypt the transfer of data in your store. Encryption is one of the main tools for privacy, trust, access control, electronic payments, corporate security, and countless other fields.

SecureSiteCommerce.Company will explain and implement the following security measures to ensure your customers have a safe online shopping experience:

  • A Digital Certificate – The Certificate Authority certifies by your Digital Certificate that you are proves you are who you say you are.
  • A Secure Protocol (HTTPS) – provides privacy between the customer (browser) when entering credit card information to your online store.
  • A Secure Protocol (SFTP) – provides privacy between you (store administrator) and the web server (the physical location of your online store).
  • A Secure Database – provides security to protect your online store database.
  • A Secure E-mail – provides privacy with critical email sent to you by your online store.
  • A Privacy & Security Policy – provides your customer with an understanding of how you will use their information.

A Digital Certificate

These prove you are who you say you are for the customer’s peace of mind. It is a paper certificate. What you actually get is a digital key that we install on your web server for your domain. When someone views your “certificate” they’re viewing the digital key that we installed. That key identifies whom the key is for (had better be you), the domain it was intended for (had better match your domain), who issued the key, when it was issued, and when it expires.

We will generate a Key to send to the certificate vendor and they will in turn send us the matching Key. Once we receive your Key, it needs to be installed on your webserver – SecureSiteCommerce.ComPany will do this for you.

We will generate a key to send to the certificate vendor and they will in turn send us the matching key. Once we receive your Key, it needs to be installed on your webserver – SecureSiteCommerce.ComPany will do this for you.


Secure Protocol (HTTPS)

World Wide Web (WWW) security is important as increasing amounts of sensitive information, such as credit card numbers, are transmitted over the Internet. We invoke this security by calling a URL with HTTPS instead of HTTP. After your customer’s browser and your web server have agreed on what secret code to use, the rest of the conversation between them occurs naturally but is encrypted. Security isn’t necessary, however, until the customer is giving you his or her private information. The form(s) where they tell you who they are, where they live, their shipping address, contact info and credit card number should all be protected by a secure transaction. SecureSiteCommerce.ComPany builds your web store with all web pages secured appropriately.


Secure Protocol (SFTP)

The World Wide Web has many different protocols. One is FTP, which is commonly used to upload and download large amounts of data to and from a web server. For online stores, it is wise to use a secured version called SFTP for many of the same reasons as above. SecureSiteCommerce.Company will make sure that all access points to your online store data is secured.


A Secure Database

This is essential for tracking customer information. There are many tricks to writing code to interact with the database so that it is darn near impossible for a hacker to get at the database. This is THE NUMBER ONE SECURITY RISK for most online stores. Rest assured that SecureSiteCommerce.Company uses all the appropriate techniques to ensure your customer data is secure!


Secure Email (PGP)

It is important for all Internet users to understand that regular email offers no privacy, and can actually be read by many people other than who it is sent to. With PGP encryption, all of these people can have free access to your email, and still have no idea as to its content – that is real privacy!

With PGP, you can digitally sign your email: Automatically, PGP will calculate a complex mathematical value based on the exact content of your email message, and will then encrypt that value to your private key. And since only you have the private key that encrypted the email, only you will be able to read that email. So when PGP says that the signature is good, that indicates that the message is both unaltered (integrity), and from who it says it is from – that is authenticity!

If you are new to all this, see PGP’s An Introduction to Cryptography. Of course, an easier solution is to have SecureSiteCommerce.Company set this up for you.


Privacy & Security Policies

The Privacy Policy tells the customer what information you gather and what you do with it. You can learn more at the Privacy Alliance.

Our policy dictates that we do not, and will not, work with companies that sell or re-sell private information collected via the web. This is true for all information, including email addresses.

The Security Policy should tell the customer exactly how you protect their private information. You don’t need to tell them about how HTTPS works but you should tell them that their credit card transaction with you is safe by displaying your “Certificate Seal”. And you should always have a link to your privacy page that states their private information is encrypted and kept safely and securely for their safety (and yours). Make this policy available on any page you secure and any page that leads to a secured page.

There is a lot more to security and privacy, through technology or common sense, be assured that SecureSiteCommerce.Company can make your online store trustworthy!