Forum Moderators: buckworks
[online.wsj.com...]
In a nutshell, Microsoft will be selling certificates that will verify that your site is genuine and not a phishing site. The certificate will turn your address bar green. I am not clear if this applies to the entire site or only to the secure pages that transmit encrypted data.
LLC's and Corporations can obtain certificates. Sole proprietorships can't. Sites that don't have a certificate will continue to have white address bars.
Can anybody here shed more light on this?
1. How much will these certificates cost? (I read one rumor that they might cost over $1200. While I have an LLC and would qualify, I can't afford that).
2. Do they only apply to secure pages, or to the whole site?
My site is PCI-compliant. I use a shared hosting server. My only secure pages are in the shopping cart, and that is hosted by Mals e-Commerce.
3. With a setup like mine (which I'm sure is very common), would I need a certificate for my whole site? Or are the secure pages the only ones the certificate applies to?
I'm also curious about what people here think about this? I think it will hurt small businesses, will be a boon to big business (and Micro$oft) and will only reduce phishing until the phishers find a way around it.
For some reason I never get email notifications, but I will check back to see if there is any response to this. Thanks!
The phishing filter is different. In theory, phishing sites could obtain Extended Validation Certs, too. If a server ends up on Microsoft's phishing site list, it turns the address bar red, and pops up a warning box.
Whether customers really care if the address bar turns green or not remains to be seen.
"New browser versions – starting with Internet Explorer® 7 in early 2007 – change address bar color from white to green when displaying an Extended Validation SSL-secured page."
So my question remains, does this certificate only apply to SSL pages? I don't serve any SSL pages on my site. My only SSL pages are served by Mals shopping cart, on their server.
If the page is not SSL-secured, the address bar remains white (or red, if it's on Microsoft's list of suspected phishing sites).
FWIW, while I was waiting for a response here, I called Comodo and asked them the same question. The man in sales told me the certificate would turn my address bar green on ALL my pages sitewide, and then he tried to sell me an EV-SSL certificate for hundreds of dollars.
Then I called GoDaddy. The woman there told me what you did, and said that under my circumstances I didn't need one.
Just my 2 cents...
Only the technically savvy shoppers are aware of the Browser Lock turning on (or not turning on) during checkout. Most customers (my mom for example) simply hope their credit card goes through without an error message, and the presence (or absence) of a browser lock, a BBB Seal, or a green address bar is totally irrelevant.
A well-designed site with easy navigation, professional images, fast page loading, and a well thought-out checkout system is (IMHO) much more important to a potential customer, giving them the sense that your site is trustworthy and going to be around for the long-term.
They want to be reassured that they'll receive their purchases, their personal information is protected, and that they can come back next month if there's a problem. These are things that cannot be conveyed by the color of the address bar.
But, as many online shoppers are oblivious of the padlock on secure pages, they might also expect that any page of an online shop ought to show the green address bar - secure or not. Does anyone know if there will be a way to apply an EV SSL-type green address bar to non-secure pages?
