How much should I pay for an SSL Certificate and does it matter?

identity-theifSo there are free SSL’s according to the birds of the open source community but we’re going to take the regular route, the safer route and choose the Standard Secure Socket Layers (SSL’s) .  With more online shops on the market, everybody wants to open up a store.  What about Security?  BTW, Sorry I had to use this stupid stock photo, credit card thieves don’t wear masks while they are stealing information but I thought it was kind of tongue and cheek stupid.

If you already tried Amazon, eBay and other third party sites. The fees can add up.  Most people use paypal in their shops or transfer money in the online world but there’s some people don’t want  to log into a different website or want the least amount of steps when they buy something.  The easier, the better right?  So if you plan on opening up your own e-commerce store, without using a third party site like squarespace or wix, there are plenty of options. In terms of price, third party e-commerce start at about $15 per month or more with either an average limit of 20 products.   This is great if you want an e-commerce store for a few years. Is this good in the long run?

credit-thief-manMost hosting sites usually charge $5 ~ $7 per month and they accept paypal or other payment gateways so why do some charge double for almost the same thing? So now you have to consider the integrated payment and cart software.  Magento seems to be the most popular open-source e-commerce platform but what about security.  Once you install your favorite e-commerce software or application. Who handles the security?

Good question.  I remember building a website for a clothing company that used a third party Cart system called 3dcart. They charged $30 per month and they recommended a credit payment processor called and it was OK at first.  -They even offered a free sharedSSL with the package.  Not bad, the cart system was pretty much drag and drop. It was easy to use. Three months later, someone tried to swipe a stolen credit card and requested to send $3,000 of the same items to a different country with a different name.

The credit card was processed but I looked at it sale. Nobody buys  $3,000 worth of the same item and sends them to a different part of the country.  This shit wasn’t legit.  I called the home number, and I hit the answering machine of a lady in Ohio.  I left a message about the strange order.  Her voice message was very soft spoken and seemed accurate.  I called her cell phone which had a different area code.  A man picked up with a deep voice with non-native English accent. I asked, Hello. He answered, “Hello, who is dis” I asked is this (customer name). He replied yes.  I knew something was funny. I asked him to verify the sale, name and the home address. He gave it to me and I said OK thank you.

credit-thief-womanAt any rate, I still thought something was funny, so I decided to put the order on hold for a few days.  I told my boss, everybody at the company thought something was suspicious.  Two days later, a different sale of $1500 went through. The same scenario, different address and name.  A new customer name, this time from Nevada, however they had the same cell phone number from the last suspicious transaction but a different home address.  I figured it out. I called the bank and explained it.

The customers were refunded and the cell phone numbers couldn’t be traced because it was one of the pre-paid phones that any one can buy on the street.  That was a case of identity thief and he’s been doing it for years according to police/FBI.  The reason why he didn’t get caught immediately was because he got confirmation from the cell phone. They would call the phone to verify because a human voice and human questions are the only thing they have besides a hacked password and a fake account.

identity-theif-usaSo now you’re wondering, what the fuck does this have to do with cheap ssl’s.  I’m getting to that point.  3dcart and other companies offer you to pay for stronger SSL’s that can range from $250 ~ $1,000 per year but it doesn’t matter if they have a the card.  The bottom line is, people can find ways to use a credit card regardless of the SSL cert.   Some SSL’s might be better at hiding the credit card numbers or use more sophisticated cryptology but it’s a matter of how much money they will guarantee as a warranty and if it is within PCI compliance.  It’s not about how much you pay? but how much they will guarantee if the shit hits the fan.  Remember the Target incident? They had a security breach with their credit card machine’s last year and I know you went shopping there at least a few times, well unless you live in a Walmart. . . nevermind.

So I recommend  They have the cheapest prices over anybody else and give a decent warranty for processing credit cards within your site.  I use Stripe because it’s probably one of the best and cheapest alternatives to paypal.  Of course I still use paypal. I use both so I’m not a hater.   So you might be wondering what’s with all these random photos of people. They are all credit card or identity thieves.  Internet thieves range in  different ages, races and sex so its important that you look pass the physical appearance and think about how to prevent credit card fraud from anyone.  Is there a 100% way not to deal with credit card thieves?  Well the best guarantee is the warranty.  Just like Insurance but even if you are careful, look for suspicious activity especially if you are a merchant.

If you look at shoplifting, your not sure but you can get a suspicion because you know the shoplifter is acting kinda dodgy and nervous.  When it’s online, it’s even harder to tell.  Credit companies have better ways to contact the card holder with apps and better security.  The most important thing to do is, get a decent SSL, make sure the billing address matches the home address, watch out for suspicious transactions, and play it safe.