Question about SSL (Secure Socket Layer) and also AVS

[Guest Mark Weigl]

I am currently developing an E-Commerce website and my web host offers a shared SSL for free as part of my package. I know I can also pay elsewhere and get a dedicated SSL but had the idea it's very expensive and not necessary and have read that in a couple places.

I have read more recently that it's only around $100 to get one and gives you more credibility so it's the thing to do. My questions:

1. Should I go with the Shared SSL or get one that is dedicated? Is a dedicated one more secure or just about credibility with the public?

2. If I purchase a dedicated one which is a good company to go with? Verisign or another? What type of price should I expect?

3. Also, this is more unrelated but I read how I should use AVS (Address Verification Service). I think this verifies that the billing address of a credit card is correct at checkout time and can rule out some fraudulent payments. Is this an additional service or cost or is this part of an authorize.net account?

Thanks for any help with the above questions.

[Guest]

Not sure about your ssl question, but AVS is often part of your gateway. Not sure on authorize.net since I do not use it, but with Paypal, they will not run a card that doesn't have a billing address match.

You can also do AVS manually via automated telephone calls:

Visa: 800-847-2750

Mastercard: 800-622-7747

Amex: 800-528-2121

Discover: 800-347-7988

Visa Canada: 800-465-4653

Visa Intl: 800-847-2911

Mastercard Canada: 306-566-1552

at least these used to be the numbers when I did mine manually years ago. Might have changed Amex used to require you to put in your Amex merchant account number before they would do avs, but not sure if that's still true either.

[Guest]

AVS with Authorize.net is a free service and is set up by default. As I understand it, your discount rates with your merchant account go up if you don't use it.

However, I've noticed (being a US merchant) that Canadian and European post codes are not always recognized by the Authorize.net AVS system. PayPal's system is better. Another thing that causes problems at times are PO Boxes. Not sure if it's a formatting issue or what.

A dedicated SSL certificate is definitely the way to go. Not that it's more secure, but that the public will be put more at ease when the URL doesn't change when they go to the shopping cart, which happens when you use a shared SSL.

You don't have to spend $100 though. Most GoDaddy resellers offer SSL certificates for around $20, and they work just fine. I have one on one of my sites and it works just as well as the $70 one I purchased a couple of years ago. The only disadvantage with the GoDaddy version was in the installation, as it was a chained certificate rather than a single-root one. Your server administrator should be able to help you get either one installed correctly.

[Guest boudoirbazaar]

Hi Mark

If I may add my 2 cents worth.

I was like you - dithering about whether or not to use SSL. My story was quite messy - needless to say I learnt some fairly major lessons really quickly. Briefly I thought that SSL was expensive (in the end the cost of the certificate for me was $19.99 AUD it was the other issues that cost me lots of $) but it was the installation that caused major issues. Try looking at it like this - I left it until nearly 5 months in - tried to get it installed, ended up with a spliced website with bits that should have been secure available for everyone to see. Thankfully I sorted it out, but the moral of this story is, pay the extra little bit and get that certificate installed before you have hours and hours of work invested - I nearly lost 5 months work. Also make sure that if you don't know how to install that SSL get someone who knows what they are doiing. Do not rely on your hosting service unless you trust them heaps. This will save you lots of headaches in the future. And find out if you need a dedicated IP or if it is part of your hosting plan. If you need to pay more, do it, because in the long run it is worth every penny you will outlay extra.

Finally, since installing the SSL I have more than tripled my website flowthrough.......

So from my perspective, even with the pain I have made a major gain.

Cheers

Nicola

[Guest Webhost07]

Hi mark, a dedicated would be a better option as it would present a proper image to your customers.

One of the main considerations in using a shared or dedicated SSL is the URL and how it will appear to your customers.

With Shared SSL, the URL may look something like this:

https://secure.<yourhost>.com/~username/

Whilst with dedicated SSL, the URL is determined by you, either as another registered domain or as a sub domain of your website domain name. You can have your private secure url such as https://secure.example.com/

As for your 2 Question - Verisign is a good bet to get your SSL certificates from as they have Secure Site and Secure Site Pro for the SSL packages. Among the trusted providers, RapidSSL and Thawte are also good in their services as you can compare the prices between them to suit your budget.The price that you could expect would be around $100 to somewhat $200-$250 depending on the service of the provider.I would recommend you to make a decision fast and use a SSL certificate so that you have the status of a <link deleted> that customers would like to visit.

MOD NOTE: Please read forum rules regarding the advertising of third party products and services.