How-to: owner validation for your web site

We are going to start by sounding techy, but will explain what it all means in human terms later.

Does your web site use the right secure sockets layer (SSL) certificate? Here’s how you can tell if it does: there will be a green lock and the name of your company in the address bar of pretty much any browser.

Which of these banks would you prefer to deal with?

Notice that even two of the very small banks have their name in green with a green lock. The fundsxpress.com service, used by many smaller banks, hasn’t yet bothered to update, and looks less trustworthy than the others.

Before we talk about how you get that green lock and company name, let’s talk about what it means. An SSL certificate is basically a small digital file that helps browsers encrypt what they send to the site, and what the site sends back, so that anyone who intercepts the data-stream will find it hard to decipher. Many companies issue the certificates (files), and they take care to ensure that they are hard to “break,” but there are several types of certificate. Most just say “yes, this is the site that has that name, and we haven’t verified anything other than that they own the domain name they’re using.” That means that if someone registers, say, fundxspress.com, or fundsexpres.com, hoping you won’t notice the difference, they can get a certificate that’ll provide exactly the same black or gray lock icon.

On the other hand, you can go through the trouble of proving you are who you say you are, and get your actual business name printed in green, next to a green lock. That makes it clear that the site is owned by the real business, not a pretender with an ever-so-slightly different name.  It’s called an owner validation certificate, and it costs around $60 per year to own — a trivial expense for most businesses.

 

The down-side is that you have to prove you are who you say you are, which means that if you have a Dun & Bradstreet listing (most companies do), the registrar will contact the phone number and email address on that listing for verification, and might want to see your certificates for formation and such. If you don’t have a Dun & Bradstreet listing, they are free and not especially hard or time-consuming to acquire, and then you’ll have a DUNS number for anyone who wants it. I have personally been through the process twice, and it’s easy to get a Dun & Bradstreet number and to update it.

Just about everyone in business and government should use extended validation. Is your company or agency doing it? Why not?

Leave a Reply