Positive SSL Wildcard
- For mail servers
- Server to server communications
- Secures domains
- Not Suitable for e-commerce websites
- Not authenticate domains
- Validate domain ownership only
- Low Assurance certificates
Because they do not validate your business credentials and as a result, your website will not be recognized as
owned by a legitimate company.
Low Assurance’s lack of business validation has enabled fraudsters and online scams. Pharming sites can be
created precisely because the low assurance certificates do not require business validation.
But consumers are getting smarter and they are looking for your company credentials before they buy – only High
Assurance SSL’s can deliver that confidence to your customers.
To safely take payments over the internet, an SSL Certificate must establish Trust between a website and the end user.
For example, the relationship between an e-commerce vendor selling goods or services from their website and the customer
using his or her credit card to purchase these goods online.
Trust is only established after your business website has passed two validation steps:
Step 1: Verify that the applicant owns the domain name featured on the certificate
Step 2: Verify that the applicant is a legitimate and legally accountable entity (and not a fraudster)
Low assurance certificates establish domain ownership only (step 1)
High Assurance certificates require proof of both domain ownership and verification that the applicant
is a legally accountable entity (steps 1 and 2).
 Clicking on the padlock symbol in the secure area of an y website
will display the digital certificate securing that site. This certificate is viewable by any customers visiting your site.
They will see one of the following: (screenshots taken from Internet Explorer 7)
High Assurance certificates show the full company name and address - validating both domain and organization.
This is the only way a customer knows that you are a legally accountable business.
|
Low Assurance certificates show only the domain name - validating domain ownership only – ie that you own the
website they are looking at. This does not provide proof to the customer that it is safe to trade with you.
|
For example you could register the domain www.ferrari-for-ten-bucks.com and legally buy a Low Assurance certificate
for it. You could then set up your fraud website selling non-existent goods to customers who pay you via credit card.
There have been no background checks to establish the existence, legitimacy and probity of your organization but your
customers will still see the padlocwk symbol and be tricked into thinking it is safe to conduct trade with you.
Sure, the credit card details customers send are encrypted via an SSL connection, but what use is that if customers
don’t know who they are sending them to?
In short, low assurance establishes that your company owns the website but doesn’t confirm that the company is
a registered business with articles of incorporation.
Because consumers are growing increasingly savvy in wanting to know not only the domain information, but company that stands behind the website – to avoid getting taken in by all the phishing, pharming and online fraud threats.
Consumers are also getting savvier about how to check for the online Trust Credentials of an eCommerce site. In the early days of the Internet, consumers had been trained to look for the “padlock”.
However, in recent years – consumers are recognizing there are different types of security credentials.
To support growing consumer sophistication – web browsers are responding by making their browsers able to distinguish secured and authenticated sites from sites that are just secured.
The difference to your business is substantial.
A customer that can identify the company behind the website is far more likely to purchase from you than from a website that can not be authenticated as coming from a legitimate business entity.
Now that Internet Browsers are giving consumers new tools to distinguish low assurance websites (how pharming sites can be created) from high assurance legitimate websites – can you afford to put your business risk?
Here’s the next generation web browser tools designed to help consumers distinguish between sites with Low Assurance SSL sites with no company authentication (like QuickSSL) from High Assurance SSL that come from Verisign and Comodo.
IE 7 now displays the traditional padlock right next to the address bar – providing clear, line of sight, access to a
website’s certificate information.
One click from a customer will automatically reveal your certificate details and reveal whether your site
can be trusted.
For many customers, Internet Explorer is the internet. Can your online business run the risk of unsettling this huge user base by using a low assurance certificate?
The Opera security toolbar clearly indicates certificate assurance levels.
In this example, only the domain name is shown to the potential customer, revealing that the site is secured using a low assurance certificate.
Visitors using Firefox can simply click on either of the two padlocks to locate the organizational details of your company.
It is now easier than ever for fraud aware website customers to distinguish between high and low assurance certificates.
| 
До хати | 
SSL сертифікати VeriSign GeoTrust Thawte GlobalSign DigiCert TrustWave Certum Comodo Networksolutions SSL та Codesign 