Feeds

There's certs and certs – VeriSign badmouths rivals

Do we hear something about a price rise?

  • alert
  • submit to reddit

High performance access to file storage

ComputerWire: IT Industry Intelligence

Apparently refusing to be drawn into a digital certificate price war, VeriSign Inc is said to be on the verge of raising the price of some certs by up to 60%, and is mounting a marketing and education campaign saying its authentication services are more trustworthy than those of some of its rivals.

The company announced a "Trusted Commerce" initiative, which will include "fairly significant" advertising and PR aimed at getting consumers to realize that all the "solid padlocks" that appear in their browsers are not equal, and that some are more trustworthy than others.

VeriSign senior VP Ben Golub said the campaign is aimed at differentiating VeriSign's digital cert services from those "quick" certs offered by emerging rivals including GeoTrust Inc. VeriSign manually authenticates the identity of its customers using a variety of methods before issuing a cert, and says rival automated offerings are less foolproof.

Part of VeriSign's initiative is its participation in industry standards, mainly WebTrust, an auditing standard for best practices developed by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. VeriSign, Entrust Inc and Baltimore Technologies Inc are WebTrust-certified.

GeoTrust offers QuickSSL, which allows e-commerce site owners to obtain a digital certificate in a matter of minutes, as opposed to the day or more VeriSign takes. For authentication, the automated system compares the details of the person requesting the cert against the details in the Whois database pertaining to that domain.

According to Golub, this kind of system could allow unscrupulous individuals to pretend to be other, trusted companies, by registering a domain name that is confusingly similar to that of a major company, then getting a cert based on that domain.

"They're not doing the same level of authentication that VeriSign does," Golub said. "If domain ownership is unauthenticated, as it is today, you need to go to the next level of authentication." A VeriSign statement said the company wants to "notify consumers and online merchants about risky practices of 'quick' or reduced authentication that doesn't adequately identify online merchants."

GeoTrust CEO Neal Creighton said the company has sold 40,000 digital certificates and has had no reported problems with any of them. He noted that VeriSign accidentally issued two certs to a person posing as a Microsoft Corp employee last year. That caused both companies some embarrassment, but no reported security breaches.

Creighton confirmed that GeoTrust has not been certified by WebTrust, but expects to be shortly. "We're going through the audit," he said. "There's nothing in the WebTrust standards that prohibits automated authentication." He said that the automated system also sometimes phones buyers to confirm their identity, and has algorithms in place to prevent fraudsters registering certs under lookalike company names.

Creighton noted that GeoTrust has increased its market share from 2% to 11% since it bought its certs business in October, and that most of its share is coming from VeriSign, which is the runaway market leader through its VeriSign and Thawte brands. VeriSign's Golub said the company has seen negligible churn to GeoTrust.

GeoTrust sells its certs for $119 a year, compared to VeriSign's between $250 and $350. Entrust, which is WebTrust-certified, recently took advantage of VeriSign's struggle to grow its revenues by vowing to undercut VeriSign by 40%, banking on VeriSign, by far the dominant player, not following suit.

Not to be drawn into this kind of price war, VeriSign's budget brand, Thawte, is now said to be on the verge of actually raising its prices. Cert buyers have reported recently in online forums that Thawte's prices will increase next month from $125 and $100 to $199 for the first year and $159 for annual renewal thereafter.

"We are not raising the prices on any VeriSign-branded certificates," a VeriSign spokesperson said. The spokesperson was unable to confirm that Thawte-branded certificates would be see the rumored price increases.

© Computerwire.com. All rights reserved.

SANS - Survey on application security programs

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Ex–Apple CEO John Sculley: Ousting Steve Jobs 'was a mistake'
Twenty-nine years later, post-Pepsi exec has flat-forehead moment
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.