Buyers Guide to EV SSL

   Step 1: What is an EV SSL?
   Step 2: SSL vs. EV SSL
   Step 3: Merchant Benefits
   Step 4: EV SSL Validation Process
   Step 5: Buying An EV SSL Certificate


 EV SSL FAQs
   EV SSL Certificate FAQs
   SSL vs. EV SSL
   Certification Authority/Browser Forum
   Validating the Certificate Authority
   Benefits of EV SSL


 EV SSL Info
   EV SSL News
   EV SSL Polls


 Advertisement


ev ssl certificates
(Visit Buy SSL Certs for all SSL Certificates including EV SSL )


 EV SSL Polls


   View All Polls


Which brand of EV SSL are you considering purchasing or currently using?









View EV SSL Certificate Poll Results

Step 3: Examining the benefits for merchants using an EV SSL Certificate

SSL was invented to add digital certificates to online transactions, which would elevate trust in the consumer, because the website owners go through a vetting process with a CA in order to obtain an SSL certificate only. In the past, some CAs have introduced "domain validation only" SSL certificates, which only serve to give minimal verification, period.

Currently, websites with only SSL certification don't show whether it's low-level validation or high-level validation, because most browsers do not clearly make a distinction between low-validation certificates and those that have undergone more rigorous vetting.

In a January 2007 report, issued by Tec-Ed Research, a computer usability think tank showed that the EV SSL certificates would actually increase consumer confidence in making a transaction online.

After interviewing 384 online shoppers on usage and attitudes toward e-commerce and EV SSL, the results were quite astounding.

Tec Ed measured the online shoppers' responses to websites with and without green URL address bars, and they found that:
  • 100 percent of the participants noticed when a website did or did not have a green URL address bar.
  • 93 percent of participants prefer to shop at sites that have the green EV address bar.
  • 97 percent of participants would share their credit card information with sites that display the green EV address bar.
  • 67 percent said they would share credit card information with or without an EV SSL certificate.
  • 77 percent said that they would think twice about shopping at a website that had lost it's EV SSL certification.
Extended Validation Secure Socket Layer (EV SSL) is the next step in maintaining secure communication between web browsers and merchant web sites/servers.

Unlike traditional SSL security, EV SSL offers end-users a way to verify that the web site that they are is truly the real web site of the merchant/company.

Gone are the days of just trusting that the little "lock" icon at the top or bottom of a supposedly secure "https" Web site, meant secure 128 bit encryption.

With SSL, any website could get an SSL certificate, even if the website was a fake, and once the certificate matched the website, the little lock went up in the corner, just like a legitimate website.

Moreover, SSL certificates have different levels and they are issued in various ways. Even with encryption for each kind of SSL certificate, and with the visual clues in the URL address browser like the lock icon or the "https" prefix, there is no way to know the credibility of the certificate and it's owner.

There are four different SSL certificates:

  • Self-validated SSL certificates - The company or online merchant issues the certificates to themselves, with no oversight from a third-party.
  • Class 2 SSL certificates - A Certificate Authority (CA): a third party-only checks the applicants URL against the WHOIS database-the domain registry for websites.
  • Class 3 certificates - These certificates are also known as organizationally validated SSL certificates. CAs go one step past the Class 2 checks, by trying to establish the operational existence of the website in question, however this varies from CA to CA, and, previously, there is no way to check the operational existence of the website.
  • Extended Validation SSL Certificates - With these certificates, a CA validates not only domain name registration, but it covers operational existence, legal existence and the company/website's physical existence. EV SSL certificates not only offer "https" prefixes, or the lock icon, they also change the URL browser address to a different color. Until now, the availability of both high authentication certificates and low authentication certificates was/is rampant.
The typical end-user only sees the "https" and lock icon, and is unaware that online criminals can obtain a low authentication SSL certificate for their spoofed website, and it will look just like another "secure" site.

As in the case of Fast Flux, SSL encryption and validation can be cracked by an adept phisher or phishers, and more and more end-users are losing faith and confidence that making online transactions is a smart thing to do.

With EV SSL certificates end-users/consumers can verify a website owner's identity and the browser interface makes it easier for end-users/consumers to identify the website as legitimate or when it is not legitimate.

For example, Comodo, Inc., a global Certification Authority and leading provider of Identity and Trust Assurance Management solutions and the initiator and lead in the creation of the CA/Browser Forum, was one of the first CAs to advocate the need for EV SSL certificates for small businesses and large businesses alike.

Though larger businesses have the money and resources to launch expensive branding and ad campaigns, in order to gain the public's trust in their product, smaller businesses don't have that luxury.

Smaller businesses have a bigger need to establish trust via EV SSL certificates, and by doing so, consumers can trust larger companies and smaller companies in the same way, because each have been through the rigorous audit/authentication process demanded by the CA Browser Forum.

According to a Comodo press release, the first business to receive an EV SSL Certificate was GetBids.com-a business that allows customers to procure home contractor services within their local area based on their telephone area code. As well, the site offers contractors a marketing and advertising package, along with a routing source to send leads to contractors.

Before EV SSL, GetBids.com like other sole proprietorships doing business under an assumed name could not obtain an EV SSL certificate. Unfortunately, because there were no established processes for validating this class of business owner, sole proprietorships have not had a way to establish validity and trust to the consumer.

"Establishing trust on my site is critical because visitors need to have confidence in my site otherwise they will not procure services through me," said Mr. Wolmouth. "Having Comodo's EV SSL Certificate on my website will definitely improve sign-up rates because I look as credible as any other larger site and the EV SSL certificate demonstrates my trustworthiness to my customers."

With EV SSL certification, both the online merchant and the end-user, who will be login to the merchant's website, are secure in knowing that both sides have the highest level of identity and fraud protection from an SSL Certificate.

EV SSL is the best way to ensure that phishers don't wreck a merchant's reputation, and that an end user/consumer doesn't get their sensitive data stolen from them either.

It's a win-win situation for both merchant and end-user.

ev ssl                      pci compliance asv


pci compliancePrint this page

| Home |  EV SSL FAQs |  Buyers Guide to EV SSL |  Where to Buy |  EV SSL News |    EV SSL Certificate Polls | 
© 2007 EV SSL Guide.com
   All right reserved - do not copy any material without written permission.



Visit Buy SSL Certs for all SSL Certificates