If you are collecting sensitive, identifying information such as (but not limited to) passport, bank account, credit card, or driver’s license numbers, you MUST enable SSL. SSL (Secure Sockets Layer) is a protocol for providing secure communications on the Internet. SSL provides for the authentication and encryption of traffic between your browser and Internet servers.
To enable SSL on your form, go to Settings > Security and click “yes” next to SSL. After enabling this feature, you will notice that the original “http” in the URL has now changed to “https”, which stands for HyperText Transfer Protocol Secure:
When you enable SSL on your form and you embed it on a website that does not have a security certificate, your form will still be secured by Formstack, even though the URL on the embedded website will not display the “https”. Below is an example of an embedded form with SSL enabled, displayed on a non-secure website.
Although your form will always be secure, it might be a good idea to secure your website as well, even just so individuals filling out your forms will not be confused by the seemingly un-secure URL. If you would like to add a security certificate to your website, simply contact your website provider for their pricing plans and features. If your website is a custom, personal domain, you can obtain a security certificate from a provider as well (GoDaddy.com, for example). Once the certificate is obtained, the provider will walk you through how to add the code to the back end of your website. Don’t be intimidated – if you are not tech-savvy, they have resources to help you. You could even hire a developer to get it all set up for you!
If you decide it’s not necessary to obtain a security certificate for your personal website, after you turn on SSL, you can always choose to display the “Form Secured by Formstack” logo at the bottom of your form so users know their data entry is definitely secure. To display this logo, click on “Form Extras” when in Build mode. Then, click on “Secure Logo” and check the box to “Show Secure Logo”.
There are other ways to protect your data as well:
- Password only access to form (for entry/submission)
- PGP email encryption (for notification emails)
- Database Encryption (for your form database)
To receive a complete copy of our Security Document, please fill out our Security Information Request form. Any questions or suggestions? Let us know in the comments below!
First Image Credit: http://www.digicert.com/ssl.htm