The “Trusted Commerce” initiative cites research firm Gartner
which found that as many as 15% of digital certificates “are not
fully trustworthy.” According to VeriSign, its initiative aims to
drive the development of authentication standards by industry
participants, and to warn both consumers and merchants against the
“risky practices of quick or reduced authentication that does not
adequately identify on-line businesses.”
News site TheRegister.co.uk quotes a senior Vice President of
VeriSign who singles out GeoTrust, a VeriSign rival, for criticism.
GeoTrust, provides a service called QuickSSL, which issues digital
certificates within minutes by using an automated system. The
company claims to have sold 40,000 digital certificates to
businesses in more that 80 countries.
However, Ben Golub told The Register that this system is risky
because it is easily exploited by fraudsters. All they need to do
is register a domain name that is confusingly similar to that of a
major company- and they can then get a certificate based on that
domain.
VeriSign, by comparison, claims that it performs manual checks
before issuing certificates. It says it “has the most experience
identifying online merchants and verifying that identity to
consumers."
However, its system is not infallible; last year, as GeoTrust
pointed out to The Register, VeriSign accidentally issued two
certificates to a person posting as a Microsoft employee.
