SSL security technology is an important part of securing your website and your payment gateway. By using an SSL certificate to secure your site you provide your credit card encryption and are within PCI compliance. Read on for tips on SSL security technology.

What Is SSL?

SSL is a security protocol used by an SSL secure server to communicate, that is, to send data. The initials S-S-L stand for Secure Sockets Layer. Developed by Netscape, SSL was designed for the validation of website identities and for the transmission of personal data, such as credit card information, with the goal of preventing any message that might be intercepted from being capable of being decoded. The current version of SSL is SSL 3.3, but it is also known as TLS1.2 (Transport Layer Security), a modification designed to overcome some of the initial security flaws in earlier versions of SSL.

What Is SSL Security Technology and How Does It Work?

SSL security technology is simply a server using Secure Sockets Layer communication, and it is used for PCI Compliance by fulfilling the requirement that cardholder data be encrypted during transmission across public networks.

Suppose that a customer is using a browser to peruse an online merchant's website. He or she spots some merchandise that's desirable, places it in his or her shopping cart, and moves to the website checkout, which is conducted on a page with an https:// address, indicating the use of HyperText Transport Protocol Secure, which usually involves SSL to encrypt the transmission to and from the Web server. This is what happens:

• the customer's browser requests a secure session with the Web server

• the Web server offers its  SSL certificate for validation by the browser

• the browser, finding the SSL certificate to be valid, creates a session key

• the session key is encrypted using the server's public key, which is documented in the SSL certificate

• the session key is transmitted to the Web server

• the Web server's private key is used to decrypt the information, and mutual secure communication is now established

• the customer can now submit credit card transactions safely 

But there is more.

• the merchant's payment gateway receives the customer's request to accept a credit card payment

• the payment gateway establishes a secure connection to the server at the merchant account bank, and initiates the request for approval

• the merchant account establishes a secure connection to the Credit Card Network and pass on the request for approval

• the Credit Card Network establishes a secure connection to the bank or other financial institution that issued the customer's credit card and requests payment approval

• the customer's bank either provides or denies approval for the request and sends its response back to the Credit Card Network through the secure connection, and the response continues to be passed back, secure link by secure link until it reaches the merchant's Web server and the transaction is finalized, or the customer is asked for another form of payment.