Patch/Configuration Management, Vulnerability Management

New VeriSign certificates on the way

VeriSign will release a new extended validation SSL certificate for ecommerce sites set for use in Microsoft's Internet Explorer 7 and Vista operating system.

In addition to the usual security indicators, such as the padlock icon and "https" at the start of the website URL, the address bar will turn green to inform users the site is secure and has a valid certificate, according to VeriSign, which will issue the certificate to businesses.

The name of the website owner will appear next to the bar, providing customers with a clear signal that the site is safe. Conversely, the address bar on suspected phishing sites will turn red.

Microsoft is the first company to support the system through just released browser Internet Explorer 7 and Vista, its upcoming operating system, but other web browsers, such as Mozilla's Firefox, are compatible to adopt it in future.

Mike Davies, marketing director for Europe, the Middle East and Asia at VeriSign, said this method will ensure that online customers feel safe and reduce cyber fraud for businesses.

"Phishing and pharming is getting more and more sophisticated, and this is putting consumers off going online. People don't bother to click on the padlock icon to check the website they're using is secure, so this method gives them a clear, visual clue that they are interacting with a genuine website," he said. "This is a kick in the teeth for phishers. They can't get an EV SSL certificate and eventually customers will realize not to trust those sites without one."

However, Ken Munro, managing director at SecureTest, disagreed, saying consumers don't pay attention to certificates.

"People don't care if SSL certificates are valid or not; they just click to agree the terms to access the site. Users don't pay attention now, so why would they pay attention using this new technique," he said. "This idea is more user-friendly but a red address bar won't stop people going onto the site. Plus it questions the openness of the internet if you have to pay to have a ‘valid' site."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.