Facts About SSL Certificates & the Website Forms that Need Them

When someone visits a website, that someone wants to know that any information they enter, or anything they do is secure. The SOS, or secure order form, concept applies to much more than just the order form itself. It applies to every aspect of a merchant's website. While concerns about personal privacy have become quite widespread, it is an important concept, considering that when it comes to the owner of a website conducting business, but even more important when that owner is conducting business using any kind of form that are available today. Ensuring the privacy of all involved becomes an issue which must be resolved before opening that website, or conducting any kind of business, lest the customer's privacy be made public and the owner of a website's reputation ruined for reasons that could have been avoided. It could also be the major difference between a website succeeding or failing miserably.

The Initial Concept of Privacy

The definition of a secure form is one that allows a website's visitors to conduct their business, move around on the site and enter any and all information, knowing they are protected. When the visitors can move around freely without the fear of recrimination for what they do-or the information they enter, it makes all the difference when it comes to trust-and satisfaction of a customer.

The invasion of one's privacy or theft of a person's information is a very real possibility when surfing the Internet. These things are also important in the realms of conducting any kind of business. If you just happen to fill out a form to subscribe to a newsletter, so it can be delivered to your inbox, you want to know the information is safe and will not be used for anything else, like SPAM for instance. You need the assurance of information privacy and safety so no one else may use your information for any purposes, malicious or otherwise.

A Regular vs. Secure Forms

A website owned by a merchant uses forms for a visitor to enter their information. What do you think want to buy? Just enter the information on the form so the website owner can send it to you. A customer will fill out another form after filling out the one with the order information. These next forms are so the website owner knows how the item will be paid for. This form will usually contain some very private and personal information. Credit card numbers to make payments, check routing, and account numbers as well as banking account numbers, all go on the form. And while the newsletter request forms do not always require this type of information, it still requires at the very least an email address, which is still private.

Making the Forms

Forms are relatively easy to make. Using a program to help or if you have knowledge of basic HTML, depending on the extent of the form, they only take about five to ten minutes to code, or make, and two minutes to implement within a page on the website. Any person with this basic knowledge can do this and in turn steal your information. These forms are not secure, however, which makes it easy for anyone with the know-how to steal the information.

A secure form, however, uses special features, like SSL encryption, which cannot be coded into the form itself but is a certificate that resides on a server. The SSL is to make sure all data transferred is safe. The SSL, or Secure Socket Layer, encryption is what causes the padlock at the bottom of the screen's status bar and it also adds the "s" in "https," part of the URL of a secure site. The forms that use the SSL encryption use it to translate data entered into the text field that is contained within the form. It then turns it into an SSL coded and encrypted "string" of informational data that is unencrypted when it reaches its destination, usually a server of some kind-where the SSL certificate resides. This ensures only the intended can read the information, not a hacker who can intercept the data during the transfer. The hacker can read what it says on an unsecure form.

How to Obtain an SSL Certificate

You must apply for an SSL certificate from a trusted and authorized issuer. While there are only six trusted signing companies to offer the service, there are many who act as intermediaries to obtain the certificates for you and on your behalf. The trusted Certificate Authorities, or CA's, include Veri-Sign, RapidSSL, and Thawte, among a few others. The problem with obtaining a certificate from a larger company or a bigger name company is the price paid for each certificate for a length of time. Some charge up to $2000 per certificate.

Finding lower cost options, however, is realistic and there are quite a few options to do so. Final cost of a certificate depends mainly on how many certificates you need, the time length and the type of encryption you need. Free and lower priced alternatives start to look like a good choice when faced with a bill of $100,000 for over 100 websites with top-level encryption. Many website owners face this type of bill these days. Obtaining a certificate through your web hosting company, such as GoDaddy.com is one option. Another is going through a free company, such as CSCert.org. While the prices rage for GoDaddy from $99 to $199, it is a much more viable option than the same certificate form Veri-Sign. It is still the same exact certificate; just a different CA signed it.

References & Resources
Veri-Sign: SSL Certificates
Thawte: Home & Information page
Veri-Sign: PDF Beginner's Guide to SSL Certificates
Simple Online Solutions: Secure Order Forms
Rapid SSL: FAQ's
CACert: Are You New to Cert?