VeriSign Inc. has long been known for certifying large e-commerce sites as being authentic and protected with their own SSL transaction encryption. Now it’s extending its brand under a new VeriSign Trust program to small as well as large web sites to cover protection from malware that can infect web sites with data-stealing programs.
The company estimates that almost half of e-commerce sites don’t encrypt transaction data, such as customers’ credit card numbers, using SSL, or Secure Sockets Layer. Instead, outside firms provide their web shopping carts and take responsibility for protecting that sensitive information. VeriSign has not in the past made its certification seal available to such sites. “That means that nearly half of merchants have been unable to take advantage of our trust mark,” says Tim Callan, vice president of product marketing. “We’re excited to be able to change that.”
VeriSign now is introducing a new VeriSign Trust Seal, which displays the VeriSign’s checkmark logo with the words “VeriSign Trusted” within the seal. The company is offering the seal first to smaller companies that use hosted shopping carts, and charging them $299 per web domain name per year. In return, VeriSign will scan those sites each day for malware.
Later this year, VeriSign will also offer the new seal and the malware-scanning software to its traditional customers as a value-added service for no extra fee, Callan says. He adds that VeriSign is reselling the malware-scanning software of another security software company, which VeriSign has not publicly named. If the software discovers malware on a client site, it automatically removes the VeriSign Trust Seal from the infected site and alerts the site operator of the problem. The site operator would then use the application’s console to remove the malware, Callan says.
Malware, or malicious software, is often downloaded from the Internet to web sites via network hackers or e-mail without site operators’ knowledge. Criminals use the malware for purposes such as stealing customer account data or to automatically send out spam e-mail designed to trick consumers into revealing credit card account data and other confidential information.
Jonathan Penn, a vice president and analyst at Forrester Research Inc. who follows security technology and strategies, says VeriSign appears to be making a good move with its new seal and malware-scanning application for at least two reasons. Having a single site security seal across all its clients’ e-commerce sites will be less confusing for consumers than if VeriSign offered two different seals depending on a site’s method of data transaction encryption, he says.
In addition, moving into site protection monitoring services related to malware will enable VeriSign to better compete against McAfee Inc., which rivals VeriSign in security brand recognition and is more established in site security certification. In 2008, McAfee acquired ScanAlert Inc. and integrated ScanAlert’s Hacker Safe site security technology into McAfee’s SiteAdvisor platform.
To address what Penn says is a growing concern among consumers about fraud in search results that can lure shoppers to fraudulent web sites designed to steal payment account and other confidential data, VeriSign is planning to offer its new VeriSign Trust Seal as well as its VeriSign Secured Seal in association with third parties such as TheFind, an Internet shopping engine. TheFind and VeriSign recently released a study that showed that shoppers click through to online merchants 18.5% more often when the merchants display the VeriSign Secured Seal in search results on TheFind.com, compared to merchants on the shopping site who don’t display the seal.