Brilliant Directories has built-in security measures to protect your data. Brilliant Directories also stores your directory information independently and separately from all other users. There are multiple security checks and clearance levels an administrative user must pass through before accessing any sensitive database information.In addition to this, Brilliant Directories will never contact, copy, access, or solicit information that is stored in your directory"s database without your permission. We claim no intellectual property rights over the material or content in your database.

Further Security with SSL Certificates

The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. Ask your directory coach to help you install a custom SSL Certificate on your website directory. SSL Certificates will encrypt sensitive information being transferred between your website and the merchant gateway.

What is SSL?

On the web, SSL tries to do two things:
  • Encrypt and verify the integrity of traffic between the browser and the server.
  • Verify that the browser is talking to the correct server. In practice, this usually means verifying that the owner of the domain and the owner of the server are the same entity. This helps prevent man-in-the-middle attacks. Without it there"s no guarantee that you"re encrypting traffic to the right recipient.

Do I need to use SSL on my payment pages?

Yes, for a couple of reasons:
  • It"s more secure. In particular, it significantly reduces your risk of being exposed to a man-in-the-middle attack.
  • Users correctly feel more comfortable sharing their payment information on pages visibly served over SSL. Your conversion rate is likely to be higher if your pages are served over SSL too.

How do I set up SSL?

Setting up SSL takes about half an hour, though it might take longer if it"s your first time doing it. It typically costs between $10 and $500 depending on the certificate provider and type of certificate. Conceptually, the process is very straightforward — buy a certificate and configure your web-server to use it — but the details tend to be somewhat complex.
  • You should buy an SSL certificate from a good certificate provider. We recommend DigiCert — their certificates have very wide acceptance (and in particular should work well on mobile browsers, where many other certificate providers fall short). NameCheap is another good option. They have slightly lower acceptance but their basic certificates cost $10 to $20.
  • Unless you"re frequently setting up SSL, it"s pretty much impossible to remember all the steps and configuration directives involved. We recommend following the DigiCert or Slicehost guides.
  • If you have any questions at any stage of the process, feel free to get in touch — we"re very happy to help.


What if I don"t want to set up SSL yet?

  • You can test your page (including testing live transactions) before installing your SSL certificate; you don"t need to do it at the very start.
  • If you want to go into production before setting up SSL, you could consider hosting your site with a provider that gives you a secure subdomain. For example, Heroku allows you to host at https://yourapp.heroku.com.


How can I test my SSL configuration?

SSL is a complex suite of cryptographic tools, and it"s easy to miss a few details. We recommend using the SSL Server Test by Qualys SSL Labs to make sure you have everything set up in a secure way.


Is there anything else related to SSL that I should think about?

  • It may be a security risk to include JavaScript from other sites. Your security becomes dependent on theirs — if they"re ever compromised, an attacker may be able to execute arbitrary code on your page. In practice, most sites embed things like Google Analytics even on secure/sensitive pages, but it"s something to be aware of, and ideally minimize.
  • For each of your pages, make sure all included resources (JavaScript, CSS, images etc.) are being served over SSL. Not doing this results in the infamous mixed content warning.