QUESTIONS & ANSWERS
These links will take you to other pages within this section:
The Basics | Pricing |
Glossary | Links
These links will take you to other sections of our website:
|
|
Search
§ indicates
page is off the text site or opens new window
Some Basic Questions & Answers
Q: What are “secure certificates?”
A: A secure certificate assures customers that the server they are accessing belongs to the company it claims to belong to. A valid certificate means that the customer can have confidence that the data they are submitting is indeed going to the right place. Additionally, secure certificates enable data from the customer’s web browser to the merchant’s server to be transmitted in an encrypted, and thus secure, format.
Q: How is one used?
A: The Certificate resides on our server. It creates a secure connection between the shopper’s browser and our server. Any data the shopper sends is then encrypted for transmittal to the server.
A: You can order Thawte certificates from us—as a reseller,
we can purchase for less and pass the savings along to you—we can apply
for the certificate on your behalf, the initial purchase fee, and subsequent
annual renewals, being charged to your SoVerNet account.
We will also install other certificate brands such as Verisign, should you
prefer to obtain your certifcate elsewhere. The Setup fee for all certifcates
is $150.
We currently provide 3 certificate options. All 3 are 128-bit capable. They
differ only in the degree of stringency applied to the verfication of your
business entity (and thus the degree of assurance provided to your customer),
and the Super/SGC has the ability to step-up older browsers to 128-bit encryption.
The other 2 drop back to 40-bit when encountering a browser not 128-bit capable.
The Standard Certificate validates the business entity itself, the authority of the applicant to order the certificate, the validity of the domain name. Issuance takes roughly 2 days.
SSL123 certificates validate the domain registration and the applicant's authority to order the certificate. Issuance takes just a few minutes.
Super/SGC certificates validate the business entity, the authority of the applicant, the domain, and incorporate extensive encryption algorythms allowing them to bump up a browser’s encryption capabilities. This is particularly critical for international businesses as browsers capable of 128-bit encryption were, for many years, prohibited from being sold internationally. Hence there are many more 40-bit-limited browsers still in use by overseas customers, than in the US.
SoVerNet |
Thawte |
Setup |
|
Standard Web Server Certificate |
$185/$145 |
$199/$159 |
$150 |
SSL 123 |
$135/$135 |
$149/$149 |
$150 |
Super/SGC |
$415/$370 |
$449/$399 |
$150 |
Contact hostmaster@sover.net for details.
Q: What is a Certificate Authority?
A: A “Certificate Authority” is a trusted third-party, similar to a passport office or a Certified Public Accountant. Certificate Authorities are responsible for issuing, revoking, renewing, and providing directories of digital certificates. Certificate Authorities must follow rigorous procedures for authenticating the individuals and organizations to whom they issue certificates. All digital certificates are “signed” with the Certificate Authority’s private key to ensure authenticity. The Certificate Authority’s Public Key is widely distributed. See Public-key encryption.
Q: Now that I have a secure certificate I can start taking credit card orders, correct?
A: Just having a secure certificate doesn’t mean that you are ready to open up shop on the Internet. There is still much to accomplish behind the scenes.
Q: How do I determine my need for a shopping cart?
A: The main determining factor is your product or product mix. If you only have one or two products to sell, you may be able to get by without any type of shopping cart, just a simple order form. With this order form you could use PGP (Pretty Good Privacy), an encryption program that can be setup to send you encrypted credit card information via email.
If you have a number of products arranged across a multi-page site, and want your customer to be able to browse your pages, picking items at will with the selections stored for check-out at one central screen, it would be a good idea to have some sort of “shopping cart.” There are many products on the market that will work on our servers. Basically, you can choose any form of shopping cart software you like, as long as it will work within our guidelines.
We can not provide direct support for any of these products, nor will we guarantee
that all of these products will work on our system.
You will most likely find it necessary to have a working knowledge of CGI scripting
and should familiarize yourself with our CGI reference page.
A: PGP or Pretty Good Privacy® is a powerful cryptographic software
suite that enables people to securely exchange messages, and data with both
privacy and strong authentication. It utilizes a dual-key system—private-key
and public-key. PGP is probably the most widely used email encryption program.
Much info may be found through http://cryptography.org/getpgp.htm
PGP encrypts the information between
the customer's email program and the
server. Authentication identifies the
origin of the information, ensures that
it is authentic, and that it has not
been altered.
MIT distributes PGP Freeware without
cost for personal, noncommercial use.
This distribution is done in cooperation
with Philip Zimmermann, the original
author of PGP, Network Associates, Inc.,
and with RSA Data Security, Inc., which
licenses patents and software for one
of the public-key encryption technologies
on which PGP relies.
Q: How would I use PGP?
A: PGP will serve you well
if the number of products you sell
is small, and if you do not wish
to use, or need, all the additional
features of the higher-end storefront
programs. Customers’ orders
will come to you via encrypted e-mail.
You still should get a Secure Certificate
in order to assure your customers
of your authenticity, and you will
need to process credit cards “manually” (as
regular “brick & mortar” businesses
do). In addition to the PGP FormMail
Script (which sends your secure transactions
via e-mail from a form on your website,
you will also need a copy of PGP
on your local machine.
Q: Where can I get it?
A: To obtain a commercial
version of PGP, go to Network
Associates’ PGP site http://www.pgp.com
Please note that for use on our system you must generate an RSA-Legacy 1024-bit keypair, not a DH/DSS keypair.
Q: How do I process credit cards?
A: You need a “merchant
credit card account” through
a bank. A Merchant Credit Card Account
is a commercial bank account established
to enable a merchant to accept credit
cards from customers. In the case
of online stores, the merchant credit
card account must also work with
a “transaction processing company” such
as CyberCash, probably the
best-known of the online processors.
The key players typically involved in “accepting” a
credit card are: the merchant, the merchant
bank, the credit card company, and the
payment processing company which has
the task of actually “processing” the
credit card transaction data. The bank’s “Merchant
Accounts” department is the place
to go.
Also, some of the transaction
processors can help you obtain
such an account.
Which processor to use results from the
consideration of 2 factors—you
need a processor that will work with
both your merchant credit card account
and your chosen “storefront” software.
Most storefront software will be able
to use several different transaction
processing companies, so it’s a
matter of matching up with a bank that
uses one of the same.
Note that if you intend to collect and process your credit card orders manually, as non-ecommerce businesses do, the transaction processor is not needed—the regular Merchant Credit Card Account alone will suffice.
The Basics | Pricing | Glossary | Links
|