Today, many consumers don't trust website safety enough to complete an e-commerce transaction. The frequency of malicious web schemes such as phishing and pharming creates an environment of fear and reticence.
It was recently reported that over 40% of online adults had received phishing e-mails, 46% changed their purchasing and online behaviour as a direct result of security concerns and 10% reduced their online spending by at least 50%. As a result nearly £2 Billion in e-commerce sales were lost due to user concern over security.
Online commerce may still be growing but there are a significant number of people opting out or reducing their spending due to security concerns. If you are a web business that depends on consumers trusting you enough to
share their financial, personal or other sensitive data this is an alarming trend.
To combat this problem, leading web browser developers and SSL Certification Authorities (CAs) joined forces to create a new standard for web site identity authentication - the new Extended Validation (EV) SSL Certificate.
This new standard is the most significant advancement for the World Wide Web's secure backbone since SSL Certificates were first introduced over a decade ago.
EV contains a number of user interface enhancements aimed at making the identification of an authenticated site immediately noticeable to the end user. The most obvious interface enhancement is the green address bar effect; when a consumer visits an EV authenticated site the address bar turns a highly visible green colour. This conspicuous colour change immediately notifies the end user that this website passed a rigorous authentication process. Green is also a highly effectual colour – to most people green means go, it is safe to move forward.
As well as the green address bar effect, a security status bar appears to the right of the address bar. This field, also green, displays the name of the organisation responsible for the website and toggles to identify the CA that authenticated the website. In the image above, our company name (Xperience Web Hosting Ltd) displays in the security status bar field and automatically toggles to the name of the CA (in our case thawte). The EV SSL Certificate provides the source for the names in these fields, confirming that the CA has verified this information. Therefore the end user can depend on it being accurate. This interface convention makes it easier for customers to notice the name of the CA. This new higher visibility to customers should motivate web sites to obtain their certificates from only the most reputable CAs. If a customer is not familiar with the CA, they most likely won't trust the web site being certified.
These interface enhancements, difficult to counterfeit by phishers and pharmers, create a new level of protection for web site visitors. If a spoof site buys a traditional SSL Certificate it would not display the highly trusted green address bar and even if they bought an EV SSL Certificate to gain the green address bar, it still would not be able to display the name of the organisation they were attempting to spoof in the security status bar.