The Authentication and Online Trust Alliance (AOTA) has endorsed Extended Validation (EV) Secure Socket Layer (SSL) certificates, an emerging standard to help verify site identity and increase consumer confidence in e-commerce and online banking, similar to authentication in e-mail.
Online criminals have acquired traditional SSL certificates that allow them to encrypt data, appearing like a legitimate Web site when legitimate domain names are misspelled. In response to these threats, guidelines for the issuance and management of EV SSL certificates were developed and ratified by the CAB/Forum last year to provide consumers with a higher level of trust and are now endorsed by AOTA.
“It is great that e-mail is authenticated and gets delivered, but what about the Web site that the e-mail is coming to?” asked Craig Spiezle chairman of the AOTA and director of Internet Security & Privacy at Microsoft. “If we are going to achieve consumer trust, we have to look at all the steps in between because in the customer’s mind, it is all the same thing.”
The EV SSL certificates validate that the Web site a consumer types in is the correct Web site they are intending. The SSL logo is designed to validate the identity of a Web site owner, increasing consumer protection from fraudulent and deceptive Web sites.
EV SSL certificates are now being supported by Web browser vendors including Microsoft and Mozilla, as well as more than 20 certificate authorities worldwide, including Entrust, Go Daddy, RSA, VeriSign and others.
When Windows Internet Explorer 7 users log on, they see a green address bar, a visual trust symbol that displays the name and country of origin of the company that controls the site via an EV SSL certificate. Upcoming releases of Mozilla Corporation’s Firefox will provide a similar visual indicator within its location bar.
EV certificates are used on 4,000 consumer, financial and e-commerce sites, including Alaska Airlines, AutoZone, British Airways, Charles Schwab, eBay, FedEx, PayPal, Microsoft, Royal Doulton, Sovereign Bank, SunLife, The Body Shop UK, Travelocity, UBS and Vanguard.