By June 30, 2018, all website will be required to adopt or upgrade to a later version of the TLS protocol for secure payment communications.
TLS stands for Transport Security Layer and protects customers data from being hacked by people trying to steal credit card, social security or personally identifiable information (PII). Secure Sockets Layer (SSL) and Hyper Transfer Protocol Secure (HTTPS) are two other terms commonly associated with TLS. SSL was developed in the 1990s and eventually evolved into TLS.
Google’s push for enhanced security measures started back in 2014 when they incentivized website owners by offering small boosts in traffic for sites using TLS. Currently, 81% of the top 100 sites on the web use HTTPS by default, so seeing HTTPS at the beginning of your web address is a good indicator that you are on the right track for being in compliance. All e-commerce websites are required by the Payment Card Industry (PCI) to have an SSL certificate to protect credit card transactions.
Out of Compliance
So what will happen if you are out of compliance? Google Chrome will display a Not Secure warning next to your address. As a business owner working to build trust with your customers, seeing a Not Secure label next to your address is a step in the opposite direction. .
The following information is designed to dispel any confusion surrounding SSL certificates and give you peace of mind when deciding to properly secure your website. Please post any additional questions in the comments section.
3 Types of Certificates
- Domain-validated SSL Certificates are known as a low assurance certificate and are pretty standard. They take a few minutes to several hours to set up and are commonly recommended for internal systems only.
- Organization-validated SSL Certificates are high assurance certificates and require real agents to validate the ownership, as well as information such as name, city, state, and country. These certificates are recommended for all businesses and companies.
- Extended-validation certificates require the most rigorous validation process and validate that the business is actually a legal entity. It comes with the added benefit of having a green padlock in the browser bar and is recommended for all e-commerce businesses.
Protecting Single and Multiple Domains
- Single-name SSL Certificates protect a single domain as the name suggests.
- Wildcard certificates protect multiple subdomains for one address. If you registered yourdomainname.com as your official address, the wildcard certificate would include blog.yourdomain.com, as well as www.yourdomain.com.
- Multi-domain certificates protect up to 210 different domains with a single certificate.
Purchasing SSL Certificates
- Google does not sell SSL certificates.
- Most hosting providers do offer certificates, some even free of charge with a paid plan.
- You can expect to pay around $70 annually on average. The price can increase depending on your configuration and number of domains.
- Big names for SSL include GeoTrust, DigiCert, Symantec (formerly Verisign). Third-party resellers include NameCheap and Comodo.
- Be cautious of free SSL or self-signed certificates. They are unregulated and may produce an error message prompting users to trust your site by clicking a series of annoying prompts.