GeoTrust First to Announce Support for New High-Assurance SSL Certificates


Developed in Partnership with Leading Browser Developers, New Type of SSL Certificates will Combat Phishing and Online Fraud

NEEDHAM, Mass., Feb. 21 /PRNewswire/ -- GeoTrust, Inc., a leader in identity verification solutions for e-business and a leading issuer of digital certificates for web security, today announced support for new High Assurance SSL certificates. The new High Assurance SSL certificate standard, which is being defined by leading browser companies including Microsoft, Mozilla and Opera, in partnership with Certificate Authorities including GeoTrust and VeriSign, as well as the American Bar Association Information Security Committee, will entail a higher level of business verification than any Certificate Authority's current vetting methods. Additionally, High Assurance SSL certificate identity information will be clearly displayed in the new- generation browsers, so that consumers will easily be able to discern that they are indeed at the site they think they are, and not a fraudulent version of a popular website.

Phishing occurs when consumers are lured to fraudulent sites by following links in emails they think are from legitimate companies. Gartner, a leading market research firm, estimates that over 73 million U.S. adults believe they have received phishing emails, and that 2.4 million online consumers reported losing money directly because of phishing attacks. In its February 2006 report, the Anti-Phishing Working Group estimated there were 7,197 unique phishing sites reported in December 2005, a huge increase from the 4,630 reported in the prior month. Not surprisingly, close to 90 percent of attacks are launched at financial institutions, where phishers attempt to solicit account numbers and password log-ins to gain access to consumers' accounts.

"We took a leading role in this initiative, which has brought together the industry's major browser developers and Certificate Authorities, as well as companies such as RSA Security and Identrus, because we know that it's critically important to find new ways to enhance online trust," stated Neal Creighton, chief executive officer of GeoTrust. "By creating a new and higher standard for verifying organizations, the High Assurance SSL certificate standard will help to restore the type of business innovation that the Internet promises."

The new specification for verifying identities for the new High Assurance SSL certificate is expected to be finalized in the coming months. The vetting process will be much more comprehensive than any Certification Authority's current vetting standards, which primarily rely on email and faxed information, database lookups and phone calls before issuing an SSL certificate. Today, these processes vary from Certificate Authority to Certificate Authority, and encompass an array of manual and automated processes. Key to the new High Assurance certificates is a standardized process across Certificate Authorities for verifying information that will include: verifying the organization's identity; verifying that the would-be purchaser has the legal authority to make the SSL certificate request for that organizational entity; and confirming that the entity is a legitimate business, not a shell or false front entity.

A Microsoft Internet Explorer developer's weblog has published extensively on the new security features in IE 7, the work of the browser and Certificate Authority initiatives, and includes examples of how the new High Assurance SSL certificate information would display within the new Internet Explorer browser. This information can be found at: http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx

Chris Bailey, GeoTrust's chief technical officer stated: "For over a year, a dozen companies have been meeting to find new ways to address the issue of phishing and restore consumer confidence in online transactions. The result is that we will have one standard, with a thoroughly defined vetting process, for the issuance of High Assurance SSL certificates. While not every site will require them, it is our view that financial institutions and large e-tailers will want to convey this added assurance to their customers."

Availability
High Assurance SSL certificates will be available mid-year, to correspond with the first launches of the new web browser releases. The certificates will be available from GeoTrust's enterprise sales organization, retail site and its worldwide reseller network. For more information, visit www.geotrust.com/.

About GeoTrust, Inc.
GeoTrust is the leader in identity verification, credentialing and validation solutions, and the fastest growing Certificate Authority, according to market research firm Netcraft. Its products include web security services for secure e-commerce transactions, identity verification for consumers, managed security services for enterprises, digital signing for documents and computer code, and TrustWatch (http://www.trustwatch.com/), a free toolbar and search site that helps consumers recognize whether a site has been verified and is safe for the exchange of confidential information. With more than 100,000 companies worldwide using its technology for online security, GeoTrust has rapidly become the second largest digital certificate provider in the world. The company recently acquired TC TrustCenter, a leading German Certificate Authority and provider of advanced enterprise security and smart card solutions. Visit www.geotrust.com/ for more information.

GeoTrust is a registered trademarks of GeoTrust, Inc. All other product names are trademarks or registered trademarks of their respective owners.

Media Contacts:
Joan Lockhart
GeoTrust, Inc
781-292-4153
joanl@geotrust.com

Source: GeoTrust, Inc.

CONTACT: Joan Lockhart of GeoTrust, Inc., +1-781-292-4153, joanl@geotrust.com; or Liz Serotte of Schwartz Communications, Inc.,
+1-781-684-0770, geotrust@schwartz-pr.com

Web site: www.geotrust.com/
http://www.trustwatch.com/

All Topics