Extended Validation provides the same standard of security as a normal SSL certificate offers, but they are much harder to attain. Historically, certificate authorities (i.e. the companies who issue SSL certificates) would freely issue SSL certificates to anyone, meaning that fraudsters and unscrupulous companies would easily attain SSL certificates and pose as secure services, such as setting up a phishing site for banking. This worked because website users were familiar with simple visual indications that a website was secure, such as the padlock symbol and the “https://” in the address bar. This meant that users who weren’t aware of how phishing attacks worked were more convinced of the con.
In order to combat this nefarious activity, Symantec’s Extended Validation SSL certificates offer a guaranteed level of identity verification. They verify that the business requesting the SSL certificate is who they say they are (for example they are a legitimate business entered in Companies House in the UK). They may verify an individual by way of passport or drivers license. Proof that the requester of the SSL certificate owns the domain they are requesting for is also required, as well as some other checks.
In return for these extended checks, web browsers show a visual indication to show the end users - your customers - a green address bar and show that the identity of your company has been verified. This improves the confidence your customers have in your business, meaning more converted sales, which in turn means a better return on investment on the Extended Validation certificates.
No comments:
Post a Comment