Feeds

There's certs and certs – VeriSign badmouths rivals

Do we hear something about a price rise?

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

ComputerWire: IT Industry Intelligence

Apparently refusing to be drawn into a digital certificate price war, VeriSign Inc is said to be on the verge of raising the price of some certs by up to 60%, and is mounting a marketing and education campaign saying its authentication services are more trustworthy than those of some of its rivals.

The company announced a "Trusted Commerce" initiative, which will include "fairly significant" advertising and PR aimed at getting consumers to realize that all the "solid padlocks" that appear in their browsers are not equal, and that some are more trustworthy than others.

VeriSign senior VP Ben Golub said the campaign is aimed at differentiating VeriSign's digital cert services from those "quick" certs offered by emerging rivals including GeoTrust Inc. VeriSign manually authenticates the identity of its customers using a variety of methods before issuing a cert, and says rival automated offerings are less foolproof.

Part of VeriSign's initiative is its participation in industry standards, mainly WebTrust, an auditing standard for best practices developed by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. VeriSign, Entrust Inc and Baltimore Technologies Inc are WebTrust-certified.

GeoTrust offers QuickSSL, which allows e-commerce site owners to obtain a digital certificate in a matter of minutes, as opposed to the day or more VeriSign takes. For authentication, the automated system compares the details of the person requesting the cert against the details in the Whois database pertaining to that domain.

According to Golub, this kind of system could allow unscrupulous individuals to pretend to be other, trusted companies, by registering a domain name that is confusingly similar to that of a major company, then getting a cert based on that domain.

"They're not doing the same level of authentication that VeriSign does," Golub said. "If domain ownership is unauthenticated, as it is today, you need to go to the next level of authentication." A VeriSign statement said the company wants to "notify consumers and online merchants about risky practices of 'quick' or reduced authentication that doesn't adequately identify online merchants."

GeoTrust CEO Neal Creighton said the company has sold 40,000 digital certificates and has had no reported problems with any of them. He noted that VeriSign accidentally issued two certs to a person posing as a Microsoft Corp employee last year. That caused both companies some embarrassment, but no reported security breaches.

Creighton confirmed that GeoTrust has not been certified by WebTrust, but expects to be shortly. "We're going through the audit," he said. "There's nothing in the WebTrust standards that prohibits automated authentication." He said that the automated system also sometimes phones buyers to confirm their identity, and has algorithms in place to prevent fraudsters registering certs under lookalike company names.

Creighton noted that GeoTrust has increased its market share from 2% to 11% since it bought its certs business in October, and that most of its share is coming from VeriSign, which is the runaway market leader through its VeriSign and Thawte brands. VeriSign's Golub said the company has seen negligible churn to GeoTrust.

GeoTrust sells its certs for $119 a year, compared to VeriSign's between $250 and $350. Entrust, which is WebTrust-certified, recently took advantage of VeriSign's struggle to grow its revenues by vowing to undercut VeriSign by 40%, banking on VeriSign, by far the dominant player, not following suit.

Not to be drawn into this kind of price war, VeriSign's budget brand, Thawte, is now said to be on the verge of actually raising its prices. Cert buyers have reported recently in online forums that Thawte's prices will increase next month from $125 and $100 to $199 for the first year and $159 for annual renewal thereafter.

"We are not raising the prices on any VeriSign-branded certificates," a VeriSign spokesperson said. The spokesperson was unable to confirm that Thawte-branded certificates would be see the rumored price increases.

© Computerwire.com. All rights reserved.

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.