SwissSign • 30.08.2024

DV, OV or EV?

An SSL certificate is a must for a professional online presence. But which validation level should you choose: domain validation (EV), organisation validation (OV) or extended validation (EV)?

An SSL certificate secures the connection to your website or online shop, with a padlock in the browser indicating a secure HTTPS connection. A certificate is a must for a professional online presence. But which validation level should you choose: DV, OV or EV?

DV: domain-validated certificates

DV means ‘domain validated’. As this certificate can be validated via email, it’s the fastest type to issue. Purchasers of the certificate are validated to ensure that they are also the owner of the domain to be protected, as specified during the purchase process. Once the certificate has been installed, connections with the domain are secured through encryption. A DV certificate may be sufficient for owners of smaller websites that don’t process customer data. As soon as customer data is managed, however, an OV or EV certificate gives a website more credibility, as the identity of the organisation operating the domain is validated in both cases.

OV: organisation-validated certificates

OV stands for ‘organisation validated’. The validation required for such a certificate to be issued goes one step further than for domain-validated certificates. In addition to the domain, the organisation operating the domain is also validated. This is performed by means of official registry entries (in commercial registers, for example). This ensures that the operator actually exists as an organisation and is trustworthy. This additional security may be desirable for online shops and company websites.

EV: extended validation

EV means extended validation. In addition to the domain and organisation validation, further checks are performed. For example, the legal status and company address are validated with reference to state registers. International CA/Browser Forum guidelines form the basis for this validation. Extra security is ensured due to the fact that browsers review the validity of EV certificates with every use. Browsers also always check the revocation status of EV certificates, ensuring additional security. This validation level tends to be used for large online shops and websites with stringent security requirements, such as banking sites.

Practical examples

DV: simple website

A cheer-leading squad at a local school is printing business cards and would like to include a web address on them. They create a free site with freely available tools for this purpose. The squad is not concerned with having the perfect website. Instead, it mainly wants to have some online presence that can be used to communicate events and news. The website also contains information on the squad members.

What kind of SSL certificate is needed to secure the website?

We would recommend a DV certificate. As there’s no specific organisation behind the site, it would not even be possible to order an OV or EV certificate in this case. The purpose of the certificate is simply to ensure secure, encrypted data transmission. Visitors benefit because the site’s trustworthiness is assured – a certificate is a standard requirement for any website these days.

OV: simple online shop

Florian has a bicycle shop that employs five people. Business is good, but he’d like to grow further. So he sets up an online shop where customers can now order bicycles via the internet for delivery anywhere in Europe. Customers choose their model, configure their extras and then provide their address and payment details to complete their purchase.

What kind of SSL certificate is needed to secure this shop?

We would recommend an OV certificate for this shop. In addition to the domain, the bicycle company is also validated. The fact that the organisation operating the shop (the bicycle company) can prove its authenticity towards customers creates trust. This is achieved by the official registry entry being validated when an OV certificate is issued.

EV: online portal of a bank

A large Swiss bank launches a new online portal. Customers now have access to a dashboard where they can check their current account balance and retirement savings at a glance. This portal accesses a number of the bank’s account systems via an interface.

What kind of SSL certificate is needed to secure this new bank portal?

We would recommend an EV certificate. EV represents the highest standard of trust that can be met towards customers today. Trust is especially important when processing sensitive customer data, such as account balances. The risk of fraud can be minimised through extended validation.

