bits & bytes - Ping! Zine Web Tech Magazine
bits & bytes - Ping! Zine Web Tech Magazine
bits & bytes - Ping! Zine Web Tech Magazine
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
servers – most notably the use of SSL (Secure Sockets Layer)<br />
encryption. The use of SSL has invariably encouraged online<br />
commerce, and as a result, the Internet economy has come to<br />
depend on SSL to provide the trust infrastructure. Since the SSL<br />
protocol was released by Netscape as a security technology in<br />
1996, consumers have been educated to look for the SSL padlock<br />
before passing any critical details over the Internet. <strong>Tech</strong>nically,<br />
the SSL protocol provides an encrypted link between two parties,<br />
however in the eyes of the consumer, seeing the SSL padlock has<br />
become so much more, letting people know that:<br />
• That they have a secure, encrypted link with the website<br />
• That the website displaying the padlock is a valid and<br />
legitimate organization, or an accountable legal entity<br />
Unfortunately, however, whilst this was originally the true<br />
meaning of the padlock, changes in the validation practices of a<br />
handful of Certification Authorities created an alternative, lowercost<br />
SSL certificate type that did not fulfil the previous stringent<br />
validation practices used to verify the authenticity of the applicant.<br />
Over time, these ‘Low Assurance’ certificates were incorrectly<br />
deployed on numerous e-commerce websites, rather than being<br />
used for the actual role they were designed to fulfil (i.e. serving<br />
the needs of mail servers, Intranets, SSL VPNs or other similar<br />
devices where organizational details were not a requirement). The<br />
result was an erosion of trust in the internet experience.<br />
To combat this new confusion in the market place, web browsers<br />
such as Opera 8 and the forthcoming Internet Explorer 7.0 will<br />
display new information within the padlock, to help consumers<br />
differentiate between “high assurance” and “low assurance”<br />
certificates. Opera has chosen to display the organizational<br />
details next to the padlock, whilst Microsoft have released a<br />
white paper on their enhanced security status bar, highlighting<br />
the ease by which information can be found on the ‘entity’<br />
through new dropdown padlock functionality. They state that<br />
“With the explosion of small- and home- based business websites<br />
selling goods that span the pricing spectrum, users are even more<br />
likely to encounter unknown entities asking for their financial<br />
information. These factors combine to create a situation ripe<br />
for malicious abuse. Internet Explorer 7 addresses this issue by<br />
providing users with clear and prominent visual cues to the safety<br />
and trustworthiness of a website”<br />
It is therefore absolutely essential that any new e-commerce<br />
business uses a “High Assurance” SSL certificate on their secure<br />
payment and data collection pages, to ensure the highest level of<br />
consumer trust.<br />
Another strategy to improve trust credentials of a site that<br />
“levels the playing field” for many new e-merchants is to<br />
utilize additional site seal/trust indicators, proven by numerous<br />
consumer study groups to be a particularly effective technique<br />
of influencing consumer buying behavior. These act to provide<br />
a positive indicator of trust in the authenticity of the site, while<br />
the additional brand strength from the seal itself gives consumers<br />
additional confidence. Examples of cross industry third party<br />
www.pingzine.com 39