What's the difference between an SSL Certificate's security and validation?
We breifly answer this in another FAQ, but it's worth futher clarification.
The common part of SSL Security Certificates is encrypted transmissions. You'll usually see this visually by either a lock icon in your browser's address bar, or in newer version a "Green Bar" in the same location. This lets you send confidential information over the Internet. In most cases this is when using a credit card to shop online or access your online bank account, but may also include memberships to areas of websites' content.
The less common part of SSL Security Certificates is validation. This means the Certificate Authority, the company issuing the Security Certificate, has exercised "due diligence" in determining identity. For entry level certificates this means they sent an email to an authorized person in the domain (ie: admin@CompanyRequestingSecurityCertificate.com) who clicked a link verifying they received it.
For higher level Security Certificates the Certificate Authority may do any of the following: mail a certified letter to the requesting company/individual with a password, send an email to an authorized person in the domain, check for a company listing in DnB (Dunn and Bradstreet), etc. Typcially the Certificate Authority will also insure the Certificate's Validity. For instance it may state any credit card transactions done with the validated company are insured for up to $10,000.
Anyone can purchase an SSL Security Certificate thus there is still possibility for fraud. This is why higher level Security Certificates offer higher validation backed by guarantees.
PDF version
