In the late 90s, the internet boom spawned a new generation of consumers who began to browse and shop online. The largest e-commerce giant, Amazon.com, was started in the same era and underwent gigantic growth. All thanks to the spurt in the internet users consequently from the higher penetration of it among the nook and corner of the world. Presumably, the online purchases are based on the inherent trust among the e-retailers. Users don’t worry about their financial information being stolen from the other party, or anyone else around. The entire foundation of online shopping is standing on the pillars of users’ trust. Should they lose it and revert to conventional shopping methods, the whole industry would be jeopardized--not to mention the sub-industries relying on it.
Genesis of SSL certificates
Secure Sockets Layer (SSL) certificate is a small data file that binds a cryptographic key to an organization’s details. The padlock is activated when it is installed on a web server along with the https protocol allowing for a secure connection from a web server to a browser. In layman’s language: SSL certificates verify the e-retailer and indicates a secure connection between a personal device and a company website.
Types of SSL certificates
Typically, website owners purchase SSL certificates from Certifying Authorities (CA). However, the levels of security is what differs from various kinds of SSL certificates. It’s like you lock a box with a padlock, but the quality of padlock makes all the difference. Here’s a few for you to differentiate.
Domain validated (DV): This probably is the simplest of the certificates. It just verifies the retailer without needing the actual information from the company. Cybercriminals commonly use this certificate to trick victims into believing the malicious page to be genuine.
Organizationally validated (OV): Going a step further, these certificates are issued when specific information about the organization like physical location, website domain etc. are provided. This process usually takes a couple of days.
Extended validation (EV): This certificate is issued by CAs only after rigorous verification of the company. As you guessed, it has the highest level of security and easiest to identify. The review process is quite exhaustive as it requires incorporation documents, confirmation of application identity, and checking information with a third-party database. In addition to adding the padlock in the URL bar of the browser, the “S” part of HTTPS, this adds the company’s name in green in the browser URL bar.
So, what should you do to stay safe?
First, you should be aware that merely adding a padlock or “https” to the website domain doesn’t guarantee security. You’re still at the risk of being scammed or exposed. Look for the company name in the address--only EV certificates can allow that. However, browsers don’t distinguish between OV and DV certificates, so, you can’t tell the difference either by looking at it. Therefore, you’ll need a tool to tell what certificate comes attached with the website. Always transact or provide confidential or sensitive information only through OV or EV-enabled sites. Let’s face it: online shopping isn’t going away.