Verification Engine displays this warning when a website's SSL certificate is invalid and cannot be authenticated or if a website is using a Low Assurance SSL certificate to secure a HTTPS or https: session.
This means the owner of the website has not been validated as a legitimate business entity. The certificate was issued to the website without the usual checks to verify that the company is a real world organization with articles of incorporation or a valid DUNS number. Although the information passed between you and this website will be encrypted - you don't know who it is encrypted for because the entity has not been validated.
Consumers wishing to pass sensitive information like credit card details to a server using a Low Assurance certificate should proceed only if they have prior reason to trust the organization listed.
VerificationEngine SSLVerify technology
Verification Engine uses proprietary SSLVerify technology to determine whether a website is using a high or low assurance certificate.
High Assurance SSL Certificate | Low Assurance SSL Certificate |
|---|---|
|
|
|
High Assurance certificates show the full company name and address - validating both domain ownership and organizational probity. VerificationEngine indicates a high assurance certificate thus:
|
Low Assurance certificates show only the domain name - validating domain ownership only. VerificationEngine indicates a low assurance certificate thus:
|
An SSL certificate can only signify that it is safe to trade with a company when two vital steps were completed prior to its issuance:
- Step 1: Verification that the applicant owns, or has legal right to use, the domain name featured in the application.
- Step 2: Verification that the applicant is a legitimate and legally accountable entity.
Low assurance certificates establish domain ownership only (step 1)
High Assurance certificates require proof of both domain ownership and verification that the vendor is a legally accountable entity (steps 1 and 2).