- Category: April 2011
Gaining the trust of online customers is vital for the success of any company that requires sensitive data to be transmitted over the Web and especially for online shops and banking. However, with the skyrocketing rise in Internet fraud and data theft, maintaining the trust of potential customers has never been more in jeopardy.
As people have become more IT savvy, they have become both more skeptical, and frankly, more scared of using online channels. Investment in technology to earn customers’ trust and to protect them is therefore vital.
To ensure that current and future customers are fully aware of security investments being taken by e-commerce businesses, it is critical to go with a security vendor whose brand name is the best known and the most trusted. VeriSign has earned its industry-leading brand name recognition, and related customer trust, by delivering state-of-the-art in online security and trust solutions. The company is the leading provider of SSL Certificates with a market share of over 70% and many commercial e-commerce sites display the VeriSign seal prominently on their Website to assure online users that their online business is authentic and that they are capable of securing their confidential information with SSL encryption. That’s simply due to the fact that people are reluctant to provide information like their credit card and Social Security numbers, passwords, health details, and other confidential data to a third party.
SSL Certificates to encrypt and protect sensitive customer information
Encryption is the process of transforming data to make it unintelligible to all but the intended recipient. It is the basis of data integrity and privacy necessary for e-commerce. Customers and business partners will submit sensitive information and transact on web sites only when they are confident that it can be done so securely. The solution for businesses that are serious about e-commerce is to implement a trust infrastructure based on encryption technology.
Secure Sockets Layer (SSL), the world standard for web security, is used to encrypt and protect information transmitted over the Web with the ubiquitous HTTP protocol. SSL protects data in-motion that can be intercepted and tampered with if unencrypted. Support for SSL is built into all major operating systems, web browsers, Internet applications, and server hardware.
A SSL Certificate is an electronic file that uniquely identifies individuals and web sites, and enables encrypted communications. SSL Certificates serve as a kind of “digital passport,” or credential. Typically, the “signer” of an SSL Certificate is a third-party Certificate Authority (CA) and VeriSign is the leader in this field having already secured more than one million web servers worldwide.
There are three commonly recognized categories of SSL authentication:
- Domain authenticated certificates are the lowest form of authentication available. With this category of validation, Certificate Authorities (CAs) conduct a process to verify that an entity requesting a domain authenticated SSL Certificate either owns the domain requested or has the right to use that domain name. The CA may also verify that the email address for the contact requesting the certificate is either listed in the WHOIS directory or meets the CA’s predetermined email alias requirements. All web sites secured with VeriSign®-branded certificates submit to a higher level of authentication beyond domain authentication.
- Organisation authentication is the validation process that VeriSign and other CAs employ for common (i.e., non-EV) SSL Certificates. CAs verify the organisation’s existence through a government-issued business credential, normally by searching government and private databases. If necessary, they may request such items as Articles of Incorporation, business licenses, and Fictitious Business Name statements. Before issuing an SSL Certificate with Organisation Authentication, CAs verify a company’s identity and confirm it as a legal entity, validate that it has the right to use the domain name included in the certificate, and verify that the individual who requested the SSL Certificate on behalf of the company was authorized to do so.
- Extended Validation (EV) authentication has the highest level of authentication available with a SSL Certificate. EV authentication adds structure and controls to the authentication process. It includes an in-depth validation of an entity’s authenticity starting with a signed acknowledgement of agreement from the corporate contact. A company registration document may also be required if the CA is unable to confirm the organisation’s details through a government database. A legal opinion letter may be requested to confirm the following details about the organisation:
- Physical address of the place of operation
- Telephone number
- Confirmation of the exclusive right to use the domain
- Additional confirmation of the organisation’s existence (if less than three years old)
- Verification of the corporate contact’s employment
Secure Sockets Layer (SSL) encryption is the technology that addresses the most obvious and oldest problem in online business, namely the susceptibility of sensitive data in-transit to interception by cyber criminals and the need for additional measures like authentication of web site legitimacy and trust building. The process represents very little burden for legitimate organisations, but is a substantial obstacle for any fraudster.