Security is key when accepting personal and financial information. A shock to many is that the standard protocol for sending web pages is not secure. If steps are not taking to utilize a simple security layer, credit card data will be exposed to those “snooping” on the internet. The way to secure a website is simple; use a Secure Socket Layer (herein referred to as an SSL). Cart32 can be setup to use a secure domain to process transactions using an SSL.
How does Cart32 use an SSL?
Simple! IF an SSL is installed on the domain where Cart32 resides, all you have to do is change one quick cart setting. If no SSL is installed on the site where Cart32 resides, you will have to do that step first. Use the quick links above to see how to get an SSL installed on your server.
Enabling Secure Transactions With Cart32
- Log into your Cart32 administration and go to the File –> Advanced tab
- Mark the checkbox for “Use Secure Transactions”
- Enter the domain name where Cart32 is running on in the “Secure Domain Name” field
- Enter the directory name where Cart32 is installed under between forward slashes. For example “/cgi-bin/ if Cart32 is installed in a directory or Virtual Directory called “CGI-BIN”.
- Click save.
Note: If you receive Cart32 hosting from us directly, SSLs are automatically provided and enabled.
What is an SSL?
A Secure Socket Layer (SSL) is a wrapper for information traffic over different networks. Whenever two devices (such as a server and a customer’s computer) need to communicate securely, they will use an SSL, provided one is set up on the server. A server with an SSL will establish a special session with the client’s computer wherein all information sent back and forth is encrypted using a very strong, nearly impossible to crack algorithm. Only the server and the client are able to understand the information sent between each other for that session.
SSLs are NOT optional when dealing with personal and financial information. Anyone accepting such information without the protection of an SSL is putting their customers’ data, and their business at risk. Severe fines exist and lawsuits are costly for companies who compromise customer financial data. The going rate for an SSL is approximately $30.00 per YEAR. All clients who host a Cart32 account with us are covered by our full PCI-DSS compliance; part of which includes the use of SSLs for transactions. We also make available SSLs and dedicated IPs at no extra cost for customers who host their own license of Cart32 with us. We take a very stern approach to security, you should too!
Where Do I Get An SSL?
Virtually all commercially available SSLs do the same thing. They encrypt data using a standardized algorithm and bit-depth. The big difference between a super-cheap ($5/year or less) SSL and a well-known SSL is something called browser recognition. Browser recognition is a rating (in percentage usually) of how many different platforms (customer computers) will recognize and properly work with the SSL you purchased and installed on your domain. The higher this rating, the better!
So where do you buy one? Anymore most companies can provide an SSL with over 99% browser recognition for under $100 per year. One of the more popular options is the GoDaddy basic SSL. It has high browser recognition and only costs $30/year. At this price, it’s foolish to not have one if you accept even the smallest amount of sensitive data. You can visit GoDaddy at GoDaddy.com.
How Do I Install an SSL?
Installing an SSL is something that has to be done by a server administrator. You must have direct control of the server to install an SSL on it. If you are hosting with us you will simply call our support team or make a ticket and we can perform all of the steps for you. The basic outline of steps is this:
- Create a certificate signing request (CSR). If you host with us, submit a ticket for one. Please note this requires you have a dedicated IP.
- Order an SSL and submit the CSR (performed by us if you host with us)
- A key file is returned and installed in IIS under the Properties –> Directory Security tab (again, performed by us for those who host with us)