Question about SSL (Secure Socket Layer) and also AVS

[markw10]

I am currently developing an E-Commerce website and my web host offers a shared SSL for free as part of my package. I know I can also pay elsewhere and get a dedicated SSL but had the idea it's very expensive and not necessary and have read that in a couple places.
I have read more recently that it's only around $100 to get one and gives you more credibility so it's the thing to do. My questions:
1. Should I go with the Shared SSL or get one that is dedicated? Is a dedicated one more secure or just about credibility with the public?

2. If I purchase a dedicated one which is a good company to go with? Verisign or another? What type of price should I expect?

3. Also, this is more unrelated but I read how I should use AVS (Address Verification Service). I think this verifies that the billing address of a credit card is correct at checkout time and can rule out some fraudulent payments. Is this an additional service or cost or is this part of an authorize.net account?

Thanks for any help with the above questions.

[marc77]

1. Shared SSL means that the user is being redirected to an other location, e.g. from http://www.me.tld to https://customers.webhostingbiz.tld/mecom/

Some customers are quite sensitive, while others don't care. So it's up to you. When using a consistent website layout, I think that just few people may notice the change in domain overall.

2. Prices for SSL certificates vary from a few bucks to several hundreds US-dollars per year; although they all provide the same service.

If it just would be because of getting encryption, you even could go using a self-signed certificate that is totally free... but your webbrowser will show an "unknown certificate issuer" or something like that. Again, transferred data is encrypted... however because of the warning pop-up, this is usually no choice.

Certificates signed by an official issuer (in other words, a company that paid the software developer of the webbrowsing software to get supported) don't have this problem, because they are recognized by the webbrowser.

We could discuss about the sense of other services offered by the issuers, like business verification or "seal of trust" logos. In my mind it is wasted money... most customers aren't aware of these logos, so you can invent your own ones as well ;-)

2. I recommend (because we also use their SSL certificates) http://www.ssldirect.com/ which offer the cheapest SSL certificates I found, widely accepted on all browser platforms. You may give it a try on our website (but please don't send an order unless you are sure ;-)

3. It not necessarily relates to credit card payments only, but is widely used there to avoid loss due to frauds.

Most payment processors are charging an extra amount for AVS. If you are new to business and ship physical goods, you should consider using it.

However AVS may only work if you are delivering within the USA or countries allowing AVS services. Sometimes, address details cannot be verified because of legal regulations.

[markw10]

Thanks. I had heard of Verisign but will take a look at ssldirect.com and also take a look at your web site.

[marc77]

If you like VeriSign, go with them :-) Other prefer GeoTrust, Thawte, Comodo, ... it is absolutely the same service, just with different marketing.

Nearly any issuer also sells discounted certificates; not necessarily under its own label, of course (SSLdirect = GeoTrust, I don't have others at hand yet). So it is worth to keep eyes open and search a bit. You really can save much money for the absolutely same services.

Maybe you can let us know for which issuer you have decided and what was the key argument to do so ?