Unreliability of SSL certificates as a verification service

The Internet currently lacks an appropriate solution to business authentication. The current solution is Secure Socket Layer (SSL) certificate. It should be noted, however, that SSL is nothing more than a protocol for the safe transfer of information over the Internet, a technological solution. 

SSL prevents eavesdropping during the transfer of data and the substitution of data (the so-called man-in-the-middle attack), but it does not offer any sort of verification of the recipient. This means that we have no way of knowing who the recipient really is, since they can choose any identity they wish.

In spite of that some suppliers of SSL certificates offer verification. But there are many problems with this kind of verification:

• SSL (Secure Socket Layer) was always meant only to be a secure transfer protocol and as such is unsuitable as a verification service. 
• Websites verified with SSL are only verified under secure https protocol and show no verification under http protocol (which is far more common).
• SSL can be bought or rented with the website – verification included.
• The verifier is the technology solution company (low reliability of the verified information).
• Each website has to be verified separately (high costs).
• In the case of buying a low cost SSL certificate there is no verification at all. But the final result, safe data transfer, a „lock“ in the browser and a yellow address bar, is still the same.

	Company On Net	SSL Certificates
Credibility of the company
Company data verification
Verifier of the data	COFACE	same company that offers technological solutions
Reliability of verified data	HIGH	LOW
Financial / Credit data	(gold, platinum)
24h monitoring of the company	(gold, platinum)
Verification of companies w/o websites
Websites
Anchoring companies on the internet
Additional domain and web site
Number of validated domains		1
Protocol	http / https	https
Impact on SEO of websites
Price
Per company	£197 - £1497	Not available
Per website	Not dependant on the number of web sites	£169 - £1717

In the end visitors cannot differ between different SSL certificates – all show the same lock on the bottom of the browser. In the end, SSL companies can only guarantee the secure transfer of information through the SSL – also to the wrong recipients. And this is exactly what is happening – cyber criminals are now starting to use low cost SSL certificates for increasing the level of trust. Many of the latest phishing websites had SSL certificates!

The trust in SSL certificatesis expected to fall in the future, only because they are marketed as something which they were never meant to be – a verification service.

Why are Company On Net certificates a much better verification solution compared to SSL certificates

To ensure SSL verification, the first condition is to own a SSL certificate, even though the company may not even need it. Then comes the verification of the website which then shows some kind of verification of the company. The process is done by SSL companies which can also have some verification quality issues.

The verification process with Company On Net™ is much more thorough. It consists of three steps:

	Identification of the customer Why? To prevent the verification of correct company information with wrong e-mail and website information.
	Verification of the company Why? To check if the company exists and if the company data is correct.
	Validation of the websites Why? To make certain that the websites belong to the verified company.

Read more on How we verify businesses

The verifier for Company On Net™ is Coface UK. Financial and credit report provider for Company On Net™ is also Coface, a global credit company.