SSL Certificates, Security and PCI Compliance
We want to make sure that you understand about SSL and PCI Compliance.
This section will help you to understand eCommerce security and what we offer in-line with these requirements. As with all of our website information, if you are unsure of anything please Contact Us for more details.
SSL Certificates and Integration
Our Corporate Package includes both SSL Integration & a GeoTrust QuickSSL Premium Certificate.
Our standard eCommerce Packages do not need to be SSL Secured by law (unless you need PCI Compliance).
However, there are a few exceptions and it is good practice to secure your website with an SSL Certificate, as SSL encryption boosts customer confidence and reduces the risk of confidential data loss.
SSL (Secure Socket Layer) encryption is a method of securing your customer's private data, specifically in areas where customers type their private data. Your whole website would never need to be encrypted through SSL, only areas where data is exchanged through the web browser.
An SSL Certificate is not the security itself, just a method of validating that the page is secure and visually displaying a confirmation of SSL security to the customer. This is why we offer two services for you to consider:
SSL Integration
SSL Integration is the method of protecting your customers private data from any potential hackers. We would secure the following areas of your eCommerce website with SSL Encryption:
- Your entire checkout process.
- Customer account (login) areas of your website.
- Entire admin control panel.
We SSL encrypt areas that a customers' private data is visible, leaving your website 100% secure.
Within the integration we can install any SSL Certificate of your choosing, however we do offer GeoTrust SSL Certificates (recommended), as below.
Read more about SSL Integration on our eCommerce Packages Extras section.
GeoTrust QuickSSL Premium SSL Certificate
We can install our recommended GeoTrust QuickSSL Premium Certificates for only £279 per annum.
We recommend GeoTrust as they are cost-effective, quick to install, secure, reliable and reputable.
Read more about GeoTrust QuickSSL Premium on our eCommerce Packages Extras section.
PCI Compliance
We are going to try and make PCI Compliance as simple as possible for you to get to grips with, as it is not the simplest or the most clear of eCommerce security requirements.
PCI Compliance is the regulations for security (and associated testing and proof) required when taking credit/debit card payments directly through your eCommerce website.
For PCI Compliance requirements to apply you have to actually take the payment through your website, storing the card data (not through a payment gateway redirect). Therefore, if you wish the customer to input the credit card number while on your website (not sending them through to the secure payment gateway) then PCI Compliance rules may apply.
The reason for PCI Compliance is to set an industry standard minimum level of security for all UK eCommerce websites, to reduce credit card fraud and hacking. It is a very serious matter, with very serious consequences for those who do not follow the PCI Compliance requirements carefully.
There are a few exceptions and it is crucial that you Contact Us to discuss PCI Compliance if you are unsure of what it is, if it effects you and what to do.
FAQs:
1. Are your eCommerce Packages PCI Compliant?
Yes. But they don’t need to be unless you want to take payments on your actual website. While the software itself is already PCI Compliant, this is only a fraction of the PCI Compliance requirements and much more work is still required to achieve the "PCI Compliant" status on a per-client basis.
2. Do you recommend me being PCI Compliant and taking payment through my website?
No. There is generally no benefit for taking the payment directly through your website.
For smaller companies this is an expensive process that requires a number of significant assessments to be performed before you meet the "PCI Compliant" status.
In addition, sending your customers though to your payment gateway (e.g. CardSave) is security for them; they know that when paying the PCI Compliant payment gateway directly, you are not going to get their credit card information and as a major benefit, you are not legally liable for data loss/credit card fraud.
Your customers therefore don’t need to worry about potential fraud and you don't need to worry about PCI Compliance, or being liable for any potential data loss or hacking.
3. How Much Does PCI Compliance Cost?
This all depends upon your turnover and the payment gateway of your choosing. There are 4 levels of required PCI Compliance (and associated security requirements) based on anticipated and actual turnover volumes.
The higher the turnover, the more hoops you have to jump through to make your website PCI Compliant. These rules do not just apply to your website, but your eCommerce Hosting and the associated web server. The higher-level tiers of security require the website to be hosted on a dedicated server and further assessments to be completed before "PCI Compliant" status is achieved.
Please Contact Us directly, if you want your website to be PCI Compliant, for a bespoke quotation. Our package prices do not apply, as PCI Compliance is a time consuming process that requires an increased budget starting from £5000.
