Beginning an online Business

With a brick and mortar business, the main challenges presented involve initial investments, whereas the establishment of an online business requires less investment and more decision making. In the online world, decisions are the biggest investments you’ll make. As soon as you begin your first online endeavor the decisions and question asking begins – What do I want the website to look like? How am I going to list the products? In which way am I going to market the products? All of these obvious question com to mind fairly quickly, however the novice will often overlook one fundamental question – Which eCommerce web hosting solution am I going to use? Comparing the following attributes will help you make that crucial decision.

Security

The single most important attribute an eCommerce solution can have is security. When dealing with credit card numbers, bank account numbers, and other sensitive information online on a daily business, it is absolutely imperative to secure this info. The internet is a very dangerous place, crawling with hackers and cyber criminals looking to steal anything they can get their hand son. To prevent yourself from becoming the victim, you’ll want to make sure your eCommerce plan offers top-of-the-line encryption services such as SSL, as well as fully functional firewalls and anti-virus programs that scan your web applications.

Reliability

The next factor to consider would be reliability. Running an online business is all about providing customer convenience. In fact, the main reason why consumers choose to shop online rather than go to the store is convenience. Offering your customers maximum convenience means providing a stable and convenient website. If your eCommerce hosting plan is unreliable, then your site will be plagued with crashes and poor performance on a regular basis. Make sure you look for packages with unlimited features, such as unlimited bandwidth and server space. Customer reviews will also help you decide which plan would be the most reliable.

Support

Another attribute that is closely related to reliability is support. Users that are just beginning an online business will need a competent support staff ready to handle their problems at all times. As an online business owner, you’ll inevitably face many problems as you learn the ins and out of eCommerce. To simplify this learning experience you’ll need a good support staff by your side. Make sure the service you choose offers 24 hour support, and can be contacted in a variety of ways. Perhaps the best way to gauge the support capabilities of a company is by reading reviews and calling the support staff yourself.

Similarities and Differences

SSL and TLS differ in such a way that they are actually inoperable with one another.  However, they are essentially equal in terms of the level of security they provide.  For instance, both can ensure that your data is protected with reliable encryption when traveling over the internet.  They also make sure the server you are communicating with is the one you intended to contact and not a middle man eavesdropping on your transactions.  This is because any server with SSL or TLS installed must also be equipped with certificates issued by a third-party CA (Certificate Authority) such as Thawte or Verisign.  These certificates essentially verify that the website actually belongs to the domain name owner and server.

The main difference between these two protocols is that an SSL connection starts out by applying security and then proceeds into secured communications while a TLS connection does not.  TLS actually begins with an insecure “hello” to the server.  It only proceeds into secured communications after a successful handshake between the client and server.  Should the handshake fail for any reason, TLS will not create a connection of any sort.  Despite this significant difference, SSL and TLS both make fine options for security.  You really can’t go wrong with either.

The TLS Advantage

There are reasons to choose TLS over SSL, and the most significant relates to how it was developed.  TLS is based on open community standards, which makes it far more extensible and more likely to be supported in the future.  Perhaps the most unique advantage of TLS is that it is backwards compatible, which basically means that it can be scaled to secure client side connections that only support SSL.  Another distinct benefit is that TLS permits secure and insecure connections over a single port, while SSL designates one port for secure connections only.  Even this factor does not make either any more or less secure than the other.

When it comes to SSL or TLS, what you need to know is that by not using either, the communications between you and another server can become the party line for eavesdroppers and cyber criminals.  The data contained in your email, login screens and even financial transactions will be delivered across the net in plaintext for all to see.  In addition, there will be no way to ensure that the server you connect with is valid and not just an interloper or middle man setting you up for the fall.  Therefore, it would be wise to adopt either of these protocols to keep your communications private.

1.) Make Use of Encryption

In order to protect the monetary transactions occurring on your site, you at least need to have an SSL certificate with no less than 128-bit encryption.  This security tool can be installed and managed by a third-party vendor such as VeriSign or you can choose to handle the configuration yourself.  What SSL does is scramble the data being sent over the internet in a code that is unreadable to hackers.  Thus, when sales on your website are made, the financial details of your customers is encrypted, securely transmitted and then decrypted by your payment processor.  By placing an SSL certificate seal on your website, you can calm the nerves of consumers and encourage them to shop your store in confidence.

2.) Check Your Buyers

Although you don’t want to look as if you are suspicious of everyone, the prevalence of credit card payments increases the probability of a customer using someone’s financial information without their knowledge or approval.  To minimize situations like this, you should check the identity of your customers.  This can be done by not only obtaining their name and credit card number, but also their home address, telephone numbers and the security code located on the back of the actual credit card.  By doing so, you can better assure that the financial details submitted actually belong to the individual making the purchase.  If the card comes back as stolen, you could end up playing a role in helping authorities track down the criminal.

