How to protect your personal data online using new standards in SSL certifications

Even today, scams exist in the world of online shopping and continue to hinder customers who choose to shop online. Ubiquitous phishing and pharming scams still persist and cause many to live in fear when browsing online marketplaces. When these sites lose traffic due to their would-be customers’ skepticism or fear, it becomes a serious issue for them.

Fortunately, to ward off as many of these scams as possible, many leading web browser developers and SSL Certification Authorities (CAs), including Thawte, have created an enhanced certification for websites that would assure consumers whether or not a particular site is safe. Traditional SSL Certifications have served as the primary method for solving this problem since 1995, but as technology has improved astronomically in the past 20 years, older versions have become outdated. These CAs have used a forum in recent years, the CA/Browser Forum, in a collaborative effort to introduce their greatest creation: the Extended Validation (EV) SSL certificate.

Any CA who wants to give EV SSL certificates to companies must first pass a rigorous test called an independent WebTrust audit. This would not only affirm that it adheres to the required practices of EV usage, but also give customers the green-light to purchase from that provider. This is particularly important when using online forms to collect personal or sensitive data. There are many web forms providers, such as Form.com, that will include this SSL option in their forms software solutions. Customers can be assured that this process is effective, as it relies on verification practices that have issued millions of older certificates.

These older certificates were originally designed to show customers a small icon on any given website to prove the site was certified. Later on, however, waves of phishing scams cascaded the web. Unscrupulous developers would create fake icons to make customers believe they were browsing a reliable site. Now that online consumers have gotten smarter, these small icons have become obsolete. As a far more effective alternative, the EV SSL avoids this issue by highlighting a customer’s address bar in green when they are visiting a given site to show it is EV certified.

In addition, a security status bar, also green, would appear to the right of the address bar. This nifty feature displays the name of the organization responsible for the site and toggles to the name of the CA that verified it. Even if a scammer were to purchase an EV SSL certificate, customers would still be able to detect the threat, as the security status bar wouldn’t toggle to the name of a reliable organization.

Aside from these benefits, the staying power of an EV certificate lies in two of its processes: real-time validity verification and identity authentication. Validity verification is relatively easy. Take Internet Explorer 7 (IE7) users, for instance. IE7 users are provided with a function called the Online Certificate Status Protocol (OCSP), which performs validity checks on a certificate in real-time to let them know if it has been revoked.

"Identity authentication" means that CAs must conduct background checks on any EV requestor in order to issue them one. To ensure this process is effective, CAs don’t allow a requestor to verify its own identity. Instead, its identity must be provided within documentation by authenticated third parties.

After a requestor has successfully obtained an EV certificate for a website, the features of that certificate should display automatically as long as the organization or individual has an updated browser. IE7 for Windows Vista systems, for example, is capable of automatically displaying the green address bar and security status bar. On the other hand, Windows XP users may need updates from their local Microsoft root store to acquire such benefits. To help solve this problem, Thawte, among other CAs, offer all EV purchasers the “EV Upgrader”, yet another benefit which prompts automatic updates.

Through said benefits and security measures, the EV SSL Certificate is certainly a new standard in weeding out online scams and improving consumers’ trust in reliable web stores.

Cal Brown