The “Trusted Commerce” initiative cites research firm Gartner which found that as many as 15% of digital certificates “are not fully trustworthy.” According to VeriSign, its initiative aims to drive the development of authentication standards by industry participants, and to warn both consumers and merchants against the “risky practices of quick or reduced authentication that does not adequately identify on-line businesses.”
News site TheRegister.co.uk quotes a senior Vice President of VeriSign who singles out GeoTrust, a VeriSign rival, for criticism. GeoTrust, provides a service called QuickSSL, which issues digital certificates within minutes by using an automated system. The company claims to have sold 40,000 digital certificates to businesses in more that 80 countries.
However, Ben Golub told The Register that this system is risky because it is easily exploited by fraudsters. All they need to do is register a domain name that is confusingly similar to that of a major company- and they can then get a certificate based on that domain.
VeriSign, by comparison, claims that it performs manual checks before issuing certificates. It says it “has the most experience identifying online merchants and verifying that identity to consumers."
However, its system is not infallible; last year, as GeoTrust pointed out to The Register, VeriSign accidentally issued two certificates to a person posting as a Microsoft employee.