Putting the CA seal on the web will help increase the visitors' trust

31 May 2021 | Jindřich Zechmeister

This article discusses the CA seal you can get for each certificate and the reasons why you should definitely not forget to put it on your site. It will not only help you gain the trust of visitors, but also protect them against phishing.

You will receive a seal with each certificate

You will receive the seal of a certification authority for each certificate (except RapidSSL), which helps the visitor to find out information about the website operator and authenticate it. So it is up to you whether you use it and put the seal on. The deployment itself is simple.

In this article, we focus on the reasons why you should deploy the seal and the benefits it brings. The most well-known argument is the increase in trust and typically in online shops also the increase in turnover, but the seal is also important to protect visitors from fraudulent websites.

New DigiCert Smart Seal
New DigiCert Smart Seal

Why use the CA seal on the web?

Gaining the visitor’s trust is important, in the case of online shops it is even the main prerequisite for success. Today, anyone can set up a website or an online shop, and the competition in the IT and e-commerce industries is growing year by year. This makes it increasingly difficult for the customer to orientate themselves in the services offered and to know which website is genuine and which one is fake (imitating the look of a website is the primary weapon of fraudsters and phishing).

In such an environment, it is important to offer visitors proof of identity and authentication. By this we do not mean the address in the contacts or the imprint, but proof that the website is genuine and provided by a properly functioning company. TLS certificates that contain this information can be used for this purpose, and the certification authority guarantees that they are verified.

The CA seal is a key weapon against fraudsters

Web browsers do not make authentication easier for Internet visitors, actually, they make it more complicated. After the voluntary and incomprehensible green EV bar elimination by browsers, web users lost a basic authentication tool. To obtain information about the certificate owner, the visitor would have to click on the lock next to the address (EV certificate) or go to the certificate detail (OV certificate). And let's face it, who does that?

Currently, all certificates look the same in a browser to a layman, so he cannot tell if they are on the real website of an EV-certified bank or a fake website with a DV certificate without verification. Every year, tens of thousands of fake copies of Facebook, PayPal or Microsoft (2) are created in the world for this very purpose - to confuse the user and obtain login details, which are then misused.

However, there is a solution which is the CA seal on the web. It not only attracts and calms the visitor at first sight, but after clicking on the seal, the visitor can easily find out all the website owner’s information. The CA seal on the Web is currently the only tool for proving your identity to visitors, enabling authentication, and defending against phishing in a user-friendly way. Even if an attacker obtained the seal code, it would never work on a different domain.

If the site owner uses Secure Site certificates with the Smart Seal, in addition to information about the company, the site visitor can also see information about the performed anti-virus scan, site vulnerability scan, and, last but not least, the company logo. Thanks to this, they can quickly make sure that they are at the right address.

User behavior studies are clear:

  • 71 % of users look for a website security seal before proceeding with a purchase.
  • 3 out of 4 believe a website displaying a site seal is secure.
  • The new patented digicert smart seal delivers new identity information—which 83% said would boost their trust of a website.
  • In the past, 74% of users looked for other indicators of a secure website including HTTPS and the green address bar—two trust indicators that have been removed by most browsers.
  • Today, 60% of participants stated they have not completed a purchase because a trust logo was missing.

Source: The Baymard Institute [1]

How to obtain and deploy the seal

As mentioned in the introduction, the CA seal belongs to every TLS certificate except RapidSSL. Therefore, if you have such a certificate issued (Thawte, GeoTrust, DigiCert), then just go to the details of its order in the customer administration, and there you will find the CA seal in the Download section. Set the size of the seal, confirm your choice with the Submit button, and then download the HTML code of the seal, which you place in the selected place on your website. That is all, and the whole process will not take more than a few minutes!

You can freely experiment with setting the appearance of the Seal (size, or animation, hover for Smart Seal). The settings are stored directly with the CA, and the seal code does not change. Just wait for the change to take effect, which should be within two hours at the latest (otherwise clear the cache).

If you have problems inserting it, do not hesitate to contact our support. Naturally, the seal only appears on domains included in the certificate (SANs).

Sources:

  1. The Baymard Institute, 2020; DigiCert Customer Surveys, 2020. Available at: https://www.digicert.com/blog/website-seals-affect-user-trust/
  2. Statistics Vade Secure. Available at https://www.vadesecure.com/en/phishing/