SSL Certificates Do Not Protect Websites From Hackers


As Featured On EzineArticles

Many people confuse SSL certificates with Payment Card Industry (PCI) approved website security scanning.  Because of this misunderstanding, many website owners and most online consumers are not as safe as they think they are.

SSL Certificates only verify that the website is protecting transactions as they travel from the consumer to the appropriate financial institution.  Any of the consumer’s personal information that is saved on the website’s computer (server) is still at risk of being stolen and the entire website is at risk of being compromised.

To make an analogy for you visual thinkers, think of a train station as the website, then think of a train as the credit card information given by online consumers.  Train tracks are the credit card transactions, moving sensitive information from the website to the bank.  An active SSL travels with the train between the tracks and the train, protecting the train (credit card information) throughout the transaction.  Because of the encrypted nature of the SSL, credit card transactions make it to their destination safely, putting a force field around the train as it moves, which keeps Jesse-James hackers from riding a horse up to the train, jumping aboard, and stealing monetarily significant information.  However, even with the Secured Socket Layer (SSL), the train station itself (the website) is still vulnerable to worms, trojans, and frequent attacks from online bandits.

PCI approved security scans check for vulnerabilities on websites that could allow attacks from hackers.  If these vulnerabilities are not found and removed, they allow hackers the access they need to steal consumer information, damage or steal website files and folders, redirect online traffic from one site to another, and even shut sites down.  Scanning vendors find vulnerabilities or loop-holes for hosting companies to repair or remove.

Another incorrect belief is that non e-commerce websites are not in danger of outside attacks.  Even sites that do not sell anything are often compromised.  These websites do not require an SSL certificate, but they do need PCI approved vulnerability scanning.

According to President David Brandley, 73% of websites that are scanned by Trust Guard fail their initial security scan.  “Honestly, I was surprised when I found out that almost three out of four websites aren’t safe from outside attacks!” confesses Brandley.  “I knew that there were issues with website security, but the problem is worse than I thought it was.”

Perhaps part of the reason most websites are at risk of being compromised is because so many website owners confuse the protective layer between the train and the train tracks with the safety and security of the train station.  They mistakenly assume that their site is safe.  Website owners should seriously consider scanning their site with a Payment Card Industry approved scanning vendor.  In addition, online consumers should look to do business with companies that provide a safe environment that includes an active SSL certificate and proof of vulnerability scanning.

You must be logged in to post a comment.