Using an SSL certificate on a website brings a number of benefits – increased trust among web visitors, higher rankings in search results, etc. One of the other important benefits is the guarantee offered by SSL certificate issuers. We have checked what this guarantee is and when and how it can be invoked.

What kind of guarantee do SSL certificates offer?

SSL certificates can be divided into three groups, domain, business and extended. The difference between them also lies in the amount of financial guarantee they offer.

Domain

A domain SSL certificate is a basic certificate suitable for most websites and shops. The guarantee depends on the issuer, typically ranging between $10,000 and $500,000.

Business

A business certificate requires verification of the subscriber. Therefore, this type of certificate provides a higher level of trust and the value of the guarantee is also higher, ranging from $50,000 to $1,250,000.

Expanded

The highest level of security is provided by an Extended SSL Certificate. The issuer of the certificate will carry out a detailed background check on the organisation wishing to install this type of certificate on its site. In addition to the highest protection, it offers a high guarantee, ranging from $1,500,000 to $1,750,000.

What does an SSL certificate guarantee mean?

An SSL certificate installed on a website guarantees that it is secure for online business. For example, if you make an online purchase and your credit card is misused, you may be able to claim reimbursement of the costs incurred as a result of the financial misuse under the guarantee.

However, the guarantee is not payable in all cases. As an injured party, you cannot claim under the guarantee if you have made an online purchase on a fraudulent website (for examplewww.paypal.scam.net). If you enter your credit card details on such a website, which has managed to obtain an SSL certificate, you cannot claim under the SSL certificate guarantee. The issuer of the certificate may consider that you were not sufficiently careful and that the misuse was due to negligence. You are therefore advised to always check the URL of the website where you make your purchase. This is only the first step towards safe online shopping. You should also take into account the factors we have already described in our post 13 ways to spot a fake online shop.

If your customer’s credit card has been misused, you must provide the SSL certificate issuer with the necessary documentation.

Enforce the 5-Step Guarantee

In order to invoke the guarantee offered by your SSL certificate, you need to follow five steps, which we will describe in more detail below.

1. Reporting abuse

Like any criminal offence, abuse of an SSL certificate should be reported to the police.

2. Sending a report

The police report of the abuse should be scanned and sent to the issuer of the certificate. If you have one issued by Sectigo (Comodo), please register at support.comodo.com and select Validation Documents in the Submit a Ticket section. Fill in the necessary information and attach the scanned police report as an attachment.

If you are using a certificate from another issuer, please contact their technical support.

3. Overview of the situation

The issuer of the certificate verifies the documentation sent through the agency that handles the warranty claim. The review takes up to a maximum of 30 days. During this time, the agency may request additional documentation (e.g. server logs) or clarifications from you.

4. Situation report

The final report is sent by the Agency to you and to the issuer of the certificate.

5. Enforcement of the guarantee

If the report concludes that misuse has occurred, the SSL Certificate Issuer shall pay compensation to the aggrieved party as determined by the Agency. Sectigo (Comodo CA) shall make such payment within 120 days of receipt of the final report on the situation. The payout for one of the most popular Sectigo Positive SSL certificates is therefore up to $10,000, which is the upper limit for this certificate.

What if you use a free SSL certificate?

If you use a free SSL certificate such as Let’s Encrypt on your site, your customers are not covered by any guarantee. This makes it all the more important that you use a paid version of an SSL certificate for your site. You can order yours today!