GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Online networking has come of age: Is your next sale a mouse-click away?


Industry Update

East Coast cabbies "walk" over payment requirements

Visa says upgrade or pay

Fair Isaac and NYCE tag team against data thieves

Mercator weighs upstart payment options

Help someone soar on NAOPP's board

2007 & 2008 calendar of events


GS Advisory Board:
Unsettled economic times - boon or bust? Part I

Advanced-function ATMs register on college campuses

Bill Yackey


A quick test to up your ethics quotient - and profits

Steve Schwimmer
Renaissance Merchant Services

Fewer checks, faster process

Patti Murphy
The Takoma Group


Street SmartsSM:
Would you rather have a boss or be your boss?

Dee Karawadra
Impact PaySystem

Time's up for one cash advance patent

Adam Atlas
Attorney at Law

Raising the green bar: EV SSL

Mike Petitti

Think negative

Nancy Drexler
Marketing Moguls

Merchant account fees demystified

Jason Felts
Advanced Merchant Services Inc.

Company Profile

YourTownMall Business

New Products

Secure customer data by not storing it

MES e-Commerce Payment Gateway and MES Virtual Terminals
Merchant e-Solutions

Virtual assistant for real biz travel

Verbal Expense Tracking
Virtual Management Inc.


Congrats, you're an expert



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

September 24, 2007  •  Issue 07:09:02

previous next

Raising the green bar: EV SSL

By Mike Petitti

Editor's Note: Editor's note: AmbironTrustWave recently assumed the name Trustwave to more accurately reflect the evolution of the company and its reputation as a global provider of information security and compliance solutions.

A growing number of merchants, large and small, realize that e-commerce is here to stay and know it is time to join the Internet marketplace before it's too late.

As e-commerce payment technology becomes less expensive and easier to implement, more merchants will want to make their mark, along with some money, on the Web.

If it hasn't happened already, it's likely you'll begin hearing requests from a range of merchants for help with adding an e-commerce channel to their business.

To help you educate merchants, here is a quick primer on e-commerce and one specific technology that makes it possible: Secure Sockets Layer (SSL) certificates.

The distrust hurdle

A major barrier to e-commerce has been consumer's reluctance to send credit card numbers over the Internet.

To relieve consumer anxiety and ensure the security of e-commerce, stakeholders supported the adoption of the SSL protocol, developed by Netscape as the standard to protect e-commerce transactions.

SSL certificates encrypt communications between two points (i.e. a consumer's desktop and a merchant's Web server).

When an SSL certificate is presented, it displays a padlock icon in the corner of the browser window. For example, in Microsoft Corp.'s Internet Explorer browser, the padlock appears in the lower right corner.

Many consumers now recognize that icon and believe it guarantees a site's security and trustworthiness. And indeed, an e-commerce merchant who has an authentic, properly validated SSL certificate should be trusted.

Unfortunately, it's easy for a fraudster to acquire some level of SSL certificate for use on a phony or "spoofed" site to facilitate a phishing scam.

Phishing is the attempt to acquire credit card or other personal information through a fraudulent Web site that represents itself as a legitimate Web site.

When phishing succeeds, communications between consumers and the fraudulent sites are encrypted, but malicious individuals are receiving confidential information from consumers by misrepresenting themselves with SSL certificates.

It's the same as willingly handing over a wallet to a thief in a dark alley, despite being accompanied by a bodyguard.

Levels of validation

Therein lies the problem. An SSL certificate both facilitates encryption and gives its bearer credibility. It verifies for consumers that the e-commerce merchant is indeed who the merchant claims to be.

However, SSL certificates are issued in a number of ways. While each certificate allows the encryption of communications (e.g., transaction data) and provides visual signs such as the padlock icon and changing the prefix of a URL from "http" to "https," the credibility of the certificate holders' identities varies.

SSL certificates fall into four categories of validation (Certificate Authorities or CAs are organizations that issue SSL certificates):

Next generation SSL

Again, each type of the certificate encrypts communications. But the differentiator is the level of validation necessary to verify an organization's identity.

And the validation process for the EV SSL certificate is the only process that is based on an industry standard developed by CAs and Internet browser developers as a part of the CA/Browser forum (see for more information).

Because of the strict validation process involved in their issuance, proliferation of EV SSL certificates will help prevent phishing sites, which are the scourge of e-commerce merchants. An EV SSL certificate offers more indicators of an organization's legitimacy.

Thus far, it is impossible for a fraudster to spoof an EV SSL certificate. So, when consumers see sites that shade the address bar green within an Internet Explorer browser, they will know the site can be trusted.

As the use of EV SSL certificates spreads, it's likely consumers will learn to distrust Web sites that do not shade the browser bar green.

EV SSL and you

A great many merchants who previously dismissed e-commerce may now find a number of benefits from supplementing their brick-and-mortar sales through the e-commerce channel.

While e-commerce may not be appropriate for every merchant, for many retailers, its potential is enormous. For instance, merchants need not offer merchandise via the Web. They could sell prepaid cards online and give consumers the option to add money to (or "recharge") those cards.

For the merchant level sales person, the opportunity exists to sell e-commerce services, prepaid services and SSL certificates.

Many CAs, such as Trustwave, allow for the reselling of their SSL certificates. Reselling SSL certificates could add much-needed value to your portfolio of products and services.

By offering SSL certificates in addition to your other e-commerce solutions, you can offer merchants a comprehensive e-commerce package that gives them quick and efficient e-commerce functionality.

Michael Petitti is Chief Marketing Officer of Trustwave and is responsible for all of the company's marketing initiatives. He serves on the Merchant Risk Council's board of advisers and on The Green Sheet Inc. Advisory Board. Call him at 312-873-7291 or e-mail him at

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios