Best Practices 10-01-2015

Enterprise Security: The Advantages of Using EV Certificates


As more and more people choose to shop, share, bank, and view accounts online, the need for online browsing security has also grown. SSL Certificates are critical to online security and are the backbone of Internet safety. Extended Validation (EV) Certificates, in particular, provide that extra layer of protection be requiring a strictly defined issuance and management process. With all of the sensitive information online, EV SSL Certificates are not only a great enterprise asset for gaining customer trust, but are also essential for protecting consumer information exchange.

Today, we celebrate the start of National Cybers Security Awareness Month, which emphasizes this issue of online trust. Lack of trust in a business online ultimately erodes brand reputation. EV SSL Certificates help companies gain customer trust, which in turn, builds and strengthens a business’ brand.

For Enterprises

EV Certificates require businesses to go through lengthier verification efforts than Domain Validated or Organization Validated Certificates require, but the process is well worth it in order to establish company legitimacy and maintain customer confidence and trust.

Large enterprises who are dedicated to security recognize the value received from EV Certificates. SSL Certificates secure information exchange, and EV Certificates take it a step further to increase overall consumer trust.

There are a number of visual browser cues given to only EV-secured websites, such as a green address bar, the padlock in the address bar, and the visible name next to the location bar in the browser. These visual cues signal to consumers that a business cares about secure information exchange and reassures visitors that their confidential information is protected from malicious activity.

According to the 2015 Consumer Survey Report, 53% of consumers recognize the padlock means more trust, and 42% understand the green bar means greater safety.

However, visual cues are just one of the advantages of enterprises using EV Certificates in order to enhance trust, increase conversions, and generate more business.

A Higher Level of Assurance

EV SSL Certificates provide a higher level of assurance than the more commonly known DV. DV Certificates contain no identifying information in the organization name field, so while they technically support transaction encryption, the end-user cannot trust the certificate to confirm who is on the other end.

EV verification, on the other hand, requires the CA to determine the legal identity, physical existence, and operational existence before a certificate is issued. The process includes the following:

  • Verifying that the requestor has legal rights to use the domain
  • Verifying that the requestor has properly authorized the issuance of the certificate
  • Verifying the physical existence and legal status of the requestor
  • Verifying that the identity of the entity matches official records

An EV Certificate can only be issued using information verified in the last 13 months, meaning that the CA validation team is required to retain updated business information. This mitigates issues where domain name ownership changes.

Phishing Prevention

Internet scams have become more coordinated and sophisticated, eroding the consumer trust that is essential to online business. Phishing is just one of the many tactics hackers use to obtain personal, sensitive information. Because of rigorous validation requirements for EV Certificates, a hacker would never be able to pass all the checks, and as a result, the occurrence of fraudulent EV Certificates is very rare.

EV Certificates verify that a trusted third party (the CA) has authenticated that organization’s identity. Further, the EV guidelines implemented require a CA to scrutinize information for domain names at high-risk for phishing and other fraudulent usages. Under these guidelines, CAs must maintain a sort of database that covers particular information, such as names contained in previous rejected certificate requests, revoked certificates, etc.

Ultimately, EV SSL Certificates raise the level of due diligence that determine whether a certificate requested is approved or not.

Verification Transparency

Transparency is increasingly important in today’s society; an open-door policy is key for clear communication in any industry. SSL Certificates are no exception.

Because the EV certification process upholds this expected transparency, not only does the user feel more involved in knowing their information is safe, a company can rest easy knowing that the information exchange is secured. The hierarchical model of EV authorization helps provide users with visibility, which strengthens overall trust and confidence.

During the validation process, the CA will also contact the requesting organization at a verified phone number to confirm they requested the certificate and that the requester is authorized to receive it on behalf of the company. Maintaining this human element in the process provides an additional layer of security and keeps those on either end of the certificate aware of what is going on at all times.

EV Certificates Are a Powerful Security Tool

SSL Certificates will continue to be necessary to ensure proper privacy and security on the Internet. There is no denying the power and confidence that comes with an EV SSL Certificate, and there is no alternative when it comes to showing your customers their information is safe.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Pioneering the next wave of secure digital solutions 


Unlocking Device Trust Manager

A Q&A with DigiCert Director of Product Management Kevin Hilscher

6 reasons signed SBOMs are essential to software security