If you run a webshop or website that handles personal data, you're required by law to secure the exchange of that data over the internet. In the Netherlands, failure to provide adequate security is a breach of the Data Protection Act. Nevertheless, many websites aren't protecting visitors against fraud and other abuses of their personal data. An SSL certificate guarantees visitors the privacy that the law demands. And the importance of ensuring privacy becomes even greater on 25 May, when the General Data Protection Regulation comes into force. Under the new rules, website proprietors can face heavy fines if their security isn't up to scratch.
Various types of SSL
There are three types of SSL certificate. They differ in terms of data verification, or the validation method used when the certificate is issued. The more thorough the issue validation method, the more information the SSL certificate contains.
Domain validationA domain SSL certificate confirms only the identity of the domain's registrant. The registrant's details are checked against the Whois data recorded for the domain name. Because the identity of the associated company isn't verified, a domain SSL certificate is appropriate mainly where data needs to be sent securely, but the identity of the website is less important.
Organisation validationAn organisation SSL certificate confirms both the domain registrant's identity and the identity of the associated company, as verified with the Chamber of Commerce. The certificate enables website visitors to view the relevant details.
Extended validationAn extended validation certificate incorporates full details of the company, as verified by detailed cross-referencing with the Chamber of Commerce. It also confirms the webshop proprietor as the certificate applicant. It's only with an extended validation SSL certificate that both the company name and the green padlock icon appear in a browser's address bar. And it's that combination that inspires real consumer confidence.
|Domain validation||Organisation validation||Extended validation|
|Green adress bar||X||X||√|
|Higher in Google||√||√||√|
|Organisation details in certificate||X||√||√|
|Organisation details validated with Chamber of Commerce||X||√||√|
|Extra security mobile support||√||√||√|
In the Netherlands, there are about 3.6 million unique .nl websites. Of those, a little more than half a million (15.5 per cent) have SSL certificates. We did a survey to find out what percentage of business websites and webshops were using SSL certificates, and we got the following results.
||Number of SSL
|Business websites||757,000||225.000 (approx 30%)|
|Webshops||80,000||47.000 (approx 59%)|
In principle, all webshops and business websites should be using SSL. In other words, there is plenty of room for improvement. The majority of .nl websites that are using SSL have domain SSL certificates.
For the last two years, a (valid) SSL certificate has boosted a site's ranking in Google's search results. Google doesn't take account of the type of SSL certificate. However, to get the ranking boost, SSL needs to be used for the whole website. It's not good enough to secure just your checkout page, for example. Being higher in Google's results will increase traffic to your website and therefore your potential income. Certification is therefore a win-win strategy. What's more, starting in July 2018, Google's Chrome browser will label websites without SSL certificates as 'insecure'. At the moment, Chrome puts an 'i' icon in the address bar when you visit a site without a certificate. From July 2018, that will probably be replaced by the red 'Insecure' warning triangle.
From July 2018
In other words, there's soon going to be even more reason to get an SSL certificate for your website or webshop.
If you're one of the many people who find it all too technical, don't worry. Your web hosting firm or registrar will be happy to advise.