Change the name of something and you change its essence.

          

It is a concept that has been explored for millennium. In the bible, to suggest a significant life change, a person’s name was changed… Abram became Abraham and Sarai (Abraham’s wife) to Sarah. That concept still holds true today. Most parents understand intuitively the significance of choosing the name of their child and naming of new products requires careful deliberation about what it invokes.

 So when I saw today Melih Abdulhayoglu CEO of Comodo tweet about DV SSL certificates, it reminded me of the concept only in reverse. Ever one for the clever turn of the phrase, Melih’s post suggested that the name of DV SSL certificates, which usually stands for “Domain Validated” connotes a level of trust that is inappropriate to what it actually delivers. His tweet today asked, “how can Certification authorities issue DV (Dangerous Validation) certificates to ecommerce and keep a straight face????”

 Well said. In the ecommerce world, it is important for the buyer to know who they are interacting with. A DV SSL padlock only tells the potential buyer that the information he is transmitting, like his precious credit card information, is encrypted. But what good is encrypting the information if you don’t know who you are encrypting for. It is like giving the keys to your house to a total stranger!

So friends, buying online a great thing, but do it well and do it safely. Ideally, when buying online, buy at sites with an EV SSL certificate, these sites have a noticeable green color in the address bar. The “EV” stands for extended validation and this authenticates the business information behind the site. That is what you really want to know – that there is a real, verifiable businesses selling you the merchandise.

If the site does not have an EV SSL certificate and you see the yellow padlock, it can get dicey. Some sites have verified business information because they bought an OV SSL certificates – “organizational validated”. To find out if a site has an OV certificate, click on the padlock and you should be able to find the business name and address. But many sites have these DV SSL certificates and these are the ones to watch out. The only thing you know about this site is that someone was able to buy a domain for $10. It does nothing to tell convey trust. Remember that!

Now I realize that the average consumer does not care about the name of an SSL certificates because they probably don’t know what an SSL certificate is in the first place. But for those of us who do know, spread the word…DV SSL certificates are “dangerous validation” …

Let’s see if we can the change essence of DV to be the bad thing it really is. We have to start somewhere.

Judy Shapiro

About these ads

12 Responses

  1. important stuff — where can i read more?

  2. Gee — I now understand what this is. But I am confused — how can I protect myself better if looking for the padlock on sites is not such a safe bet anymore.

  3. For years, Verisign promoted the yellow padlock as a trust symbol. I feel cheated if what you say is true. I understand that I should look for the green website name on top — but I almost never see that.

    does that mean i should not buy stuff onlineunless I see that? Can u explain this please.

  4. Perfect!

  5. The question of how to shop safely online is important. The best bet is to look for sites with the green address bar in your browser (where you type the website name).

    And if a site you want to buy at does not have the right type of certificate – demand they get the EV SSL certificate. Its the only way to get the green bar trust indicator.

    OK OK – since getting these types of certificates may take a while – it probably won’t help you buy anything anytime soon. But demand it just the same. If an emerchant understands that consumers need this type of protection and are demanding it, then they will get it (assuming they are legit of course).

    It’s probably the most important thing you can do – look for the EV SSL cert and if you don’t see it – demand it.

  6. Interesting article, Judy. Besides the padlock and the Green Bars, there are some other indicators to help you determine if you are on a safe Web site…

    I personally like to follow Tim Callan’s 5 Visual Cues for Internet Safety:

    #1. Look for the Green Address Bars – The green highlights are confirmation that the Web site has undergone extensive identity authentication so that you can be confident you are on the correct Web site and not a fraudulent Web site made to look like the real one.

    #2. Look for https:// – Most Web addresses (URLs) begin with “http://.” If the site’s Web address begins with an “s” after the “p” (https://), that means that the information you share on that page is encrypted, making it difficult for anyone to see what has been entered into the page. You should never enter credit card info, SSN, or any other personal identifiable info on a Web site that does not have the https:

    #3. Look for the padlock – All popular browsers feature a padlock somewhere in the interface and it is another indication that encryption is taking place. Make sure the padlock is located in the browser interface and not within the content on the page itself. Fraudsters sometimes place a padlock into the content on the page to trick you into believing that you are on a secure page, even when you’re not.

    #4. Trustmarks – Popular Trustmarks can indicate important things about an online business. For example: The VeriSign Seal indicates online security and verified site identity. An eTRUST Trustmark indicates customer data privacy. A Better Business Bureau Trustmark indicates approved business practices. There are TONS of these that a consumer can look for to help determine if a site is secure. Locating and understanding these trustmarks will help you better judge a Web site’s trustworthiness.

    #5. Check the Web address – Many fraudulent Web sites deliberately employ Web addresses that are confusing or ambiguous in order to trick unsuspecting victims into thinking they are on a site that they are not.

    For example, you want to go to http://www.yourbankname.com, but you are really on http://www.someotherdomain.com/yourbankname

    NOTE- None of these cues is the silver bullet to remaining safe online, but they are all pieces to the puzzle.

    I hope this info helps someone out.

  7. Competing for customers business and online orders means competing for their trust. Implementing Extended Validation SSL is the only proven method of representing that your site offers a secure environment.

    Fear of online fraud, phishing, identity theft is rampant and yes I agree with Trenchwars…demand the highest level of security for your entire transaction- from log-in through your shopping cart check-out.

  8. Now what??? If I can’t trust the padlock then – what’s left? I understand about the green bar but I almost never see that? Is there some other symbol in the the browser I can use instead?

  9. Powerful idea – beyond the SSL thing.

  10. I don’t usually reply to posts but I will in this case. this is good stuff — but doesn’t Melih also sell DVs? But his DV name idea is interesting — change the name. Nice Idea too:)

  11. Do you honestly believe that Melih of Comodo “just found these vulnerabilities” or was he trying to weaken VeriSign right after this buy? (BTW — great blog).

    Since you used to work there — what do you think?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 2,193 other followers

%d bloggers like this: