Extended Validation SSL Certificate Gains Adoption

CHICAGO, April 3 /PRNewswire/ --

The Certification Authority/Browser Forum (CAB Forum), the author of the guidelines for issuing Extended Validation (EV) SSL certificates, is pleased to announce that approximately 5,000 EV SSL certificates have been deployed by businesses and organizations worldwide(1) since the introduction of the guidelines last June.

Extended Validation SSL certificates were introduced last year to help businesses and organizations conducting e-commerce, e-banking or e-government to reliably assert their identities to end-users and consumers. EV SSL certificates are issued to entities that complete a rigorous validation process that includes the following criteria:

  • Verified legal, physical and operational existence of the entity
  • Verified identity of the entity matches official records
  • Verified that the entity has exclusive right to use the domain
    specified in the EV Certificate
  • Verified that the entity has properly authorized the issuance of the
    EV Certificate

EV SSL helps combat online scams such as phishing, in which legitimate web sites are "spoofed" or faked and presented to consumers via e-mail campaigns disguised as routine customer service. The unwitting consumers submit personal data such as bank account information to the faked sites, which appear authentic. These scams cost businesses and consumers millions of dollars each year in fraud and lost time. The "extended validation" process mitigates this scenario by requiring additional information to verify an organization's identity, so only legitimate organizations can obtain an EV SSL certificate.

The latest versions of the leading Internet browsers currently support EV SSL by providing additional visual security indicators such as shading the address bar green within a browser when consumers visit a web site that leverages an EV SSL certificate. To a consumer, green means they can do business on-line with confidence because the web site address displayed in the browser address bar has been rigorously verified by one of the leading certification authorities.

The Authentication and Online Trust Alliance (AOTA), an organization whose mission is to foster the elimination of email and Internet fraud, abuse and data intrusions thereby enhancing online trust, confidence and online protection of businesses and consumers, issued a statement in January endorsing Extended Validation SSL. According the AOTA, "EV certificates fill the void left in SSL certification by validating that the endpoint is that which it claims to be. Companies and individuals who adopt EV certificates benefit from a higher level of authentication and increased consumer confidence in online commercial transactions."

AOTA has recently published a list of brands that have adopted EV SSL, which is comprised of 3,000 companies that have deployed approximately 5,000 certificates. The complete list can be viewed at: http://www.aotalliance.org/resources/EV

(1) Data provided from the Netcraft Secure Server Survey Feb 2008 data

ADDITIONAL FACTS ABOUT EV SSL CERTIFICATES

Eligible Organizations: EV SSL certificates are available for all types of businesses, including government entities and both incorporated and unincorporated businesses.

Industry Certified: All certification authorities are required to undergo an annual audit to ensure adherence to the EV issuance process.

Revocation: Improperly used EV certificates will be revoked quickly in accordance with the guidelines.

About the Certification Authority/Browser Forum

The CAB Forum is a voluntary organization composed of leading certification authorities and Internet browser suppliers. For more information, visit http://www.cabforum.org.

Distributed by PR Newswire on behalf of CAB Forum

Originally posted on Sun Apr 6, 2008