News | SwissSign
A data security specialist by Swiss Post

Main section

01.03.2015

Ensuring trust is everything

You're at the supermarket and want to buy some apples. Depending on your needs and what you're going to use them for, there are a variety of suitable solutions.

 

  • You're looking for the healthiest and most environmentally friendly apples. You therefore go for apples bearing the familiar organic label.
  • You're looking for apples from your local region. You know the area and where there are farms. You study the origin of the apples printed on the label and opt for apples grown locally.
  • You simply want to buy apples without having to think too much. They have to be fresh, but no other factors are of interest to you. You thus choose the budget apples.

 

It may be the case that the sales assistant comes up to you and comments: "These apples would be a good buy; they're seasonal and organic!" You now look at the label and take note of their origin and other details. With your background knowledge, you come to the conclusion that these apples are unlikely to come from an organic production area. Behind them, however, are other apples which are clearly labelled with the organic certificate of the official inspection authority.

 

When buying food, do you believe what the sales assistant says or the seal of approval?  When it comes to the petrol consumption of a car, do you believe the analysis as per the DIN standard or do you tend to put your faith in the tests of the automobile association? If required to check somebody's age, do you trust the age stated on a gym membership card or the age provided in a passport?

 

In most cases, your decision is not only based on your own knowledge, but rather on the trust you place in an independent third party and the evidence it provides. You trust the relevant label and the qualities which the verified rating signify.


 

From apples to SSL certificates
All certificates provide certified evidence of different quality standards. As is the case with the familiar and standardised organic quality label, there is also a seal of approval for certificates which signifies compliance with the highest requirements: the SSL Gold Extended Validation (EV) certificate. This certificate type meets the international standards of the Internet security industry, which are defined by the CA/Browser Forum.

 

Websites which are secured using an EV SSL Gold certificate are clearly denoted with a green bar in the address line. The forgery-proof visual trust indicator also gives the green light to customers unfamiliar with a website as regards its level of trust and security. This is because it signifies that the company in question has been subjected to a thorough test by a certification authority such as SwissSign: Does the company actually exist? Are its business dealings entered in the commercial register? SwissSign also identifies the company address and possesses the signatures of the company's authorised signatories. Using this verification process leaves little room for deception.

 

Companies which generate a large number of customer hits on their website but which are not IT experts should therefore make use of the SSL Gold EV certificate. Phishing attempts, which see fraudsters entice customers to visit similar looking fake sites in order to obtain sensitive data from them, are made far more difficult. And thanks to the green bar, customers feel safe.


 

Gold or more favourably priced silver?
Just like the customer who is somewhat familiar with the local region, studies the label and opts for a locally produced apple, there are also customers looking to purchase a certificate who are well versed in the area of IT. They know that they can click on the small padlock symbol in the browser to obtain further information on the respective certificate.

 

For websites which are not visited so often or which are used by an IT-savvy audience, an SSL Gold certificate suffices. In the case of SSL Gold, the standard for the verification process is not as stringent as for the Gold EV certificate even though the check performed by SwissSign is similar to that applied for SSL Gold EV.

 

You can continue browsing the website without any concern even though the green bar is not displayed here. Such websites are hardly susceptible to phishing attacks and can demonstrate to their users that they are certified as an organisation for the web address or domain in question (organisation validated [OV]). As is the case for the SSL Gold certificate, communication between customers and the website also takes place in a secure and encrypted manner with the simple SSL Gold certificate.

 

For those buyers who can be compared to price-sensitive customers looking to purchase apples sold at a budget price but which taste good and have been tested, there is the SSL Silver certificate.

 

In the case of SSL Silver, the existence of a domain is established by sending an e-mail to the administrator of the domain in question, meaning the certificate is thus also classified as "domain validated" (DV). This already suffices for Silver-level verification and the certificate does not make any other claims. 

 

The certification authority does not check who is actually behind the website or who the website is made available to. Internal systems, test systems and generally informal websites which are not susceptible to phishing should at least be protected using Silver certificates.

 

With an SSL Silver certificate, access to the website is encrypted. Thanks to the SwissSign root certificates, no confusing warnings are displayed to inexperienced users informing them that the key of the page in question is unknown. Website owners can also err on the side of caution with a certificate, allowing them to rest assured that their information reaches the recipient – the website reader – in an unchanged form. Unfortunately, this cannot be taken for granted, as free hotspot and Internet providers now make use of the option to "swap" the advertising displayed on the page. Undesired advertisements or even advertisements with malware can have extremely unpleasant consequences for both parties.
 

Further information