Verification Engine displays this warning when a website's SSL certificate is invalid and cannot be authenticated or if a website is using a Low Assurance SSL certificate to secure a HTTPS or https: session.
This means the owner of the website has not been validated as a legitimate business entity. The certificate was issued to the website without the usual checks to verify that the company is a real world organization with articles of incorporation or a valid DUNS number. Although the information passed between you and this website will be encrypted - you don't know who it is encrypted for because the entity has not been validated.
Consumers wishing to pass sensitive information like credit card details to a server using a Low Assurance certificate should proceed only if they have prior reason to trust the organization listed.
Verification Engine uses proprietary SSLVerify technology to determine whether a website is using a high or low assurance certificate.
High Assurance SSL Certificate
Low Assurance SSL Certificate
High Assurance certificates show the full company name and address - validating both domain ownership and organizational probity.
VerificationEngine indicates a high assurance certificate thus:
Low Assurance certificates show only the domain name - validating domain ownership only.
VerificationEngine indicates a low assurance certificate thus:
An SSL certificate can only signify that it is safe to trade with a company when two vital steps were completed prior to its issuance:
Low assurance certificates establish domain ownership only (step 1)
High Assurance certificates require proof of both domain ownership and verification that the vendor is a legally accountable entity (steps 1 and 2).