Monday, July 06, 2009

WCS Upgrades to the Highest Level Website Security certificate

WCS has completed their upgrade to the Highest Level security certificate available for online enterprises

Comodo Introduces EV SSL Certificates - delivering identity and trust assurance through "extended validation" SSL certificates

What are EV SSL Certificates?

Extended Validation SSL Certificates are the next generation of SSL certificate. These certificates are meant to combat emerging online threats that continue to erode trust online. Specifically, these certificates will provide a new way for merchants to prove that their site has been verified as an authenticated business. This way your customers will know you are for real and not a phishing site.

All major browsers (e.g. Microsoft, Opera etc) are integrating new displays providing new way for consumers to see a distinct difference between these new EV certificates that confirm a site's identity and non-vetted sites. Users will see a green color change to your site identity indicating that that this site that has been issued an EV SSL certificate.

Here is how IE 7.0 will distinguish between verified sites and phishing sites in 2007

Fig 1, IE7 address bar for a known phishing website detected by the Phishing Filter

Fig 2, IE7 address bar for a site with an EV SSL certificate (showing the identity of the site from the SSL certificate)

Why is this important?

Trust is a business imperative that translates into revenue. And these new EV SSL certificates are one of the biggest improvements in your ability to create trust online because users can get browser confirmation of your identity. Comodo was the lead initiator of the CA/B Forum (Certification Authorities and Browsers), an industry group creating the guidelines for the stringent new security standards for SSL certificates. Other members of the CA/B Forum include leading international certification authorities, the major browser providers (including Microsoft, Mozilla, Opera, and Konqueror), as well as the American Bar Association Information Security Committee.

For the first time, EV will provide a uniform vetting standard for all certification authorities so that consumers will be able to make reliable risk assessment decisions about which online merchants to do business with.

And that's why WCS wanted to assure their customers that we take their security when performing online transactions seriously.

  • "Domain only" certificates, also known as "low assurance" certificates, only verify domain ownership. These are certificates most often sold by GeoTrust and GoDaddy. Unfortunately, these certificates provide virtually no identity assurance whatsoever since domain purchasing requires no identity verification.
  • "High Assurance" certificates refer to certificates that include identity validation from a Certification Authority using currently established and accepted vetting processes. These SSL certificates are seen as significantly superior to domain only SSL certificates because users can trust that an objective third party - a certification authority, has verified the identity of the website.
  • "Extended Validation" (EV) SSL certificates are the newest option for eMerchants as these SSL certificates require the most stringent verification processes as outlined in the guidelines developed by CA/B Forum. The advantage of these the next generation high assurance SSL certificates is that these certificates work with the new security browsers to include a new visual indicator that confirm the site's identity.

Q: How will EV SSL certificates increase consumer confidence?

A: High profile incidents of fraud and phishing scams have made Internet users very concerned about identity theft. Before they enter sensitive data, they want proof that the website can be trusted and their information will be encrypted. Without it, they might abandon their transaction and do business elsewhere. EV SSL Certificates provide third-party verification using a highly visual display that gives consumers confidence and builds trust in e-commerce.

Q: How is a consumer expected to distinguish between the different type of SSL certificates?

A: The presence of a verifiable High Assurance SSL certificates provides reassurance to consumers. Low assurance certificates, by contrast, are not inherently trusted by browsers and will cause some browsers to display "warning messages" informing the user that the certificate has not been issued to a verifiable entity. Loss of trust equals loss of sales whereas increased trust results in increased sales.

Q: What are the benefits of EV SSL certificates to Web site owners?

A: An EV SSL Certificate helps visitors complete secure transactions with confidence because your site has the "green bar" in IE 7 and your competitor's site does not. You appear to be more trusted and more legitimate. That's a competitive advantage that translates into higher conversion and more revenue. And it's why you are in business.

Q: Why do I need an EV Certificate on my site?

A: Today's fastest growing threat is phishing, where a fraudulent web site impersonates a legitimate business to attract unsuspecting visitors into divulging personal information. The increasing awareness to this problem has caused consumers to not trust buying online.

Post a Comment