Which SSL Certificate Does Your Web-Based Business Need?
Ensuring the security and privacy of customers doing business with you online is essential to establishing customer confidence and trust. That confidence and trust is established through securing communication between your customer's Web browser and your Web site, generally by way of an SSL Certificate. You can install an SSL Certificate yourself or one can be provided to you by your Web hosting provider or a third-party transaction-processing company.
While attempting to establish secure communications with your Web-based business (for example, when a consumer initiates an online purchase) the consumer's browser seeks to validate your Web site's authenticity by requesting a digital certificate that verifies the identity of the Web site owner. Once that certificate is recognized, a Secure Sockets Layer (SSL) connection is established, encrypting data transmitted between you and the consumer including such information as credit-card and bank-account numbers.
Online businesses may currently choose between two types of SSL Certificates: Organizationally Validated (OV) and Domain Validated (DV) Certificates. A third type of SSL Certificate, called Extended Validation Certificates, will be introduced in early 2007. All SSL Certificates include data encryption and trigger the browser to display a closed padlock and the "https" prefix in the browser address window. However, not all provide the same level of validation that the bearer of the SSL Certificate is truly a legitimate business.
Organizationally Validated (OV) Certificates:This level of SSL security validation, currently offered by Network Solutions® and other certificate authorities (CAs), assures the validity of a Web site by verifying that the applicant is a legitimate business. Before issuing the certificate, the CA performs a rigorous validation procedure, including checking the applicant's business credentials (such as the Articles of Incorporation) and verifying the accuracy of its physical and Web addresses. An Organizationally Validated Certificate is an excellent choice for any business conducting online transactions and accepting sensitive data, such as credit-card numbers, from customers.
Domain Validated (DV) Certificates:The validation procedure is less rigorous for a Domain Validated Certificate. When issuing a Domain Validated Certificate, the CA checks only that the applicant's name and contact information matches the registration information in the WHOIS database for the domain name associated with the SSL Certificate. Because CAs aren't required to validate the legitimacy of the applicant's business, Domain Validated Certificates are a good choice for businesses where customers will not be transmitting sensitive data or are less concerned about issues of identity assurance.
Extended Validation (EV) Certificates:The newest level of Certificate validation is, in fact, so new that it's not yet available. Scheduled to reach the market in early 2007, Extended Validation Certificates are the first SSL Certificates to adhere to industry-wide certification guidelines, which are being established by leading Web browser vendors and Certificate Authorities, including Network Solutions. The Certificate application process itself will be more thorough and the validation criteria more rigorous for EV certification, whose applicants, at least initially, will be limited to incorporated entities and government agencies. Among the new features of EV Certificates will be the color-coding of the Web browser's address bar to signal secure connections. The browser navigation window will turn green to indicate an authentically validated site with an EV Certificate, full security, and encryption in place, and will turn red when it encounters a known phishing or otherwise untrustworthy site.
At present, OV Certificates remain the best choice for the Web sites of unincorporated small to medium-sized businesses. These businesses should consider upgrading to EV Certificates, however, when the Certificates become more widely available. For those businesses that are currently incorporated and eligible for an EV Certificate, it is recommended that they purchase or upgrade to an EV Certificate.
For additional information, consult our FAQs or read on…