Hmmm... It's pretty clear that you don't entirely trust this consultant with which you're working. I'm wondering if they're the right company for you to be entrusting this project if you don't even trust their basic recommendations? Hate to put it that way, but you might want to spend a few minutes checking out references before you go further down the road with this person or company.
Let's talk about SSL certificates and extended validation certificates too, so you also have a sense of what he's talking about when he is trying to "sell you" on the more sophisticated type of secure socket layer (SSL) cert.
To start with, an SSL certificate has two primary functions: to authenticate the identity of your site to people visiting it and to allow the information sent between your server and the visitor's browser to be encrypted. This protects your customer's privacy, of course, encrypting credit card numbers, addresses, email, phone numbers, and so on.
Just about every decent ecommerce online store has an SSL certificate for at least the shopping cart system (it's not necessary that all your product pages also be encrypted). Most importantly, it shows your customer that you're serious about protecting their privacy and confidential personal information.
An extended validation certificate is a higher level of certification and is only available to the following business entities:
* Government entity
* Legal corporation
* General partnership
* Sole proprietorship
* Unincorporated association
In the latest versions of Internet Explorer and Firefox, the address bar actually turns green if you're on a site with an Extended Validation Certificate SSL: again, it's a visual mark that helps your potential customers know that you're serious about security.
That may sound like it's irrelevant, but talk with people that have stores, online and brick and mortar, and you'll find that letting customers know how you're addressing their concerns about security can be just as important - or more important - than how you actually address them.
It's also worth pointing out that while you can set up a server to have a secure connection (since it's just a communications protocol, after all) you can't get a seamless secure connection that doesn't trigger warnings in your customers browser without purchasing and installing an SSL certificate.
The question, then, is just how secure do you want your customers to perceive your online business? If you want to maximize that, it might well be worth the extra few hundred dollars to get an Extended Validation SSL Certificate.
Hope that helps you get up and online with your store!
Note: the above is an affiliate link: by clicking on it and purchasing your SSL certificate from Register.com, I'll earn a few pennies and you'll do your bit to help keep the lights on in my office. Thanks!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help
right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
This story kind of bothered me. I doubt the CONSULTANT was going to get any extra money out of recommending the EV certificate. Most likely the cert would have been purchased directly from the CA and the cost wouldn't (and shouldn't be) marked up. Sounds like he was just recommending the more secure option which is probably a good idea anyway. If I was the consultant, I wouldn't take this job. The person is starting off on the wrong foot (distrust) and down the road I can just see the nightmares coming a mile away.