The difference between the two is a bureaucratic issue.
Both guarantee virtually the same level of security against electronic attacks. What the EV gives the most is a guarantee that the entity issuing the certificate (ie: GoDaddy, Digicert etc.) actually investigated the company that purchased the certificate to ensure that it is a legitimate and reputable entity. >
In other words, EV SSL is an SSL combined with a "good background certificate."
The search criteria are defined by the CA / Browser Forum , a consortium of certification authorities. Currently, to get an EV SLL, you need to prove the following:
- That your domain is owned by a physical or legal person, with a physical (person, not server board) address known. I believe this requires at least one interview because the related Wiki says that they seek to establish their "physical and operational presence";
- Ensure that the above individual or legal entity is the sole owner and controller of the domain that will receive the certificate;
- Ensure the identity of all persons who have authorization from the domain owner to represent it.
As you can see, this is a very high and expensive valuation level. But this gives users a guarantee that the site owner is a fair person and that everyone knows where he lives, not the hackovisky in a basement in Siberia trying to steal his credit card number.
And finally ... To demonstrate the highest security of EV SSL sites, today's browsers paint some parts of the green address bar - and for accessibility for color blinds, they also often display a lock and the word "secure" .