3.) Research Your Merchant

To ensure that financial information will not be stolen following the transaction, it is imperative that you run a thorough check of the merchant account provider processing your credit card payments.  You can start by reading reviews to learn if they have a history of fraud or security issues.  Don’t hesitate to speak to the company directly about the security measures they employ and most importantly, to make sure you are completely confident in their services.  If you have any doubts about the provider, follow your instinct and move on to the next option.

Security is a hot topic in seemingly every industry these days.  If you are using the internet as a medium for your business, these certainly are not times when you can just sit back and simply hope for the best.  Hackers and their attacking mechanisms grow more advanced everyday, so it is critical that you take the appropriate actions to keep both you and your customers out of harm’s way.

What is an SSL Certificate?

Secure Sockets Layer or SSL, is a security protocol that enables encrypted communications between the customer’s web browser and the server your store is hosted on.  This is accomplished by what is known as a handshake, a process where the server’s identity is confirmed and a secure connection created.  SSL typically offers 128-bit encryption, formulated by an algorithm which generates a key that is virtually impossible to crack.  An SSL certificate shows that your site is secure and safe for shopping.

How to Get a Certificate

SSL certificates are offered by entities known as Certificate Authorities, with the most popular being GoeTrust, Thawte and Verisign.  For the most part, these authorities provide certificates that give you the same level of security.  A single certificate can encrypt the data traveling between the server and each of your customers’ web browsers.  The average online storefront can get adequate protection from a basic SSL certificate.  You also have the option to purchase additional services to strengthen the level of security.

Installing the Certificate

Although many web hosting providers offer SSL certificates as add-on products, you typically have the freedom to incorporate one purchased from a third-party vendor as well.  In most cases, you can learn how your SSL certificate is to be installed via the instructions in the control panel software or by contacting the host’s technical support department.  Some of the most advanced control panels even allow you to incorporate an SSL certificate directly from the interface.  Once installed, the certificate is automatically enabled.  You will know it is activated when noticing “HTTPS” in front your URL rather than “HTTP”.

Designing for SSL

The design of your site is very important when implementing an SSL certificate.  In order for your web pages to be viewed as secure, all scripts, graphics and media elements must be deemed secure as well.  You have probably visited web sites where a warning displays stating that some of the elements of a particular page are not secure.  These messages are prompted when external elements of a web page are not called using the HTTPS protocol.  In many cases, the certificate is valid and secure but the page isn’t designed properly for SSL.  All the external elements of your page must be called using links that include the full URL.  One simple graphic that doesn’t use HTTPS will generate a “not secure” error.

Conscious online shoppers are increasingly looking for SSL certificates and if you don’t have one, you are missing out on a lot of business.  You can have some of the most beneficial products online but if no one feels safe buying them, they will hesitate to proceed with the transaction.

Elements of CMS

The open-source CMS consists of various elements, many of which contribute to vulnerabilities.  The average software includes add-on modules, encryption mechanisms and a plethora of scripting errors.  These elements can simply be a part of a certain product or included into the entire system.  Completely securing such an application on a web server is no easy task.  All publicly accessible server applications are designed for around the clock availability, providing access to visitors and attackers alike.  Without the proper security implementations, an open-source CMS is essentially wide open for an attack.

Insecure software can inflict a significant amount of damage, especially when it comes to a program as functional as a content management system.  When vulnerabilities in such software are exploited, the best result could be the defacing of your website.  The worst case scenario would be the exposure of sensitive data that blemishes your credibility and possibly ruins your business.  There have been various reported instances where vulnerable systems resulted in the leakage of Social Security numbers, credit card details and other personal information.

Joomla, Drupal and other CMS Targets

It is no surprise that some of the most widely used open-source content management systems such as Joomla and Drupal are among the most targeted on the web.  The fact that the source codes of these systems are freely available and have numerous installations make them a prime target.  While the average visitor can’t distinguish between a commercial and open-source product, they tend to be easily identifiable to attackers.  A simple web browser along with the viewing of URLs and HTML patterns in search engine results can give a hacker all the information they need to strike.

One of the most attractive aspects of the open-source CMS is that you can customize and actually own a particular product.  On the other hand, because the software is originally developed by someone else, it is very likely that there are a few things you don’t know about the program, meaning you can’t ensure security after making changes.  This is why many open-source systems include disclaimers against third-party modification as well as the overall security of the software, basically telling developers to use at their own risks.

With so many people handling the code, it is unpractical to think that any open-source CMS will ever be 100% secure.  The best thing you can do when relying on these solutions is to understand the risks, make sure you are using the most recent versions and design your web pages with caution.  Attackers are persistent but not nearly as powerful when their methods of attack are limited.