Security & Safety
Nowadays, the great amount of online transactions and the electronic trade growth worldwide, make electronic transactions essential on a website.
Even today, most people are afraid of buying online or entering personal or bank information in a form because they feel this is not safe enough.
The key in the process of buying online is the trust, and here it is where the SSL certificate comes into play. This certificate is in charge of generating the necessary trust and knowledge in order to allow the potential client to complete the process and, finally, turn into a loyal client.
The SSL certificate service includes two parts:
Safe connection with 256 bits SSL (Secure Socket Layer) encryption
Safe connection is based on an automated technical process, therefore, by means of the HTTPS (https://) protocol all the information that is transmitted from the visitor’s machine to the website and vice versa is transformed (encrypted) in a series of illegible codes, which may only be decoded by the two parties that are authorized and involved in the transaction process (generally the visitor and the website). In other words, in case of a third party infiltration, the party that is not allowed in the transaction will not be able to decode the content of the information that is transmitted between the authorized parties. To reinforce this system safety, the keys used to decode information are renewed and agreed between the parties every time that a new session or transaction starts.
The certificate provides visitants with information about those behind the website and, based on their personal information, it especially certifies that the owners of the domains really are who they say they are. By means of this certificate, those who visit the website feel safe since their transaction is supported by a person or entity with real physical existence that may be located.
Without entering into technical details, we may say that a safe transaction begins in the precise moment that visitors enter into a safe page of a website by means of the protocol HTTPS (e.g.: https://www.midominio.com/comprar). In that moment, a process called "Handshake" starts. This may take seconds and is transparent for visitors. Basically, the "Handshake" includes the following steps:
Visitor’s browser requires a safe session to the web server.
The server replies the request by sending the corresponding certificate to the browser.
The browser verifies that the certificate is valid, matches the domain of the transaction, is within the validity date and is issued by an entity reliable for the browser.
Once the certificate and the exception are accepted, the browser generates a unique session key, which is encrypted with the public key of the server. Then, it sends it to the server so both parties may have a copy.
The server decrypts the unique session key by means of its private key.
In this stage, the "HandShake" process has been completed and a safe connection has been established, where all the information is transmitted encrypted until the session is interrupted.