Don't Look So Insecure

There's a new kid on the block that may very well have your web visitors thinking twice about your current level of web site security, and ultimately impact your web sales… in a bad way.

Meet Enhanced Value SSL, or EV SSL as his industry friends call him.

What's so special about EV SSL?

You're probably familiar with SSL's, or secure certificates. They allow for secure and encrypted transmission of your customer's information during the online purchase process. They also show that little lock at the bottom of the browser to assure your customer that their transaction is safe.

Now if you have the newly introduced EV SSL certificate for your web site, your visitor will get a much more prominent visual assurance on their browser that your site is not only secure, but you are who you say you are.

Click here to see an example of how Microsoft Internet Explorer 7.0 and Mozilla Firefox browsers will show the browser address bar when a site has an EV SSL certificate.

In addition to the browser bar turning green, a bar to the right of the URL will also allow the visitor to toggle between the organization name and the certificate, and the Certificate Authority that issued the SSL Certificate.

And, if you don't have an EV SSL certificate, the browser bar may possibly turn yellow or even red.

Why The Change?

As you may have heard, the act of phishing - fraudulently obtaining confidential information online, such as passwords or credit card numbers by masquerading as a legitimate business - is getting more sophisticated and prevalent.

According to RSA Security, phishing attacks have grown 41% in the last 12 months and have created an underground economy of buyers and sellers of fraudulently obtained data.

As phishing attempts have gotten more widespread and successful, the industry has been working on developing this new class of certificate to help thwart the growth of phishing.

What about the SSL certificate I currently have?

If you currently have an SSL Certificate with "Identity Assurance Protection" or a "High Assurance" SSL Certificate, you may have thought that you had the protection necessary to convince your visitor that your site is a legitimate business.

With so many issuers of certificates, though, the highest levels of identity assurance were not necessarily applied by all certificate authorities. Allegedly, some authorities did not even verify the identity of the online business before issuing the certificate.

So, it's possible that the phishers may have been able to acquire and install these certificates on their fraudulent sites.

What Exactly is an EV SSL?

The key to a successful phishing attack is getting you to visit a fraudulent web site that appears legitimate and trick you into providing confidential information. This allows them to gather information about you. The EV SSL certificate provides a greater level of identify verification to ensure that the Internet user is actually at the real company's Web site.

Per the authoritative agency for establishing SSL certificate guidelines, here's specifically what an EV SSL certificate will verify:

(1) The website the user is accessing is controlled by a specific legal entity identified in the EV Certificate by name, address of Place of Business, Jurisdiction of Incorporation, and Registration Number; and

(2) Enable the encrypted communication of information over the Internet between the user of an Internet browser and a website.

And, according to the CA/Browser Forum, if your company is a sole proprietorship or partnership, you cannot get an EV SSL.

How Do I Upgrade . And Is There A Cost?

You'll want to contact the issuer of your current certificate for all information about upgrading and costs involved. As of this writing, not all issuers have made EV SSL's available yet.

What Happens if I Don't Upgrade?

If you choose not to, or are unable to upgrade, your site will still be considered secure under the existing SSL framework. However, your visitors will not receive a green address bar in their browser, when navigating your secure pages.

Does it really matter? Time will tell. If the CA/Browser Forum and the certificate issuers begin to strongly publicize the benefit of the EV SSL certificate to web shoppers, we may reach a time when shoppers will view anything but a green address bar with an eye of skepticism.

While studies have shown impacts on conversion due to small changes in images, copy and colors on pages, it's likely that at some point not having an EV SSL could negatively impact your web sales.

What's the best way for me to measure if I'm losing sales by not upgrading?

Using your web marketing analytics, there are a few ways to determine the possible impact on your sales. Here are a couple reports within Conversion Analyst that will provide you with important data on shopping cart abandonment:

  1. Path Analysis - a graphical representation of how visitors navigate through your site, including the most popular exit paths.
  2. Exit Links - A listing of your pages where visitors have left your site, showing the number of exits for each page and its associated percentage compared to total exits.

In our next newsletter, we'll get into more detail and show you how to best use these reports to determine the impact this might have on your shopping cart abandonment rate.

Where can I find out more about EV SSL?

Here are some sites that you can visit that will give you more detailed information about EV SSL. Download (pdf)
Verisign News Release

Bookmark and Share

Copyright © 1999 - 2016 Engine Ready, Inc. All Rights Reserved.