|
||
|
|
||
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
Building Trust in an Age of Phishy E-Mails
Neal Creighton says that surfers cannot distinguish between fraudulent and legitimate websites, but he has a solution that involves trust, which is what the company he runs is all about.
ISP-Planet Managing Editor [May 13, 2004] |
 |
Wellesley Hills, Mass.-based GeoTrust is a company whose name inspires neither love nor hate, unlike its larger competitor, Mountain View, Calif.-based VeriSign. Among a flood of opprobrium in response to its SiteFinder initiative, VeriSign managed to win the "Internet Villain, 2003" award from the UK ISP Association.
Both companies claim that trust is important to them. VeriSign's tagline is "VeriSign: the value of trust" and GeoTrust has the word in its name.
Trust is an important issue right now, because this is the year of identity fraud, especially the scam known as "phishing" which involves a credible e-mail sent to users asking them to provide their personal information to maintain their account at a bank, or eBay, or some other institution that should already have that information on file.
Internetnews.com has dedicated a Special Report to the subject of fraud, where the site noted on May 6, 2004 that a recent Gartner Group report estimates the annual cost of phishing last year at $1.2 billion, with a higher cost expected this year.
But there's a more insidious cost to phishing as well.
"Eventually, all participants in Internet commerce will be hurt by an erosion of consumer trust in online transactions if phishing attacks are not sharply reduced from current levels," said Avivah Litan, vice president and research director at Gartner in a statement.
Neil Creighton, CEO of GeoTrust, says the company he runs can help restore the trust.
He says customers cannot be expected to learn to differentiate between legitimate and fraudulent websites. In part, that's because the frauds are getting ever more sophisticated. But it's also because people are accustomed to divulging personal information.
"The customer base is asked for their user ID, their password, their PIN number every day, and people are still falling for it," says Creighton.
GeoTrust does think that consumers can protect themselves better than they are. In April, the company released its list of "the top five ways consumers can avoid taking the 'phishing' bait," which are:
- Never give away personal information such as name, password, credit card numbers, or social security numbers unless you initiated the contact with an online merchant or bank. Legitimate institutions do not contact customers by e-mail to inquire about updating account information.
- Look for the closed lock symbol on the bottom of your Web browser. This verifies that you are using a secure website. Click on the lock to make sure that the certificate is issued from a trusted source like GeoTrust/Equifax or VeriSign/Thawte.
- Change passwords frequently and use uncommon passwords when doing business online.
- Encrypt your e-mails when providing merchants with personal information such as social security and credit card numbers.
- Read online bank statements thoroughly each month and look for unauthorized transactions.
But Creighton feels the burden of trust falls on the merchants, who should use updated certificates, and on webhosts, who should not permit their customers to bend the certificate rules. "Phishing happens with sites that are not secured or when the hosting company allows merchants to share certificates."
The company, which grew out of the Atlanta-based credit report behemoth Equifax, has a pedigree in investigating fraud. The company has established procedures for authenticating a merchant, Creighton says.
It uses publicly available information, and supplements that by making a "real-time outbound phone call to that company. We also get the certificate requestor to provide a voice print. That way, we have a strong tie between the company and the session we're in."
If the investigation raises questions, the request for a certificate is flagged for further analysis. "We have a lot of intelligence from experience," he says.
Asked about competition from GoDaddy's cheaper certificates, Creighton says he's not worried. GeoTrust has its own cheaper company, FreeSSL (which is, ironically, not free), but that customers go to GeoTrust because the essence of a certificate is the brand name of the company issuing it.
It's a two company market. He says the market is owned by VeriSign and GeoTrust, which together have 90 percent of it. Although GeoTrust currently has 20 to 30 percent of the market in certificates, he thinks the company could have over 50 percent of the market soon.
And it's a growing market. "From the statistics from NetCraft's SSL Survey, we calculate that the SSL market grew over 40 percent over the last 12 months, he says."
So Creighton sees a big opportunity in a market led by a hobbled company. "VeriSign is a very diversified company. They're not focused, and they're not as aggressive in the space as we are. Yes, they have been a target because of SiteFinder, but you have to respect them. They went from zero to a billion dollars in record time. So they're diversified, and we're focused on an area they may not have as much time for."
So expect more competition in this market—and more sales, as fraud becomes an ever sharper problem. Although the UK ISP Association did not endorse GeoTrust, we're guessing they would endorse any certificate issuer that is not VeriSign.
—End
| Related articles: | ||
| [April 5, 2004] | GoDaddy Adds E-Mail Marketing | |
| [Feb. 26, 2004] | The Search Engine Trojan | |
| [Nov. 26, 2002] | Identity Theft Case Called Largest Ever | |
|
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q4 2007 Top U.S. ISPs by Subscriber (Updated 04/10/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
| Solutions | ||||||
|
||||||
|
||||||
|
||||||
|
||||||