Advances in online commerce technology have permitted merchants to launch online businesses relatively quickly and without a substantial investment. However, when a business is built in a market so rapidly, the merchant often does not have the opportunity to build a significant amount of brand recognition and trust with its customers. As such, consumers are wary of spending their dollars and entrusting their credit card information with merchants they do not know well.
There currently exist limited services to address certain aspects relating to secure transmission of data in merchant transactions. These services may involve site advisors, hacker testing, and secure sockets layer certificates (“SSL Certificates”), etc. Site advisors and hacker testing services audit websites for malicious code or the susceptibility for unauthorized access to the site (and customer data). SSL Certificates, one of the most commonly used services/products that has been designed to elicit trust from consumers, provide two methods for addressing consumers' confidence: (i) they enable encrypted communications with a website; and (ii) for Extended Validation (“EV”) and Operational Validation (“OV”) SSL Certificates, they identify the legal entity that controls a website (e.g., reducing the chance that a consumer establishes an encrypted connection with an unauthorized party).
Services involving site advisors, hacker testing, and SSL Certificates only help address data security, which is a small contribution to the consumers' lack of confidence in unknown e-commerce sites. For example, EV SSL Certificates-which is considered the highest and most secure form of SSL Certificates—expressly exclude assurances, representations or warranties about the behavior of the merchant and/or the quality of a consumer's experience with the merchant. In addition, an SSL Certificate does not provide any indications or assessments about what happens to a consumer's personal and/or financial information once the data is passed to the merchant's website.
In fact, a group of leading SSL Certificate issuers and providers of Internet browsers recently established the Certification Authority/Browser (CA/Browser) Forum, to develop standards and guidelines for EV SSL Certificates in order to improve the security of online transactions. The CA/Browser Forum, which is comprised of companies such as Microsoft Corporation and VeriSign, Inc., acknowledges the incomplete nature of these services in addressing a consumer's lack of confidence in e-commerce sites. The CA/Browser Forum Guidelines, promulgated by a number of leading issuers of EV SSL Certificates, states that:                EV Certificates focus only on the identity of the Subject named in the Certificate, and not on the behavior of the Subject. As such, an EV Certificate is not intended to provide any assurances, or otherwise represent or warrant:        (1) That the Subject named in the EV Certificate is actively engaged in doing business;        (2) That the Subject named in the EV Certificate complies with applicable laws;        (3) That the Subject named in the EV Certificate is trust worthy, honest, or reputable in its business dealings; or        (4) That it is “safe” to do business with the Subject named in the EV Certificate.        [See Section B(2)(c) (Excluded Purposes) of the CA/Browser Forum Guidelines for Extended Validation Certificates (Dated Oct. 20, 2006 as Version 1.0—Draft 11) (Emphasis added).]        