Extended Validation (EV) SSL Certificates will serve the following purposes:

Enable Secure Connections. Like "standard" SSL certificates, which rely on authentication of requesting organization's identity and/or domain control, EV SSL certificates enable secure encrypted communication between a Web site and a site visitor's browser by facilitating the exchange of encryption keys

Establish Online Businesses Identity. EV SSL Certificates establish online businesses identity by confirming the certificate holder's legal and physical existence.

Help Prevent Fraud. By providing reliable third-party verified identity and address information regarding the owner of a Web site, EV Certificates may help to:

• Make it more difficult to mount phishing schemes and other online identity fraud attacks using SSL certificates;
• Assist companies that may be the target of phishing attacks or online identity fraud by providing them with a tool to better identify themselves and their legitimate Web sites to users;
• Assist law enforcement in investigations of phishing and other online identity fraud, including where appropriate, contacting, investigating, or taking legal action against the perpetrator.

Overview of the Extended Validation SSL Certificate Vetting Process

Per the guidelines defined by the CA/Browser Forum, Certification Authorities (CAs) may issue Extended Validation (EV) SSL Certificates to Private Organizations, Government Entities, and Business Entities that satisfy the requirements specified below:

Private Organizations
The CA may issue EV Certificates to Private Organizations that meet the following requirements:

1. The Private Organization must be a legally recognized entity whose existence was created by a filing with (or an act of) the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration (e.g., by issuance of a certificate of incorporation) or is an entity that is chartered by a state or federal regulatory agency;
2. The Private Organization must have designated with the Incorporating or Registration Agency either a Registered Agent, or a Registered Office (as required under the laws of the Jurisdiction of Incorporation or Registration) or an equivalent facility;
3. The Private Organization must not be designated on the records of the Incorporating or Registration Agency by labels such as "inactive," "invalid," "not current," or the equivalent;
4. The Private organization must have a verifiable physical existence and business presence;
5. The Private Organization's Jurisdiction of Incorporation, Registration, Charter, or License, and/or its Place of Business must not be in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA's jurisdiction; and
6. The Private Organization must not be listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of the CA's jurisdiction.

Government Entities
The CA may issue EV Certificates to Government Entities that satisfy the following requirements:

1. The legal existence of the Government Entity must be established by the political subdivision in which such Government Entity operates;
2. (The Government Entity must not be in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA's jurisdiction;
3. The Government Entity must not be listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of the CA's jurisdiction.

Business Entities
The CA may issue EV Certificates to Business Entities that do not qualify under the criteria listed for Private Organizations above but that do satisfy the following requirements:

1. The Business Entity must be a legally recognized entity whose formation included the filing of certain forms with the Registration Agency in its Jurisdiction, the issuance or approval by such Registration Agency of a charter, certificate, or license, and whose existence can be verified with that Registration Agency;
2. The Business Entity must have a verifiable physical existence and business presence;
3. At least one Principal Individual associated with the Business Entity must be identified and validated;
4. The identified Principal Individual must attest to the representations made in the Subscriber Agreement;
5. Where the Business Entity represents itself under an assumed name, the CA must verify the Business Entity's use of the assumed name pursuant to the requirements of Section 15 herein;
6. The Business Entity and the identified Principal Individual associated with the Business Entity must not be located or residing in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA's jurisdiction;
7. The Business Entity and the identified Principal Individual associated with the Business Entity must not be listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of the CA's jurisdiction.

Until now, customers had no visible online indication confirming that you are a verifiable business. But the new EV SSL Certificates work with the latest releases of the major browsers so that now your consumers can verify you and your identity. EV SSL certificates protect users from doing business with unauthenticated web merchants. Simply, EV SSL certificates are the new type of SSL certificate that provide rigorous authentication for a business' identity. This extended validation (EV) is given to online businesses that can be verified through evolved and secured authentication processes. If your site can be identity verified (and a competitor's site can not) customers are likely to trust you more. This competitive advantage translates into reduced visitor abandonment rates, improved conversions, higher revenue per transaction and higher lifetime customer value. In the world of e-commerce, establishing trust is mission critical because when you win your customer’s trust, you win their business. The New EV SSL certificates will benefit your business because they will provide better consumer protection. EV SSL Certificates are designed to provide visitors with the green "good to go" browser indicator when visitors go to a secure page.

