PRESS RELEASE

AOTA Urges Adoption of Extended Validation SSL Certificates 
Emerging Internet Standard for Consumer & Brand Protection

SEATTLE, WA - January 15, 2008 – Today, the Authentication and Online Trust Alliance (AOTA) announced its endorsement of Extended Validation SSL certificates, an emerging standard to help verify site identity and increase consumer confidence in ecommerce and ebanking.  The new set of business process standards are designed to further validate the identity of a Web site owner, increasing consumer protection from fraudulent and deceptive Web sites. 

Deceptive emails and phishing attacks often lead customers to fraudulent Web sites to collect personal data, damaging not only the user but the brand owner as well.  Benefitting from domain misspellings, online criminals have acquired traditional SSL certificates that allow them to encrypt data and appear as if they are legitimate Web sites.  In response to these threats, guidelines for the issuance and management of Extended Validation (EV) Secure Socket Layer (SSL) certificates were developed and ratified by the CAB/Forum[1] last year to provide consumers with a higher level of trust and are now endorsed by AOTA. 

EV SSL certificates are now being supported by leading Web browser vendors including Microsoft and Mozilla as well as over 20 certificate authorities worldwide, including Entrust, Go Daddy, RSA, VeriSign and others. As the first publically released browser to support this standard, Windows Internet Explorer™ 7 users are presented with a green address bar, a visual trust symbol that displays the name and country of origin of the company that controls the site, when they visit a site with an EV SSL certificate.  Upcoming releases of Mozilla Corporation’s Firefox® will provide a similar visual indicator within its location bar.  AOTA is urging its membership and all ecommerce and banking sites to migrate and adopt EV SSL certificates and spread awareness within the next twelve months as their existing certificates come up for renewal.

EV certificates fill the void left in SSL certification by validating that the endpoint is that which it claims to be.  Companies and individuals who adopt EV certificates benefit from a higher level of authentication and increased consumer confidence in online commercial transactions. According to the Netcraft Secure Server Survey, EV certificates are deployed on nearly 4,000 consumer, financial and ecommerce sites, including Alaska Airlines, AutoZone, British Airways, Charles Schwab, eBay, FedEx, PayPal, Microsoft, Royal Doulton, Sovereign Bank, SunLife, The Body Shop UK, Travelocity, UBS and Vanguard. EV certificates are not only used by large financial institutions, banks and ecommerce sites, but also by charities and organizations that accept donations, such as The United Way and the Girl Scouts Hornets' Nest Council.

“Online crime is inevitable and criminals will continue to get smarter making the need for industry collaboration imperative to staying one step ahead of the game,” said Howard A. Schmidt, president and CEO of R&H Security Consulting, former White House Cyber Security Advisor and AOTA board member. “AOTA stands behind EV certificates and promotes adoption as a key tool to help the entire online trust ecosystem.”

To learn more about EV certification including a list of the leading brands that have adopted, please visit: http://aotalliance.org/resources/EV/

 
Industry & Business Adoption
“Widespread support and adoption of EV certificates are extremely important to consumer privacy and the potential to decrease Internet fraud,” said Warren Adelman, Go Daddy’s president and chief operating officer. “Go Daddy is doing its part, and we applaud AOTA in its effort to spread awareness of EV certificates and all other emerging authentication standards and best practices.”

“Gocompare.com’s success directly depends upon the level of trust that we can provide our customers. As an online insurance comparison service, our customers need to be confident that, as well as being able to find the right cover for their requirements, their personal information will be completely secure, and that they are free from the threat of identity fraud. “Adopting the EV SSL certificate demonstrates to the customer that we are a truly secure website, and that we are able to provide them with the highest level of online trust and confidence.”

“Providing consumers and businesses with the tools and technology to make better trust decisions and protect their privacy and brands has long been a key focus for Microsoft, and EV SSL certificates are another important piece to enhanced online trust and confidence,” said Austin Wilson, director of Windows Security. “As a founding member of the CA/B Forum and AOTA and a company that has believed in the value of EV certificates for many years, we appreciate this collaboration and look to other best practices to enhance the trust ecosystem.”

“As an active participant in the development the EV certificates standard, we are excited to hear that the board of AOTA is endorsing EV certificates as a best practice,” said Johnathan Nightingale, human shield for Mozilla. “Mozilla takes great pride in providing Internet users with a higher level of online trust and confidence, and this is another positive step in that direction.”

“Protecting our customers against phishing attacks and fraudulent email are major initiatives at PayPal,” said Mike Vergara, director of account protections at PayPal.  “While there is no silver bullet solution to prevent phishing, our early adoption of EV certificates has been a positive step in the fight against online crime.  The easily recognizable green address bar gives our customers additional confidence when shopping online.”

 
About The Authentication and Online Trust Alliance (AOTA):
Founded in October 2004, the mission of AOTA is to foster the elimination of email and Internet fraud, abuse and data intrusions thereby enhancing online trust, confidence and online protection of businesses and consumers.  The goals include but are not limited to facilitating best practices, data sharing, the deployment and implementation of authentication, identity and reputation solutions as well as domain defense strategies.  By providing the ecosystem prescriptive and actionable advice in a vendor neutral environment, AOTA aims to increase digital inclusion and Internet usage worldwide by promoting the benefits of Internet safety to users of all ages and demographics. AOTA represents over one million business and 500 million users worldwide, with members in Canada, Demark, Germany, Romania, Singapore and the United States.  AOTA is a 501c6 IRS approved non-profit, incorporated as a Washington State non-profit corporation.  AOTA is governed by a Board and Steering Committee including the Bank of America, Box Sentry, Datran Media, Epsilon, Goodmail Systems, Habeas, Iconix, Internet Identity, IronPort Systems, division of Cisco Systems, Message Systems, Microsoft Corporation, MX Logic, Return Path and Symantec Corporation.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.  For information on email authentication, domain defense strategies, EV SSL certificates and other best practices visit www.aotalliance.org.


[1] The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary organization of leading certification authorities (CAs) and vendors of Internet browser software and other applications.  www.cabforum.org

Media Contact:
Carla Vicens
blast! PR for the AOTA
(919) 833-9975 x10
carla@blastpr.com

###