Hi. After discussing this for the millionth time (note the sarcasm) -- I thought I'd drop a line about security.
Any e-commerce site should be have an SSL security certificate provided by a company like Verisign, Thawte, or another reputable company. However that does not make your site 100% secure.
The only thing that SSL certificate does is make sure that when you submit a form online that the information is encrypted. This means if someone is somehow monitoring or "sniffing" your internet activity -- the information should not make sense. It's "scrambled".
Without boring you with technical facts the only real threat of "sniffing" your traffic is INSIDE your network. Meaning your internal network. Like another user in your local coffee shop trying to steal your passwords while they drink coffee in plain view of you. Once your information hits the actual superhighway, it's nearly impossible to grab or steal this information because it's like finding a needle in a haystack. Most people are at their home or office and this isn't a huge risk.
Some of the more realistic risks are things that have nothing to do with the SSL certificate. In fact the most exploited security holes are due to poor programming. That's why you see so many differences in the cost of programming. It's one thing to write a program or web application. It's a completely different thing to write an application with security in mind.
Something as simple as a poorly written web form can allow a hacker to send mass mail anonymously, attack other web sites, or worse -- completely take over your web server(s).
Open source products are constantly fighting this threat because their source code is available for anyone to view. So a hacker can take their time to figure out the best way to attack anyone using this software. Many people are being pushed into an open source e-commerce product called "Zen Cart" because it's "FREE" and it reduced the cost of their site. However, what do you do about security? An SSL certificate? Not even a firewall will keep someone from taking advantage of a software hole.
Here at Website Forge we handle security from several approaches.....
First we have a hardware firewall on the network. There are some active countermeasures built into this hardware firewall. Next we have software firewalls configured on the linux operating systems.
Then our cluster software has an application that will actively monitor scripts that attempt to do things they were not designed to do.
Our coding is first class -- designed from the ground up to resist the most common types of attacks. Each web site is securely isolated from each other so that any malicious activity on one site cannot harm another site.
To go a step further, each time we do detect a hacking attempt, we modify our own intrusion detection software to identify that type of attack and take countermeasures. Our intrusion detection software and configurations are also proprietary.
And finally the Website Forge system is not "open source" so you don't need to worry about every hacker having a roadmap on how to ruin your day.
Now let's discuss what we are actually protecting. What ARE you worried about? Hacks generally result in two things:
1. Your web site may be defaced.
2. Sensitive data like credit cards may be stolen.
So what do you do? Well, the vast majority of e-commerce systems store credit card information on the web server. So that is always a risk. Defacement really just ticks people off but does not cause a great deal of harm if caught quickly.
With a Website Forge web site we handle these issues specifically. First, we do not by default store ANY credit card information on the servers. Once the transaction is complete the credit card information is cleared and only your credit card merchant provider stores that information. Second, we do backups every 4 hours. So any defacement can be handled very quickly.
There are a few other security measures we take -- however, I won't list them because of their technical nature.
Oh yeah! and one last thing. Anyone that claims that your web site is 100% secure just because it's running on a Linux operating system is simply not telling you the truth. Linux is very secure. However for the very same reasons I explain above -- your site can be just as vulnerable as a windows hosted web site.
I hope this clears up some misconception about Security.
Website Design and E-commerce