A presentation on SSL certificates and its requirements.
Plus, answering the question: "Is the SSL certificate required by law for ecommerce stores?"
Read related blog post here:
https://termsfeed.com/blog/ssl-required-e-commerce-stores/
2. (1) Link to https://www.digicert.com/ssl.htm
SSL stands for Secure Sockets Layer (1).
SSL ensures that any data or information a
user submits to the website, such as credit
card information to make a purchase, will be
protected and private.
3. To view more information about a SSL certificate, users
can click on the Details link, then click View Certificate.
4. Here's an example of how the
Shopify (2) website shows up
as being secure.
(2) Link to https://www.shopify.com/
5. PCI DSS stands for Payment Card Industry
Data Security Standard (3).
This standard was created in an attempt
to help protect credit card companies by
requiring that merchants and companies
that process, store or transmit credit card
information maintain a secure
environment.
(3) Link to https://www.pcisecuritystandards.org/pci_security/
What is PCI DSS
Compliance
6. Complying with
PCI DSS
Being compliant with PCI DSS
means meeting the following
list of 12 requirements (4).
(4) Link to https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
7. Ecommerce stores that use some third party
ecommerce platforms, such as Shopify (5),
Bigcommerce (6) and others, will have all of
these requirements taken care of by the third
party and won’t have to maintain a separate
compliant network.
(5) Link to https://www.shopify.com/
(6) Link to https://www.bigcommerce.com/
Complying with
PCI DSS
8.
9.
10. Keep users
informed through
a Privacy Policy
To make sure your customers feel
comfortable shopping at your store,
you should make mention of the
security of user data in your Privacy
Policy agreement.
You can also include a note that your
store uses SSL certificates.
11. Examples
Nike (7) includes a section titled "Protecting Information"
in its Privacy Policy (8).
Enjuku Racing (9) includes a section on "Security" in its
Privacy Policy (10).
(7) Link to http://www.nike.com/
(8) Link to http://www.nike.com/us/en_us/c/help/privacy-policy
(9) Link to http://www.enjukuracing.com/
(10) Link to http://www.enjukuracing.com/privacy-policy/
12. NIKE SHARING
Information that is publicly shared may be used by Nike for promotional purposes.
PROTECTING INFORMATION
Security Measures: We use a variety of security measures, including encryption and authentication tools, to help
protect your information. We use secure servers when you place orders. All credit card information you supply is
transmitted via Secure Socket Layer (SSL technology and then encrypted within our databases.
NO GUARANTEE
However, like other companies, NIKE cannot guarantee 100% the security or confidentiality of the information you
provide to us.
13. SECTION 5 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to
make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer
technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet
or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally
accepted industry standards.
14. There isn’t currently a law that requires you
to have a "Security" clause in your Privacy
Policy agreement to inform customers
about your ecommerce store's use of SSL
certificate and how their credit card data is
protected by your store.
But privacy laws, in general, demand that
ecommerce stores take care of customers'
personal data by protecting their privacy
and keeping them informed of privacy
practices, including policies on safety and
security of data.
Is SSL
Required or Not