Contact us at |support@ssldragon.com
  • free ssl certificates

The fraud problem with free SSL Certificates

Tuesday, December 20th, 2016

Nowadays, SSL Certificates are one of the most popular security tools for websites. But as is the case in any industry, free products. i.e free SSL Certificates are always more tempting.

SSL certs became such an important part of Internet security, that Google decided to give a higher ranking to HTTPS sites (2014). Three years later, Chrome, the Web’s most popular browser, began flagging all unencrypted sites as no secure. As a result, website encryption is now all but mandatory.

When websites ask for our personal information, we as Internet users think about their legitimacy and security. More and more people understand the importance of the padlock on the browser bar. That’s a symbol that speaks whether a website is secure or not.

Users care about sharing their personal and especially financial information with a website. In an online survey, 35% of the users reported that they are not likely to enter their credit card information on a website that uses a cheap SSL certificate.

Aren’t all SSL Certificates the same? What’s the difference?

No. Not all SSL Certificates are the same. There are three types of SSL Certificates: Domain Validation, Organization Validation, and Extended validation.

Domain Validation (DV) SSL Certificates do not verify the owner’s identity. The Certificate Authority (CA) sends an automated email and the website owner simply clicks a confirmation link. That confirms that the user who bought the SSL Certificate owns the domain for which he/she requested an SSL Certificate. Voila! and the website has an HTTPS link and a padlock. Although the information on the website is encrypted, there is no guarantee that the organization that the website pretends to belong to is not fake, and that the website is not a fraud. So, Domain Validated SSL Certificates offer the lowest level of security and trust, because they validate the domain name, but not the company who trades services or goods.

Organization Validation (OV) SSL Certificates: Basic verification of identity is performed. Also, the Certificate Authority does a substantial validation process of the company owning the domain name and requesting the SSL Certificate. This includes checking the company registration through government offices, checking the company in business databases, and finally verifying if the website and domain name truly belongs to the company.

Extended Validation (EV) SSL Certificates imply a comprehensive verification of the company which orders the SSL Certificate. This detailed validation process includes the verification of the company’s location, phone number, and business registration with the state or country. All these are done in order to ensure that the individual who is requesting the Extended Validation SSL Certificate has the authority to order and own a certificate on behalf of the company.

In conclusion

Although all SSL Certificates guarantee the security of data that is being transferred through a website, only Organization Validation and Extended Validation Certificates confirm that the company owning the website is legitimate. As a result, users can trust that website and company. They can share their personal data and credit card information when buying products or services from that website.

There are free SSL Certificates on the web. Is there anything wrong with them?

There are only a few legitimate SSL Certificates that are free. The likes of Let’s Encrypt, Cloudflare, and Amazon offer valid Domain Validation SSL certificates. However, they all come with limitations and may not be suitable for your particular project.

There are websites that pretend to be Certificate Authorities and offer free SSL Certificates. We would strongly recommend staying away from such offers as much as possible. Certificate Authorities that give free SSL Certificates don’t verify the identity of the person or company. In this way, anyone can get a free SSL Certificate, including phishing websites and hackers who create fraud websites. They can get an SSL Certificate and pretend that they are a legitimate business, and request personal information from users. That’s what makes the free SSL certificates so dangerous.

We work only with legitimate Certificate Authorities that follow strict rules for verifying a company’s identity.

Reasons to get an Extended Validation SSL Certificate

You need to have a registered company in order to qualify for an Extended Validation SSL Certificate. An online survey organized by Tech-Ed showed that 67% of all Internet users become hesitant about buying products or services from a website that doesn’t have an Extended Validation SSL Certificate, which confirms the identity of the company.

Microsoft has set the Extended Validation as their signing standard for application security and requires all code submissions to be signed by an Extended Validation (EV) Signing Certificate. This confirms that large companies value the Extended Validation SSL Certificates very much.

What are the benefits of Extended Validation?

The Extended Validation SSL Certificate serves as an indicator to users that your website is definitely not a phishing website, and that you will protect the users’ personal data from malevolent third parties. Our EV SSL Certificates will also give peace of mind to you as a web store owner, so as it will assure that users can engage securely with your website. Buying an Extended Validation SSL Certificate is not only an investment in your users’ data protection but also in your long-term relationship with your customers.

Our company offers SSL Certificates for different purposes. We allow you to choose the SSL Certificate that suits your online business perfectly. Here you can find the list with all our SSL Certificates.