CertiSur
Control Panel
Security March 27, 2023

What Consumers Need to Know About SSL Certificates

By Jeff Barto In 1994, the first online purchase crossed the Web: a large pepperoni pizza with mushrooms and extra cheese from Pizza Hut. Over the following 20 years, e-commerce has skyrocketed in a booming economy, exceeding $1.2 trillion in sales in 2013. This growth in online shopping rests on a foundation of trust. People trust that the websites they use to track finances and make online purchases are safe and legitimate; largely because of Secure Socket Layer (SSL), also known as certificates; that small padlock in the browser's address bar.

Lo que los consumidores necesitan saber sobre Certificados SSL
SSL Certificates verify that the provider is who they say they are and also indicate secure connections between personal devices and company websites. Understanding SSL certificates is important to help prevent becoming victims of scammers. Because after all, not all sites, or SSL certificates, are the same.The different types of certificates Website owners purchase SSL certificates through Certificate Authorities (CA). There are three different types of SSL certificates, each providing a different level of security. The problem is that, although all these certificates provide the security padlock in a browser's URL bar, along with HTTPS (the "S" stands for "secure") in the address bar, the security levels between certificate types differ greatly. This is why it is important to understand what type of SSL certificate a site has when you are about to perform financial transactions or any other operation involving user personal data.• Domain Validation (DV) : This certificate is issued after verifying that the owner has the right to use a particular domain name. It is a straightforward process in which the Certificate Authority will send an email to the registered email address of the website in order to verify its existence. No information is required about the organization or person controlling the site. Cybercriminals often use DV certificates, as they are easy to obtain and can make a website appear more secure than it actually is. For example, scammers can use DV certificates to lure consumers to phishing websites that appear authentic or to cloned websites that appear legitimate, but are designed to steal sensitive information.• Organization Validation (OV) : To issue an OV certificate, a Certificate Authority must validate certain information, including the identity of the organization, its physical location, and ownership of your website's domain name. This process usually takes a couple of days.• Extended Validation (EV) : This certificate has the highest level of security. It is issued once the organization requesting the certificate undergoes a strict authentication procedure. It is a much more rigorous verification than the one described previously. It seeks to identify the legal entity controlling the website, provide the user with the assurance that the site is controlled by an entity legally authorized to operate, identified in the certificate by its name, address, jurisdiction, and registration or enrollment number.What can people do to stay safe? Now that you know what an SSL certificate is, the three different types, and that sites with DV can pose a risk for fraud, how can users reduce the risk of shopping or conducting other sensitive transactions online? 1.Keep in mind! The fact that a website has the padlock or "https" next to a URL does not mean it is completely safe to conduct financial transactions. Users have learned to look for those two things before conducting a transaction, which is exactly the reason why cybercriminals are taking the trouble to obtain DV type SSL certificates; to simulate legitimate sites. 2.Learn how to check the SSL certificate type of a website. As a first step, look for visual signals indicating security, such as a padlock symbol. Browsers do not distinguish a DV certificate from an OV or EV certificate at first glance. To do this, we must click on the padlock in the URL. Then click on where it says the connection is secure, and then click on where it says the certificate is valid. If it is an OV or EV certificate, there you will be able to see the name of the organization that owns the website. 3.Only conduct transactions and provide sensitive data on sites that have OV or EV certificates. There is a time and place for DV certificates, but that does not include their use for e-commerce sites. If a site has a DV certificate, reconsider performing any type of transaction through that site. If it is a site that has an OV or EV certificate, you already know that the business identity of its operator has been confirmed. Until the industry requires an OV or EV certificate for e-commerce sites or an easier way to identify the different types of certificates, people will have to assume some of the burden in the fight against cyber risks. By knowing the risks beforehand, consumers are less likely to be deceived by phishing websites.
← Back to news