Extended Validation (EV) SSL Certificates are the next generation SSL Certificate because they help protect against phishing attacks. They work with high security Web browsers (e.g. Microsoft IE) so that visitors to Websites with an EV SSL Certificate will see a "Green Address Bar". EV SSL Certificates represent a new industry standard for e-merchant identity verification developed by the CA/B Forum. An EV SSL Certificate helps you gain competitive advantage by increasing trust in your Web site that translates into higher conversion rates and increased revenue.

EV SSL and EV SGC SSL Certificates come with EV Auto-Enhancer (US $1,500 value), a deployment tool that enables IE7 on Windows™ XP client systems to display the “Green Address Bar”, organization name and other EV interface conventions1. EV Auto-Enhancer works by automatically prompting existing root update functionality in Windows Internet Explorer on visiting client systems, thus enabling the client to recognize the SSL Certificate's EV status. Without a root update, no Windows XP client will ever see the “Green Address Bar” on your Web site. Once a client system has a specific EV SSL root installed (by the way of EV Auto-Enhancer or user installation from the Microsoft® Web site) that client will experience "Green Address Bar" behavior whenever connecting to a valid EV SSL Certificate on that same root2.
1. The "Green Address Bar" interface will function with IE7 running on Windows Vista.
2. The root installation affects only the root in question and does not enable that client for EV behavior with any other root.

All EV SSL Certificates undergo a new validation process that has been established by the industry group CA/B Forum. This vetting process ensures rigorous validation of both domain name and company details before issuance, in order to provide the highest levels of security and trust for your customers.

Extended Validation (EV) SSL Certificates will contain the following required fields:

Organization name
- This field must contain the Subject's (i.e., certificate holding entity's) full legal organization name as listed in the official records of the Incorporating Agency in the Subject's Jurisdiction of Incorporation. In addition, an assumed name or d/b/a (doing business as) name used by the Subject may be included at the beginning of this field, provided that it is followed by the full legal organization name in parenthesis. If the combination of the full legal organization name and the assumed or d/b/a name exceeds 64 bytes as defined by RFC 3280, the CA should use only the full legal organization name in the certificate.

Domain name
- This field must contain one or more host domain name(s) owned or controlled by the Subject and to be associated with Subject's publicly accessible server. Such server may be owned and operated by the Subject or another entity (e.g., a hosting service). Wildcard certificates are not allowed for EV SSL Certificates.

Jurisdiction of Incorporation
- These fields must contain information only to the level of the Incorporating Agency - e.g., the Jurisdiction of Incorporation for an Incorporating Agency at the country level would include country information but would not include state or province or city or town information; the Jurisdiction of Incorporation for an Incorporating Agency at the state or province level would include both country and state or province information, but would not include city or town information; and so forth. Country information must be specified using the applicable ISO country code. State or province information, and city or town information (where applicable) for the Subject's Jurisdiction of Incorporation must be specified using the full name of the applicable jurisdiction.

Registration Number
- This field must contain the unique Registration Number assigned to the Subject by the Incorporating Agency in its Jurisdiction of Incorporation (for Private Organization Subjects only).

Address of Place of Business
- This field must contain the address of the physical location of the Subject's Place of Business. City, state and country information is required. Street number and ZIP/postal are optional.

The goal of the validation process is to ensure that consumers have a way to authenticate legitimate sites from phishing sites. The increased trust and consumer protection offered by EV certificates necessarily involves a more rigorous validation procedure. This new procedure has been established by the industry group, CA/B Forum. Some basic requirements that a business needs to conform to obtain an EV SSL certificate include (but are not limited to):

• Legal status as a company created by government filing
• Registration number of incorporation
• Place of business is in same jurisdiction (e.g. country) as place of business registration
• Organization name
• Business name
• Full address and main phone number of place of business

Your browser ubiquity is a key element when choosing an SSL provider. EV SSL is inherently recognized by 99.3% of the current Internet population. If you upgrade to a EV SGC certificate, the encryption level of older browsers from 40 bit or 56 bit is increased to highly secure 128/256 bit SSL sessions. That means you protect more of your customers at the highest levels of security than regular SSL certificates.

Extended Validation SSL Certificates give high-security Web browsers information to clearly identify a Web site’s organisational identity. For example, if you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard, IE7 can cause the URL address bar to turn green and display your name and the name of your SSL provider. This gives customers the confidence that you are who you say you are and their transactions are secure. Because visitors will see the name of your SSL provider in the security status bar, it is more important than ever to choose VeriSign, the Web’s most trusted security provider.