An anti-phishing tool you probably don’t know about

David Pollino
Posted by David Pollino
Security

We made some changes recently to our online banking login pages that got me thinking about an anti-phishing technology available to small businesses that doesn’t get a lot of attention.

man's hands typing on a laptop in a sunny room, woman sipping coffee in background.With the rise in phishing attacks, which deceive consumers and others into visiting fraudulent websites, the question comes up more and more: “How do you know you’re on a legitimate site and not on a phishing site?”

Businesses should ask a similar question. What can you do to reassure your customers and the public that when they visit your business’s website they are on your actual site?

Putting customers at ease

The issue is important for all businesses, but more so if you accept online payments. You want to put your customers at ease that they are sharing their credit card number and other private information with a real business.

The security feature that doesn’t get a lot of media coverage but that I’ve encouraged businesses to evaluate is called Extended Verification Certificate, or EV Cert.

Next time you visit a financial website you trust (your bank or Paypal, for example), notice the address bar in your browser. At the far left of the address line, you will likely see the name of the company in green next to a green lock — this is the indication the website is using an Extended Verification Certificate (EV Cert).

An EV Certificate helps establish the legitimacy of a business operating a website. Without getting too technical, EV Cert is a validation provided by a registered, independent third party that the operator of a website is the rightful owner of the site. This means only you, or a representative of your company, can acquire the EV Certificate for your company website.

An upside for convenience

EV Cert is considered an extremely secure mechanism to protect customers on a web site from fake sites. In fact, because of the protection provided by EV Cert, Bank of the West has recently done away with the use of security images and pass phrases for customers logging into online banking. This change makes online banking sign-in more convenient without compromising security.

Because Certification Authorities must verify the identity of the business operating a website, there is a cost associated with using EV Cert on your website. But the peace of mind it can provide to your customers may be well worth the investment in the added online security.

More information about EV Certs is available through the CA/Browser Forum, which is comprised of certification authorities (CAs) and providers of internet browser software that adhere to certification guidelines. Bank of the West is not affiliated with any of the certification authorities and assumes no responsibility concerning the EV Certs.

Have a question about EV Cert? Let me know in the comments section.

Reminder: All comments are moderated prior to publication and must follow our Community Guidelines.

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Change Matters site. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Change Matters site.