In 1994, the first online purchase crossed the World Wide Web: a large pepperoni pizza with mushrooms and extra cheese from Pizza Hut. Over the next 20 years, e-commerce has exploded into a bustling economy, exceeding $1.2 trillion in sales in 2013.
This growth in online purchases rests upon a foundation of trust. People trust that the websites they use to track finances and make online purchases are secure and legitimate largely because of Secure Socket Layer (SSL) certificates- otherwise known as that little green padlock in the URL bar of the browser.
SSL certificates verify that the provider is who they claim to be and also indicate secure connections between personal devices and company websites. Understanding SSL certificates is important to help prevent falling victim to scammers. Because at the end of the day, not all sites, or SSL certificates, are created equal.
Different types of certificates
Website owners purchase SSL certificates through Certification Authorities (CA). There are three different types of SSL certificates, each providing a different level of security. The problem is that, even though all of these certificates provide the safety padlock in the URL bar of a browser, along with the HTTPS (“S” indicating “secure”) in the address bar, the levels of security between types of certificates differ greatly. This is why it is important to understand what kind of SSL certificate a site is using when looking to perform financial transactions or anything involving personal user data.
Can you tell the difference?
Clearly, the last URL is an EV certificate. The first is the DV certificate and the second is an OV certificate, which both look identical to each other.
What can people do to stay safe?
Now knowing what a SSL certificate is, the three different types, and that DV-enabled sites pose a risk for scams, how can users reduce the risk of shopping or performing other sensitive transactions online?
Let’s face it – online shopping isn’t going away. Until the industry requires an OV or EV certificate for e-commerce sites or an easier way to identify the types of certificates, people will have to bear some of the burden of combatting cyber risks. Knowing the risks ahead of time, consumers are less likely to be duped by phishing websites.