Is there a benefit to having an Extended Verification SSL certificate?

What is an SSL certificate?

SSL certificates provide one means by which information can be communicated securely over the internet. They work using a form of encryption, where the website server and the website visitor’s computer perform a ‘handshake’ and the certificate is exchanged as authentication, thereby ensuring that the website is what it claims to be, and that no third parties can intercept the data as it passes between them.

What is an Extended Verification certificate?

There is actually no technical difference between a standard and Extended Verification (EV) SSL certificate – they both offer the same levels of encryption in terms of the connection you are making from your local machine to the website.

The benefit of EV SSL certificates comes in the form of the checks that are performed prior to the certificate being issued.

EV certificates require an extra level of validation in order for websites to acquire and use them, and were created due to the rise in internet fraud and phishing.

To acquire an EV certificate a company must first identify the legal entity which controls the website, which will then come under checks from an independent third party. Only once these checks have been passed will a certificate be issued.

Do you need an Extended Verification certificate?

Whether you might wish to purchase an Extended Verification certificate depends on a number of factors, such as:

  • What is your company’s existing reputation?
  • How likely are clients in your industry to look for an EV certificate when purchasing items?
  • What do your competitors do?

Many larger companies such as Amazon still don’t use EV certificates. This is because they don’t need to prove themselves as they are a large, reputable organisation, so people are unlikely to say “I’m not buying off Amazon – they don’t have an EV certificate”.

However, if your company is less high profile, and your potential buyers are likely to know the difference between a standard certificate and an EV certificate, then there may be a case for purchasing one.

The people who know about SSL certificates and their merits are likely to know how to check standard SSL certificates to see if the information is correct, and the people who don’t are likely to not look for a certificate at all, or maybe just look for a padlock within their browser (which you can get from a standard SSL).

To summarise, EV certificates do have a place in business, but are generally not necessary for the majority of small to medium businesses. Of course, this could change in the coming years as internet users become increasingly security savvy.

This entry was posted in Web Security. Bookmark the permalink.

Comments are closed.