In 2005, a group of leading certification authorities (CAs) and Internet browsers came together to establish a more rigorous and harmonized approach to online SSL security.
Known as the CA/Browser Forum, the group decided a standardized Secure Socket Layer (SSL) method was needed, to prove a website’s authenticity across all browsers, for all CAs and for all Web users. In January 2007, new Extended Validation (EV) SSL certificates were at last released GoDaddy worldwide, and are expected to greatly enhance eCommerce and boost the confidence of online shoppers everywhere.
Wayne Thayer, Vice President of Development for GoDaddy – a world leading SSL Web hosting provider, domain registrar and major member of the CA/Browser Forum – told TopHosts that the aim of EV SSL is to provide a much needed, unvarying way of ensuring legitimacy online.
“There were a number of major players that felt we needed to create some sort of standard we could bring to the marketplace,” Thayer said. “A certificate that meant the same thing no matter where you bought it from.”
Up until the launch of EV SSL, Thayer explained many differing levels of SSL certificates could be obtained, but none really going beyond WebTrust – a seal awarded to sites that adhere to certain business standards. Many different types of SSLs, like GoDaddy’s Turbo SSL and High-Assurance SSL, for example, provide great protection and online assurance, but may not abide by the same rules and regulations of other CAs and Web hosting providers. There is simply no uniformity among them, and they don’t address growing concerns regarding phishing, a form of Internet fraud that aims to steal valuable information such as credit cards, SSNs, IDs and passwords, through fake websites.
With EV SSLs, all CAs must adhere to the same security standards when processing certificate requests, while visitors to EV SSL-secured sites can trust that the online organization has undergone the same universal authentication process.
“The EV vetting process creates a very strong tie between the organization that is named in the certificate and the actual real world organization,” Thayer said. “… EV SSL has a number of additional steps that make it much more difficult for fraudsters to perform phishing and pretend they’re something they’re not.”
The CA/Browser forum outlines a new EV SSL vetting process, which validates elements such as, the legal existence of the site, the legal name of the entity, a registration number, right to use the domain name, along with other legal indications. To apply for an EV SSL, the business must present a letter from an attorney or an accountant. The process verifies the organization’s identity, the validity of the request and the overall legitimacy of the business.
Unlike the standard padlock icon method used for all other SSL certificates, browsers with EV support will display a green address bar and a special label, which names the website owner and the CA that issued their certificate. This visual tool is especially useful for domains considered to be a high-risk target of phishing and other fraud schemes. Banking sites, auction sites, retailers and other financial services can better communicate their legitimacy to users, allowing visitors to confirm that any online information they volunteer is safe and protected by EV.