We’re moving all shared web hosted credit union websites to SSL Encryption at no additional cost
Over the course of the next several weeks, CU*Answers Web Services will be adding SSL certificates to all shared hosted credit union sites at no additional cost to your credit union. If your credit union has already purchased an SSL certificate, you may continue to use it. If you don’t have an SSL certificate, CU*Answers will be providing one via the Let’s Encrypt Certificate service Authority.
What is an SSL certificate?
Imagine you’re passing a note to a friend across the classroom. The person between you reads it before passing it along, sharing the contents of the note with anybody they want—this is what might happen with a standard HTTP website. Now imagine you send the note but the contents of the note can only be understood if you have a special decoder ring (SSL certificate). When the person in the middle tries to read it, they won’t be able to understand it since they don’t have the key—that’s how an HTTPS website works. And more and more, HTTPS is becoming the standard for how websites are operating. Learn more about the why this is the way of the future from security researcher Troy Hunt.
Why should I have an SSL certificate for my CU website if we’re not exchanging information with the member?
Not only is SSL encryption more secure in terms of transmitting information between website and end user, browsers like Google Chrome and Mozilla Firefox have begun to prioritize SSL encrypted websites, and point out when they’re not encrypted. Chrome, for example, will indicate that the website is “Not secure” if it’s using the older HTTP encryption; a label you definitely don’t want to have associated with your credit union!
Does this mean we can start collecting sensitive member information on our website?
No, this does not change our policy with respect to collecting private information on your credit union website. Make sure you follow the It’s Me 247 Kitchen Recipe for more information about collecting private data outside of online banking – https://www.cuanswers.com/resources/kitchen/online-forms-introducing-the-its-me-247-request-center/
What if want a certificate from a different provider than Let’s Encrypt?
That’s fine! If you do not want to use a certificate from Let’s Encrypt, contact Web Services to let us know about the vendor of your choice. Pricing varies from vendor to vendor.
What do I need to do?
Unless you’d like to use a different SSL certificate provider, your credit union doesn’t need to do anything. You may just notice your website switch from HTTP to HTTPS protocol as we roll it out to hosted websites.
SSL is the future! The idea of SSL overtaking the entire web has large implications for the future of security for the web. It helps improve your users experience by protecting their information from being leaked through encryption which helps prevent identity theft and account compromise, among other things.