After receiving Business Validation, the green “https” and padlock icon will be displayed on your website’s address bar.
Both CAs offer free SSL certificates, supported by automated processes, which make them attractive to fraudsters, notes Netcraft internet services manager, Robert Duncan.Gaining a valid certificate helps convince victims the site is valid since browsers display a padlock or “secure” label to indicate a secure connection.Before issuing the certificate, the Certificate Authority (CA) will verify your business, the company owner, and will make sure that the company is officially registered with the right governmental authority, and that the business performs its activity at the provided location.It is important for you to make sure that the company’s contact information that you submit for the CSR matches the one in third party business directories, public telephone listings and in the publicly viewable WHOIS search.Duncan says Let’s Encrypt’s policy to check with Google’s Safe Browsing API for phishing sites does not provide effective “pre-issuance blocking”.
“It does not match the reality of automated certificate deployment, where the certificate is likely to be issued and installed before the phishing content has been uploaded, detected, and blocked,” he notes.
“These warnings are likely to increase the prevalence of TLS on phishing sites, with fraudsters deploying TLS to both gain the positive "Secure" indicator, and now to avoid negative indicators when collecting passwords,” argues Duncan.
As a result of the business validation, the issuance time for this SSL Certificate is between 1 and 3 business days.
Last September it was blocking less than 500 phishing certificates.
Duncan is calling for the two CA’s to do more to prevent fraud by not issuing certificates for obvious phishing domains, such as the bogus Apple and Pay Pal domains.
You can check if you have a Business Validation SSL Certificate by looking at the attributes of your SSL Certificate.