While you might be overwhelmed by the fact that an E-Commerce portal is “secured by SSL”, and hence you can perform your online transactions without any worry, the truth is that SSL isn’t the end of the road.
It often misleads people into thinking that an SSL secured website means that it is completely safe in every way. But SSL only ensures the security of the information while transmission. While it secures a connection from being spied upon, it has no control whatsoever on the safety of your information once it reaches its destination.
The Certificate Authority which verifies the SSL security of a company website doesn’t check whether the security certificates are properly deployed by the company. They only check whether the domain under consideration is owned by the company. They only verify the identity of the company in question, and dictate the size of the key used. A famous Certificate Authority has been quoted saying “An SSL Certificate issued by a CA to an organization and its domain/website verifies that a trusted third party has authenticated that organization’s identity.”
So it can be seen that the security and safety of customer data isn’t ensured by an SSL certificate. What happens to your data after it enters the company’s network is something you never know. This problem becomes even more prominent when a company uses a hosting company for its website. The hosting site might be secured by SSL, but does the data entered by the customers reach the intended company securely? Even if it does, is the data encrypted in the company servers or, is it stored as plain text? You never know the answer to these questions.
The customer data, the data you enter, is completely at the mercy of the concerned company once it enters the company servers. The safety of your data in the servers depend on the security measures taken by the company authorities only. So, think twice before you enter a tick in the checkbox asking you to save your credit card account information on the servers of your merchant site. That’s probably not a good idea after all.
Not just the SSL certificates, but the security of the flow of data starting from the customer’s end to the storage of data in the company servers should be checked and verified properly by all the e-commerce systems. Only then can we go for online transactions without any doubt in our minds.