SSL Certificate Overview

SSL Certificate Overview

Secure Sockets Layer, or SSL, is a technology that secures the connection between your browser and the website you’re visiting. SSL protection allows visitors to navigate a website and submit information through a secure connection.

A SSL protected web page has two security indications on the browser address bar: A URL beginning with https://, instead of http://, and a closed padlock icon.

How Do I Know If My Website Has an SSL Certificate?

When a SSL is enabled on a website, the URL address starts with https:// and you’ll usually see a green or grey lock icon next to it.

Secure_notification_address_bar.png

How Do I Get an SSL Certificate?

SSL can typically be added to your website by your web developer or through your website hosting service. Certain website hosting services offer free SSL certificates, and some require a minimal yearly fee. We recommend contacting your developer or website hosting service provider to see what options are available to you.

Troubleshooting

I have SSL but still don’t see the “Secure” notification in the address bar

After adding SSL to your website, you’ll also need to make sure that you’re redirecting traffic to the new HTTPS pages, and loading all site assets (such as images and links) over HTTPS as well.

This is because Google sees the same web page on HTTP and HTTPS as two different pages. So, you will need to add redirects to help consumers and search engine crawlers reach the new secure pages. Learn more about redirecting to HTTPS.

Why are my customers being told their booking isn’t secure?

As of January 2017, consumers inputting sensitive data, such as a password or credit card information, on a HTTP web page see the following warning alert in the address bar of Chrome, Firefox, and Opera browser:

chrome_56.png

Image Source: Google Security Blog

This is because the browser is looking at the security of the website and scanning the page URL for the HTTPS indication of SSL. Although your checkout is secured by Xola, if your website does not have an SSL certificate consumers will see this message.

To avoid this issue - and to make your site more trustworthy- we recommend protecting it with SSL. Learn how to add SSL to your site.

Most importantly, even if a consumer sees this alert, the booking and payment processes are and will always be 100% secure through Xola.

Is Xola SSL Certified?

Yes. Xola adheres to the highest levels of privacy and data security. Every bit of data collected and transferred between your customers, your website, and Xola’s servers is encrypted and protected. Xola’s checkout is PCI-compliant, Norton Secure, and uses 256-bit encryption. We also only integrate with PCI level 1 compliant payment processors (the most secure level).

When people book an activity using Xola, all the data collected (from email address to credit card information) is encrypted and transmitted over a secure connection. We use Symantec SSL certificates (Verisign / Norton) to encrypt the data transferred to and from Xola.com. Symantec is one of the most well known and trusted names in internet security.

For additional security, credit card data is never stored on Xola servers. This information is only stored with the end payment processor, so that sensitive information is twice as secure.

While the data collected and transmitted to and from Xola.com is always over a secure connection, the customer’s browser may still display a “Not Secure” alert if your website is not SSL protected.

Benefits of Protecting Your Site with SSL

Security

SSL secures your website. Specifically, it provides three key benefits:

  • Privacy: SSL encrypts the connection between a visitor's browser and the website’s server to securely transmits information (like passwords, or credit card information). This data transmission encryption prevents unauthorized parties from eavesdropping.
  • Data integrity: SSL prevents unauthorized parties from altering data during transmission.
  • Authentication: SSL protects consumers against impersonation by requiring web server proof of identity.

Improved SEO

SSL improves search performance. In 2014 Google announced that SSL secured websites would enjoy a stronger rankings boost in their search results. This also means that unsecured websites could be potentially harming their search ranking and SEO stature.

Customer Trust

SSL increases customer trust. Security-conscious consumers look for the the security indications in the address bar before they enter personally identifiable information (PII) online.

Xola’s provides an embedded checkout aimed at keeping consumers on your website from activity discovery through booking. Although Xola’s checkout  is 100% secure (PCI- compliant, 256-bit encryption, and Norton compliant), certain browsers won’t display the “Secure” notification unless the hosting website is SSL secured.

Adding SSL to your website will ensure that customers see the “Secure” notification, and know that their information is safe.

As stated above, some popular browsers display a “Not Secure” alert in the URL bar when a consumer visits a unsecured (HTTP) web page that collects password, or credit card information. Certain browsers also display a security alert directly below the data input field.

FF_security_notifcation_under_input_field.png

Google has announced that starting on October 2017 the Chrome browser will display a “Not Secure” alert to consumers visiting any unsecured (HTTP) web page that contains a text input field, such as a search bar. The internet giant has also shared its plans to create a more secure internet by ultimately flagging every HTTP page as “Not Secure” upon page load.



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments