What does TLS, SSL and SET mean to your E-commerce business?
May 20, 2015
With the rapid growth in the internet over the past years and, more importantly, the popularity of online shopping, online security is an increasingly vital element of E-commerce.
Specifically, online shoppers need to feel completely confident that their credit card and banking details are secure and can’t be accessed by hackers. SET (Secure Electronic Transaction) was developed to fill this need and to essentially guarantee payment transactions, from the shopper’s desktop to the merchant’s website and on to the banking gateway.
SSL (Secure Socket Layer) on the other hand, was designed to provide secure communications over the internet, not secure financial transactions. As a consequence, SSL encryption is weaker than SET encryption. TLS (Transport Layer Security) is often used interchangeably with SSL, but is actually set to supersede SSL very soon.
What do TLS and SSL protocols mean to your business?
For shoppers and even banking institutions to feel confident that their electronic transactions were safe on the internet, there needed to be a universally accepted protocol used by all consumers and vendors. These safety measures also had to work across different platforms and applications, such as HTTP, Telnet and FTP for example.
So in 1994, Netscape rolled out SSL and within a year this became the most widely accepted way to encrypt data, provide client and vendor authentications and secure the integrity of data transmitted over insecure networks. In other words, SSL is a digital certificate that establishes trust between entities.
SSL tends to be used to secure data in emails, web browsers, internet faxing, instant messaging and VoIP. Since SSL uses a mix of plain text and encrypted text, SSL had become vulnerable to attack and some larger organizations, notably the US Government, have decided not to send sensitive data using SSL protocols.
This problem came to a head in 2013 when Google realized there was a very serious problem with the security of SSL 3.0, allowing hackers to access passwords and reveal users’ account information on websites. So any website that uses SSL 3.0 is vulnerable to this type of attack, termed POODLE. Even servers that support SSL 3.0 can be compromised, if they also support TLS.
TLS was designed as the upgraded version of SSL and naturally superseded it. Many websites and servers however, to this day, continue to use SSL or at the very least still support SSL whilst using TLS as well. The problem with supporting both SSL and TLS is that hackers can still gain access to private information by backtracking from TLS to SSL.
As a business owner, what you ideally need to do is to ensure that your website, and the server its hosted on, only supports TLS 1.2 and that SSL support has been disabled. This way you can ensure that all private information between your website and the servers only uses TLS and is therefore safe and secure from hackers.
What do SET protocols mean to your business?
This brings us to SET and what this means to your business and financial transactions over the internet. SET is meant to secure financial transactions, not just private information. This type of encryption needs to be strong enough to prevent hackers from gaining access to your credit card and banking details, not just your browsing history or emails.
SET was first introduced in 1996 and is backed by both financial institutions and MasterCard International and provides a secure payment gateway for consumers, vendors and financial institutions. In fact, SET protocols ensure maximum security throughout the entire transaction process.
With the increase in online transactions and credit card fraud, as well as the progressive change from using credit cards to debit cards, there has been increased interest in SET. This is because it offers the best way to secure online financial transactions and is fully encrypted.
Online consumers need to feel that their banking details are secure, so this means that if website owners don’t have a secure payments system on their E-commerce website, customers will be far less likely to purchase their goods or services.
In an effort to stay ahead of hackers who make a living stealing sensitive information on the internet, SET encryption will continue to evolve and become more complex. Secure payment gateways for online financial transactions are the way of the future and websites need to keep up to date with this type of security.
The take away message is that if your website accepts any type of private information, such as customers’ contact details, then you need TLS. And if you accept online payments, then you need SET. Without these security protocols, you may lose customers and leave money on the table.