Why is HTTPS Important?

December 10, 2018

By: Majorie Labindao, CISM, CVA

Data Privacy

Personal Data

General Data Protection Regulations (GDPR)

Philippines Data Privacy Act (DPA)

We always come across the acronym HTTPS when browsing websites, and getting redirected for online payments. Now it’s time to get to know its role in the world wide web, and why it matters.

What is HTTPS?

HTTPS means Hyper-Text Transfer Protocol Secure. It provides a secure and encrypted communication when the user browses a website, submit forms in web applications, and for transferring data between web servers.

It has become a habit for most internet users to type in https:// in the web browser address when visiting a website.

Below is an illustrated example of the difference between a non-secure website (http) versus a secure site (https):

Why HTTPS Matters

Successful HTTPS implementation involves installation of trusted SSL Digital Certificate to the web servers. SSL (Secure Sockets Layer) or TLS (Transport Layer Security) are both cryptographic protocols that provide authentication and data encryption. Both the TLS and SSL protocols use what is known as an 'asymmetric' Public Key Infrastructure (PKI) system.

An asymmetric system uses two 'keys' to encrypt communications: A 'public' key, and a 'private' key. Anything encrypted with the public key can only be decrypted by the private key, and vice-versa.

However, over the years for SSL and TLS, new versions of the protocols have been released to address vulnerabilities and support stronger, more secure cipher suites and algorithms. Currently, to be PCI (Payment Card Industry) compliant, the recommendation is to move all communication using the TLS v1.2 protocol.

• For Security and Privacy of Users

HTTPS is used to protect highly confidential and sensitive online transactions like online banking, online payments, and online shopping order forms. While using plain HTTP, data exchange can be intercepted easily by cyber security threats like hacking and phishing.

• For Compliance and Integrity of your Implementation

HTTPS becomes a requirement for many updated and latest browsers like Google Chrome and Mozilla Firefox.

This is how Google Chrome identifies insecure sites:

Chrome marks HTTPS-encrypted sites with a green lock icon and “Secure” sign.

• For Trustworthiness and Branding 

HTTPS status has a huge impact on your organic traffic searches particularly in Google. Website ranking on Google will significantly go down as they prioritize those who implement HTTPS.

Visitors and customers can also validate business registration and further validations with the use of extended validation certificate. This Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the legal entity, and have been validated by a certificate authority (CA).

At AltPayNet, we have implemented HTTPS to our websites, web applications, servers, and payment solutions which are Payment Card Industry Data Security Standard (PCI DSS) Level 1 certified.

Our team of experts in cyber security, compliance, and risk-management can provide a tailored data security package and consulting. Contact us now for more information.