Contact us at |
  • free ssl certificates

The fraud problem with free SSL Certificates

Tuesday, December 20th, 2016

Nowadays, SSL Certificates are one of the most popular security tools for websites. But as is the case in any industry, free products. i.e free SSL Certificates are always more tempting.

SSLs became such an important part of the Internet security, that Google decided to give a higher ranking to HTTPS sites.

When websites ask for our personal information, we as Internet users think about their legitimacy and security. More and more people understand the importance of the the padlock on the browser bar. That’s a symbol that speaks whether a website is secure or not.

Users care about about sharing their personal and especially financial information with a website. In an online survey, 35% of the users reported that they are not likely to enter their credit card information on a website that uses a cheap SSL certificate.

Aren’t all SSL Certificates the same? What’s the difference?

No. Not all SSL Certificates are the same. There are three types of SSl Certificates: DV, OV and EV.

Domain Validation (DV) SSL Certificates do not do any identity verification. The Certificate Authority (CA) sends an automated email and the website owner simply clicks a confirmation link. That confirms that the user who bought the SSL Certificate owns the domain for which he/she requested an SSL Certificate. Voila! and the website has an HTTPS link and a padlock. Although the information on the website is encrypted, there is no guarantee that the organization that the website pretends to belong to is not fake, and that the website is not a fraud. So, Domain Validated SSL Certificates offer the lowest level of security and trust, because they validate the domain name, but not the company who trades services or goods.

Organization Validation (OV) SSL Certificates: Basic verification of identity is performed. Also, the Certificate Authority does a substantial validation process of the company owning the domain name and requesting the SSL Certificate. This includes checking the company registration through government offices, checking the company in business databases, and finlay verifying if the website and domain name truly belongs to the company.

Extended Validation (EV) SSL Certificates imply a comprehensive verification of the company which orders the SSL Certificate. This detailed validation process includes the verification of the company’s location, phone number, and the business registration with the state or country. All these are done in order to ensure that the individual who is requesting the Extended Validation SSL Certificate has the authority to order and own a certificate on behalf of the company.

In conclusion

Although all SSL Certificates guarantee the security of data that is being transferred through a website, only Organization Validation and Extended Validation Certificates confirm that the company owning the website is legitimate. As a result, users can trust that website and company. They can share their personal data and credit card information when buying products or services from that website.

There are free SSL Certificates on the web. Is there anything wrong with them?

There are only very few legitimate SSL Certificates that are free. Even so, they are free for a trial period of 3 months, for testing purposes. There are websites which pretend to be Certificate Authorities, and offer free SSL Certificates. We would strongly recommend staying away from such offers as much as possible. Certificate Authorities that give free SSL Certificates don’t verify the identity of the person or company. In this way, anyone can get a free SSL Certificate, including phishing websites and hackers who create fraud websites. They can get an SSL Certificate and pretend that they are a legitimate business, and request personal information from users. That’s what makes the free SSL certificates so dangerous.

We work only with legitimate Certificate Authorities that follow strict rules for verifying a company’s identity.

Reasons to get an Extended Validation SSL Certificate

You need to have a registered company in order to qualify for an Extended Validation SSL Certificate. An online survey organized by Tech-Ed showed that 67% of all Internet users become hesitant about buying products or services from a website that doesn’t have an Extended Validation SSL Certificate, that confirms the identity of the company. Microsoft has set the Extended Validation as their signing standard for application security and requires all code submissions to be signed by an Extended Validation (EV) Signing Certificate. This confirms that large companies value the Extended Validation SSL Certificates very much.

What are the benefits of Extended Validation

The Extended Validation SSL Certificate serves as an indicator to users that your website is definitely not a phishing website, and that you will protect the users’ personal data from malevolent third-parties. Our EV SSL Certificates will also give peace of mind to you as a web store owner, so as it will assure that users can engage securely with your website. Buying an Extended Validation SSL Certificate is not only an investment in your SEO ranking and your users’ data protection, but also in your long-term relationship with your customers.

Our company offers SSL Certificates for different purposes. We give you the opportunity to choose the SSL Certificate that suits your online business perfectly. You can find the list with all our SSL Certificates here.