March 15, 2006
For many years, 128-bit SSL (secure socket layer) technology has
assisted people all over the world in the completion of tens of millions of Internet transactions
and without consumers knowing anything about it or how it works.
When an SSL connection is created, today's modern Internet browsers
display a closed, yellow padlock at the bottom right of the screen.
The closed padlock identifies a user that he or she is securely
connected with a trusted Web site and that the transaction is generally
safe from any third-party hijacking or that it is fairly well protected
from hacker attempts.
The eCommerce industry is growing at a very fast rate. Nevertheless,
Internet identity theft and online security issues still remain a
big concern to many. Such concerns could potentially slow eCommerce
sales drastically over a period of time.
Today, improved technology and more secure options are available
that have taken root in other parts of the world. U.S. online shoppers may
be the last to embrace additional purchase authentication through the
use of smart cards or digital certificates.
In a recent keynote address at the RSA Security conference, Microsoft
Chairman Bill Gates previewed a digital wallet approach that will
be available when its new Vista operating system hits shelves.
This is Microsoft's latest of several attempts to offer Internet
consumers with higher levels of security, better confidence without
additional passwords or other authentication requirements, along with
more secure SSL connections.
In an interview with eCommerce Times, Neal Creighton, the CEO of
GeoTrust, said enhanced authentication is on its way, thanks to
Windows Vista and slow but steady adoption of more robust security
Creighton also said that his firm is helping to pave the way for
secure mobile transactions as well.
GeoTrust secures about 30 percent of all online transactions, with the GeoTrust symbol appearing on hundreds of Web sites to testify that they are safe and trusted. The firm is an Equifax spinoff, a background that Creighton said makes it an ideal third party for verifying online identities and trust.
ECT: Your biggest competitor is VeriSign. What are the main differences?
Neal Creighton: This is all we do. We're completely focused on verifying and securing online transactions. We think we are very good at it and do it at a much better price point and do it in a way that gives consumers the immediacy they want. They want things to happen now. If you went to Google and entered a search term and got results a week later, it wouldn't be very popular.
ECT: How much intrusion will consumers accept in their online buying process to build in more security?
Creighton: The process should be transparent for the consumer. The whole experience should happen without any work on their side. The problem isn't really hackers reaching in and stealing data that's being sent to a trusted site. That is not really a major problem. The main issue has always been that the consumer doesn't always know when they are on a safe site or not. Most of the major browsers in use -- Microsoft and Netscape and the others -- were designed a long time before phishing or fraud was a big problem on the Internet. Through SSL, they provide this great verification service, but the consumer doesn't know when [they are] verified. Most of them don't even notice the little lock in the browser. If you look at what Bill Gates demonstrated, you see that it becomes absolutely clear to people that they are on a safe, validated site.
ECT: So the lack of such a certificate will tell people the site may be a fake and set up for a phishing attack?
Creighton: Ninety-nine percent of the fraud happening online today is around people putting information on wrong Web sites, not hacking user IDs and passwords. A lot of folks do it because they think they are on a legitimate site. The new browser interface that Gates demonstrated will solve the vast majority of those problems.
ECT: How will it work?
Creighton: Under the new user interface, when you go to PayPal, there will be displayed -- and you will be able to see from five feet away from a computer -- a green and gold bar stating whether the site is legitimate and has earned a trust certificate. That will be based on a site's real-time status, and we're constantly checking for any problem.
ECT: What role do GeoTrust, VeriSign and others play other than providing the SSL technology?
Creighton: Geotrust, Verisign-- we'd hold the status of a site. We'd know in real time if it is a fraud site, and we can constantly be updating that based on reports that are coming in. The whole interface is based on SSL. We're working together to come up with high verification process, especially for those phishing-targeted sites such as banks, PayPal and eBay.
to your website will increase your search engine visibility
ECT: How long will SSL remain the dominant technology for securing purchases online?
Creighton: I think it will be around for a very long time. I see it being augmented, and this is a good example -- the problem of putting information on the wrong site is solved through SSL and new interfaces. I do think that over time, you will start to see more and more two-factor authentication. With this technology, a site can show that it is valid and safe, and in the future, sites might start to demand that the consumer show some credentials as well. There may be an expectation of some sort of authentication on the other end -- so a site knows that you are really who you say you are.
ECT: What form will that two-factor authentication take?
Creighton: I think it will take a variety of different formats. It's a really interesting time in this market. A lot of vendors are talking about this area. In the consumer market in the U.S., I think the forms will remain very lightweight for a while, but you can see the direction it's heading. RSA bought Cyota and VerSign bought Snapcentric -- right now they're focused on watermarking -- imprinting information on the consumer's computer so that when they come back the next time, the site will know it's the same person. Another version of that is to have consumers pick an image and basically authenticate themselves. The next time they show up at their bank, they will have to select that image and through that, [consumers are] verifying themselves.
ECT: Are smart cards for consumers on the horizon?
Creighton: You are seeing a lot more usage of digital certificates and smart cards -- USB tokens and so forth -- to authenticate business-to-business purchases, corporate banking, and for access to corporate networks. In Europe, consumers are already using smart cards much more. There definitely is a difference in the U.S. consumer market versus other areas. In the U.S., consumers want to have the least amount of distractions within a transaction. If they had a choice to use a smart card or have more lightweight authentication, most would choose the lightweight option.
ECT: What impact does the right of mobile commerce have on this discussion?
Creighton: I think as more things converge, you can make it easy on a consumer. If everything is converged to one device, it makes sense to put the same kind of authentication stuff on them all. Mobile security has the advantage of having learned a lot from the PC environment. As phones turn into PCs , they're actually ahead on security -- to the point where phones are being shipped with certificate readers that will only let verified applications be loaded on a phone. You're starting to see that on the PC side as well. The Vista release [of Windows] will have the public key infrastructure built deep inside. Over the next five years -- eight max -- you'll see that deeply integrated into PCs, so that the code itself will able to block 90 percent of viruses.
ECT: Do you see a future for GeoTrust in that world as well?
Creighton: We're kind of the credit bureau of the new world. We've taken the concept out of the credit-scoring world, out of Equifax, and taken it over to the network. It fits perfectly.
Source: eCommerce Times
Advertise on E-Commerce News
If you have a product or service that deals with the ecommerce
or ebusiness field, advertising on E-Commerce News can bring
you new sales leads and close new marketing channels. This news
portal is read by over 25,000 people a week.
Businessmen and woman that either own an ecommerce website, an
ebusiness franchise, a B2B commercial exchange or by people in all walks
of life that need to keep abreast of this fast-changing field. For
more information on the many advantages of advertising on our news
portal or to request pricing information, please send us an
and a marketing representative will be glad to answer you