Practical Ecommerce

The PeC Review: VeriSign Badge and EV SSL Instill Trust

Customers want to feel safe when they make online purchases. They need to know that the credit card or account data they are providing to the merchant is transmitted and handled in a secure way.

To protect customer information, an online merchant will comply with the Payment Card Industry’s Digital Security Standard and, also, use a 128-bit or great secure socket layer (SSL) to ensure that sensitive data passes back and forth between the web browser and the web server safely. Having taken the steps necessary to secure a payment transaction, online merchants want some way to show their potential customers that they have done everything possible to make shopping secure.

Enter VeriSign’s Secure Site Pro with Extended Validation. First, the service provides 128- or 256-bit SSL encryption, meaning that it offers some of the most potent encryption available to protect payment information as it passes between your servers and customers web browsers. Second, the service provides you with two clear ways to market this to your customers. For giving online merchants both the tools to protect customers and a way to use those tools as a competitive advantage, I am awarding VeriSign’s Secure Site Pro with Extended Validation four and a half out of a possible five stars in this, “The PEC Review“.

The PeC Review is my weekly column created to introduce you to the products and services that I believe can help you improve your ecommerce business. This week, let me tell you why I think Secure Site Pro can help you.

Video: VeriSign’s Secure Site Pro with EV SSL

Top Notch Encryption

SSL is a protocol that was originally developed by Netscape to facilitate secure Internet communications over an insecure network. It is designed to solve two basic communications problems: (1) identity and (2) eavesdropping.

When a consumer surfs to your website, checks out some products, and reads your “About” page, that consumer has no real way of know if you are who you say you are. You might claim to be reputable, but how would they know? In fact, the consumer may have found an impostor—someone claiming to be you in order to steal data. An SSL solves this problem since SSL certificates are unique to a particular server and domain name. When a consumer’s browser makes contact with the web server, the SSL ensures that your customer knows who he or she is dealing with through a process called public key cryptography. Essentially, the SSL uses two cipher keys. One key is made public. It is used to encrypt data. The other key is private and secret. It is used to decipher data encrypted with the public key.

Next, when a customer sends data over the Internet, which is generally an insecure network, how does that customer know that some hacker is not lurking, and waiting to intercept credit card or account data. Again, an SSL solves this problem by encrypting as mentioned above. The more complicated the encryption, the more secure the data.
VeriSign’s Secure Site Pro offers up the 256-bit encryption. This means that if someone were trying to guess the encryption code it would take that person several billion years to have tried every possible combination.

Recognizable Security Badge

Once a site has been secured with the Secure Site Pro SSL certificate, the site owner gets to display a VeriSign Secured Seal. The seal lets a site owner brag about all of the good work that has been done to ensure that a customer’s data isn’t intercepted or stolen. And seals like this one have a positive effect on sales.

For example, a 2008 study by Synovate Research and published on the VeriSign site, found that 91 percent of U.S. online consumers recognized the VeriSign seal. Furthermore, both anecdotal evidence and A/B split testing has shown that adding a security or trust seal to an ecommerce site can boost sales conversions as much as 10 percent. Security seals have also been shown to reduce shopping cart abandonment.

Best Case for EV I’ve Seen

A second way to let customers know that you mean business is to use an Extended Validation (EV) SSL certificate. An EV SSL not only ensures that the site a consumer is visiting is really the domain it claims to be, but also that the site owner is a legitimate business. The EV SSL displays the domain owner’s name in an extension to the browser’s address bar.

I have to confess, I had not been a big fan of EV SSL, since I did not really see the value in spending an extra $200 to $500 for a green bar that I wasn’t sure users understood anyway. But VeriSign changed my mind.

The company has a very good phishing scam demonstration, which really shows how EV SSL makes a difference. The demonstration, which you can see at Phish-no-Phish.com, asks you to compare pairs of website screen captures and decide which one was a real site and which one was from a phishing scam. Needless to say, without the EV SSL finding the phishing villains was no easy task.

Price

VeriSign’s Secure Site Pro with EV SSL is $1,499 per year if billed annually with discounts available for prepayment.

Four and a half stars

Summing Up

I really like VeriSign’s Secure Site Pro with EV SSL. I believe it does a good job of actually securing customer data as it passes back and forth between the browser and server, and I think that it gives merchants an equally powerful tool for encouraging customers to buy. Bottom line, that security seal and green extension in the address bar make customers feel safe.

But I do think that the service is expensive. In fact, if Secure Site Pro with EV SSL sold for less, I would have given it five stars.

