Infosec 08: HSBC, ManU get secure with Verisign

Manchester United and HSBC have announced that they are adding an extra layer of protection to their website security, by implementing Extended Validation (EV) SSL technology with Verisign.

HSBC will be deploying EV SSL Certificates to help its three million UK customers registered for online services, while Manchester United will use the certificates to protect fans shopping online for tickets and merchandise.

The EV SSL Certificates will display easily understood visual clues in browsers, like Internet Explorer and Firefox. A green address bar, lock nex to the address and a field to the right containing the organisation's name will all show that a site is authentic.

"As e-criminals grow more sophisticated, financial services leaders like HSBC must always remain a step ahead to ensure the security and trust of our customers," said Barry Jones, senior manager of Group IT Security at HSBC.

"Deploying EV SSL Certificates will allow us to send an instantly recognisable signal to our online banking services, confirming that any personal information they supply on that page will go directly to HSBC and no one else," he added.

Manchester United engaged Kitbag to design, launch and support the ongoing day-to-day running and delivery of its online megastore.

Kitbag decided to use Extended Validation SSL because it thought that it would make security easier and more visible to customers, as well as make purchases simpler.

Stewart Rowe, head of IT for Kitbag, said: "One of our main challenges has to ensure that our customers feel confident when it comes to making payment.

"Our business is e-commerce, and we know that the right combination of usability and security is fundamental to a website's success," he added.

On the sidelines of Infosec 2008, IT PRO asked Barry Jones, Senior Manager of Group IT Security at HSBC, about what this meant in terms of the technology that other online banking websites such as Nationwide and Halifax were using.

"We don't play the game of comparing ourselves directly with other brands," Jones said. "Other banks will deploy the controls they see fit. We believe that we are highly effective in doing that. You can't rely on one control. The more you have the more effective your security is."

Verisign said that one of their aims was to spread adoption across all the main banks and e-commerce organisations so that it would be an expectation for consumers to see the validation.

"In terms of website security, this is the best of the breed," claimed Jon Kerr, Verisign's SSL manager in the UK & Ireland. "This is the best sort of security that HSBC or any other kind of bank can provide to consumers."

For more Infosec 2008 coverage, see IT PRO's roundup page here.