SSL providers tout the size of the warranty associated with their certificates - $10,000, $100,000, even$250,000. But what does the warranty warrant?
The big numbers are written big, but details are hard to come by. Network Solutions is the most forthcoming:
If any fraudulent activity occurs as a direct result of a customer's
transaction with a website containing an SSL Certificate, the issuing
SSL Certificate Authority will reimburse the affected customers up to
amounts from $1,000 to $1,000,000. Online visitors can immediately
indentify the level of Website security based on the warranty.
If you read carefully, you can see it is not a warranty to
the website owner, but rather to the site's users. What they are saying is that if the website owner turns out to be
fraudulent and the customer loses money because the
certificate was issued without being properly verified, then the
certificate authority will compensate the customer up to the limit of the policy. I have not been able to uncover a single instance that a claim has ever been made against this type of warranty. Given the, shall we say, low-key nature of this warranty, and the unlikelyhood that the certificate authority is at fault in a fraudulent transaction, it is unlikely that an SSL certificate with a higher warranty would influence a buying decision. SSL is a sound technology which provides a measure of reaasurance, if not actual security. Sites that accept credit card information are required to have SSL certificates. We continue to recommend, though, that low-cost certificates be considered first and that the size of the warranty not be a significant deciding factor.