AOTA Credits Increased Online Consumer Trust in 2008 to EV SSL Certificate Adoption
IRS to require Extended Validation SSL certificates for online tax filing

SEATTLE, WA – November 20, 2008 – Today, the Authentication and Online Trust Alliance (AOTA), announced Extended Validation Security Socket Layer (EV SSL) certificate adoption has dramatically increased in 2008, providing a more secure environment for ecommerce, ebanking, social networking and now etax filing. AOTA estimates there are currently more than 10,000 EV Web sites, up from 4,000 when AOTA first issued a call for all ecommerce and banking sites to adopt EV certificates 10 months ago.

AOTA made today’s announcement coinciding with the United States Internal Revenue Service mandate that is expected to take effect January 1, 2009. That move will require authorized IRS e-file providers participating in online filing of individual income tax returns to possess a valid and current EV SSL certificate. Furthering this security and privacy push, the IRS will require e-file sites to create and publish privacy and information on safeguard policies, obtain a privacy seal signifying an IRS-approved service, and report all security and privacy breaches to the IRS.

“The IRS mandate demonstrates how business, industry and government can work together to enhance online safety and consumer trust,” said AOTA Chairman and Founder Craig Spiezle. “This action is critical to improve e-filers’ legitimacy since cyber-thieves have notoriously impersonated the IRS through deceptive email and fraudulent websites.  With consumer trust so important entering this holiday season, AOTA urges all ecommerce and banking sites consider the IRS requirements and commitment to online trust.” 

EV SSL Certificates were created to address the rise in Internet fraud that was eroding consumer confidence in online transactions. EV SSL certificates are an emerging standard that help verify and further validate a Web site owner. When consumers visit an EV SSL certified Web site, they will notice a green address bar, signifying trust in that site, (see below).  A study by Tec-Ed Research says that 97 percent of online shoppers are likely to share their credit card information on sites with the green EV bar, as opposed to only 63 percent with non-EV sites.

“As the newer Internet Browsers supporting EV SSL certificates have proliferated the marketplace, Bank of America has received very positive feedback from its customers on our successful implementation of them in the online banking space,” said AOTA member and vice president for online banking privacy & security at Bank of America, Nicole Loffredo. “Bank of America is committed to providing customers with the best security tools available, and supporting EV certificates’ capability is in line with that mission.”

“PayPal has been an enthusiastic supporter of Extended Validation SSL certificates, ever since the idea was first proposed," said Michael Barrett, chief information security officer of PayPal.  "We converted the entire PayPal site over to EV SSL certificates in early 2007 and have been very pleased with the results.  PayPal strongly encourages the rest of the industry to adopt EV SSL certificates in order to give consumers more confidence in their online transactions.”

When AOTA first voiced its support of EV SSL certificates, only one Internet browser — Internet Explorer 7 — supported them. Ten months later, leading Internet browsers — Apple Safari 3.2, Firefox 3, Google Chrome, Microsoft Internet Explorer 7 and 8, and Opera 9.5 — all support EV SSL Certificates. AOTA member companies deploying EV SSL certificates include Bank of America, DigiCert, GeoTrust, Go Daddy, Microsoft Corporation, MXLogic, and VeriSign, Inc.

To learn more about EV SSL certificates, visit https://otalliance.org/resources/EVresources.htm

Industry Quotes:

"The Internet continues to grow at an unprecedented rate as a powerful medium for sales and communication," said Ken Bretschneider, AOTA member and DigiCert, CEO.  "EV SSL certificates play a decisive role in fostering online trust with a visual reminder that a site and it's organization are legitimate."

"Consumers are looking to make sure their transactions online are safe," said Go Daddy President and COO Warren Adelman, also an AOTA member. "The higher vetting standards and the readily visible 'green bar' help assure consumer confidence."

“In uncertain economic times, consumers aren’t taking any chances with the money they do have,” said Tim Callan, AOTA steering committee member and vice president of product marketing at VeriSign. “Therefore, more than ever, in order to get consumers to make online transactions, Web-reliant businesses must be able to instill trust online, and that’s exactly what EV SSL certificates do.”

About The Authentication and Online Trust Alliance (AOTA):
Founded in October 2004, the mission of AOTA is to foster the elimination of email and Internet fraud, abuse and data intrusions, thereby enhancing online trust, confidence and online protection of businesses and consumers. The goals include but are not limited to facilitating best practices, data sharing, the deployment and implementation of authentication, identity and reputation solutions as well as domain defense strategies. AOTA represents over one million businesses and 500 million users worldwide, with members in Brazil, Canada, United Kingdom, Denmark, Germany, Romania, Singapore and the United States. AOTA is a 501c6 IRS-approved non-profit, governed by a Board and Steering Committee including the Bank of America, BoxSentry, Datran Media, Epsilon, Goodmail Systems, Habeas, Iconix, Internet Identity, IronPort (a division of Cisco Systems), MarkMonitor, Message Systems, Microsoft Corporation, MX Logic, Return Path, Symantec Corporation and VeriSign.