A new weapon against online fraud: the green address bar

9 March 2010
Reading time: 3 min
News

Sending secure information via an SSL connection

When shopping online and on other websites where you leave personal information, this information must be sent and encoded via a secure connection. This is made possible by using what is referred to as a Secure Sockets Layer (SSL) connection.

What is an SSL certificate?

Besides that SSL connection, you also need a certificate that proves that the connection is secure and that you really are the owner of the website. To make this possible, there are what are referred to as SSL certificates. These are digital certificates that are delivered by authorized companies such as Verisign, Comodo, Thawte and Geotrust. Upon request, these companies check if the identity of the buyer of the certificate matches the identity of the owner of the website. It is perfectly possible for someone to register a typo domain that looks like the domain of your web store. This person can then obtain a certificate with the typo but never with your company name. Customers can then immediately see that they are purchasing goods from a fraudulent organisation.

SSL put into practice

On http://order.combell.com, you will find an example of an SSL certificate. We use the newest generation of SSL certificates that colour the address bar green. When the address bar is coloured green, customers know they are on a secure website. This is an addition to the well-known yellow padlock. The visitor can immediately see the owner of the website and he/she can even click on the certificate for further details.

Different SSL validation methods

There is a wide range of SSL certificates. These different certificates are categorized according to the validation method and the amount of addresses that you can link to them.
There are 3 validation types: domain validation, organisation validation and extended validation. With domain validation, the SSL authority checks if your domain name matches the domain name stated in the certificate. Organisation validation goes a step further: it is checked if your name matches the Whois information of your website. The newest generation of validation certificates are the Extended Validation SSL certificates. To obtain one of these, you must provide your company’s memorandum of association and a thorough check is carried out. Only after that will you receive (after a few weeks) the best certificate that will guarantee you more orders and a better conversion rate.

For one, multiple or an unlimited number of addresses or domains

Besides the validation method, you can choose the number of addresses for which this certificate is valid. By default, it is delivered for a single domain, like e. g. www.combell.com. This means that you cannot use such a certificate for e.g. order.combell.com. With Multi-domain certificates, you can use the certificate for multiple domain names belonging to your company. In addition, there are also Wildcard certificates that you can install on all subdomains, such as e.g. www.combell.com, webmail.combell.com, my.combell.com, etc.