Feeds

There's certs and certs – VeriSign badmouths rivals

Do we hear something about a price rise?

  • alert
  • submit to reddit

The Power of One Infographic

ComputerWire: IT Industry Intelligence

Apparently refusing to be drawn into a digital certificate price war, VeriSign Inc is said to be on the verge of raising the price of some certs by up to 60%, and is mounting a marketing and education campaign saying its authentication services are more trustworthy than those of some of its rivals.

The company announced a "Trusted Commerce" initiative, which will include "fairly significant" advertising and PR aimed at getting consumers to realize that all the "solid padlocks" that appear in their browsers are not equal, and that some are more trustworthy than others.

VeriSign senior VP Ben Golub said the campaign is aimed at differentiating VeriSign's digital cert services from those "quick" certs offered by emerging rivals including GeoTrust Inc. VeriSign manually authenticates the identity of its customers using a variety of methods before issuing a cert, and says rival automated offerings are less foolproof.

Part of VeriSign's initiative is its participation in industry standards, mainly WebTrust, an auditing standard for best practices developed by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. VeriSign, Entrust Inc and Baltimore Technologies Inc are WebTrust-certified.

GeoTrust offers QuickSSL, which allows e-commerce site owners to obtain a digital certificate in a matter of minutes, as opposed to the day or more VeriSign takes. For authentication, the automated system compares the details of the person requesting the cert against the details in the Whois database pertaining to that domain.

According to Golub, this kind of system could allow unscrupulous individuals to pretend to be other, trusted companies, by registering a domain name that is confusingly similar to that of a major company, then getting a cert based on that domain.

"They're not doing the same level of authentication that VeriSign does," Golub said. "If domain ownership is unauthenticated, as it is today, you need to go to the next level of authentication." A VeriSign statement said the company wants to "notify consumers and online merchants about risky practices of 'quick' or reduced authentication that doesn't adequately identify online merchants."

GeoTrust CEO Neal Creighton said the company has sold 40,000 digital certificates and has had no reported problems with any of them. He noted that VeriSign accidentally issued two certs to a person posing as a Microsoft Corp employee last year. That caused both companies some embarrassment, but no reported security breaches.

Creighton confirmed that GeoTrust has not been certified by WebTrust, but expects to be shortly. "We're going through the audit," he said. "There's nothing in the WebTrust standards that prohibits automated authentication." He said that the automated system also sometimes phones buyers to confirm their identity, and has algorithms in place to prevent fraudsters registering certs under lookalike company names.

Creighton noted that GeoTrust has increased its market share from 2% to 11% since it bought its certs business in October, and that most of its share is coming from VeriSign, which is the runaway market leader through its VeriSign and Thawte brands. VeriSign's Golub said the company has seen negligible churn to GeoTrust.

GeoTrust sells its certs for $119 a year, compared to VeriSign's between $250 and $350. Entrust, which is WebTrust-certified, recently took advantage of VeriSign's struggle to grow its revenues by vowing to undercut VeriSign by 40%, banking on VeriSign, by far the dominant player, not following suit.

Not to be drawn into this kind of price war, VeriSign's budget brand, Thawte, is now said to be on the verge of actually raising its prices. Cert buyers have reported recently in online forums that Thawte's prices will increase next month from $125 and $100 to $199 for the first year and $159 for annual renewal thereafter.

"We are not raising the prices on any VeriSign-branded certificates," a VeriSign spokesperson said. The spokesperson was unable to confirm that Thawte-branded certificates would be see the rumored price increases.

© Computerwire.com. All rights reserved.

Mobile application security vulnerability report

More from The Register

next story
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
Price cuts, new features coming for Office 365 small biz customers
New plans for companies with up to 300 staff to launch in fall
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.