I read that Microsoft will start implementing a new Web Seal that will only turn green in their broswer if the merchant is verified, i.e. if you have a full certificate (not just domain-based ssl). It requires extensive verification, and only large companies can qualify.
I tried to get one from Comodo, but it's endless paperwork.
What is the cost assicated? what is the procedure?
GS RichCopy 360 Enterprise - Voted #1 for data migration and replication in terms of performance and features. Replicate data across between servers in the same network, WAS, or even across the internet
Unfortunately it sounds like a lot of people are caught in the middle. You have the hackers trying to beat everyone and companies trying to protect the consumers. It might seem like the companies have gone overboard, but with so much liability in this - they have to do their best to protect the consumer as well as themselves
The SSL is basically the same but there is a high assurance process which validates the physical location of the domain owner. This has been around before but there was no way of differentiating a low assurance SSL from a high assurance one.
Just wait for the hype and dust to settle and then these high assurance SSL's will once again be easy to obtain and probably cost aroun $100 USD. SSL companies (ie mainly Verisign) need to find new ways to make their product look like its adding value but they can't price themselves out of the market.
The low assurance SSL will work just fine but don't give you the green bar (it stays white) so there is no real need to upgrade any current SSL's.
Forget about ditching IE for FF as FF will no doubt follow suit too. And anyway most of the world uses IE whether we like it or not.
Since the majority of small to medium sized merchants will be using a payment processor the SSL certificate in question will be the processors and not the merchants.
Maybe the really really small merchants but most true SMB's in the US and Canada use their own SSL certificate / cart for taking orders.
These high assurance certs will not be $100 a pop anytime soon. Maybe 400-500 by the end of next year, but the cost is high because the strict requirements to validate them before issuing are quite involved, not to mention the licensing costs to be "accredited" by Microsoft.
Yes, but they want to get a physical address, etc.
I'm just a one-man operation working from home. They do not allow that.
I agree this is pretty unfair. I have articles of incorporation, an 800 number, a DnB number, business checking account, but I can't pass this part - "Photos are required showing the site's exterior and the interior reception area or workspace." Maybe I could print out some cheap banner and put it in front of my house
Sorry to be the one to pipe in here like this - but, nothing wrong with this process at all...
First off, many of us have been touting this about shared ssl for quite some time - lots and lots of risks...
If more people coughed up the $50-$60 for a dedicated SSL all of these years, this could have been all avoided - but, no use crying over spilt milk...
preventing ecommerce fraud is in ALL of our interests. And considering the low cost of ownership for a web store (vs a brick and mortar store) - a cost of $500-$1000 is relatively low for starting a business and being verified as a legitimate business to a global customer base.... I also do not believe that some paperwork to validate your identity is a serious issue at all - in fact, I think most legitimate businesses should be keen on completing this process...
Your other option, until you have enough cash flow to justify the expense is to simply use paypal to accept payments - which of course means you get redirected to paypal and utilize their secure certificate - still better then shared SSL - and once your business grows beyound a certain point, you can justify the costs associated with getting yourself verified and getting your own internet merchant account..
the reduction in fraud and abuse will greatly benefit all of us in this business and may result in ecommerce being able to deliver on its potential... which ultimately, will help all of us...
There is also a logistical problem since (as far as I know) an SSL certificate must be tied to an IP address. That would mean the website would also have to use a dedicated IP address. There must be millions of name based websites using shared IP's. Until IPv6 is fully implemented there isn't enough IP addresses to go round.