VeriSign touts virtues of 'green bar' for security

Known for the distinctive green URL bar which appears in most browsers, the program was designed to replace the secure socket layer (SSL) program, which noted secured web sites by placing a small golden lock within the browser window.

According to VeriSign, however, those gold locks were becoming far to easy to obtain. Product marketing manager Ryan White told vnunet.com that in some cases, companies were able to obtain an SSL certification by doing nothing more than confirming a domain registration, opening the door to phishing and fraud operations.

"Fifteen years ago, the padlock was great," White explained.

"However, as online crime evolved, it because less effective."

To solve the problem and renew consumer confidence, the new Extended Validation (EV) program was put forth. Designed to be far more strict than the original SSL program, the EV SSL certification includes 150 pages of guidelines and requirements.

To earn the certification from VeriSign, a retailer must provide such information as verification of registration as a business, proof of control and ownership of the domain, and verification that the person applying for the certification works for the company.

Additional steps are taken to ensure that the applicant is not a rogue employee, such as contacting a vice president or higher for verification and a written letter of acknowledgement from an attorney.

Whereas the gold lock can be had in a matter of hours for under $100, achieving EV certification can be far more costly and take anywhere from two to three days for full authentication to be granted.

In many cases, the longer, more expensive process would ruin a program. But White said that in the case of the EV, it is a major benefit.

"A lot of time the customer will say it was a real pain, but that's the point, it's harder for the bad guys to do it," he explained.

White said that the new program is especially beneficial to smaller online retailers who are often met with worried customers who are reluctant to trust an unknown site.

After achieving certification, White estimates that smaller retailers see sales conversions jump by an average of 20 to 30 per cent.

For larger retailers, an EV certification can lead to lower instances of purchase abandonment and few calls to customer service centers by worried buyers.

There are still, however, major hurdles for the new system to overcome. As recently as February of this year, studies found that as many as 70 per cent of users did not fully understand the implications of the green browser bar.

Adoption has also been an issue. Though it is supported by the latest versions of Internet Explorer, Firefox, Opera and Chrome, previous versions of those browsers do not show the green bar, and it is not yet supported by Apple's Safari browser.

White credits much of that to the relatively young age of the system, as well as the different development styles and preferences amongst the developers of the major browsers.

"It takes years to develop a browser," White explained, "so we originally had resistance from a lot of browser manufacturers."

Still, the EV SSL system appears to have enough backing to stick. Amongst the 8,000 merchants using the system are traditional ecommerce heavyweights such as eBay, Paypal and Charles Schwab, as well as non-financial groups such as Stanford University and Los Angeles County.

"At the end of the day, you're letting the customer know that the site is secured and they can trust it," he said.

"They are getting that trust recognition, and that is a step that has to be made."

Copyright ©v3.co.uk

certification ev program security ssl white