GeoCerts Blog

  1. Blog
  2. Ten Great Reasons to Use Extended Validation (EV) Certificates

Ten Great Reasons to Use Extended Validation (EV) Certificates

Feb 28, 2018 Tim Callan Introduction-To

Extended Validation (EV) SSL probably benefits your online business in more ways than you think.  Here are ten ways EV SSL is good for the companies who use it.

ev-green-bar-internet-explorer.png

Increase transaction rates

Green address bars have been measured to increase transaction rates on sensitive pages such as shopping carts, login screens, and financial transaction sites.  Any place where the visitor is expected to enter a credit card number, login credentials, or personally identifiable information (PII) is a great place for a green address bar.  Any banking, securities trading, tax, or health care site benefits from a green address bar.

If online transactions directly drive your business's bottom line, EV SSL can be the cheapest and easiest way you have to increase them.  Businesses have measured the ROI of investing in Extended Validation SSL to be 10,000% or more.

Reduce your bounce rate

EV SSL not only enables the green trust indicator in popular browsers, but it also causes them to display the company name.  These two elements of the user interface in conjunction give site visitors a strong signal that they are in the right place and that it's safe to proceed.  Including EV SSL on your site can reduce the number of visitors who "bounce" from your site and increase average time on site and number of pages visited.

Fight phishing attacks

Classic phishing attacks depend on tricking victims into submitting login credentials, PII, credit card numbers, or other sensitive information on pages that look like the real sites these visitors ordinarily would use.  Extended Validation undermines these attacks in these ways.

  1. The Extended Validation rules require rigorous vetting of the party requesting the certificate.  Since phishing sites by their nature involve identity deception, this vetting prevents the ability to grant a certificate to a criminal in the name of the spoofing target.
  2. Because the green bar indicator is big and obvious at the top of the browser, including it on the real page makes its absence obvious on the spoofed page.  Since the name of the game in phishing is to mimic the real site as accurately as possible, introducing this kind of experience gap is very helpful in highlighting the difference between real sites and fake.
  3. Even if a phisher did apply for an EV certificate, the green bar includes the name of the company in it. Since the phisher will not have a company with the same name and location as your favorite bank, retailer, brokerage, etc., that will give away the game right there.
  4. Furthermore, should a phisher go through this vetting process, its identity will now be known, which will make it all that easier for law enforcement to go after the culprits.

In fact, there are no known instances of phishers using EV SSL certificates on their sites, for exactly the reasons given above.

Thwarting phishing is in your best interest.  Phishing attacks using your online identity undermine overall trust in your brand.  Plus, protecting customers against theft is just plain good customer service.

Protect employees

Your own employees may be subject to phishing attacks spoofing your own systems.  Using EV on employee-facing sites can help against this form of attack as well.

These phishing attacks can be targeted at your employees' information or at your corporate information.  Protecting employees from identity theft and credit card theft leaves them with less to worry about and more focus for the work you need them to do.  And protecting your company's secrets and account logins from theft can potentially save you from a disastrous loss of the company's money or secrets.

Either way, helping your employees stay secure online is a good idea.

Improve brand trust

Green address bars make it possible for site visitors to be confident they're at the right site.  That increases their overall trust level in doing business with you.

Meet compliance requirements

Some regulations such as PCI-DSS and IRS tax guidelines require or recommend EV SSL certificates specifically.  And a whole raft of guidelines including HIPAA, HITECH, FISMA, and many more require that companies take all reasonable steps to protect PII, PHI, financial information, and other sensitive data from online theft.

Employing EV SSL certificates is a great way to show you have taken available measures to protect this information.

Avoid breach notifications

Forty-eight states, the District of Columbia, Puerto Rico, Guam, and the US Virgin Islands have laws in effect requiring notification and remedy should the company lose PII, social security numbers, credit card info, and other such data.  These notifications are costly not only in customer trust and brand value but also in the straight-up expense of sending letters to a large number of stakeholders and offering them some kind of remedy.

Spending a few dollars a year to minimize the likelihood of this large expense item is a cost-effective insurance policy.

Protect your code

Extended Validation isn't only for SSL certificates.  EV code signing certificates exist as well.  EV code signing certificates can eliminate pop-up warnings in Windows and other operating systems when users are downloading and updating your code, thereby helping assure that consumers are using your authentic, trustworthy applications and not some malware pretending to be from you.

Send a positive signal to customers

Visitors seeing the green address bar will know that you are protecting them with best-of-breed security.  EV SSL is a great way to remind them upon every visit to your site that your company went the extra mile to take care of them.

Be ready for the future

Over the past ten years new requirements and applications for EV and SSL certificates in general have grown and expanded.  There is every reason to expect this trend will continue.  By implementing EV SSL today, you can check that box off your list.  Should a new requirement or best practice make EV SSL into a requirement for you, you will automatically be in compliance without any changes required on your end.

We have a full range of EV SSL options available for you.  Check them out at our Extended Validation (EV) SSL certificate store.

EV SSL green address bar
Caption