Product 11-03-2014

The Value of Authentication


A decade ago, shopping was an easy and relatively worry-free activity: select the items you want, put them in your cart, check out. Today's Internet shoppers are still using carts, but now they need to worry about whether the store is trustworthy, and if it is safe to pay for the items they selected without someone stealing their financial information.

More of our life is spent online, and with that trend accelerating, there is a greater need than ever for our personal information to be protected.

Users Have Reason to Feel Unsafe

The Internet Crime Complaint Center (IC3), in conjunction with the FBI, reports annually on the monetary loss to consumers through online forms of fraud. IC3's most recent annual report states, "In 2013, the IC3 received 262,813 consumer complaints with an adjusted dollar loss of $781,841,6111, which is a 48.8 percent increase in reported losses since 2012."

The consumer's relationship with the web is only going to deteriorate as this number grows. Bolstering web security and encryption can bring real-world value to a company through their trust with the consumer.

Feeling safe online is only achieved through authentication and encryption. In the real world, a face-to-face interaction merits trust in many different ways, and different situations yield different levels of trust. The man in the large dark hooded jacket in that dark alleyway garners less trust than the cheery face helping you try on shoes at a department store.

The cues that we pick up on in face-to-face interactions are nearly impossible to spot in an online transaction. Peace of mind online comes down to trusting someone you have never met. A company may be 100% legitimate but if you have never done business with them, consumers tend to hesitate.

That's Where Digital Certificates Come In

From a technical point of view the third-party trust online comes through Digital Certificates. A company can automatically create a secure session, trusted by a third party and immediately verified by the consumer's computer. The verification and encryption process is completely seamless for the consumer, there is no setup required. Once the secure session is established any modern web browser will show a reassuring green padlock indicating a secure connection. The end-user can check at any time to make sure the data they are about to send is secured. They can also know through the use of the handy green padlock exactly who the server belongs to and which authority assures them of that.

The value of the secure TLS handshake goes as far as the value of the data being encrypted. Whether an online merchant, or a company collecting sensitive data about its users, this encryption is essential. When TLS is utilized by a web server the consumer can feel confident that the sub-par WiFi in the coffee shop they're sitting in is as secure as an enterprise network.

When online criminals attempt to deceive a consumer into giving up sensitive information, they often use cheap phishing tricks to navigate users to a compromised web address. Any web server that operates on unencrypted HTTP can be easily spoofed. It is fairly easy for a web service to disguise itself as another.

Trusted third parties like DigiCert identify and verify if a server is who they claim to be. Without this kind of third party verification, a server can get spoofed much easier. Consumers can easily see (through the use of a modern web browser) what company runs the server they are connected to.

Julien Vehent (Internet Security Architect & Senior OpSec at Mozilla) ran a process to check the top one million websites see if they are using secure SSL/TLS and what types they use. In this report Vehent says, "A total of 451,470 websites have been found to have TLS enabled. Out of 1,000,000, that's a 45% ratio." This means that of the top sites out there, less than half are secure.

It Comes Down to Trust

Any honest company needs to implement procedures to ensure the safety of the customer and his or her information. The relationship a single consumer has with a company can mean continued service and increased profits overall. When that web request is received by the user, the relationship starts. At the point a user decides to share their data, and they see that green padlock in the URL bar, they know they have a trusted connection.

While a customer may never actually shake hands with the online business owner, they can feel safe knowing that a TLS handshake has secured their safety.

To learn more about DigiCert SSL Certificates, visit our certificate product page.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Pioneering the next wave of secure digital solutions 


4 best practices for bulk email senders



Driving digital trust with SOC 2-compliant DNS