Why we jumped through all the hoops and have an EV SSL Certificate

Introduction:

People are getting smart about online security. More and more of them are looking for the padlock icon, the “https” prefix and a green address bar in their browser before submitting personal information online. If a Web site doesn’t have an EV SSL Certificate, visitors may leave before making a purchase, creating an account or even signing up for a newsletter. But we change all that with an EV SSL Certificate.

We have installed an EV SSL Certificate from GoDaddy.com on our e-

Commerce Web site, www.FishMountStore.com.  This allows us to secure our online business and enables us to build customer confidence by securing all online transactions with 256bit encryption. An EV SSL Certificate on our Web site will ensure that sensitive data is kept safe from prying eyes.

Before issuing an EV SSL certificate, GoDaddy.com rigorously authenticates the requestor’s domain control and the identity and business records of the certificate requesting entity. The authentication process ensures that customers and business partners can rest assured that a Web site protected with a GoDaddy.com certificate can be trusted. Additionally, GoDaddy.com Premium Extended Validation SSL Certificates provide the highest level of online assurance – perfect for high value ecommerce – where our standardized vetting process verifies the legitimacy and status of our registered business.

GoDaddy.com EV SSL Certificate provides the security our business needs and the protection you, our customers, deserve. With a GoDaddy.com SSL Certificate, customers will know that our site is secure.

In the rapidly expanding world of electronic commerce, security is

paramount. Despite booming Internet sales, widespread consumer fear that Internet shopping is not secure still keeps millions of potential shoppers from buying online. Only if our customers trust that their credit card numbers and personal information will be kept safe from tampering can we run a successful online business.

For online retailers, securing our shopping sites is vital. If consumers perceive that their credit card information might be compromised online, they are unlikely to do their shopping on the Internet.  An EV SSL Certificate provides an easy, cost effective and secure means to protect customer information and build trust. An EV SSL Certificate enables Secure Sockets Layer (SSL) encryption of our business’ online transactions, allowing us to build an impenetrable fortress around our customers’ personal information and credit card data.

EV SSL certificate brings the highest level of trust to our online business. An EV SSL Certificate ensures that all sensitive transactions are kept securely encrypted and safe from prying eyes, and rigorous authentication guarantees that EV SSL certificates are issued only to entities whose existence and domains can be verified.

What is an SSL Certificate?

An SSL certificate is a digital certificate that authenticates the identity of a Web site to visiting browsers and encrypts information for the server via Secure Sockets Layer (SSL) technology. A certificate serves as an electronic “passport” that establishes an online entity’s credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the users Browser will access the server’s digital certificate and establish a secure connection.  A certificate serves as an electronic “passport” that establishes an online entity’s credentials when doing business on the Web.

Information contained in the certificate includes:

·         The certificate holder’s name (individual or company)*

·         The certificate’s serial number and expiration date

·         Copy of the certificate holder’s public key

·         The digital signature of the certificate issuing authority

·         The browser will prominently display our company name.

Enabling Safe and Convenient Online Shopping

An EV SSL Certificate ensures safe, easy and convenient Internet shopping. Once an Internet user enters a secure area – where, for example, credit card information, email address or other personal data is collected – the shopping site’s SSL certificate enables the browser and Web server to build a secure, encrypted connection. The SSL “handshake” process, which establishes the secure session, takes place discreetly behind the scenes, ensuring an uninterrupted shopping experience for the consumer. A “padlock” icon in the browser’s status bar and the “https://” prefix in the URL are the only visible indications of a secure session in progress and EV SSL Certificates also display a green address bar color when displaying a secured page.

A “padlock” icon in the browser’s status bar (Firefox) or in the navigation bar indicates that a secure session is in progress.

By contrast, if a user attempts to submit personal information to an

unsecured Web site (i.e., a site that is not protected with a valid SSL

certificate), the browser’s built in security mechanism will trigger a warning to the user, reminding him/her that the site is not secure and that sensitive data might be intercepted by third parties. Faced with such a warning, most Internet users likely will look elsewhere to make a purchase.

Up to 256Bit Encryption (the geeky stuff):

GoDaddy.com SSL certificates support both industry standard 128bit (used

by all banking infrastructures to safeguard sensitive data) and high grade 256bit SSL encryption to secure online transactions. The actual encryption strength on a secure connection using a digital certificate is determined by the level of encryption supported by the user’s browser and the server that the Web site resides on. For example, the combination of a Firefox browser and an Apache 2.X Web server enables up to 256bit AES encryption with GoDaddy.com certificates. Encryption strength is measured in key length — number of bits in the key. To decipher an SSL communication, one needs to generate the correct decoding key.

Mathematically speaking, 2n possible values exist for an nbit key. Thus, 40bit encryption involves 240 possible values. 128and 256bit keys involve a staggering 2128 and 2256 possible combinations, respectively, rendering the encrypted data de facto impervious to intrusion. Even with a brute force attack (the process of systematically trying all possible combinations until the right one is found) cracking a 128or 256bit encryption is computationally unfeasible.

