Viable Herbal Solutions uses the industry standard security protocol Secure Socket Layer (SSL) to encode sensitive information like your credit card number that passes between you and Viable Herbal Solutions. SSL works by creating a temporary, shared "key" (sort of a digital code book) that allows only the computers on either end of a transmission to scramble and unscramble information.
To anyone between the sender and the receiver, including all the servers that may relay the message, the SSL transmission is indecipherable gibberish.
SSL makes on-line ordering just as secure as using your credit cards anywhere else.
Here's how it works:
Exchanging "Hellos"
When your browser lands on a secure Web page, the server that is hosting the secure site sends a "hello request" to the browser. The browser then replies with a "client hello." In networked environments (and the Web is the granddaddy of all networked environments), individual PCs are often called "clients." The server, ever the polite one, responds back with a "server hello." Exchanging all these "hellos" lets your browser and the server's Web page determine the encryption and compression standards that they both support. They also exchange a "session ID," a unique identifier for that specific interaction. Once they have greeted each other, the browser asks for the server's "digital certificate." It's the on-line commerce version of saying "Can I see some ID, please?"
A Digital Certificate
On-line companies get digital certificates from a Certificate Authority, like RSA Data Security Inc. or VeriSign Inc. A Certificate Authority verifies a company's identification, and then issues a unique certificate as proof of identity.
Sharing the Key
After your browser and our secure server provider have 'shaken hands,' and after your browser has checked our digital certificate, then your browser uses information in our digital certificate to encrypt a message back to us that only our secure server can understand. Using that information, the browser and the server create a "master key." This master key is like a codebook that both sides can use to encode and decode transmissions. Only your browser and our server share that "master key," and it is valid only for that individual session. Using the unique, shared key, your browser and our secure server can exchange sensitive information, like your credit card number, in a way third parties cannot understand or decipher.
When you surf off a secure site, the master keys you once held in common become useless, since they are good for one session only. When you go back to the secure site again, your computer and the secure server will again go through the whole process, and then create another "master key."
Knowing When You are on a Secure Site
You can tell when you're on a secure site by looking at the image of a padlock or key somewhere along the bottom of your browser's window. If the key is unbroken, or the lock is closed, and the image is golden or glowing, that means you're connected under the cloak of SSL security. Most browsers can also be set to alert you when you enter and leave a secure site.
Is it Safe?
The legal department goes crazy when we speak in absolutes, but SSL does make your on-line purchases extremely safe. The way to break an SSL encryption is with brute force by intercepting the encrypted message containing your credit card number, recording it, and then using a sophisticated computer to try every possible combination until the master key is cracked. To combat even that approach, most keys range from 40 to 1,024 digits long (each digit is either a 1 or a 0). As the number of digits in the key gets longer, the number of possible combinations grows into the trillions. Therefore, the longer the key is - the more secure it is.
We believe strongly in the safety of SSL. Encryption technology continues to evolve, however, so Viable Herbal Solutions will continually review ways to improve security, including new, even more bulletproof encryption methods. |
