Why business customers should use organization validated SSL certificates

Of the three types of SSL certificate validation, which one do you understand the least? I’m willing to bet it’s organization validation (OV).

For the uninitiated, there are different validation methods for different types of SSL certificates. In simple terms:

• Domain Validated (DV): This is the least rigorous validation method. The Certificate Authority (CA) checks to see that the applicant’s name and contact information matches what is stored in the WHOIS database for the domain name associated with the SSL Certificate.
• Organization Validated (OV): In the case of an OV certificate, the CA performs a much more substantial validation process. This includes checking the applicant’s business credentials (through databases including the Articles of Incorporation) and even making sure that the company’s physical address matches the application.
• Extended Validation (EV): This is the highest level of validation and can take as long as a few days to complete. The validation process includes checks of physical location, phone calls to ensure the applicant is authorized to order the certificate on behalf of the company or business represented, and more.

Offer at least an OV cert for your business customers

For individuals, a DV certificate is the most affordable and logical choice to provide simple encryption for things like logins.

But for business, a domain validated certificate simply isn’t the appropriate choice. If you have small- and mid-sized business customers, at the bare minimum, they should be using an organization-validated certificate to ensure that visitors to their website see that additional information about the organization in the certificate.

A good rule of thumb is this: if the certificate is issued to a company, then it should be one that requires validation of that company – either OV or EV. And anytime there are transactions occurring on a website, an OV or EV certificate should be used to instill confidence in the customer that their data is safe and that they are dealing with who they think they are.