It's widely understood that Extended Validation (EV) SSL certificates are a little bit costlier for online businesses in budget and implementation time than Domain Validation (DV) certificates. Even though the expense and effort needed for EV are trivial compared to other parts of the security stack, many businesses will go for the cheapest and easiest solution unless presented with a compelling reason to do otherwise.
When considering the benefits of digital certificates, it's critical to remember that authentication is not for the entity being authenticated. Rather, it's for everyone else. When you go to the airport, you carry official identification with you. That's not because you need to be reminded of who you are. You carry your passport because the TSA and customs officials at the airport require it. Your passport isn't for you; it's for them.
The same situation exists for authentication of online sites and services. IT professionals won't invest their time and effort in telling themselves that they are real because they already know that. To invest in authentication, they need a motivator to demonstrate why EV SSL will benefit their business.
Here are four reasons to consider EV:
EV SSL fights phishing
One common motivator is offering a more secure online experience. EV SSL gives site visitors more information to distinguish legitimate sites from fake ones, which undermines the success of phishing attacks. Since the business's authenticated name appears in the browser's green address bar, targets have an important clue they can use to distinguish real sites from phishing sites.
Just using an SSL certificate is not enough. With free Domain Validation (DV) SSL certificates now readily available, phishing attacks using certificates have risen exponentially as they can now display their phishing site as “Secure” in hopes that victims will think the website is safe. A browser's definition of secure (which really means encrypted) is not the same as the common definition of safe. That's why more businesses are relying on Extended Validation (EV) SSL to up their levels of both consumer protection and confidence online.
EV helps with compliance
Another strong potential incentive for a large subset of sites is compliance. Many important compliance standards such as PCI-DSS and HIPAA/HITECH require that sites take measures to protect their customers from loss of sensitive information such as credit card numbers, PII, and PHI. As EV is a stronger protection against this kind of theft than OV or DV certificates, many security and governance departments have determined that EV is the most bullet-proof way to ensure successful auditability against these standards.
EV increases site transactions and usage
Business is harshly pragmatic. Every business website exists with some end goal in mind. If the business is an online retailer or SaaS company, that goal is obvious. But all other sites, too, have at least one explicit purpose such as generating leads, providing superior customer service (e.g., enabling online review of your phone or credit card bill), or market education for products and brands. Otherwise, the company would not invest the money, employee time, and focus to create and maintain the site.
For each of these goals, we could calculate economic value. While the ROI is different for each use case, because the effort and budget involved in obtaining EV SSL certificates is exceedingly small, the expected return on investment is huge. For as little as a few hundred dollars per year and an extra day or two awaiting certificate issuance, any measurable movement in online business KPIs should be more than worth it.
EV improves online brand presence
A slightly subtler point in the same spirit is the impression that a site makes upon its visitors. By displaying a visible security indicator, a business is signaling several important facts. These include:
· This business invests in best-of-breed security to protect itself and its customers.
· This business truly cares about customers' well-being.
· This business is effective operationally.
· Doing business with this company is pleasant and care-free.
Signaling these messages during an online experience will have a halo effect on the brand's overall perception. Considering the very large investment made by many companies in creating a brand image, EV once again is an extremely easy and cost-efficient way to contribute.
With the unfortunate prominence of phishing, spear phishing, and other online social engineering attacks, forward-thinking businesses will increase investment to ensure they are operating secure sites. EV SSL is the state of the art in site certificates and an option companies need to take notice of sooner rather than later. If not, online businesses risk not only less secure sites but dwindling trust among their greatest asset – the customer.