Armando Roggio
Armando Roggio
Bio  |  RSS Feed


Get the Practical Ecommerce RSS feed

Comments ( 8 )

  1. Joseph A'deo January 11, 2010 Reply

    Thanks much for the write-up on EV SSL here. I work for VeriSign so I’m glad to see that our Phish/No Phish strategy got to you — the green url bar really does make quite a difference. Another tidbit about EV SSL — it requires a much more thorough background check to obtain (sometimes a VeriSign rep has to physically meet with a member of the company/website), so consumers can know without a doubt that the identity of the site owner has been verified. If you or any of your readers have further questions about EV SSL, please don’t hesitate to contact me.

  2. PLL January 12, 2010 Reply

    I will say having just gone through the EV certification as a sole owner of a C-corp with Verisign, it is a bit of security theatre. They seem to forget who their customer is. My name and address are listed on the state secretary of state’s website as the owner of the C-corp, furthermore my same name and address are listed on the state bar website as an attorney. Apparently, I faked three years of law school and a bar exam so that in a nefarious plot to get EV certified as this info wasn’t enough to confirm my identity. My choices to confirm my identity: pay another attorney or an accountant to write a letter or get a Dunn & Bradstreet number. You know what Dunn & Bradstreet wants to give me a number? My name, address, and name of my company. That’s some serious protection there.

  3. Jamie Estep January 13, 2010 Reply

    EV certs are a pain to get, but do provide some better security based on the difficulty in obtaining it.

    As far as real security, a Verisign SSL is no better than one you generate yourself. Don’t confuse business verification with encryption. SSL is SSL…

    I would recommend using one of the cheaper EV providers if you are going to go down that path, especially for the first time. Comodo, and Entrust and a few others offer EV certs at about 1/3 the cost of Verisign. The verification process is just as strenuous. Obviously Verisign is going to argue that they are the more trusted name, which I completely agree with. However, unless you are doing about a half million in online sales per month, you’re most likely just wasting money paying any more than the minimum for an EV certificate. If you have high enough volume, the Verisign name "may" pay for itself, but even then I would be hesitant to say that the conversion difference would be much more than any other EV provider.

    Another caveat with EV certs is that they still aren’t well supported. IE7 and 8 support them only if certain parameters are turned on in the browser settings. < FF3.5 has no support, and earlier versions of Chrome and Safari do not support it as well.

    Anyway, I would take any claims of conversion increases from SSL providers with a grain of salt. Websites may be able to get a positive ROI from an EV cert, but don’t count on some massive conversion increase as soon as you install it.

  4. Mike Mauseth January 14, 2010 Reply

    Encrypted transactions and PCI compliance is important, but it overlooks a big piece of establishing trust and generating sales — creating transparency for the ecommerce site.

    We just launched a new business, at http://www.kikscore.com. It’s free and takes into consideration site security, but it goes beyond that and provides a shopper greater insight from whom they are buying. We’ve had positive feedback and results thus far and would love additional beta customers to help us create a better product.

    Please check out our site — http://www.kikscore.com and our blog blog.kikscore.com.

    Thanks,

    Mike

  5. Alex Mulin January 15, 2010 Reply

    Comodo’s similar EV SSL is much cheaper yet gives good results as well.

  6. Tim January 15, 2010 Reply

    This reads much more like an advertisement than a review.

    Does Practical Ecommece normally do Advertorials?

    In an actual review, I would expect to see comparisons to competing products, and a dialogue about how your testing was carried out.

    I just conducted a web search on EV SSL certs and there is almost no information out there that was not published or sponsored by the SSL vendors themselves.

  7. Armando Roggio January 15, 2010 Reply

    @webdoc, I wanted to reply regarding comparisons to competing products. I have avoided doing specific comparisons in the past in favor of the relative grade, four and a half out of five.

    But I would be willing to do some comparisons if there was good data. I also agree with you that most of the research comes from SSL vendors.

    Would you or others commenting here, be willing to take part in a survey about EV SSL certificate features or concerns? If so that survey could be the starting place (since we would know what customers want or have concerns about) for a better evaluation EV SSL certificates.

  8. cabz February 12, 2010 Reply

    @Armando: All of the major benefits you discuss (trust seal, encryption, and highlighting in the address bar) are available with all EV SSL certificates.

    As others have mentioned, it would be more informative to see a comparison of EV SSL certificates. While Versign is one of the biggest brands in SSL, others, such as Go Daddy and Comodo (who are both also major players) offer their EV SSL certificates for FAR less ($99 for Go Daddy and $799 for Comodo).

Email Newsletter Signup

Sign up to receive EcommerceNotes,
our acclaimed email newsletter.

And receive a free copy of our ebook
50 Great Ecommerce Ideas