VeriSign white paper sample

The Internet is full of dangers for the unsuspecting and the unprepared. Identity theft and phishing attempts are everyday events -- every hour events for some of us, it seems -- and the consequences of succumbing can be devastating. To protect vulnerable users from these kinds of attacks, companies such as VeriSign have developed encryption technologies (Secure Sockets Layer or SSL Certificates) for protecting the data that identity thieves crave, especially credit card numbers, payment information, social security numbers, passwords, and confidential personal data. And, since no amount of encryption can protect against a gullible individual giving away prized information to an imposter, the Certificate Authority/Browser Forum, an organization of leading certification authorities (CAs) and vendors of Internet browser software and other applications including VeriSign and others, have also developed another level of technology called Extended Validation (EV) SSL, for providing reassurance that the author of a Web site is indeed who it claims to be.

In the past, it was up to businesses to choose whether to take advantage of these technologies. While many did, some did not -- and the consequences fell not only to the victims themselves, but also to institutions that often have to pay directly or indirectly for their mistakes, institutions such as credit card issuers. In order to protect themselves, these institutions, along with governments at various levels and their related standards bodies, have created standards and/or regulations that mandate the use of security and protection technologies in a variety of circumstances. As a result, for institutions naive or careless enough that the danger itself is not a sufficient motivator for using encryption and related technologies, now there is another excellent reason to employ them -- because to do otherwise may violate a standard or regulation and risk often-dire consequences.

This white paper explores these standards and regulations -- some firmly in place, some emerging, others in the formative stage -- and describes the recommendations or requirements they impose for using encryption and related technologies. The reader should bear in mind that this area is a fast-moving target. Today’s recommendations are tomorrow’s requirements, and new standards are arising all the time. The sooner an enterprise complies, the better positioned it is for the future.