Secure Online Transactions Through SSL/TLS

Interent transactions today are highly vulnerable to exploitation by cyber criminals. Online transactions in the current situation must be dealt very sensitively and sensibly in order to avoid any kind of data theft. The Secure Sockets Layer (SSL) enables encryption of sensitive data during online transactions through advanced encryption methods and validation processes. Encryption of data makes it very difficult for unauthorised people to view the information during data transmission, thus making your online transaction highly secure.

Almost all websites online are using SSL/TLS for securing their online transactions with their clients. All the popular browsers are having mechanism to identify the certificate and validate it. When you are visiting a secure site the browser will display a “lock” icon in its status bar. The internet address of a secured site begins with https:// rather than http://, where ‘s’ represents that the site is using a secure server. In the absence of any of the above indicators, it is recommended to avoid doing online tranasaction within the site.

Data encryption and SSL/TLS Process
An authenticated website for online transaction gets its SSL/TLS certificate from an Certified Authority (CA) like Verisign. The certificate is installed in the web server hosting the authenticated site.

• When a user tries to access this authenticated site through his web browser, it sends a web page request to the web server.
• The server now responds with the SSL certificate.
• Web browser first verifies the validation of certificate, then encrypts the key seed of the session using SSL Public key and sends it to the server.
• Server sends an indication that all the future transmissions are encrypted.
• Then the communication between server and the browser in encrypted format follows until the connection closes.

Importance of SSL certified sites
Internet today can be called as wild west. This has become a major obstacle for the growth of ecommerce and online transactions. Making secure online transactions in these conditions majorly requires privacy and identity assurance. SSL/TLS certificate ensures both to the user. The encrypted format of data ensures safety from cyber criminals who try to steal the information during transactions. Identity assurance is another major feature of SSL/TLS certificate. This certificate is hard to obtain for ordinary or illegitimate websites. However, working with a website certified by an established CA is also important.

The credibility of SSL/TLS certificate
As mentioned earlier SSL/TLS certificates are not easier to obtain. These are operated by Certified Authorities. Certified Authority (CA) usually will be an well established entity. New comers must have to undergo significant barriers to enter into SSL/TLS certificate market and to be included into the webbrowser’s trusted “root” SSL/TLS certificates list. Thus, if it is an established CA that provides credibility for a SSL/TLS certificate, it is a secure and reliable browser that gives credibility to the CA.

How to validate a website for SSL certificate?
As SSL/TLS certificates are not easy to obtain, cyber criminals use different methods in web programming to create one of their own. However, we can validate a SSL certificate claimed by a website using few simple steps:

1. Open the URL in a website and make sure that the URL starts with “https://” rather than “http://”
2. When the website is loaded in the browser look for the lock icon. The lock icon is situated in the upper-right corner for Safari; in lower-right corner for Firefox and IE. The lock icon is situated in the right end corner of the address bar for Google Chrome. However, a lock icon doesn’t necessarily mean that the site is SSL certified.
3. In order to validate the SSL certificate click on the lock icon of the browser which displays a pop up window of the page info. Click on view certificate option for further details. This will show further details of the organization and the CA who issued the certificate. Check on the expiry date of the certificate by selecting Validity – > Not After.
4. Always use high security browsers while doing online transactions. As these high security browsers have emerged after the development of the Extended Validation (EV) standard established by the CA/Browser forum, they can perfectly recognize between a valid and non-valid SSL certificate. IE 7+ and Mozilla Firefox 3+ versions are examples of high security web browsers.
5. Many web browsers block the webpage from loading and give an warning message when they find a website with suspicious or invalid SSL certificate.