Secure certificates (SSL): they're not all the same!

Are all Secure Certificates the same?

Everyone is looking for a bargain, but if you're not comparing apples with apples, you won't be getting what you need. This is especially so in the area of Secure Certificates (SSL). It's quite easy to think they're all the same, and yet there's a massive difference in what they cost. How could this be so? If you think they're all the same, you would inevitably conclude some are just a massive rip-off and you would base your decision on the least cost.

It will come as a shock to many website owners that secure certificates (SSL) are not all the same. In these days when the online consumer want the confidence that not only is the website is secure, but you are who you say you are, you could easily be selling yourself short with the wrong certificate. As always, you get what you pay for.

The background to Secure Certificates (SSL)

From a technical perspective, secure certificates use the same data encryption, allowing you to transfer data between the webserver and your device securely. But the real issue is how do your customers know who is on the other end of the website. How do they know it's really you? In the old days of the internet that wasn't a problem, but now with phishing sites it is. Many of these phishing sites will use SSL Certificates, but only domain validated where they don't have to validate who they are.

There are three main types of secure certificates (in fact there are few more) and all modern browsers are able to distinguish the different types of SSLs being used. These are:

Domain Validated (DV)
This is simply a Secure Certificate where the only thing that is validated is the domain. Issuing these certificates is generally automated process where an email is sent to the registrant of the domain, and if they click on the link in that email, the domain is considered validated. The owner of the website could be anybody, those details are not checked. As a consequence, these SSL's are generally inexpensive. The savvy online shopper can easily work this out.
Organisational Validation (OV)
These certificates not only validate the domain name, but also the organisation requesting the certificate. Before these certificates are issued the organisation is required to validate (provide some form of proof) who they are. From the perspective of the online consumer this provides a much higher level of trust, not only is the website secure, but the organisation behind the website is real.
Extended Validation (EV)
Extended validation is really an extension of the OV Certificate. This is done by validating such things as the phone number of the organisation and then calling that number to see if the person or organisation requesting the certificate really does have the authority to request that certificate. It provides your visitors an extra level of assurance that they are really visitng your website and not that of an imposter site.

Creating a trusting online environment

Business has always been about trust, and with online business, even more so. Having the right Secure Certificate will create an environment of confidence with your potential customers, making it easier for them to share and trust you with their personal details and to make purchases. Your customers want to know you are serious about protecting their information and you value their business. The right Secure Certificate is the equivalent of rolling out the red carpet to your customers.

Got you thinking?… Ready to make a start?