|
Many consumers don’t trust web site safety enough to complete an e-commerce transaction. The frequency of malicious web schemes such as phishing and pharming creates an environment of fear and reticence. Gartner recently reported that in 2006 41.2% of online adults in the U.S definitely received Phishing emails, 46% changed their purchasing and online behavior as a direct result of security concerns and 10% reduced their online spending by at least 50%. As a result nearly $2 Billion in e-commerce sales were lost due to user concern over security.* Online commerce may still be growing but there are a significant number of people opting out or reducing their spending due to security concerns. If you are a web business that depends on consumers trusting you enough to share their financial, personal or other sensitive data this is an alarming trend. Identity authentication now takes center stage in the fight to shore up consumer confidence in e-commerce.
To combat this problem, leading web browser developers and SSL Certification Authorities (CAs), including thawte, joined forces to create a new standard for web site identity authentication. After more than a year of effort, the CA/Browser Forum introduced the new Extended Validation (EV) SSL Certificate. This new standard is the most significant advancement for the World Wide Web’s secure backbone since SSL Certificates were first introduced over a decade ago.
Extended Validation SSL Certificates offer web sites a better method for assuring their visitors of their legitimate identity. Browser support for the enhanced features of Extended Validation SSL Certificates began with Microsoft® Windows Internet Explorer 7 in early 2007 and other browsers, such as Firefox and Opera, have announced their intentions to follow in short order.
SSL Certificates were created to validate the genuineness of a web site because it is so easy to counterfeit a business on the web. In 1995, when they were invented, a standard SSL Certificate provided adequate protection for consumers. Times have changed; web scams became more sophisticated and these traditional certificates may no longer be adequate. A member of the general public can easily forget to look for the small lock icon in the browser window and they won’t necessarily recognize a fraudulent use of an SSL Certificate. Sophisticated web scammers easily fool some less stringent CA identity authentication practices and some web fraud sites simply use self-signed SSL Certificates that provide no identity authentication at all. The general public often cannot recognize when they are presented with one of these questionable certificates. This is one reason why spoofing schemes such as phishing and pharming have become so prevalent and successful.
The Extended Validation SSL standard helps solve both the problem of low SSL protection visibility and low assurance of a site’s genuine identity. The CA/Browser Forum, comprised of over twenty browser manufacturers, CAs, and WebTrust auditors along with the American Bar Association Information Security Committee (ABA-ISC), worked for more than a year to create the first inception of the EV authentication process. The CA/Browser Forum continues to develop the EV standard and guidelines in order to improve Internet security and combat online fraud. The EV guidelines describe a set of standardized best practices that must be followed in order for an SSL Certificate to meet the requirements for Extended Validation status. Any CA who wants to issue EV SSL Certificates must first pass an independent WebTrust audit confirming their use of the EV identity authentication standard practices. The rigorous EV authentication process described in these guidelines relies on business verification practices proven to be effective for authenticating millions of SSL Certificates.
An EV SSL Certificate functions the same as a traditional SSL Certificate for older browsers that do not recognize EV, such as Internet Explorer 6, Firefox 2.0, and earlier versions of both. For new high-security browsers, such as Internet Explorer 7 (IE7), EV offers significantly more benefits than a traditional SSL Certificate. To the end user, these newer browsers display an EV SSL authenticated session in a far more visible and informative way than the small lock icon at the bottom of the page shown for many traditional SSL sessions.
|
