Feeds

There's certs and certs – VeriSign badmouths rivals

Do we hear something about a price rise?

  • alert
  • submit to reddit

The essential guide to IT transformation

ComputerWire: IT Industry Intelligence

Apparently refusing to be drawn into a digital certificate price war, VeriSign Inc is said to be on the verge of raising the price of some certs by up to 60%, and is mounting a marketing and education campaign saying its authentication services are more trustworthy than those of some of its rivals.

The company announced a "Trusted Commerce" initiative, which will include "fairly significant" advertising and PR aimed at getting consumers to realize that all the "solid padlocks" that appear in their browsers are not equal, and that some are more trustworthy than others.

VeriSign senior VP Ben Golub said the campaign is aimed at differentiating VeriSign's digital cert services from those "quick" certs offered by emerging rivals including GeoTrust Inc. VeriSign manually authenticates the identity of its customers using a variety of methods before issuing a cert, and says rival automated offerings are less foolproof.

Part of VeriSign's initiative is its participation in industry standards, mainly WebTrust, an auditing standard for best practices developed by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. VeriSign, Entrust Inc and Baltimore Technologies Inc are WebTrust-certified.

GeoTrust offers QuickSSL, which allows e-commerce site owners to obtain a digital certificate in a matter of minutes, as opposed to the day or more VeriSign takes. For authentication, the automated system compares the details of the person requesting the cert against the details in the Whois database pertaining to that domain.

According to Golub, this kind of system could allow unscrupulous individuals to pretend to be other, trusted companies, by registering a domain name that is confusingly similar to that of a major company, then getting a cert based on that domain.

"They're not doing the same level of authentication that VeriSign does," Golub said. "If domain ownership is unauthenticated, as it is today, you need to go to the next level of authentication." A VeriSign statement said the company wants to "notify consumers and online merchants about risky practices of 'quick' or reduced authentication that doesn't adequately identify online merchants."

GeoTrust CEO Neal Creighton said the company has sold 40,000 digital certificates and has had no reported problems with any of them. He noted that VeriSign accidentally issued two certs to a person posing as a Microsoft Corp employee last year. That caused both companies some embarrassment, but no reported security breaches.

Creighton confirmed that GeoTrust has not been certified by WebTrust, but expects to be shortly. "We're going through the audit," he said. "There's nothing in the WebTrust standards that prohibits automated authentication." He said that the automated system also sometimes phones buyers to confirm their identity, and has algorithms in place to prevent fraudsters registering certs under lookalike company names.

Creighton noted that GeoTrust has increased its market share from 2% to 11% since it bought its certs business in October, and that most of its share is coming from VeriSign, which is the runaway market leader through its VeriSign and Thawte brands. VeriSign's Golub said the company has seen negligible churn to GeoTrust.

GeoTrust sells its certs for $119 a year, compared to VeriSign's between $250 and $350. Entrust, which is WebTrust-certified, recently took advantage of VeriSign's struggle to grow its revenues by vowing to undercut VeriSign by 40%, banking on VeriSign, by far the dominant player, not following suit.

Not to be drawn into this kind of price war, VeriSign's budget brand, Thawte, is now said to be on the verge of actually raising its prices. Cert buyers have reported recently in online forums that Thawte's prices will increase next month from $125 and $100 to $199 for the first year and $159 for annual renewal thereafter.

"We are not raising the prices on any VeriSign-branded certificates," a VeriSign spokesperson said. The spokesperson was unable to confirm that Thawte-branded certificates would be see the rumored price increases.

© Computerwire.com. All rights reserved.

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.