EV SSL: Why It Works To Increase Online Transactions

According to a study by Javelin Strategy & Research, retailers missed out on $21 billion in online sales in 2008 due to the impact of identity theft and a fear of online shopping. This suggests that while there has been an overall increase in online shopping, banking, securities trading and tax filing, online businesses are less effective than they should be in instilling trust and are leaving money on the table as a result.

Since early 2007, organizations have been able to definitively verify their identity to consumers using one of the greatest developments in Internet security in over ten years: Extended Validation SSL Certificates.

Over the two years, these certificates have demonstrated an ability to accelerate online commerce by increasing visitor confidence in legitimate sites and, thereby, increasing numbers of transactions.

The erosion of SSL’s identity promise

While many online shoppers are aware that the small padlock at the bottom of their browser means that their online communications are encrypted, SSL Certificates were originally intended to validate the identity of a site and protect online shoppers from scams. The industry understood as early as 1995 that while it is difficult to mimic the identity of a physical business, it is quite easy to mimic one online.

More than a decade later, the low visibility of the lock icon and the low level of understanding of what it means have allowed phishing scams to proliferate. Many certificate authorities (CAs) have implemented less than foolproof practices. Sites have been known to use self-signed certificates with no identity authentication.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Free Whitepaper: Building a Web Application Security Program
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

By 2005, widespread phishing attacks were using low-authentication, “soft-target” SSL certificate to perpetuate an illusion of legitimacy.

Introducing identity visitors can trust

SSL Certificates needed a higher level of site owner verification and a browser interface that made it easier for even the least Web-savvy user to recognize “safe” sites.

The CA/Browser Forum, a voluntary industry standards body, created and published an authentication process for a new Extended Validation (EV) certificate. The Forum’s over twenty leading Web browser manufacturers, SSL providers and WebTrust auditors required participating CAs to undergo independent audits to confirm compliance.

CAs must establish that the requesting organization is a legally established business, government entity, or nonprofit on record with the local government. It must establish this organization’s ownership or right to use the Web domain in question, and it must establish that the requesting individual is employed by the organization and has the authority to obtain SSL Certificates on its behalf. Each authentication step depends on independent, outside information obtained from reliable third-party sources.

Internet Explorer 7: Green means go

The first browser to support EV SSL was Internet Explorer 7 (IE 7), which features several interface conventions to enhance identification of site ownership. When an IE 7 browser accesses a page with an EV certificate, the background of the address bar turns green. The choice of color also employs effective interface conventions. In the desktop interface world, green signifies “safe to proceed,” just as red signifies danger.

IE 7 also provides an additional Security Status Bar displaying the verified organization’s name in the field to the right of the address bar. This organization name and the green address bar present a significant new obstacle to phishers seeking to take over accounts.

Today, if an organization’s customers learn to seek its name and a green address bar before providing confidential information, a would-be phisher will not be able to present the interface needed to scam these site visitors. Even if the phisher sets up a real business to purchase EV certificates for the phishing site, the browser interface would not contain the organizational name of the counterfeited site.

Research Shows That EV SSL Certificates Are Effective

A January 2007 study from venerable usability firm Tec-Ed found that 93 percent of online shoppers preferred to conduct transactions on a site with a green address bar. Ninety-seven percent of online shoppers surveyed were prepared to share their credit card information with an EV-enabled site. Only 63 percent of shoppers were willing to transact with a site missing the green bar. Fourteen percent of shoppers felt that companies implementing the green bar on their sites care more about their customers.

Additionally, a growing number of online businesses that have directly measured and quantified a transaction uplift as a result of having implemented EV SSL Certificates.

Online debt consolidation site DebtHelp.com determined that its online application completion rate went up by 11 percent among users who were able to see green address bars through IE 7. This translated into a transaction uplift rate that made DebtHelp.com’s return on investment for EV SSL Certificates an impressive 16,200 percent.

Overstock.com, one of North America’s largest online retailers, saw its online shopping cart abandonment rate decrease by 8.6 percent among IE 7 users.

Strong Market Adoption

Since the release of EV SSL Certificates in early 2007, the technology has exploded across browsers and Web sites worldwide and has arguably established itself as the fastest proliferating technology of the Internet Age.

By November 2007, EV SSL had been implemented by over 1,500 businesses across every major online business category, including:

  • Online retail (eBay, PayPal, Overstock.com, Dixons, fnac)
  • Banking (HSBC, ING, Deutsche Postbank, 5th 3rd Bank, UBS)
  • Travel (Travelocity, Opodo, British Airways)
  • Financial services (Vanguard, Charles Schwab, E*TRADE)
  • Health care (Blue Cross, Blue Shield)
  • and others (Western Union, Hotmail, Carnegie Hall, Pizza Hut)

The progress of EV SSL adoption can be attributed as much to the its compatibility standard to many client desktops as well as the online business advantages of implementing them. Over 35 percent of client systems have Internet Explorer 7 installed today, meaning that over a third of an online retailer’s potential customer base can enjoy the premium experience of EV SSL. An upcoming effort by Microsoft to upgrade users to IE 7 will extend the protection of EV to an even broader audience.

When one considers the findings of an August 2007 Carnegie Mellon report suggesting that shoppers will pay an average of 4 percent more when making online purchases from sites they trust to protect them, the future of EV SSL Certificates looks very bright and has online businesses seeing “green,” literally.

Tim Callan

About Tim Callan

Tim Callan is a product marketing executive for VeriSign's SSL business unit. He is a longtime marketer of Internet and software solutions, a sometime entrepreneur, and a frequent writer and publisher of this and that. The opinions expressed in this blog are strictly his own.

, , ,

One Response to EV SSL: Why It Works To Increase Online Transactions

  1. debasish halder September 3, 2009 at 1:19 am #

    Is there any way to prevent from focus to concatinate
    my description to a SUBTOTAL field (AS ..) with the field value and the corresponing column.
    For example: ON EMBASSY_REGION SUBTOTAL AS ‘my desc’
    result in “My desc EMBASSY_REGION “.
    I would like to get only “my desc: fld1 ..fl2.. subtotal for fld3 …subtotal for fld4 …

Leave a Reply