HSBC adopts "green bar" web security

 

Gallery

By by Darien Graham-Smith at InfoSec

Posted on 24 Apr 2008 at 10:50

HSBC is to be one of the first major corporations to adopt EVSSL, the latest weapon in the fight against online fraud.

Extended Validation Secure Sockets Layer (EVSSL) certificates are a development of the existing SSL certificate system, whereby web browsers display a padlock symbol to indicate when a site has presented a valid security certificate.

But a problem with SSL certificates is that users don't know - and don't know to check - the credentials of the authority who issued the certificate in the first place.

"In 2007, we found around 450 phishing sites that were presenting valid certificates, which had been issued by what you might call 'soft target' authorities," explained John Kerr of Verisign UK, speaking to PC Pro at the InfoSec expo in London.

"Extended validation SSL - EVSSL, for short - was developed to provide more visual proof of a site's credentials."

When a site presents an EVSSL certificate, the address bar in Internet Explorer 7 or Firefox 3 will turn green. An information field will also appear which shows both the name of the organisation to whom the certificate was issued - and the name of the certifying authority.

HSBC has not given a timetable for its adoption of the system, but the bank is confident that EVSSL will represent a step forward for online commerce.

"It's another way for us to prove to customers that they can trust the HSBC website," said Barry Jones, HSBC's Group IT Security Manager. "It's not some hidden control any more - it's right there in front of you."