Skip to content
CertScore logoCertScore

How CertScore Verifies Your Credentials

Last updated: February 2026

At CertScore, trust is everything. When you add a professional certification to your profile, we don't just take your word for it. We verify it directly with the credential provider. This page explains exactly how that process works, what each verification status means, and why some credentials receive a higher trust level than others.

The Three Verification Tiers

Verified (Gold Standard)

What it means: We have cryptographic proof that the credential belongs to you.

How it works: The credential provider exposes an email hash in its badge assertion. We hash your CertScore account email with the same algorithm + salt and compare. If the hashes match, ownership is mathematically proven.

Full points awarded based on certification tier.

Self-Reported

What it means: We confirmed the credential exists and is valid, but cannot cryptographically prove it belongs to you.

How it works: We fetch the credential from the provider's public page and check that the name matches your profile. This confirms the credential is real, but anyone can view a public verification page, so name matching alone isn't enough to prove ownership.

0 points awarded. Visible on your profile but does not count toward your CertScore.

Rejected

What it means: We could not verify the credential, or the identity information didn't match.

This happens when the name on the credential doesn't match your CertScore profile, the credential URL is invalid, or the credential has been revoked.

Platform-by-Platform Breakdown

Credly (Acclaim): Verified

Credly is the gold standard for credential verification. Here's how it works:

  1. You submit your Credly badge URL
  2. We fetch the badge data from Credly's public API, confirming it exists, is valid, and hasn't expired
  3. We retrieve the OBI (Open Badges Infrastructure) assertion , which is the W3C standard badge data that includes a hashed email
  4. We hash your CertScore email using the same algorithm (SHA-256 + salt) and compare it to the assertion
  5. If the hashes match, the credential is cryptographically verified as yours

This follows the Open Badges 2.0 specification. The email hash comparison means that even if someone knows your badge URL, they cannot claim it on CertScore without access to the email associated with the badge.

Result: verified, full points.

Accredible (credential.net): Verified or Self-Reported

Accredible supports the OBI standard, but not every credential includes the email hash. The flow:

  1. You submit your Accredible credential URL
  2. We fetch the credential data from Accredible's API
  3. We look for an OBI badge assertion with an email hash
  4. If found: Same SHA-256 hash comparison as Credly, the result is verified
  5. If no hash: We confirm the credential is real but can't prove ownership, so the result is self_reported

The result depends on how the issuing organization configured their Accredible account. Many issuers enable full OBI compliance, but some don't include the recipient email hash.

EC-Council (ASPEN): Self-Reported

EC-Council certifications (CEH, CCISO, CND, etc.) are among the most respected in cybersecurity. Unfortunately, EC-Council's ASPEN verification system does not currently offer an API or email hash verification mechanism.

  1. You submit your ASPEN verification URL
  2. We fetch the public verification page and parse the credential details (certification name, cert number, dates)
  3. We check that the name on the credential matches your CertScore profile. Mismatches are rejected
  4. If the name matches, the credential is imported as self_reported

Why not verified? ASPEN is a public, read-only webpage. It provides no authenticated API, no email hash endpoint, and no mechanism for a credential holder to programmatically prove ownership to a third-party platform.

We have formally requested that EC-Council add an email hash API or adopt the Open Badges specification. You can read the full details in our open letter to EC-Council. Until ASPEN supports programmatic verification, all EC-Council credentials on CertScore are marked as self-reported and award 0 points.

Result: always self_reported, 0 points.

Why This Matters

  • For employers: A verified credential means the person demonstrably holds the certification. No ambiguity.
  • For credential holders: Verified status gives your credentials more weight and earns points toward your CertScore ranking.
  • For the community: The leaderboard reflects genuine, verified expertise, not just claimed certifications.

What We're Doing About It

  • Credly: Full verification support
  • Accredible: Full verification support (when issuers enable OBI email hashing)
  • EC-Council: We've formally requested API access and OBI compliance via our open letter. We'll update this page when ASPEN supports programmatic verification.

If you're an EC-Council certification holder, we understand this is frustrating. Your CEH, CCISO, or CND certification is just as valuable. The limitation is purely technical on EC-Council's end. We encourage credential holders to contact EC-Council and request they adopt the Open Badges standard.

Our Commitment to Transparency

CertScore is built by a 501(c)(3) nonprofit. We have no financial incentive to favor one credential provider over another. Our verification standards are based solely on what each provider's technology allows us to prove.

Every verification request is logged, rate-limited (15 per hour per user), and monitored. Our infrastructure is monitored 24/7 via our status page.

Questions about how your credential was verified? Reach out at [email protected].