Is SSL required by law for e-commerce stores
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Is SSL required by lawfor
e-commerce stores
SSL stands for Secure Sockets Layer (1).
SSL ensures that any data or information a user submits to the web-site, such as credit card information to make a purchase, will be protected and private.
(1) https://www.digicert.com/ssl.htm
To view more information about a SSL certificate, user can click on the Details link, then click View Certificate.
Here's an example of how the Shopify (2) website shows up with SSL.
(2) https://www.shopify.com/
What is PCI DSS Compliance
PCI DSS stands for Payment Card Industry Data Security Standard (3).
This standard was created in an attempt to help protect credit card companies by requiring that merchants and companies that process, store or transmit credit card information maintain a secure environment.
(3) https://www.pcisecuritystandards.org/pci_security/
Complying with PCI DSS
Being compliant with PCI DSS means meeting the following a list of 12 requirements (4).
Ecommerce stores that use some third party ecommerce platforms, such as Shopify (5), Bigcommerce (6) and others, will have all of these requirements taken care of by the third party and won’t have to maintain a separate compliant network.
(4) https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security (5) https://www.shopify.com/ (6) https://www.bigcommerce.com/
Keep users informed through a Privacy Policy
To make sure your customers feel comfortable shopping on your store, you should make mention of the security of user data in your Privacy Policy agreement.
You can also include a note that your store uses SSL certificates.
Nike (7) includes a section titled "Protecting Information" its Privacy Policy (8).
Enjuku Racing (9) includes a section on "Security" in its Privacy Policy (10).
Examples
(7) http://www.nike.com/ (8) http://www.nike.com/us/en_us/c/help/privacy-policy (9) http://www.enjukuracing.com/ (10) http://www.enjukuracing.com/privacy-policy/
NIKE SHARINGInformation that is publicly shared may be used by Nike for promotional purposes. PROTECTING INFORMATION Security Measures: We use a variety of security measures, including encryption and authentication tools, to help protect your information. We use secure servers when you place orders. All credit card information you supply is transmitted via Secure Socket Layer (SSL technology and then encrypted within our databases.NO GUARANTEE However, like other companies, NIKE cannot guarantee 100% the security or confidentiality of the information you provide to us.
SECTION 5 - SECURITYTo protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Inter-net or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional gen-erally accepted industry standards.
Is SSL required by law
There isn’t currently a law that requires you to have a "Security" clause in your Privacy Policy agreement to inform customers about your ecommerce store's use of SSL certificate and how their credit card data is protected by your store.
But privacy laws, in general, demand that ecommerce stores to take care of your customers' personal data by protecting their privacy and keeping them informed of privacy practices, including policies on safety and security of data.
Is SSL required by lawfor
e-commerce stores
Related Documents
