Video Screencast Help
Search Video Help Close Back
to help

Website Security Solutions

Showing posts tagged with Extended Validation SSL
Showing posts in English
IRS requires EV SSL for online filing in 2009
Tim Callan | 18 Dec 2012 | 0 comments

The IRS has published draft 2 of a requirement that will require all e-file tax sites to use Extended Validation SSL Certificates starting January 1, 2009. States the guideline in part,

This requirement applies to Authorized IRS e-file Providers participating in Online Filing of individual income tax returns that collect taxpayer information via the Internet. These Providers shall possess a valid and current Extended Validation Secure Socket Layer (SSL) certificate using SSL 3.0 / TLS 1.0 or later, and minimum 1024-bit RSA / 128-bit AES.

This passage refers to the service that may be offered by sites whereby you can file your taxes directly online from your own computer. The e-file program offers free filing to individual taxpayers with household income under a...

Read more
Online banking EV measurement is available
Tim Callan | 18 Dec 2012 | 0 comments

As you know, I've been making a policy of measuring the effect of EV SSL Certificates (and therefore green address bars) on visitor behavior at various types of Web sites. One area that's been underresearched is online banking. I'm pleased to tell you that yesterday VeriSign announced the first such measurement on an online bank.

Michigan-based Flagstar Bank measured the effect of green address bars on new user signups. This strong regional bank saw a 10% increase in new account signups when green bars are present over when they are not. There are many reasons why increases in online transactions are good for banks. Costs are greatly reduced servicing customers on...

Read more
Extended Validation SSL and increased ATV
Tim Callan | 18 Dec 2012 | 0 comments

Regular readers of The SSL Blog will be familiar with the wealth of research indicating that the presence of a green address bar on a Web site causes an increase in transactions among visitors who see them. With over 60% of site visitors on EV-aware browsers today it's straightforward to calculate the expected impact of those green address bars on your KPIs, assuming that average transaction value (ATV) remains the same.

Assuming that ATV remains the same.

But can we make that assumption? There is research indicating that ATV goes up among those who see green address bars. I refer to two particular studies. The first is research conducted on its own customer base by CanadaDrugs.com. As the...

Read more
Trade names in Extended Validation SSL Certificates
Tim Callan | 18 Dec 2012 | 0 comments

As I discuss EV SSL with a variety of online businesses, one question I get a lot is about the name that appears adjacent to the address bar in compatible browsers. The question goes something like this, "We do business under the well-known brand of HipCoolStuff, but our company is actually called Old Stodgy Holding Corporation. We don't want the Old Stodgy name on our Web site. Nobody knows us by that name, and it's not the brand identity we choose to present to the public. What can we do about that?"

The answer is that you're allowed to use any legal trade name that you possess in that address bar. A business may obtain EV certificates under an organization name that is a legally registered trade name of the organization in question (referred to in the EV guidelines as "Assumed Name"). VeriSign or the other CA must authenticate the legal status...

Read more
Good resource for tracking uplift from Extended Validation SSL
Tim Callan | 18 Dec 2012 | 0 comments

As you may know, lots of online businesses have measured the results of putting Extended Validation SSL on their sites and have universally found that it increases the propensity for site visitors to complete sensitive transactions. With so many measurements of EV's effect (I am aware of seventeen such tests, personally), we have decided to gather as many of them together in one place so that it's easy to take in the science all at once. The SSL case studies are here.

Read more
GeoTrust and thawte roots now included in Opera
Tim Callan | 18 Dec 2012 | 0 comments

Regular readers of The SSL Blog will know that Opera 9.5 supports EV and has supported the VeriSign root from the very beginning. Well, Opera 9.5 now contains native support for GeoTrust and thawte roots as well.

Read more
Amazon.com's first EV and seal deployment
Tim Callan | 18 Dec 2012 | 0 comments

After a year and a half of people asking me the question, I'm happy to state that the company Amazon.com is using both Extended Validation SSL and the VeriSign Secured Seal in production. In particular Amazon has chosen to roll out these confidence enhancers first on its Amazon Sourcing page. My conjecture is that this page is for vendors who provide goods or services to Amazon.com, the company. I wonder if the public facing stores are to follow.

Read more
Some Q&A from my recent Web seminar - part 1
Tim Callan | 18 Dec 2012 | 0 comments

I mentioned that I recently gave a Web seminar with some lively questions at the end. I'll present some of the questions I received, with my responses. Because I received so darn many questions, I'll break this one into multiple postings.

Q: If EV is so far ahead of standard SSL (in terms of security/authentication), do you think the PCI industry will mandate EV in near future?

A: I certainly hope so. EV is a definite improvement to a consumer's ability to protect herself against credit card theft, and the PCI standard is all about reducing credit card theft. It's not only in the interest of the consumers but also in the interest of the issuing banks, who usually are the ones that wind up eating bad credit card debt.

Q: What is the cost of implementing EV?

A: Costs break into two...

Read more
Bad evidence #3
Tim Callan | 18 Dec 2012 | 0 comments

Another paper that's oft cited by those who want to discredit Extended Validation SSL was published soon after the release of EV SSL at the beginning of 2007 and is titled "An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks," authored by Stanford student Collin Jackson.

The Jackson paper is frequent link fodder, usually for bloggers who want to prove that Extended Validation SSL is not the considerable step forward in Web security that the community at large perceives it to be. Typically the link accompanies some broad statement like, "These certificates have been shown not to work." Indeed, if you read the paper's abstract, it appears to back up that claim,

Across all groups, we found that picture-in-picture attacks showing a fake browser window were as...

Read more
Two Web seminars worth watching
Tim Callan | 18 Dec 2012 | 0 comments

We recorded a couple of good Web seminars recently on the subject of Extended Validation SSL. I had the privelege to give the first to over 500 security professionals. In addition to boiling the basic EV story down to a half hour, it also contains an excellent Q& A session.

The second was run by my compatriot Ryan White, and what's special about this seminar is it has a special guest visitor, Darren Shafae, vice-president of Proof-Reading.com. Darren offers the unique insights of an online business that has chosen to go with EV SSL.

Read more