Certificate Authority secures online transactions ensuring the seller is legit
18 September, 2008
category: Corporate, Digital ID, Financial, Library
The new version of SSL lets companies go the extra mile to reassure customers
When the owner of French Soaps Ltd. learned about Extended Validation SSL, a new certificate online retailers could use to better secure transactions while also reassuring customers, he began to investigate.
Curtis Cord, president of the Middleton, R.I.-based company, and his wife started the company more than 10 years ago after a visit to the south of France where they were introduced to some of the products they now sell. The high-end soap and fragrance retailer targets the luxury consumer. “Someone who appreciates hand crafted quality,” Cord says.
They want to do everything possible to make sure the customer trusts the company and the Web site, said Cord, so when he saw a headline online about the Extended Validation SSL he jumped on it. “It’s always been important for us to be forward thinking with our Web site,” he says.
Cord called his Internet service provider who put him in touch with Trustwave, a Chicago-based company that helps retailers with security solutions. The purpose of the EV SSL is to let customers know they are dealing with a legitimate business, says Michael Petitti, chief marketing officer at Trustwave.
SSL 411
Before the EV SSL, online retailers would obtain standard SSL certificates. These enabled information to be encrypted between the consumer and the retailer. “It was a prerequisite to doing business online,” Petitti says.
The SSL is a certificate that enables a consumer to know that the transaction being performed is secure. But an SSL wasn’t always enough protection for consumers. At different times some criminals obtained legitimate SSLs and were able to gather consumer information and commit fraud, Petitti says.
EV SSLs require that the retailer undergo a more rigorous background check than when applying for a standard SSL, Petitti says. Once a company is verified the consumer can tell he’s on a legitimate site because the address bar turns green on some Web browsers, including the latest versions of Microsoft’s Internet Explorer and Mozilla’s Firefox.
The EV SSL is a product of the CA/Browser Forum, a voluntary organization of certification authorities and Internet browser software vendors. Extended Validation SSL Certificates build on the existing SSL certificate format, but provide an additional layer of protection by requiring a rigorous issuance process created to ensure that the certificate holder is who they claim to be.
Cord says the background check into the company makes sure it’s a company in good standing and checks with local and state government to make sure the business is registered. “They want to know who the owners are, where they’re located and that you’re in the physical space you say you are,” he says.
Before issuing an EV SSL a certificate authority must follow a number of steps. The authority must verify the legal, physical and operational existence of the entity; verify that the identity of the entity matches official records; verify that the entity has exclusive right to use the domain specified in the application; and verify that the entity has properly authorized the issuance of the certificate.
French Soaps went live with its EV SSL on Jan. 27, 2007, Cord says. The retailer was Trustwave’s first client to use the new certificate. At the time there were less than 10 total retailers using them, though now more than 5,000 EV SSLs have been issued.
“The green bar reassures that you are in a safe place,” Cord says. “We’re always hearing from our customers that they enjoy the Web site and they trust it. And judging from the growth in our online sales and the lack of complaints and concerns, I’m very pleased we went ahead with it.”