EV SSL Info from Net.Finance
Tim Callan recently answered several questions about EV SSL Certificates at Net.Finance in Scottsdale, Arizona. the questions involve what EV SSL Certificates do and how they increase security. The questiosn and his responses are below:
Q. How do consumers understand what the green bar means?
A. Internet Explorer and Firefox take advantage of popular interface conventions that are widely understood by the computer using public. In particular the color green, prominently featured in both browsers, has been the "safe" color in the Windows interface since the 1980s. Two decades of usage have taken understanding of this symbol to the point where 93% of online shoppers identify that a site with a green address bar is safer than a site without.
Q. Should I be messaging my customers about the new interface they'll be seeing?
A. Absolutely. Financial institutions in particular have very tight relationships with their customers and can effectively give them instruction for how to interact online. It's a straightforward exercise to blend explanations of the green address bar and what it means (and when and how to look for it) into other online and offline communications you're having with your customer base anyway. You can integrate it into your marketing to show off your choice of premium security products, and you can help your customers defend themselves against phishing and other online crime by increasing their education in online safety.
Q. What's to keep the criminals from spoofing these green bars?
A. Every step of the information pipeline is hardened against intrusion or tampering. It starts with authentication, which is based on methods proven over the last thirteen years and and on more than three million certificates. The certificate is then protected from tampering by a secure hash and the trusted VeriSign root. That means that when the browser sees it the browser can know that the certificate is bit-for-bit identical to when the Certificate Authority issued it and that it genuinely comes from VeriSign. The browser then displays the green address bar and certificate information up in its chrome, the area at the top of the browser that is beyond the reach of phishers and other purveyors of online fraud. That way site visitors can read your site's identity with their own eyes, and a fraudster can't do anything about it. In that way the original facts can be discovered and safely communicated to the site visitor, and the visitor can trust them to be correct.
Q. Is the industry adopting EV?
A. Yes, in a big way. The CA/Browser Forum recently announced that over 5000 domains have EV SSL deployed. Leaders in all major verticals such as banking, investment, insurance, online retail, and health care proudly display their green address bars. We're well on the way to seeing EV SSL become the norm for serious online businesses, and with 50% of the computer using public capable of seeing these green address bars today, it stands to reason.
Greetings from Net.Finance - [Tim Callan's SSL Blog]