An SSL certificate may be a requirement for PCI

question mark circle

Why do I need an SSL certificate?

Posted on 20 January 2017 by Beaming Support

An SSL certificate is often a requirement for PCI compliance but it is worth understanding why you use it and reviewing if there are other applications you may wish to activate one on.

If you enter information into web forms on the internet without SSL then it is possible for it to be intercepted and read.  SSL certificates are used to encrypt this data which then makes the information unreadable to others.   This process is carried out by using the HTTPS protocol, enabling a secure connection between a web server and the users browser, you’ll often see ‘https://www.website’ instead of ‘http://www.websitewhen in use along with a padlock.  Your browser will warn you if the certificate is invalid for some reason e.g. out of date or an old certificate style.

Example of a secure website

Why do I need an SSL certificate and what is it for?

Why do I need an SSL certificate? Certificates can also help establish the reputation of a website where you require trust that the data being captured is being transmitted across the network appropriately. For example when you type your username and password to logon to your corporate email from another location / network, SSL will add a layer of security to help protect your data from being intercepted by any malicious people or already compromised devices on that network which are sniffing (looking) for valuable data like your username and password. From July 2018, Google Chrome will mark any HTTP website ie. any website without an SSL certificate as being “not secure”.

SSL use overview

Remember to review your website, forms and applications which are accessible via a webpage and computer. Ensure these are protected with up to date, valid and strong SSL certificate encryption techniques and ensure you review this regularly and do not let the certificates expire. An up-to-date browser is also a requirement in order for the browser to process the most current and secure SSL standard.

Terminology

HTTPS: Hyper Text Transfer Protocol SECURE – Adding encryption for communication between a server and web browser.

SSL: Secure Sockets Layer for encrypting communication.

Need more guidance on cyber security?

Beaming’s Business Guide to Cyber Security will help you identify weak spots in your business and gives practical guidance on protecting against cyber attacks.

  • This field is for validation purposes and should be left unchanged.

Free Business Guide to Cyber Security

Identify the threats you’re most likely to face and learn the best ways to mitigate them.

  • This field is for validation purposes and should be left unchanged.