Secure Connections: What you need to know about SSL Certificates: SOUTECH Cybersecurity Tips and training in nigeriaEsang U. E
The first purchase using an online transaction took place in a pizza hut, where the customer purchased a large pepperoni pizza with extra cheese and mushrooms. But 20years later on, ecommerce has become a bustling economy with over $1.2trillion sales in the year 2013.
The growth in online purchases was solidly built on the foundation of trust. By this I mean that people have grown to trust that when they make purchases on websites, these websites are proven to be legitimately and largely secured because of the Secure Socket Layer (SSL) certificates often found on the URL bar of your browser as a little green padlock.
An SSL certificate indicates first of all that there is a secure connection between your personal device and the company website. It also verifies that the provider is who they claim to be. It is very important that you understand the role of an SSL certificate to prevent you from being a prey to scammers and cybercriminals. This is because, not all the sites you visit that have SSL certificates as protection are created equal.
Certificate Authorities are known to provide SSL certificates and website owners purchase SSL certificates from these Certificate Authorities (CA). Different types of SSL certificates provide different levels and layers of security but there have been issues overtime. The issue is that in as much as these certificates provide that safety padlock that you have on your browser along with HTTPS (where “S” means “Secure”) also found on the address bar, the security levels provided by these certificates differ to a large extent. This is the reason why I’m trying help you understand what type of SSL certificate a website uses especially when you want to do any financial transactions and anything that is related to your personal financial credentials.
I’ll throw some more light on the types of certificates and how they work.
Types of Certificates
- Domain Validator (DV): The domain validator simply verifies the owner of a site. In this case, the CA just has to send an email to the email which the website was registered with. This is done in order to verify the identity of the website owner. Many cybercriminals make use of the domain validator because they can obtain it easily and by so doing make the website appear to be very secure a lot more than it actually seems. Over time, cybercriminals have taken to using DV certificates to lure users to phishing websites i.e. websites that look legitimate but are crafted for the sole purpose of stealing a user’s sensitive data.
- Organizational Validators (OV): The process of obtaining an OV takes a longer period. For and OV certificate to be obtained, the CA needs to validate some basic information such as the organization, the physical location of the organization and its website domain.
- Extended Validator (EV): This is the highest level of security and often the easiest to identify with. The process of issuing an EV certificate tries to increase the level of confidence in the business by making the CA perform an enhanced review of the applicant. This process of review involves an examination of corporate documents, confirmation of the identity of the applicant and the checking through the third party’s database for information. This adds on the browser of the URL, the “S” that is a part of HTTPS, the company’s name in green and also the padlock.
Now take at these URLs and try to notice the difference. Now the first is the DV certificate, the second is an OV certificate which actually looks like the first. Only difference is the “.” Before the com.
Now the last one clearly is an EV certificate.
What can you do to be safe?
Now that you know what an SSL certificate is, its importance as well as the three different types. You have also known that an DV- enabled site poses a huge risk to be scammed, I’ll give out a few tips on how to reduce the risk when performing any form of online transaction that involves your sensitive credentials.
- Be Alert: Now the fact that a website has a padlock or HTTPS just by to its URL is not a guarantee that it is certified safe for financial transactions. Users are used to looking out for these two things before performing any transaction which is the more reason why the cybercriminals go through the trouble of obtaining the SSL certificates to which is obviously make it look legitimate.
- Look out for the SSL certificate type that a website has: The first thing you should do is to look for any visual cues that indicates security like a green color and a lock symbol in the address bar of your browser. Just a quick reminder once again that it is only an EV-enabled website that has the company name in the address bar. However, browsers do not clearly display the difference between a DV and an OV certificate so to enable you tell the difference, there is an open source tool (https://safeweb.norton.com/) developed by Norton that can help you. All you have to do is to simply copy the URL paste it directly into the tool. The tool will tell you if the site is a DV, OV or EV-enables and more explicit results to tell you if the site is legitimate and safe.
- Perform transactions only on OV and EV-enabled websites: If you analyze the URL on the tool I just explained above, and it gives you a result saying that the site has a DV certificate, have a rethink as regards conducting any transaction with that site. Now if it is an OV or EV-enable site, then you can conduct your transaction with confidence that your business information is safe.
The deployment of online transactions has come to stay and will not be phased out anytime soon. People will have to bear with the crude task of combatting with cybercriminals as regards phishing. I will tell you that knowing the risk before time keeps you knowledgeable on becoming a victim of phishing websites.