| The internet has revolutionized our lives by making | | | | website. Once identity is established, SSL creates a |
| billions of pages of information available to us. It has | | | | secure connection between the website and the |
| changed the way we work, do business, entertain | | | | customers. Websites are authenticated by their SSL |
| ourselves and shop for interesting products. The | | | | certificates that are issued by a trusted company |
| internet has done away with physical boundaries by | | | | known as a Certificate Authority or CA. One of the |
| turning the whole world into a global marketplace. The | | | | most trusted CAs in the world is Verisign. Despite all its |
| amount of business transactions involving credit card | | | | merits, SSL suffered from a serious flaw. Any website |
| details and other sensitive financial information is | | | | could sign its own SSL certificates and thus make |
| staggering and numbers in the millions every day. It | | | | itself appear genuine. The average internet user didn't |
| was understood long before the proliferation of | | | | know much about distinguishing between self-signed |
| e-commerce that the sensitive financial information of | | | | and CA-signed SSL certificates. This allowed |
| customers can easily be compromised as it passes | | | | fraudulent websites to steal sensitive business |
| through dozens of computers all around the world to | | | | information from unwitting customers. The stealing of |
| reach its destination. To ensure the protection of this | | | | information in this way is referred to as a phishing |
| sensitive information, a global standard for security | | | | scam. |
| was developed by the name of Secure Sockets | | | | With the rapidly increasing incidences of phishing |
| Layer or SSL. | | | | scams, consumer confidence in online transactions |
| SSL is a communication protocol that works by | | | | was dangerously eroded to the extent that online |
| scrambling the sensitive data through a process called | | | | businesses began to suffer substantially. The |
| encryption. Encryption allows only the authorized | | | | Extended Validation SSL standard was developed to |
| parties to view the information. Hackers and other | | | | win back consumer confidence through stringent |
| criminals can still get their hands on encrypted data but | | | | certificate verification and visual display in highly secure |
| it is basically useless to them. To extract the original | | | | internet browsers like IE7 and Firefox 3. When |
| information from the encrypted data, hackers have to | | | | customers visit a website using an EV SSL certificate, |
| use brute-force decryption methods. Fortunately, most | | | | the URL address bar of the browser turns green |
| secure websites support 128-bit SSL encryption. This | | | | indicating that the site can be trusted. The |
| encryption is strong enough so that it can take | | | | organizational identity and name of the CA such as |
| hundreds of years to decrypt it through brute force | | | | Verisign is also shown next to the green bar to further |
| methods. SSL promised to allow people to share their | | | | provide proof that the website is not fraudulent. Since |
| credit card details on shopping websites and access | | | | EV SSL certificates can only be acquired from a |
| their bank account information without having to worry | | | | well-known CA, the chances of phishing scams have |
| about their financial information getting into the wrong | | | | greatly diminished and consumer confidence in online |
| hands. | | | | business transactions has been restored. All we need |
| SSL is used to validate the identity of the e-commerce | | | | to do now to protect ourselves from phishers is to |
| website so that the customers know for sure that | | | | look for the green bar and that's it. |
| their information won't be sent to some fraudulent | | | | |