What we do know is that any website, and undoubtedly the ones which use financial transactions for e-commerce, need SSL certifications for three reasons. First, the safety and security of the data that is exchanged between the web server and the web browser while navigating through the website. The second is that the user of the website wouldn’t be able to trust that website enough if it doesn’t have an SSL Certificate.
One example of how this helps is that a user carrying out a financial transaction in a site which doesn’t have SSL certification could not be certain that hackers wouldn’t be able to take possession of their personal data by posing as the web server. And finally, the ranking of the website in search engine results would go up if it has an SSL Certificate.
What we also need to know is that there are different kinds of SSL Certificates available. There are primarily 3 kinds – Domain Validated (DV SSL), Organization Validated (OV SSL) and Extended Validation SSL Certificate (EV SSL). All 3 types have similar levels of encryption, but they all have different intensities of their validation and vetting process. That is at the backend, and at the user interface, they would differ in the view that user gets in the browser address bar.
Let us look into the EV SSL (Extended Validation SSL Certificate) in a bit more detail. First thing we would look at is who or which kind of entities should go in for EV SSL. Some examples would be banks, financial organizations and any companies or brands which permit online transactions (especially of financial nature) on their websites. In general, an EV SSL is recommended for any website or web application that needs to convey trust in the mind of the user, or places where the user would part with his or her financial or personal information.
An important information to have while understanding the benefits of an EV SSL is what is referred to as phishing. Phishing refers to posing as a legitimate website and using that sham to trick users into parting with their data. Several phishing websites or applications now resort to going in for a simple DV SSL certification, because those have comparatively lower levels of vetting. A user who uses a website with EV SSL would be able to see the website owner’s complete details on the website itself, and would feel reassured that the site was safe to use.
A user also needs to be aware of how the URL of a website would look like if it had Extended Validation SSL Certificate (EV SSL). First, it would show a padlock icon on some browsers, and also the URL would begin with ‘https’ instead of ‘http’. The colour of the browser address would be colored green, and some browsers also display the name of the country. Finally, the name of the organization and the location of its office would also be displayed in the address bar.
If a website having EV SSL is so easy for a user to identify and then use safely, and so difficult for imposter or phishing sites to have, then there surely must be a very fool proof checking system in place before granting the certificate. The legal, operation and physical existence of the entity is verified, and only then is the certificate given. These processes are implemented only after due ratification by the certifying authority. This is what makes EV SSL different from the OV and DV certificates mentioned above. For example, in DV SSL certificate, the only proof that is required is that the owner of the website has control over that domain, with no vetting done of physical existence.
We have understood some of the basic information regarding EV SSL, but there are several questions that are frequently asked. Let us try and address some of them. First, all EV SSLs are not similar nor as effective. So, EV SSLs are different and more effective than instant or wildcard SSLs. Also, if a site has EV SSL certificate, then there is nothing else to worry the user. As of now, the EV SSL is the most secure SSL certification available, and both webmasters and users should recognize its importance.