Why choose an EV SSL certificate: A case study
Recently a major Canadian bank, The Toronto Dominion Bank, Canada experienced a phishing scam. Their domain is https://td.com. However due to it’s established reputation, several phishing attempts have been made on the bank. It’s first line of defense is usually the EV SSL certificate installed for it’s website. Here’s how it helps.
A phisher, evidently from Nigeria, registered a domain name with Dynadot, td-trust-b.com and had a DV SSL Certificate installed. He then uploaded a top quality website. The website was good and seemed to have all the great functionalities a huge bank like TD would have. It was fortunate that before the phisher could reap profits from unknowing users the website was pulled down first by the hosting company before being deactivated by the registrar.
Here, we learn a crucial component an EV SSL certificate provides that no other SSL doesn’t. It confirms a website’s identity at a glance. The green address bar displayed by an EV SSL certificate is not displayed by any other. The verification process an organization undergoes before the SSL is issued is thorough. As such, when you see a green bar address on a website, it is proof that the organization is legit.
What the EV SSL Certificate had for https://td.com that the DV SSL certificate for https://td-trust-b.com did not have was:
- The green address bar – this was what could have instantly told a client who accessed td-trust-b.com that the site was not legit.
- Business verification. On checking the SSL certificate details, the EV showed the details of the business Toronto Dominion Bank , than the DV SSL could not show.
- Site seal – The DV SSL did not provide a site seal to further vindicate the business organization. The EV SSL certificate came with the trust seal.
Many clients were safeguarded from fraud by the mere presence of the EV SSL certificate. As such, a DV SSL certificate proved to be more of a risk than a protective measure.