Feeds

There's certs and certs – VeriSign badmouths rivals

Do we hear something about a price rise?

  • alert
  • submit to reddit

Build a business case: developing custom apps

ComputerWire: IT Industry Intelligence

Apparently refusing to be drawn into a digital certificate price war, VeriSign Inc is said to be on the verge of raising the price of some certs by up to 60%, and is mounting a marketing and education campaign saying its authentication services are more trustworthy than those of some of its rivals.

The company announced a "Trusted Commerce" initiative, which will include "fairly significant" advertising and PR aimed at getting consumers to realize that all the "solid padlocks" that appear in their browsers are not equal, and that some are more trustworthy than others.

VeriSign senior VP Ben Golub said the campaign is aimed at differentiating VeriSign's digital cert services from those "quick" certs offered by emerging rivals including GeoTrust Inc. VeriSign manually authenticates the identity of its customers using a variety of methods before issuing a cert, and says rival automated offerings are less foolproof.

Part of VeriSign's initiative is its participation in industry standards, mainly WebTrust, an auditing standard for best practices developed by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. VeriSign, Entrust Inc and Baltimore Technologies Inc are WebTrust-certified.

GeoTrust offers QuickSSL, which allows e-commerce site owners to obtain a digital certificate in a matter of minutes, as opposed to the day or more VeriSign takes. For authentication, the automated system compares the details of the person requesting the cert against the details in the Whois database pertaining to that domain.

According to Golub, this kind of system could allow unscrupulous individuals to pretend to be other, trusted companies, by registering a domain name that is confusingly similar to that of a major company, then getting a cert based on that domain.

"They're not doing the same level of authentication that VeriSign does," Golub said. "If domain ownership is unauthenticated, as it is today, you need to go to the next level of authentication." A VeriSign statement said the company wants to "notify consumers and online merchants about risky practices of 'quick' or reduced authentication that doesn't adequately identify online merchants."

GeoTrust CEO Neal Creighton said the company has sold 40,000 digital certificates and has had no reported problems with any of them. He noted that VeriSign accidentally issued two certs to a person posing as a Microsoft Corp employee last year. That caused both companies some embarrassment, but no reported security breaches.

Creighton confirmed that GeoTrust has not been certified by WebTrust, but expects to be shortly. "We're going through the audit," he said. "There's nothing in the WebTrust standards that prohibits automated authentication." He said that the automated system also sometimes phones buyers to confirm their identity, and has algorithms in place to prevent fraudsters registering certs under lookalike company names.

Creighton noted that GeoTrust has increased its market share from 2% to 11% since it bought its certs business in October, and that most of its share is coming from VeriSign, which is the runaway market leader through its VeriSign and Thawte brands. VeriSign's Golub said the company has seen negligible churn to GeoTrust.

GeoTrust sells its certs for $119 a year, compared to VeriSign's between $250 and $350. Entrust, which is WebTrust-certified, recently took advantage of VeriSign's struggle to grow its revenues by vowing to undercut VeriSign by 40%, banking on VeriSign, by far the dominant player, not following suit.

Not to be drawn into this kind of price war, VeriSign's budget brand, Thawte, is now said to be on the verge of actually raising its prices. Cert buyers have reported recently in online forums that Thawte's prices will increase next month from $125 and $100 to $199 for the first year and $159 for annual renewal thereafter.

"We are not raising the prices on any VeriSign-branded certificates," a VeriSign spokesperson said. The spokesperson was unable to confirm that Thawte-branded certificates would be see the rumored price increases.

© Computerwire.com. All rights reserved.

A new approach to endpoint data protection

More from The Register

next story
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?