Building Trust 2 October 2017

Best Practices: Certificate Types

E-commerce has grown at exponential rates, with consumers recognizing the convenience of purchasing online and making secure and private transactions. This growth rests upon a foundation of trust. People trust that the websites they use to track finances and make online purchases are secure and legitimate largely because of Secure Socket Layer (SSL) certificates.

SSL certificates verify that the provider is who they claim to be and also indicate secure connections between devices and websites. There are three primary types of SSL certificates, each requiring a different level of authentication: DV (Domain Validation), OV (Organization Validation) and EV (Extended Validation).

Understanding the differences among certificate types is important to help prevent falling victim to scammers. For example, DV certificates are quick and easy to procure and don’t require any type of information indicating the person trying to get the DV certificate actually represents a legitimate business. Fraudsters often use DV certificates to lure consumers to phishing websites that look authentic but are designed to steal sensitive information. For this reason, doing any type of transaction on a DV-only site poses risk.

OTA recognizes OV and EV SSL certificates as a best practice and provides bonus points toward their overall composite score as part of the Online Trust Audit and Honor Roll. Sites with EV SSL receive added bonus points above OV certificates, while sites with DV certificates do not receive any added scoring.  

Related Resources

Related articles

Building Trust 31 August 2020

Policy Toolkit on IoT Security and Privacy

The Policy Toolkit on IoT Security and Privacy is a practical resource for policymakers and regulators to strengthen the...

Building Trust 1 November 2019

Security Factsheet: Keeping Your Workplace Safe Online

For many of us the Internet is a staple in our day-to-day lives – especially at our jobs. But...

Building Trust 1 November 2019

Security Factsheet: Why Should Municipalities Make Network and Data Security a Priority?

Communities can minimize risk by being intentional about how and by whom networks and devices are used. These are...