Thawte Consumer Education program

Buying almost anything online has become a normal part of our lives. Increased security and easy-to-use e-commerce websites have made buying online effortless and fun!

But most of us still experience that feeling of unease when we type in our personal details and especially when we submit our credit card number. Study after study shows that we constantly ask ourselves: Can I trust this business? How do I know for sure that my details will be safe?

Well, it’s a trust-thing, really, and on-line businesses need to earn our trust to keep us interacting, buying and trading.

Thawte is an online security business that decided to do something about this very problem.

SSL only half the story

“But the padlock is on the bottom of the web browser, surely my information is secure”

That’s an argument we hear quite often. , , unfortunately it’s not the whole truth. All that the padlock means is that the data submitted on the secure connection from your computer to the web server is encrypted via SSL

What is SSL?

SSL stands for Secure Sockets Layer, a technology for managing the security of online message transmission. SSL encrypts or scrambles any information sent from your browser to the server you are connected to, making it impossible to intercept or steal information on the way.

So how do I know that the site I am visiting uses SSL encryption to secure my details?

SSL goes along with a Web Server Certificate that proves that the owner of the online business is who he says he is. The certificate can be viewed by clicking on the padlock in the bottom right-hand corner of your browser. This padlock will only imply SSL encryption. The big problem is that you do not know who is on the other side receiving your information.


Thawte performs stringent checks on businesses applying for certificates to ensure that the guy on the other side is a legal entity.

And that’s the difference a Thawte digital certificate makes. Thawte offers a thorough process of authentication before we provide a business with a digital certificate. It will always imply that the organization named in the certificate has the right to use the domain name included in the certificate, that the organization named in the certificate is a legal entity and that the individual who requested the SSL certificate on behalf of the organization was authorized to do so.

SSL without authentication is misleading. It is only half the story. Some low cost competitors offer SSL and a low level of authentication, which means that the business did not go through the rigorous authentication and verification process. There is still room for fraud with low level authentication.

With a trusted authority, like Thawte, you the customers can have confidence that you actually are sending confidential information to where you think you are sending it.

The procedure of authentication

Whenever an e-business wants to obtain a Web Server Certificate from Thawte, they first have to go through the process of authentication, as mentioned above. The three basic steps of authentication are:

1.        Confirm that the person or organization really exists.

2.        Confirm that the person or organization has the right to use the domain name of the website they are maintaining.

3.        Confirm that the person who requested the SSL certificate has permission to do so on the organization’s behalf.

So what does it really all mean to me?

When you browse any site issued with a SSL certificate, you have to make sure that the Certification Authority can be trusted. Because Thawte provides strong SSL encryption and will always ensure that the website is fully authenticated, you can be sure that you are safe.

By utilizing Thawte's SSL Web Server Certificate, the owner of the online business is sending you the customer, a clear signal of trustworthiness.

You can be certain that the information you submit will not be intercepted while in transit, and that you are dealing with an authenticated, real-world organization.


The Thawte Authentic Site Seal

Once an e-business has obtained a Web Server Certificate and once it has been fully authenticated, Thawte supplies the website with an authentic site seal. By clicking on this Site Seal you will get real-time confirmation of the validity of the Certificate on the web server you are connected to. The Seal Information Page lists the domain it authenticates, the date of certification, the date of expiry and in which country the business is based. The site seal is your visible, real-time assurance of trust.

There have been cases of fraudulent use of the Thawte site seal and if you would like to report any abuse, send an email to abuse@thawte.com.

Look out for the following to identify abuse of the site seal: