Modernizing Authentication — What It Takes to Transform Secure Access
How do you know that the site you're visiting isn't infected with malware? VeriSign is trying to make the answer easier for users to know with the introduction of its new VeriSign Trust Seal.
As part of the Trust Seal service, VeriSign will scan a Web site to ensure that it is free from malware and then enable the site's operator to display the Trust Seal as a trust mark for users.
The effort complements VeriSign's existing Secured trust mark, which is geared for e-commerce sites. However, the new Trust Seal is not attached to an SSL certificate and does not provide data encryption, so it's not appropriate for transactional sites -- nor will VeriSign grant such sites a Trust Seal, it said.
Enhancing online security
Why the separate trust mark? VeriSign said that non-transactional sites have been needing a means of their own to indicate that they're safe.https://l1.cdn.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Over the last few years, we've noticed that there are companies that don't need SSL because they're not doing transactions, but they were purchasing an SSL certificate anyways so they could display the VeriSign Secured Seal on their site in order to drive customer confidence," Fran Rosch, senior vice president for authentication at VeriSign, told InternetNews.com. "There are tens of millions of Web sites that don't take transactions, that are information only, that don't require SSL."
That's where the Trust Seal comes in as a scanning effort to ensure the safety of a Web site. Rosch added that VeriSign is using a combination of technology that it developed (including those from its iDefense security division) along with that of a third-party vendor that VeriSign is not naming publicly.
Beefing up cyber security
Users of VeriSign SSL certificates -- the company is a major SSL certificate provider -- will soon get some of the same benefits of the Trust Seal, as well. Rosch said that later this year, VeriSign will also go out to its SSL user base and begin offering daily malware scans.
The move continues efforts by VeriSign to grow its brand of trust to online environments whether or not they require SSL. Rosch added that he believes consumers shouldn't interact with a site unless they see a VeriSign checkmark, which means the site is not infected.
"The good thing with SSL is: You're doing a transaction, you know you need to have it," Rosch said. "The Trust Seal is different and this is a market creation opportunity for us."
Rosch noted that he doesn't expect that there will be any user confusion between the Trust Seal and the VeriSign Secured seal, and stressed that the Trust Seal is specifically for sites that don't do any kind of transactions. Without SSL encryption, which is not ensured by the new mark, transaction information, such as payment or user data, is at risk and could be intercepted by an attacker.
He also said that VeriSign will strictly enforce which sites can use the Trust Seal.