Security

Read all 'Extended Validation Certificates' posts in Security
November 20, 2008 11:30 AM PST

Certification credited with boosting online confidence

by Robert Vamosi
  • Post a comment
(Credit: AOTA)

Extended certificate validation for Web sites has boosted online confidence in 2008, according to a statement released Thursday by the Authentication and Online Trust Alliance (AOTA).

This could help online consumers looking for sites to trust on Cyber Monday, the first shopping Monday after Thanksgiving when online purchases are at their peak.

Sites with Extended Validation Certificates (EV) added to Secure Socket Layers (SSL) encryption display their URLs in a green bar in the address field of compatible browsers. This signals to the user that there is increased scrutiny of the Web site. In Firefox 3, a user clicks the green bar to see additional certificate information. Same with Internet Explorer.

The idea here is that a trusted third-party certificate authority will vouch for the Web site beyond the minimal "domain validation only" in place today with traditional SSL certificates. EV SSL sites must establish a legal identity and a physical presence for the site owner, establish that the owner has exclusive control of the site, and confirm the identity of the owner.

A study last year by Tech Ed Research found that participants were more likely to click on a link with a green EV SSL link than sites with the paddle lock icon traditionally associated with SSL.

The AOTA also announced that starting in January 2009, the US Internal Revenue Service will require all authorized IRS e-file providers participating in online filing of individual income tax returns to have a valid and current EV SSL certificate. The IRS is also requiring e-file sites to publish privacy information and safeguard policies, to obtain a privacy seal signifying an IRS-approved service, and to report all security and privacy breaches directly to the IRS.

PayPal and eBay have both been early supporters of EV SSL. In April, PayPal announced it would block users who did not use an EV SSL-compatible browser on its site. In May, a researcher found a vulnerability with EV SSL that affected PayPal and other sites, a flaw that was quickly remedied.

Browsers supporting EV SSL include Microsoft's Internet Explorer 7, Internet Explorer 8, Safari 3.2, Firefox 3, Opera 9.5, and Google Chrome.

Topics:
News
Tags:
security,
AOTA,
Extended Validation Certificates,
EV SSL,
Secure Socket Layers,
PayPal
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET