Originally Posted by csn-uk
Everyone agrees that it is best practice to use SSL, though some still don't however part of secure connections and their use is informing and educating the user as such EV SSL certificates being a prime example.
Though most hosts won't outlay for an EV certificate (us included) I have noticed many don't make a clear distinction when changing between secure and non secure sections of their site (ourselves included at present) though some do show pci compliance and other trust images.
In essence having the certificate isn't enough, many users still don't understand what the padlock is nor do they understand why it's important or how it affects them, for others it's very important but a certificate alone doesn't instil trust which is one of the purposes of SSL certificates.
I'll have to agree with you on this 100%. Just because the website in question uses SSL does NOT mean you're doing business with a trustworthy company. EV certs are a great way to let your clients know you're a legitimate registered business. However, there are other ways of doing this without forking out all the money for EV certs, and it still does NOT mean you will be doing business with a trustworthy company, either.
SSL just means that any data sent from your end to the website is encrypted so that nobody can intercept and steal the data being transmitted, it does not mean the data was sent to a trustworthy source.
I've seen eBay and PayPal phishing websites designed to make you sign in with your account details in order to steal them, using SSL certs.