Whenever I am asked to help someone stand up a new website inevitably we get in to discussions around site security and user experience. I am asked what makes the website secure? How do I inform my customers so they will shop with us? Should I place fancy banners and pretty logo's that say we are secure? And my answer is always the same. No!

Website security starts with the user, and is 90% based on the users of the web address. There is no website that is impervious to hackers and those who wish to steal information from it. For hackers it is the challenge. Like a new adventure. But there are those who do have malicious intent and if they want your information and do what ever it takes to steel it! Then there are the spammers who drive us all crazy.

So how are websites secured? Well my daddy once told me a lock keeps an honest person honest. When I was growing up we never locked our front door. We lived in a small town and no body locked their homes, or their cars, etc. Until one day my daddy had all his tools for work stolen from his shop. Well from that day on locks were on everything. The days of blindly trusting stopped there!

Of course that was in the 50's and they did not have the internet and the technology we have today. Today we have locks on websites in the form of passwords. These passwords grant us access to information and data that is held within the website structure. It is the responsibility of the administrators for these sites to manage the access and is responsible to insure that security is maintained.

There are two (2) types of web address's. They are HTTP and HTTPS. The HTTP address is typically a open address with no security associated with the address. It is open to the public. The website may use SSL (secure socket layer) in the background for some functions that are deemed necessary to protect the data that is being accessed. Typically today many of the popular email programs use this technology to secure mail services.

The next type of address is HTTPS. This means secure HTTP. All access and information uses SSL from the time you enter the address to the time you leave it! Typically this type of address is used whenever you go to a website the holds or manages sensitive information or data. Most intranet sites used by corporations use HTTPS to control internal access to restricted sites.

All banking and payment gateway systems use SSL and HTTPS access. This is mandated by our government to protect your data and insure your privacy. When you access a website shopping cart system it depends on each site as to how they are setup and when SSL or transfer to HTTPS occurs. Unless the host site is using a combined shopping cart provided by the payment gateway system will determine when a secure connection is established. Unless your connecting to a banking system, most don't use HTTPS until they are ready to process your personal payment selection.

For example when using PayPal no personal information is input or captured until you click on the check out button. This action triggers the website to transfer from HTTP to HTTPS. At that moment all transaction data, your personal information and credit card data is under the full control of PayPal secure payment process. It is hack proof!

This site utilizes the same process as outlined in the example. The shopping cart system that is integral to this site captures only what you want to purchase. When you click on the final checkout button all data about your order is now under the control of the PayPal payment gateway system. The order information that includes the items that you want to purchase and the shipping address is the only data that this site has access to.

PayPal sends our store system a email response back indicating that your order was processed successfully and we are cleared to ship your order to the provided address. The PayPal payment gateway automatically transfers the funds you authorized from your bank or credit card to our back account for the store. Just like going to WalMart. That's it, the process is complete and we ship your order.

Remember website security starts with you the user and making sure you are keeping your local computer software updated. Running antivirus software and anti-phishing tools to insure your connection to our store is clean and secure. This way you are always insured that shopping with us or any other on-line store will be a pleasant experience.

Comments about this article should be addressed to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it or you can visit Xanluna! for more information.