Browser Forum Sets Validation Rules

• By The WHIR, September 25, 2006

•   Digg
    Delicious
    Reddit
    Newsvine
    Stumbleupon
    Twitter

  (close)

  From:

  To:

  (close)
  Share | Send | Print | Comments (0)

Browser Forum Sets Validation Rules

By Justin Lee, theWHIR.com

September 25, 2006 -- (WEB HOST INDUSTRY REVIEW) -- Despite the variety of security measures being employed by online retailers to prevent phishing attacks from occurring, the breadth and variety of security features makes it difficult for consumers to determine which companies can be trusted.

Digital certificate provider XRamp Security Services (xramp.com), and with other industry leaders, set out to clear up that confusion last week when they gathered at the sixth International Certificate Authority Browser Forum in San Antonio, Texas.

Like the Payment Card Industry data security standard created by major credit card companies to protect customer information, the CA/Browser Forum set to establish minimum standards of security when storing, processing and transmitting cardholder data.

The CA/Browser Forum is a voluntary open organization of certificate authorities and vendors of Internet browser software and other applications. Members include XRamp, VeriSign, Network Solutions, CyberTrust, EnTrust, Go Daddy, Comodo, Microsoft, Opera and Mozilla.

In a closed meeting last week, the companies worked together to determine the final guidelines regarding extended validation certificates to secure e-commerce and prevent the growth of phishing, the fraudulent attempt to gain sensitive material such as passwords or credit card information by disguising one's self as a trustworthy entity. 

"We're trying to take very proactive steps to make sure a company is who they say they are," says Scott Harris, president of XRamp.

The guidelines pinpoint the minimum requirements a CA must meet in order to issue extended validation certificates, and standardized processes for confirming and guaranteeing an organization's identity. Information from valid EV certificates may be displayed in a special manner by browsers in order to provide users with confirmation of the identity of the owner or webmaster of the site they are accessing.

More specifically, the address bars of Web browsers will turn green when someone visits a secured site, and the company name and domain name will appear on the right hand side of the address bar.

"By actually showing the company name up in the address bar itself, it ties for the first time ever the company name itself - the corporate identity - to the domain name," says Harris.

Harris says XRamp, which provides security solutions for online merchants, universities and government entities, will "focus on issuing the enhanced validation certification."

"We work with a lot of small to mid-sized enterprises," he says, "and we feel that it's important for them to have the same competitive edge as the big guys."

Harris is an enthusiastic supporter of the extended validation certificates standard, and sees it as a step in the right direction for preventing phishing attacks by making Web site operators more identifiable and, as a result, accountable.

"Digital certificate authorities serve the purpose of encryption, but also serve the purpose of an online notary," says Harris. "The validation procedures used by each certificate authority are different, and in order to preserve the integrity of the industry there needs to a standard validation model."

Tags:  government  security  certification  Cybertrust  Directi  EDS  Go Daddy  Iona  Microsoft  Mozilla  THUS  TRUSTe  Comodo  VeriSign 

• Print | Comments (0)

• (0) Comments
• View Post