Secure Online Shopping and High Street Shopping Outlets
Javascript DHTML Drop Down Menu Powered by dhtml-menu-builder.com
 


Online Security


  • Why is security required for the Internet? The Internet has been a revolution to commerce and the transfer of data in general, which has developed new global business opportunities for all, including major enterprises, small to medium sized businesses and individuals alike. However e-commerce has inevitably attracted crime and developed a new breed of online criminals ranging from fraudsters and hackers to cyber terrorists. The growing concerns associated with conducting e-commerce have now resulted in the fact that security is an essential factor for online business success. The market is now educated in the basics of online security and the majority of online users now expect security to be integrated into any online service they use and as a result they expect any details they provide via the Internet to remain confidential and secure. SSL is utilised as the core security technology to protect customer's online transactions and informs users that the security of the online business is being taken seriously. In fact SSL provides proof of a digital identity and allows online customers to visibly see that their digital transaction will be confidential. These are essential factors in gaining customer confidence and remove the concerns and risks associated with sending sensitive data over the Internet. SSL is essential to allow the true benefits of the Internet to be realised.

 

  • Why do we currently not use 3D Secure? By now everybody will have come across 3D-Secure, or to give it its trade names; "Verified by Visa" or "MasterCard SecureCode".

    In short you as a consumer do NOT benefit from this service, we as retailers should, however this may not be true. 3D secure is a  system where, as you click the Buy button on a website, you are magically transferred to your bank or card issuer. There you have to enter another password. In theory it all seems straightforward enough but.....

    1. Each card issuer/bank has their own strength of password rules which means you end up creating a new, unique password that is instantly forgettable. Let's face it we all like to use the same password wherever we go.
    2. You are NOT actually being directed to your bank. You're directed to a third party service, like SecureSuite, where you enter your account and pin/password. Yet our banks tell us frequently not to enter these details on any website other than theirs.
    3. Sometimes the 3D-Secure service is embedded within a retailer's website. This prevents you from checking out their secure certificate (clicking the padlock) and ensuring they are who they say they are.

    So, you are asked to set up a password to a third party service you can not verify. You might be asking why this has been developed? Well, when a card is used fraudulently it's us as a  retailer who loses out. If a thief buys a bra from our site using your card, they potentially could get the item and you get your money back. We are a bra short with nothing to show for it.

    If the payment went through 3D-Secure then the liability is shifted to the card issuer/bank. This is why some retailers favour this method. However, most web retailers confirm there's 9% to 21% reduction in 3D-Secure sales because customers don't complete their transaction because it's just too complicated/scary for them! So we still lose out and that's why we do not use 3D-Secure. We decide if the transaction maybe fraudulent with our many years of experience and stand by that decision.

 

  • What is SSL? SSL (Secure Sockets Layer) is a security technology that is commonly used for encrypting communications between users and e-commerce websites, thereby securing server to browser transactions. The SSL protocol utilizes encryption to prevent eavesdropping and tampering of the transmitted data, and is used to secure information passed by a browser (such as a customer's credit card number or password) to a webserver (such as an online store). SSL protects data submitted over the Internet from being intercepted and viewed by unintended recipients and is used by hundreds of thousands of websites in the protection of their online transactions with their customers, SSL is the de-facto industry standard Internet transaction security technology.

 

  • How do website visitors know if a website is using SSL? When a website visitor connects to a webserver using SSL they will see that the URL in the address bar begins with https:// rather than the usual http:// and also a small gold padlock will appear in their browser. Whenever a browser connects to a webserver (website) over https:// - this signifies that the communication will be encrypted and secure. The actual complexities of the SSL protocol remain invisible to the end customer. In summary, SSL is the de facto web transaction security technology. Webservers have been built to support it and web browsers have been built to use it. SSL provides the ability to secure customers transactions transparently without the customer having to do a thing! Once you proceed to the secure server (payment page) the above applies on our site and links to www.securesiteservers.com.

 

  • What is required for a website to use SSL? In order for a website to use SSL a SSL Certificate is required (also known as Web Server Certificates and Secure Server Certificates). SSL Certificates are installed onto the webserver hosting the particular website and allow access to the security functionality of the webserver itself.

 

  • How is a SSL certificate installed onto a webserver? When SSL is first activated on the webserver, the webserver requires information about the identity of the website including the website domain name and company details. The webserver then creates two cryptographic keys - a Private Key and a Public Key. The Private Key is so called for a reason - this key must remain private and secure, only residing on the webserver. The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data file which also contains all the website credentials. The Private and Public keys are used in the encryption process, so that the data passing between the webserver (website) and the customer's browser remains confidential and secure. The CSR generated is submitted to Certification Authorities during the SSL Certificate application process. The Certification Authority then validates the website credentials and issues an SSL Certificate containing the digital identity of the website, binding the domain name to the company details. The webserver will match the issued SSL Certificate to the associated Private Key and allows the webserver to establish encrypted links between the website and customer's browsers.

 

  • What does a SSL certificate look like? SSL certificates can be seen by simply double clicking on the padlock symbol when displayed in the browser. All SSL Certificates are issued to either companies or legally accountable individuals. Typically SSL Certificates contain the domain name, the company name, the address i.e. city, state and country. It will also contain the expiry date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, that it has been issued by a Certification Authority the browser trusts and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user. Our site links direct to www.securesiteservers.com

McAfee run regular website tests on random site. This is the latest independent test findings on our site.

  Safesurf Test Results

 

Left Arrow

Return to Front Page.
 Material Copyright © 1998 Louise's Boutique