Upload
opensrs
View
503
Download
3
Embed Size (px)
DESCRIPTION
The presentation given by Jay Schiavo, VeriSign, to OpenSRS Resellers
Citation preview
How to Effectively Sell SSLCertificates
Name of Presenter: Jay Schiavo, Sr. Manager – Product
Management
2
Introduction
+ Understanding the Need for SSL
+ Leveraging Multiple Brands of SSL Certificates
+ Taking Advantage of Extended Validation SSL
+ Q&A
Understanding the Need for SSL
4
Phishing Attacks are Still a Problem
+ Phishing reports remain high in 2008 –
over 25,000 new sites reported per
month! Over 34,000 in October of 2008
+ Sites becoming more sophisticated
+ Less than .25% use an SSL cert
+ Attackers looking for greener fields! Utility bills, wireless phone service,
eCommerce site, fundraisers
! March madness attacks
+ 90% fooled in April 2006 Harvard / UC
Berkeley study
1. Anti-Phishing Working Group, www.apwg.org
Phishing Reports Received July'07 - June '08
28,151
23,76224,924
25,630
30,716
23,91725,624
38,514
31,650
28,074
25,683
29,284
0
5,000
10,000
15,000
20,000
25,000
30,000
35,000
40,000
45,000
July
August
September
October
November
December
Januray
February
March
April
May
June
5
Online crime’s effect on consumers
+ Fraud and identity theft have created a chilling effect on e-
commerce
! TNS research in August 2006 reported 87% consumers are concernedabout CC fraud and 83% are concerned about sharing personal info
! 84% believe businesses not doing enough to protect them
! 65% shop only at sites they know and trust (TNS research report 2006)
! 24% don’t purchase online at all1
+ Additional data from recent Consumer Reports Webwatch
! 53% of online users won’t give up personal information online
! 30 percent of the consumers surveyed reported reducing their overalluse of the Web
! 25 percent say they no longer make online purchases
1 Forrester Research, December 2005. http://www.internetretailer.com/article.asp?id=17763
2 “Why Phishing Works,” April 2006. http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf
6
Results of these Concerns
+ According to a Cybersource 2008 report $3.6B in online revenues
lost as a result of fraud on the internet
! Up 16% from 2006
+ To ease consumers fears businesses are using SSL and displaying
a site seal from trusted brands like VeriSign, GeoTrust and thawte
! SSL is needed to meet PCI compliance
+ Extended Validation is the next step
7
Applications using SSL is Growing
+ Secure browser to Web server communications whencollecting financial and personal data! eCommerce sites! Banking applications! User/Member login pages! Sign-up pages
– Anywhere they collect private information about their customers
! VPN access! Web access to email! Intranets! Development or test environments! Sensitive business information (business partners, remote offices)
8
+ One single fully qualified domain name per certificate• More credibility with the customer
- Customer won’t experience a domain name change in middle ofshopping experience (i.e. go from http://www.mydomain.com tohttps://sharedssl.com/mydomain or https://mydomain.sharedssl.com ifthe wildcard method is used)
• Reduces Risk of low-customer confidence
+ Prevents users from experiencing a domain name change at payment time
+ Consumers are more likely to purchase from a site that uses a dedicated SSLcertificate
The Bottom Line:
The cost, ease of obtaining an SSL certificate and potential loss of
revenue from having a shared SSL make having a dedicated SSL
certificate critical
Dedicated vs. Shared SSL
Leveraging Multiple Brands of SSLCertificates
10
Bifurcation of SSL Market: Optimize your revenue opportunity
+ Price Sensitive
! Perceive SSL as a commoditizedtechnology
! Fast growing reseller segment
! Extreme price sensitivity
+ Brand Conscious
! Pay premium for brand
! Demand highest encryption strength
! High focus on reducing shopping cartabandonment
11
Key Strengths of the VeriSign SSL Brands
VeriSign1. Most Reputable
brand and leader inInternet Security
2. Power to buildconsumerconfidence onlineand boost onlinesales
3. Online BusinessEnabler whosename has a strongassociation withtrust
GeoTrust
1. Has the second
largest user base
in the Internet
Security Industry
2. Characterized as
a high quality
brand that offers
convenience and
affordable
certificates
3. Very competitive
product lines and
strong US
presence
thawte
1. Strongest
authentication at
an affordable
price
2. A very loyal
customer base
3. Has a significant
footprint in the
international and
open source
communities
12
3 Main Types of SSL Certificates
+ Domain Validated SSL Certificates! Validates domain is registered and someone with admin rights is aware of
and approves the certificate request
! Automated process takes less than 10 minutes
+ Organization Validated SSL Certificates! Validates domain ownership, plus organization information included
in the certificate (name, city, state, country)
! Manual process takes 1-2 days
+ Extended Validation SSL Certificates! Validates domain ownership and organization information, plus legal
