Donate
‹ Back
Building Trust 2 October 2017

SSL Certificate Best Practices – Risks & Trade Offs

E-commerce has grown at exponential rates in the past decade, with consumers quickly recognizing the convenience of purchasing goods online and making secure and private transactions. This growth in online rests upon a foundation of trust. People trust that the websites they use to track finances and make online purchases are secure and legitimate largely because of Secure Socket Layer (SSL) certificates.

SSL certificates verify that the provider is who they claim to be and also indicate secure connections between personal devices and company websites. There are three primary types of SSL certificates, each requiring a different level of authentication: DV, (Domain Validation), OV (Organization Validation) and EV, (Extended Validation).

Understanding the differences among each SSL certificate type is important to help prevent falling victim to scammers. For example, DV certificates are quick and easy to procure and don’t require any type of information indicating the person trying to get the DV certificate actually represents a legitimate business. Fraudsters often use DV certificates to lure consumers to phishing websites that look authentic but are designed to steal sensitive information. For this reason, doing any type of transaction on a DV-only site poses risk.

OTA recognizes OV and Extended Validation SSL certificates as a best practice for consumer and brand protection and provides sites bonus points toward their overall composite score as part of the 2015 Online Trust Audit and Honor Roll program. Sites with EV SSL receive added bonus points above OV certificates, while sites with DV certificates do not receive any added scoring.  Tentative plans for the 2016 Audit will deduct points for sites with DV certificates reflecting the low trust impact resulting from their use.

Related Resources

Extended Validation SSL Certificates

Always On SSL (HSTS everywhere)

Migrating from SHA-1 to SHA-2 (Symantec)

Symantec White Paper (Registration Required)

Certificate Authority Best Practices

Test Your  SSL Infastructure (Qualys SSL Labs)

SSL Server Testing Tool (High-Tech Brdige SA)

‹ Back

Related articles

2015 Online Trust Audit and Honor Roll
Building Trust1 October 2017

2015 Online Trust Audit and Honor Roll

The 2015 Online Trust Audit includes a composite analysis focusing on three major categories; a company’s data protection, security and...

2016 Methodology
Building Trust1 October 2017

2016 Methodology

2016 Online Trust Audit Report The 2016 Online Trust Audit has evolved over the past 8 years and includes a...

Enhancing Trust and the Integrity of SSL: Certification Authority Best Practices
Building Trust7 March 2013

Enhancing Trust and the Integrity of SSL: Certification Authority Best Practices

We increasingly live, interact, and do business online, making online trust and information security more important than ever before. Online...

Join the conversation with Internet Society members around the world