Nowadays online shopping has become a million dollar business and a place for fraudsters and hackers to swindle money from consumer's account. The data that is transferred in plain-text form or in non-encrypted format can be intercepted, compromised or stolen. For this reason, having a Secure Socket Layer (SSL) certificate is a boon in this fast-changing trend of security. Therefore, organizations should use this certificate for securing their site, if they wish to take online payments or expect their visitors to submit confidential information. So this article basically describes what and how along with the disadvantages of SSL.
What is SSL Certificate?
Secure Socket Layer (SSL) is the original security protocol developed by Netscape in the 1990s to provide secure, encrypted communications between a website and an internet browser. SSL provides encryption level security, which helps the end-users to submit sensitive information over the internet like credit card details or passwords in a restricted cryptographic manner. Website owners purchase SSL certificates through Certification Authorities (CA).
There are three types of SSL Certificate available currently:
- Domain Validated (DV SSL),
- Organization Validated (OV SSL) and
- Extended Validation (EV SSL)
Each of the above certificates provides a different level of security. Hence, it is important to understand what kind of SSL certificate a site is using while performing a financial transaction or sharing any other sensitive information.
Domain Validated Certificate (DV):
Domain Validated certificates are certificates that are checked against domain registry only. To provide Domain Validated SSL, the certificate holder is investigated only to confirm if they have the right to use the domain name on their application. No thorough check is done in order to issue this type of SSL. The only advantage of using this type of SSL is that it is the cheapest type of certificate to get, but a high-risk certificate that is used on a public website. While this lowest level of authentication offers encryption, it is recommended that this kind of certificates can be used where security is not a concern, such as protected internal systems.
Organization Validated Certificate (OV):
Organizational certificates are issued after domain registry level checking of the applications and normal level of investigation are done on the requesting organization. It also enables encryption and ensures a much stronger form of authentication over the DV certificates. This is the standard type of certificate required on a commercial or public facing website.
Extended Validation Certificate
Organizations choose this level when they require the most restrictive security. Extended Validation Certificate is issued only after the domain registry check and a thorough investigation of the organization. The Certificate Authority (CA) follows strict EV rules and checklist while vetting for the organization seeking SSL. Nothing provides more trust and security than Extended Validation Certificates. World’s leading organizations use EV Certification as a proof of Trust. They have found that switching from OV to EV certificates increases online transactions and improve customer confidence. It is no longer a luxury but a necessity.
Disadvantages of SSL
With so many advantages, SSL also has some disadvantages. Cost is an obvious disadvantage. SSL providers need to set up a trusted infrastructure and validate their identity so there is a cost involved. Performance is another disadvantage to SSL. Because the information that you send has to be encrypted by the server, it takes more server resources. The performance difference is only noticeable for websites with very large numbers of visitors and can be minimized with special hardware in such cases.
Overall, the disadvantages of using SSL are few and the advantages far outweigh them. It is critical that you properly use SSL on all websites. Proper use of SSL certificates will help protect Consumer's confidential information.
How to Stay Safe?
It is high time to be aware of the ways not to be a victim of fraud cases.Below are some of the ways which one should be aware of.
- Be Aware! : Just because a website has the padlock or “https” next to a URL does not make it safe for financial transactions. Users have learned to look for those two things before conducting a transaction, which is exactly why cybercriminals are going through the trouble of obtaining SSL certificates in the first place – to look like a legitimate site.
- Know how to look for the type of SSL certificate a website has: As a first step, look for visual cues indicating security, such as a lock symbol and green color in the address bar. Only EV-enabled websites include the company name in the web address bar. Browsers do not distinguish a DV certificate from an OV certificate.
- Only conduct transactions and provide sensitive data to sites that have OV or EV certificates: Rethink conducting any type of transaction via the site which has DV certificates. If it’s an OV or EV certificate site, one can be assured of the business traction performed is secured.
Authored By - Abhijeet Das
TCS Cyber Security Practice