existence of the organization and that the organization is aware of andapproves the request
! Manual process takes 3-5 days
13
Range of SSL Certificates By Validation
+ Extended Validation
+VeriSign Secure Site Pro with EV, Secure Site with EV
+thawte SSL Webserver with EV, GeoTrust TrueBusinessID with EV
+ Organization Validation
+VeriSign - Secure Site Pro, Secure Site
+thawte - SGC SuperCert, SSL Webserver / Wildcard
+GeoTrust – TrueBusinessID / Wildcard
+ Domain Validation
+thawte – SSL123
+GeoTrust – QuickSSL, QuickSSL Premium
14
Choosing the Right Brand For You
+ Choose two brands
! Eliminate confusion in marketing materials
! Properly position the brands you choose
! Offer the right product mix to maximize revenues
– Domain vetted, 2 organization vetted and 2 EV types
+ GeoTrust vs. thawte
! Offer one of these brands
! GeoTrust is strong in North and South America as well as WesternEurope
! Thawte is stronger in APAC, Eastern Europe, Africa
! Stay the course if already offering one of the brands
+ Leverage VeriSign as the upsell brand
Taking Advantage of ExtendedValidation SSL
16
All Users Cannot Know All the Attacks
Phishing
Identity Theft
Fraud
Viruses
Pharming
Trojan Horses
Spyware
Scams
17
The Extended Validation (EV) solution
X.509 Certificates with encryption
Same strong level of encryption protection
Uses existing technology
Stronger identity authentication - CA/Browser Forum guidelines
Standardized requirements for certificate content validation
New WebTrust audits
More visible browser UI displayMore visible browser UI display
Pulls content direction from certificatePulls content direction from certificate
Clear display in browser chromeClear display in browser chrome
EV certificates have a unique identifier differentiating them from non-EVEV certificates have a unique identifier differentiating them from non-EV
Backward compatible for legacy browsersBackward compatible for legacy browsers
18
Market Adoption
Market Share (by Net Application), May 2009; http://marketshare.hitslink.com/report.aspx?qprid=3
http://marketshare.hitslink.com/report.aspx?qprid=3
+ Over 75% of the browsers inthe world can display thegreen address bar
+ Browser support
! IE 7 (44.51%)
! Firefox 3.0 (20.25%)
! Safari 3.2 (4.29%)
! Internet Explorer 8 (3.99%)
! Google Chrome (1.41%)
! Safari 4 (0.80%)
! Opera 9.5 ( 0.65%)
! Others likely to adopt aswell
19
The EV User Experience
20
The EV User Experience
21
The EV User Experience - Opera
22
EV Benefits Every Step in the Value Chain
+ Site owners
! Increase transactions on the site
! Provide a premium customerexperience
! Associate security with yourbrand
! Easy to implement
! Users will spend more whenprivacy is ensured
+ Site visitors
! Can feel confident in doingtransaction on a site
! Positive online experience with abusiness
“ VeriSign gives us an easily identifiable way for
our customers to know their transactions are
secure, and that they’re on the actual E*TRADE
site. We’re educating our client base to look for
the VeriSign EV Certificate as the new standard
for e-commerce security. They’ll know that
when the bar is green, the site is clean.”
“ We set out with the hope to avoid erosion of
our customers’ rate of completion of financial
forms. In fact, since the deployment of EV
certificates we’ve had an 11 percent increase in
IE7 browsers alone, which has contributed
significantly towards our current overall rate of
form completions—which are on par with or
exceeding the industry averages for conversion
rates.”
Stephen Pauley
Network Operations Manager
E*TRADE Australia
John Turner
President
DebtHelp.com
23
EV Results
+ ROI calculations
! 48,000% for dwell.com
! Over 16,000% for DebtHelp.com
! 7,440% for VirtualSheetMusic.com
+ Users that can see the green bar spend more
! 27% increase in ticket size for EV customers for CanadaDrugs.com
+ Decreased shopping cart abandonment
! 13.3% reduced abandonment for FitnessFootwear.com (UK)
+ Decreased security concerns
! 27% of customers abandon due to security concerns forCRSHotels.com
24
Site Visitors Respond Very Favorably to Green Bars
Measured their responses to Web sites with and without green bars
! 100% of participants notice whether a site shows the green EV bar
! 93% of participants prefer to shop on sites that show the green bar
! 97% are likely to share their credit card information on sites with the
green EV bar, as opposed to only 63% with non-EV sites
! 88% trust the name VeriSign on a site, as opposed to only
22% for the next most trusted SSL provider
January 2007, Tec-Ed researched usage and attitudesof 384 online shoppers
25
Key Take-Aways
+ Educate your customers on the need for SSL – they are real
+ Focus on facts and data points
+ Offer the right brand and product mix for your customers
+ Leverage VeriSign brand and EV certificates as upsell opportunities
to maximize your revenues
+ Boost online transactions for your customers with EV
26
Questions + Answers