HTTPS stands for HyperText Transfer Protocol over SSL (Secure Socket Layer).
It is a TCP/IP protocol used by Web servers to transfer and display Web content securely. The data transferred is encrypted so that it cannot be read by anyone except the recipient.
HTTPS is used by any Web site that is collecting sensitive customer data such as banking information or purchasing information.
If you are making a transaction online, you should make sure that it is done over HTTPS so that the data remains secure.
You can tell when a page is using HTTPS in two ways:
- There will be a lock icon in the browser window pane (usually at the bottom).
- The URL will say "https://"
There are two primary differences between an HTTPS and an HTTP connection work:
- HTTPS connects on port 443, while HTTP is on port 80
- HTTPS encrypts the data sent and received with SSL, while HTTP sends it all as plain text
Most Web customers know that they should look for the https in the URL and the lock icon in their browser when they are making a transaction. So if your storefront is not using HTTPS, you will lose customers. But even still, it is common to find Web sites that collect money including credit card data over a plain HTTP connection.
This is very bad!
HTTP sends the data collected over the Internet in plain text. This means that if you have a form asking for a credit card number, that credit card number can be intercepted by anyone with a packet sniffer. Since there are many free sniffer software tools, this could be anyone at all. By collecting credit card information over an HTTP (not HTTPS) connection, you are broadcasting that credit card information to the world. And the only way your customer will learn it was stolen is when it's maxed out by a thief.
There are only a couple things you need in order to host secure pages on your Web site:
- A Web server such as Apache with mod_ssl that supports SSL encryption
- A Unique IP address - this is what the certificate providers use to validate the secure certificate
- An SSL Certificate from an SSL certificate provider