In an effort to increase internet security and to combat increasingly sophisticated phishing scams, the CA/Browser Forum, a group comprised of web browser creators and certification authorities, has created the Extended Verification SSL Certificate.
What this new and improved security certificate is attempting to do is create a vetting process for obtaining a certificate that is more uniform and more rigorous than ever before. This is supposed to ensure that sites that have obtained an EV SSL Certificate are who they claim to be, secure and able to be trusted.
To accompany this improved level of authentication on the back end, most of the major web browser companies, including Mozilla, KDE, Opera and Microsoft (I say most because Apple’s Safari is noticeable absent) are releasing updated browser versions. These updated web browsers are specifically designed to display the status of a web site’s security certificate in a fashion that is more obvious than ever before. Taking the https URL and the padlock icon further, this new look of security comes with color coding.
That’s right; by the end of this month IE7 and Opera 8 (and quite possibly others) will be communicating the presence of the EV SSL Certificate, and the security level of the site, to users through a color coded message that appears right in the address bar. If a site is EV SSL-secured, the user’s address bar will turn green and include information about site ownership and the associated certificate authority.
If a site is deemed “suspicious” the user will get a yellow address bar (please don’t confuse this with the yellow bar currently used by Mozilla to communicate that a site is secure – maybe that wasn’t thought all the way through?).
If a site is deemed a phishing risk the address bar turns red:
What this means to the user: They can feel more secure than ever processing online transactions of all sorts with the confidence that is provided by this new standard in security verification. Assuming of course that this system proves to be reliable – it doesn’t take too many false positives/negatives or system glitches for people to either turn a feature like this off or simply ignore it altogether.
What this means to the ecommerce website: Site owners should do all they can to ensure that users don’t get that scary red address bar when they come to make online purchases. In my opinion, this includes not only purchasing an EV SSL Certificate, but running tests across all browser types to ensure that things are working properly and your site isn’t giving off a false negative.
What this means to Certification Authorities: A sudden surge in revenue as their entire client base suddenly upgrades security certificates. You didn’t really think that you were going to get away with purchasing an EV certificate for the same price as a regular SSL certificate, did you? Quite the contrary; VeriSign is charging almost 4 times as much.
While that may seem like a significant price hike, it pales in comparison to losing the confidence of your customer base. As any online store owner should know, making potential customers feel safe and secure is vital to continued success.