Site: US UK AU |
Nexcess Blog

The Scoop on SSL Certificates—They’re Not All Created Equal

January 9, 2018 0 Comments RSS Feed

SSL SecurityYour online success is largely based on perception. The good news is you have control over the image you project to website visitors. The bad news is you may not be putting your best web presence forward. We’re here to change that with a quick non-techie primer on SSL/TLS certificates.

Let’s Cover the Basics
SSL/TLS Certificates serve two important functions. Most people make the mistake of only focusing on the first one—encryption. But, the real value to your business is in the second, which is authentication.

Sure, enabling an encrypted connection between your visitors and servers to ensure data in transit—including credit card numbers, usernames, and passwords—stays private and untampered with is essential. That’s why all levels of SSL/TLS Certificates provide this base level of protection. But, what your visitors care about most is who they’re really connecting to—and if they’re legitimate. That’s where authentication comes in—and it’s important to understand how the various certificate options differ on this point. You could say your reputation, or business, depends on it.

It’s All About Trust
Doing business on today’s fraud-filled web means putting your visitors’ fears at ease—and believe us, they have concerns. In fact, a Tec-ED survey found 77% of online buyers were hesitant to shop on a website without EV SSL—the highest level of authentication. Consumers are getting savvier by the second and want proof you are who you say you are before they’re willing to do business with you. So, it’d make good sense to align yourself with top, highly respected companies by choosing a high-level SSL/TLS Certificate that offers more extensive authentication.

It’s Not a Level Playing Field
There are three levels of authentication available in SSL/TLS Certificates. The higher the certificate level, the more in-depth the authentication, or validation process—and the more meaning and value it has for you and your visitors. Let’s take a deeper dive into each one’s validation requirements.

Standard—All that’s required to get a Standard SSL/TLS Certificate is to validate you own the domain. That’s it. So, while basic indicators like HTTPS and the padlock icon confirm there’s encrypted communication in place, your website visitors have no validation of who’s really on the other side. Standard certificates share roughly the same level of difficulty as getting a library card. You don’t really have to prove who you are, you simply tell them your name. That means my long-lost cousin twice removed could easily say she’s me and walk out with the latest Stephen King novel—no questions asked.

Best Fits: If you host a blog, you’re a one-person entity, a company that’s already well-known and trusted by your customers, or don’t need more than encryption, Standard might be the way to go.

Premium—For these mid-range certificates, you do have to go so far as proving your company or organization is legitimate with up-to-date documentation. It comes with a clickable site seal so visitors can see your organization details and feel confident it’s actually you on the other end of the connection. Think of it like a driver’s license where you’re required to show documentation that validates you are, in fact, you in the eyes of your country of origin.

Best Fits: Premium should be the bare minimum for any e-commerce site and anyone looking to prove their business and site are legitimate and trustworthy.

EV—These offer the absolute highest level of validation. Issuance requires you undergo a more detailed vetting process that includes validation of your organizational, physical and operational existence. Some of the process is even done manually to ensure legitimacy. But, the payoff is you get to display your registered company name and country code within a Green Address Bar that’s impossible to fake—making it the ultimate trust builder. The Green Address Bar is the most universally recognized symbol of trust reputability on the web. Plus, visitors can click and view the certificate details, including the issuing Certificate Authority to add yet another layer of credibility. EV is akin to a passport that, on the front end, requires a bit longer, more involved process, but is accepted as proof of identity around the globe.

Best Fits: We highly recommend EV if you’re a national or global brand, want to maximize confidence and online sales conversions, are looking to show customers you put their security first, and you’re looking for a clear way to differentiate yourself from the competition.

The Choice is Yours
Gaining the hearts, minds and money of online customers means you must rely on your website to do the heavy lifting. If it doesn’t make visitors feel confident about engaging with you, you’re done, and your competitors get rewarded with new customers. Your SSL/TLS Certificate is the key to establishing and maintaining trust online, so knowing what they do, and don’t, communicate to your visitors is critical to your success. It’s important to choose wisely. You can trust Nexcess to help you make the right choices to support your goals.

Posted in: Security