ToolBox -

Overview

If you’re involved with the development or operation of an ecommerce website or a site that collects confidential information through online forms, you probably have some exposure to SSL Certificates. An SSL Certificate provides encryption keys so that when data sent in an encrypted manner, that only you can decrypt it. Sounds pretty secure doesn’t it? Well it IS pretty secure…provided you know who you’re dealing with.

SSL Certificates have three main types:

Domain Validated – The certificate is purchased from a “Certificate Authority” or CA that sends an email to the email address of the domain owner to verify they actually represent the website. The assumption being that in order to check the email, you are the owner of the site.

Business Validated – Also referred to as  “Organizationally Validated”, this  certificate is one in which the validated identifying information includes the domain and information about the business entity that operates the Web site, such as it’s registered business name.

Extended Validation – The Extended Validation (EV) SSL Certificate standard is intended to provide an improved level of authentication of entities that request digital certificates for securing transaction on their Web sites.

An Extended Validation SSL Certificate (like any other SSL Certificate),is purchased from a “Certificate Authority” (Such as GeoTrust, Thawte or VeriSign) to assure a website visitor that the site is owned and operated by the company that it appears to be. The difference is that the verification is much more stringent. A EV Certificate does three things:

  • Establish the legal identity as well as the operational and physical presence of website owner;
  • Establish that the applicant is the domain name owner or has exclusive control over the domain name; and
  • Confirm the identity and authority of the individuals acting for the website owner, and that documents pertaining to legal obligations are signed by an authorized officer.

That’s seems like a lot of work, and it can be. It’s also more expensive.

Is it really necessary? Are phishing attacks THAT frequent that one needs to go to all this trouble?  Consider these facts:

  • The number of unique phishing websites detected in June 2009 was 49,084
  • Experiments show a success rate of over 70% for phishing attacks on social networks.
  • Banking trojan/password‐stealing crimeware infections detected increased during more than 186 percent between the fourth quarter of 2008 and the second quarter of 2009.
  • The total number of infected computers rose more than 66 percent between the fourth quarter of 2008 and the end of the first half of 2009 to 11,937,944, representing more than 54 percent of the total sample of scanned computers.

Source: The Anti-Phishing Work Group -Phishing Activity Trends Report

With the continued grown of online transactions and ecommerce, the opportunities for online crime grow with them. To operate a successful site you need to protect your visitors in a way that is unmistakable and cannot be faked. That’s where an Extended Validation SSL Certificate can help.

Sites that have undergone the verification process by a Certificate Authority (CA, for short)  utilize this certificate to safeguard their site from “impostor” websites that might appear to the untrained eye as being legitimate. With the advent of higher security browsers it is far easier to be sure that the site you’re visiting has undergone this stringent process. All the major web browsers now employ a “green bar” appearance to signify that an Extended Validation SSL Certificate is in place.

The “green bar” is an instantly recognizable way of showing your customers that your site is secure and trustworthy. Below are screen grabs of how each browser alerts viewers that your site is verified and that their data is being protected by the highest level of security.

This site is here to help you understand what an EV SSL Certificate is, how to purchase one, install it and nest practices to use it to operate a more successful secure website. We provide articles  that will let you know the latest news about EV certificates and any security threats or bugs that you need to know about.