Embed Size (px)
Citation preview
© 2007 GeoTrust, Inc. All rights reserved.
Web Security Identity VerificationServices
Signing Services
Enterprise Security
How SSL is Changing to Increase Consumer Confidence
How SSL is Changing to Increase Consumer Confidence
Jay Schiavo, Sr. Product Manager, GeoTrust
© 2007 GeoTrust, Inc. All rights reserved.
Phishing growing rampant New phishing sites increased from 4367 to 37,444 in one year*
October 2005 to October 2006 Nearly $2bn** lost in US e-commerce due to security concerns
Consumer distrust growing as a result 84% believe businesses not doing enough to protect them 24% don’t purchase online at all***
Users need help distinguishing legitimate sites from crafty phishing sites 90% fooled in April 2006 Harvard/UC Berkeley study**** Conventional wisdom no longer holds:
Golden padlock only indicates encryption, not trust
Online business has a problem
*Anti-Phishing Working Group, April 2006. http://www.antiphishing.org/reports/apwg_report_apr_06.pdf
**According to a Gartner Inc survey
***Forrester Research, December 2005. http://www.internetretailer.com/article.asp?id=17763
****“Why Phishing Works,” April 2006. http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf
*
© 2007 GeoTrust, Inc. All rights reserved.
What GeoTrust is Doing
Investing in technology to prevent issuing SSL certs to fraudulent sites Stronger validation of organization information contained in the
certificateRely on 3rd party sources with cross correlated dataRun organization name against Gov’t denied lists
More checks on domain nameChecks against updated blacklists, known phishing sites, and revocation lists
Fine balance between customer convenience and taking the proper security measures when issuing an SSL cert
© 2007 GeoTrust, Inc. All rights reserved.
Traditional SSL Certificates Organization vetted certificates
eCommerce sites and larger organizations
Domain vetted certificatesNew entrants into eCommerce, lite eCommerce sites, SMBs
Extended Validation SSL Net new product for all CAs Larger enterprises, eCommerce sites, high risk phishing targets Uses proven and reliable SSL technology Added protection for social attacks:
Improved Entity Validation to prevent phishing copy sitesImproved Visual Experience
Traditional SSL vs. EV SSL
© 2007 GeoTrust, Inc. All rights reserved.
IE7 Changes for EV Certificates
© 2007 GeoTrust, Inc. All rights reserved.
Roll of Hosting Companies
Understand the validation processes of SSL providers Provide a brand that can be trusted
Brand does impact online sales
Be the expert for your customers Highlight the risks Properly position the different certificate types Set expectations
© 2007 GeoTrust, Inc. All rights reserved.
GeoTrust and SWSoft
Industry leaders in respective markets Formed partnership to bring premium certificates to you at a
reasonable cost Leveraged best of technologies to make it easier for you to
obtain SSL certificates for your customers Order GeoTrust SSL certificates directly from Plesk
All SSL certificates available
© 2007 GeoTrust, Inc. All rights reserved.
Web Security Identity VerificationServices
Signing Services
Enterprise Security
QuestionsQuestions
