Yes, it’s true that Microsoft designed IE7 to be EV SSL-sensitive only when it’s on the new Windows Vista, as opposed to, now near-ubiquitous Windows XP, but since Windows Vista was just released, it will be quite a while before it is used everywhere. Microsoft’s somewhat cautious OS release approach, though, should not be a drag on the growth of EV SSL adoption because of the anticipated enterprising efforts of the certification authorities.
With each of the EV SSL certificates they sell, many leading information security providers are planning to offer a feature that will automatically and transparently update the root certificate used by the IE7 browser on Windows XP; recognizing and signaling the presence of an EV SSL certificate on a server.
Consumers have never been slow to take advantage of free upgrades from one browser release to another; IE7 on Windows XP should gain in popularity quickly making e-shoppers increasingly aware of the green bar.
Consumer Confidence
According to industry watchdog comScore Networks, online retail spending for 2006 reached $102 billion, an almost a 25% increase from the previous year. And the 2006 holiday seasonal e-commerce accounted for about a quarter of the annual total.
Online retailers are ecstatic about the recent holiday shopping season and the growing-by-leaps-and-bounds Web customers. Still, $100 billion is only seven percent of all retail revenues. There is much room for growth and EV SSL certificates will go a long way in ensuring that phishers don’t kill the consumer confidence required for e-retail to continue its climb.
Bogus phishing Web sites, meant to steal your personal information, have increased exponentially in number, in recent years. According to IT research group Gartner, the number of phishing e-mail recipients doubled in the last two years to over $100 million, and the average consumer financial loss from phishing jumped in one year almost 500%.
And it’s widely acknowledged that one of the techniques increasingly employed by endlessly innovative cyber criminals is the misuse of digital certificates. Even with certificate authority safeguards, inadequate certificates, based solely on computer-generated processes that do no more than verify domain ownership, are readily available.
Armed with an inferior certificate, phishers, or pharmers — when malicious code is deviously installed on a PC to misdirect you to a fraudulent Internet site — are better able to spoof a Web browser into believing that an imitation URL address is valid, ultimately leading to credit card scams and identity theft.
It will be increasingly clear to everyone running a consumer-oriented e-business, that to survive the adoption of EV SSL certificates is essential to the future of their business.
Johan Sys is a senior director of Managed Identities at Cybertrust.