Stringent Authentication

— A Matter of Trust

Before GoDaddy.com issues an SSL Certificate, the applicant’s company and personal information undergoes a rigorous authentication procedure that serves to preempt online theft and to verify the domain control and the existence and identity of the requesting entity. Only through thorough validation of submitted data can the online customer rest assured that online businesses that utilize EV SSL certificates indeed are to be trusted. An EV SSL certificate guarantees that the entity that owns the certificate is who it claims to be and has a legal right to use the domain from which it operates.  An Extended Validation SSL Certificate verifies our organization’s identity and the overall legitimacy of our business. EV SSL Certificates are only issued to entities whose domain control, business credentials and contact information have been verified.  Thus, an EV SSL certificate guarantees that the entity that owns the certificate is who it claims to be and has a legal right to use the domain from which it operates.

Premium Extended Validation Certificate More extensive than any existing SSL vetting process:

·      Verify your organization’s identity, the validity of your request and the overall legitimacy of your business.

·      Browsers display both the organization name and issuing certification authority.

Phishing and Pharming:

— How EV SSL Can Help

Phishing and, recently, pharming pose constant threats to Internet

Users whose sensitive information is under siege by crackers and

Other cyber crooks.

An EV SSL certificate can clip the wings of Internet criminals and help prevent Internet users from being victimized by phishing and pharming schemes when attempting to visit our Web site.

Phishing schemes – attempts to steal and exploit sensitive personal information – typically try to trick victims into accessing fraudulent sites that pose as legitimate, trusted entities, such as online businesses and banks.

Because perpetrators of such attacks will be using and registering domains that resemble those of the spoofed sites, GoDaddy.com, through its stringent fraud prevention measures, will detect the schemes and deny certificate requests for suspicious domains.

An EV SSL certificate from GoDaddy.com can help prevent Internet users from being victimized by phishing and pharming schemes.  More sophisticated than phishing, pharming revolves around the concept of hijacking an Internet Service Provider’s (ISP) domain name server (DNS) entries. When a “pharmer” succeeds in such DNS “poisoning” every computer using that ISP for Internet access is directed to the wrong site when the user types in a URL (e.g., www.ebay.com).

SSL certificate technology can help prevent pharming attacks, as well. In essence, a “pharmer” simply will not be able to obtain an SSL certificate as he/she does not control the domain for which the certificate is requested. By protecting your Web site with an EV SSL certificate, Internet users that attempt to access a site that poses as yours will be instantly alerted that there is a problem with the supposedly secure connection:

·     No lock icon: Because CAs usually won’t issue a certificate to fraudulent phishing or pharming sites, such sites usually do not use SSL encryption. Internet users, therefore, are alerted by the absence of a padlock icon in their browser’s status bar. If protected with a Premium Extended Validation Certificate – the highest level of online assurance available – the site will display a padlock AND a green address bar.

·     Name mismatch error: A pharming site could try to use a certificate issued by a CA for a domain owned by the attacker, but the user’s browser will warn the user that the visited URL does not match the certificate presented by the fake Web server.

·     Untrusted CA: A pharming site might attempt to use a certificate issued by an untrusted CA. In this case, the user’s browser will generate the following warning: “the security certificate was issued by a company you have not chosen to trust.”

Phishing or pharming sites will not be able to obtain SSL certificates from a trusted CA. The alert Internet user will instantly abandon his/her activities/ transactions when presented with such warnings. Thus, an EV SSL certificate provides business owners and wary, savvy Internet users with an effective weapon against phishing, pharming and similar cyber swindles.

Establishing a Secure Connection:

— How SSL Works (more geeky stuff)

An SSL encrypted connection is established via the SSL “handshake”

process, which transpires within seconds – transparently to the end user. In essence, the SSL “handshake” works thus:

·     When accessing an EV SSL secured Web site area, the visitor’s browser requests a secure session from the Web server.

·     The server responds by sending the visitor’s browser its server certificate.

·     The browser verifies that the server’s certificate is valid, is being used by the Web site for which it has been issued, and has been issued by a Certificate Authority that the browser trusts.

·     If the certificate is validated, the browser generates a onetime “session” key and encrypts it with the server’s public key.

·     The visitor’s browser sends the encrypted session key to the server so that both server and browser have a copy.

·     The server decrypts the session key using its private key.

·     The SSL “handshake” process is complete, and a secure connection has been established.

·     A padlock icon appears in the browser’s status bar, indicating that a secure session is under way. And protected with a Premium Extended Validation   Certificate, a green address bar will also appear.

Conclusion — The Key to Online Security:

Demand for reliable online security is increasing. Many consumers continue to believe that shopping online is less safe than doing so at old fashioned brick and mortar stores.

The key to establishing a successful online business is to build customer trust. Only when potential customers trust that their credit card information and personal data is safe with our business, will they consider making purchases on the Internet. With our EV SSL Certificate our customers will know that they can trust our business. The EV SSL Certificate provides a convenient, cost effective and reliable means to secure our business’s online transactions.

Thanks for taking the time to read this.  It is important to understand that we take this stuff pretty seriously here at The Fish Mount Store.  Thanks to GoDaddy.com for their professional assistance in getting the latest security onto our site and letting me use some of their explanations about how the process works – Regards from Ken Laudadio, owner and operator of The Fish Mount Store.