Article by Guest Poster
This article was written by a guest contributor. The author's views below are entirely his or her own and may not reflect the views of WHSR.
The Rationale Behind Extended Validation (EV) SSL Certificates – The Value Added Business
Trust is a perennial issue on the Internet – it has always been and (probably) will always be. But the reality is that today’s technology has made online business transactions more the norm rather than the exception.
From the end-user’s point of view, convenience against security presents a dilemma. How do I know I’m looking at a legitimate website? Is that really my bank’s website I’m looking at on my browser? Is there real business behind the site that offers such insanely cheap price? Those questions and other similar ones are common enough – and certainly valid. From the perspective of the E-business website owners on the other hand, such mistrust and ambivalence is bad for business. Understandably, everyone seeks guarantee and assurance when they do business online.
Secure Sockets Layer or SSL was developed by Netscape in 1994. It’s a worldwide standard security technology which creates encrypted link to ensure all data that passes between the web server and the web browser remains confidential and secure. Millions of consumers recognize and associate the “padlock” displayed on the browser as the icon of trust on the website.
E-business providers protect their customers and guarantee that online transactions are kept safe and private through SSL protocol, which they can only use upon issuance of the required SSL certificate. This certificate, which is issued by the Certification Authorities or CA, provides the opportunity for e-Business website owners to demonstrate their trustworthiness; thus, leverage an increased level of trust among visitors and turn them into paying customers.
What the Customers See
URLs with an SSL connection use https instead of just http. The “s” at the end obviously stands for “secure”. When the customer clicks on the Padlock your SSL Certificate and company details are displayed.
Company details. SSL Certificates typically contain your domain name and company name; your address, inclusive of city, state and country; details of the Certification Authority responsible for the issuance of the Certificate; and the expiry date of the Certificate. Take note that only certificates issued by High Assurance Certification Authorities actually display company details; which is another assurance that customers may be looking for when making an online purchase.
Expiry date. When a browser connects to a secure site, it does three things: It retrieves the SSL Certificate and check that it has been issued by a Certification Authority that the browser trusts, that it is being used by the website for which it has been issued, and that it has not expired. Failing on any one of these checks causes a warning to be displayed to the end user. Some customers also get concerned when they see that the certificate is soon to expire. It is important therefore, to renew your certificate with ample time to spare before the actual expiration date. A smart alternative is to purchase a multi-year certificate to minimize set up costs; plus, your customer will find it reassuring that you will still be around in the years to come.
Face it; people never buy from salesmen they don’t trust. Majority of consumers these days expect security to be an integral part of any online service they use; they require that details they provide on the Internet are kept private and confidential. For most customers, the only time they will ever consider purchasing products or services online is when they are assured to full satisfaction that their detailed information is safe and secure. Thus, you need to allay consumer apprehensions by providing trust indicators. Just like the real world, it is natural need for people to feel confident before going down an unknown path. The SSL Certificate guarantees your customers that you take their security seriously and this gives them the confidence that you have eliminated the risk usually associated with online transactions.
Extended Validation or EV Certificate, which was introduced in 2007, is a significant update of the SSL Certificate validation process that introduced substantial changes to verification methods used in authenticating the identity of online businesses. It provides consumers with a higher trust level while online by identifying which websites are legitimate businesses with verifiable credentials. These new certificates are indicated when the address bar on a visitor’s browser turn green.
SSL Certificate Authorities are already performing thorough and meticulous checks to validate the legitimacy of businesses. However, various CAs currently using non EV certificates employ varied types and levels of authentication; sometimes creating online security vulnerabilities that are frequently exploited for fraud, identity theft and other Internet crimes.
In contrast, the validation process for EV Certificates requires all CAs to rigorously scrutinize each business, using a prescribed set of sources and methods, before certificates are issued. The new certificates oblige businesses to complete a comprehensive and methodical documentation and verification process of current business licenses and incorporation paperwork. The CAs has to verify the accuracy of the data through additional sources; which may include on-site visits to the business, in some cases. This is aimed at resolving the variations in validation process; thus enhance Internet security features.
To the end users, this means that e-Businesses that have EV SSL certificates are much more likely to be legitimate entities, compared to those that only have the standard SSL certificates, which can be obtained by anyone even without verification.
The bottom line: Extended Validation SSL certificates are the latest secure certificates that offer the highest level of outward security to end users on the market today. So if you ask if it is worth it to have an EV SSL Certificate, the answer is: Absolutely, YES!