Results 1 to 16 of 16
  1. #1
    Join Date
    Jun 2004
    Posts
    43

    Ecommerce disaster

    I read that Microsoft will start implementing a new Web Seal that will only turn green in their broswer if the merchant is verified, i.e. if you have a full certificate (not just domain-based ssl). It requires extensive verification, and only large companies can qualify.

    I tried to get one from Comodo, but it's endless paperwork.

    This will be the end for many small web vendors!

    Any comments?

  2. #2
    Join Date
    Nov 2005
    Location
    USA
    Posts
    874
    What is the cost assicated? what is the procedure?
    GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAS, or even across the internet

  3. #3
    Join Date
    Jul 2003
    Location
    Castle Pines, CO
    Posts
    7,189
    From Comodo, probably around $500. The companies are trying to reduce fraud since so many people fall for phishing.

    Comodo Offers EV SSL Certs and Comodo charts future with industry leaders to establish online trust through new class of EV SSL Certificates

  4. #4
    Join Date
    Jun 2004
    Posts
    43
    Yes, but they want to get a physical address, etc.

    I'm just a one-man operation working from home. They do not allow that.

  5. #5
    Join Date
    Jul 2003
    Location
    Castle Pines, CO
    Posts
    7,189
    Unfortunately it sounds like a lot of people are caught in the middle. You have the hackers trying to beat everyone and companies trying to protect the consumers. It might seem like the companies have gone overboard, but with so much liability in this - they have to do their best to protect the consumer as well as themselves

  6. #6
    Join Date
    May 2003
    Posts
    267
    I wonder why nobody yet said "screw Microsoft with their IE and let's use FireFox!" Or am I missing something here?
    And what kind of SSL is this anyway? Somebody posts some links here please...
    Amirocms.com

  7. #7
    Join Date
    Jul 2006
    Location
    USA, EU, UK, CA, AUS
    Posts
    1,798
    The SSL is basically the same but there is a high assurance process which validates the physical location of the domain owner. This has been around before but there was no way of differentiating a low assurance SSL from a high assurance one.

    Just wait for the hype and dust to settle and then these high assurance SSL's will once again be easy to obtain and probably cost aroun $100 USD. SSL companies (ie mainly Verisign) need to find new ways to make their product look like its adding value but they can't price themselves out of the market.

    The low assurance SSL will work just fine but don't give you the green bar (it stays white) so there is no real need to upgrade any current SSL's.

    Forget about ditching IE for FF as FF will no doubt follow suit too. And anyway most of the world uses IE whether we like it or not.

  8. #8
    Since the majority of small to medium sized merchants will be using a payment processor the SSL certificate in question will be the processors and not the merchants.

  9. #9
    sounds complicated.

  10. #10
    Join Date
    Mar 2001
    Posts
    1,434
    Quote Originally Posted by webwrigh
    Since the majority of small to medium sized merchants will be using a payment processor the SSL certificate in question will be the processors and not the merchants.
    Maybe the really really small merchants but most true SMB's in the US and Canada use their own SSL certificate / cart for taking orders.

    These high assurance certs will not be $100 a pop anytime soon. Maybe 400-500 by the end of next year, but the cost is high because the strict requirements to validate them before issuing are quite involved, not to mention the licensing costs to be "accredited" by Microsoft.

    - John C.

  11. #11
    Join Date
    Mar 2002
    Location
    BrewCity
    Posts
    13
    Quote Originally Posted by jgrey1
    Yes, but they want to get a physical address, etc.

    I'm just a one-man operation working from home. They do not allow that.
    I agree this is pretty unfair. I have articles of incorporation, an 800 number, a DnB number, business checking account, but I can't pass this part - "Photos are required showing the site's exterior and the interior reception area or workspace." Maybe I could print out some cheap banner and put it in front of my house

  12. #12
    Sorry to be the one to pipe in here like this - but, nothing wrong with this process at all...

    First off, many of us have been touting this about shared ssl for quite some time - lots and lots of risks...

    If more people coughed up the $50-$60 for a dedicated SSL all of these years, this could have been all avoided - but, no use crying over spilt milk...

    preventing ecommerce fraud is in ALL of our interests. And considering the low cost of ownership for a web store (vs a brick and mortar store) - a cost of $500-$1000 is relatively low for starting a business and being verified as a legitimate business to a global customer base.... I also do not believe that some paperwork to validate your identity is a serious issue at all - in fact, I think most legitimate businesses should be keen on completing this process...

    Your other option, until you have enough cash flow to justify the expense is to simply use paypal to accept payments - which of course means you get redirected to paypal and utilize their secure certificate - still better then shared SSL - and once your business grows beyound a certain point, you can justify the costs associated with getting yourself verified and getting your own internet merchant account..

    the reduction in fraud and abuse will greatly benefit all of us in this business and may result in ecommerce being able to deliver on its potential... which ultimately, will help all of us...

  13. #13
    Join Date
    Jul 2003
    Location
    Castle Pines, CO
    Posts
    7,189
    I agree with Cartika - so many people are falling for phishing emails that maybe it will just make people think. A few companies are just trying to protect some people. You don't have to get one.

    I guess right now you are getting them through Verisign since Comodo has not released their version yet?

  14. #14
    There is also a logistical problem since (as far as I know) an SSL certificate must be tied to an IP address. That would mean the website would also have to use a dedicated IP address. There must be millions of name based websites using shared IP's. Until IPv6 is fully implemented there isn't enough IP addresses to go round.

  15. #15
    Join Date
    Jul 2006
    Location
    USA, EU, UK, CA, AUS
    Posts
    1,798
    SSL certificate isn't tied to an IP or a domain name for that matter - its just that only one site can listen to port 443 per IP. So only one SSL per IP address.

  16. #16
    vswipe.com ssl is high assaurance 256-bit. They are resellers for comodo. i got a free ssl with a merchant account signup. Internet Merchant Accounts only have a six month agreement.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •