E-commerce security has become a primary contributor towards safeguarding customer information. We speak to VeriSign India Country Manager Dr. Shekhar Kirani about securing assets online, on the phone, and ask him about the Green bar.

1. What is the primary reason for botnets creeping into commercial security systems?

A:Botnets are networks of computers that have been broken into and brought under the control of a malicious hacker. The networks, which are used to send spam and steal online banking passwords, include millions of "zombie" machines worldwide. According to DQ India research, India has 38,502 bot-infected computers and more than 60 command and control servers, a 50% increase from the last reporting period.

Systems compromised by botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks. Some malwares disable firewalls and other security software on infected systems, block access to security vendor websites and services putting companies at major risk of infection.

2. The whole world seems to be going the virtual banking way. Do you think banks are doing enough to secure online transactions?

A:The convenience and reach internet provides has made it easier for people to rely on the internet for their day to day activities and virtual banking has now graduated to becoming a way of life for people. Banks have certainly actioned measures to ensure security and authenticate the user transacting online.

The recent RBI guidelines have highlighted the need for more secure transactions on the Internet. These guidelines make it mandatory for banks and credit card companies to have an additional layer of security while making use of credit cards for any online transaction. The guideline is in the right direction, and helps in raising the trust on the Internet, an imperative for enabling e-commerce to flourish in India.

However, it is too early to say whether the technology implemented is correct or not. The password put in place is static, which again is risky if a fraudster is able to lay hands on someone’s password. There is a need to bring dynamic passwords in picture, because static password ceases to be secure once stolen.

VeriSign is the SSL Certificate provider of choice for over world’s 40 largest banks. They trust VeriSign because of VeriSign’s encryption technology and rigorous business authentication practices.

3. Is the VIP access for mobile phones available in India? What does it mean to the end user?

A:Yes, VIP is readily available on mobile phones in India. VeriSign Identity Protection (VIP) Authentication Service provides strong, visible security for online commerce applications and embraces open standards which allow any OATH-compliant device to be used for authentication. VIP generates an OTP (one time password) on a user’s mobile, which is the second password over and above the username and password used.

The Service leverages a shared validation infrastructure operated by VeriSign that enables enterprises to deploy strong authentication without bearing the entire burden of managing and operating a self-standing authentication infrastructure.

Two-factor authentication (2FA), is fast gaining in popularity. Today many companies offer this stronger form of authentication to customers. This growing community includes eBay, PayPal and AOL among others. 2FA reduces the risk of fraud because it combines what the end-user knows - user name and password-with what he has - such as, a one-time password (OTP) generated by a physical device or the mobile phone. A user can't successfully sign on without both.

4. What do you think is going to be the next step towards securing commercial transactions on the web?

A:Security on the internet is relative to consumer awareness and with the right knowledge, it is safe to transact online. The recent VeriSign “India Internet Survey” revealed that when it comes to safe online experience, the alertness level of Indians is abysmally low:

• 38% of Internet users in India do not use different passwords for multiple log-ins
• A minuscule 5% adopt virtual keyboards to log in their details
• Merely 11% of the Indian Internet users look out for the authenticity of the website by looking at the security provider
• Only as many as 32% Internet users in India create a secret question that only they can answer
• As many as 83% Indian Internet users do not look for secure websites (https:)
• Only 9% Internet users in India are aware of green URL bars as the sign of a secure website

At VeriSign, we not only aim to be the trusted provider of Internet infrastructure services but also run consumer education campaigns to impart knowledge on secure online transactions. VeriSign offers a comprehensive set of services for securing online transactions. To protect Web sites and data, VeriSign offers Secure Sockets Layer (SSL) Certificates and to strengthen and protect consumers’ digital identities, VeriSign Identity Protection incorporates a comprehensive defence with integrated services and a network approach.

Two-factor authentication (2FA), is fast gaining in popularity. Today many companies' offer this stronger form of authentication to its customers; this growing community includes eBay, PayPal and AOL among others. 2FA reduces the risk of fraud because it combines what the end-user knows - user name and password-with what he has - such as, a one-time password (OTP) generated by a physical device or the mobile phone. A user can't successfully sign on without both.

Two-factor authentication combines something you know (such as a username and password) with something you have (a credential such as a card, token, or mobile phone) to verify an identity or to verify a transaction. VeriSign Identity Protection (VIP) Authentication Service provides the validation for "something you have" in an easy-to-deploy cloud-based offering that balances cost, convenience, and risk.

5. Do you think there is a secure way for banking via mobile phones?

A:Yes, VeriSign offers one-time password for mobile banking which makes it extremely secure. VeriSign’s (OTP) generators support strong authentication for users who connect from outside secure networks, often using their own equipment. It can be easily downloaded onto the mobile phone. The device generates a one-time password that you enter when required. Thus combining something you know (such as a username and password) with something you have (a credential such as a mobile phone).

VeriSign Identity Protection (VIP) Access for Mobile is a free online security credential that you can download to your mobile phone. VIP Access is used as an extra layer of identity protection when you Sign In from your desktop or mobile browser to participating online banks and merchant sites within the VIP Network.

VIP Access helps protect your accounts and your identity by requiring a higher level of security when you conduct online transactions. To use VIP Access, launch the VIP Access application from your mobile phone, and note the unique security code. Then, Sign In to participating online banks and merchant sites from your desktop or mobile browser with your user name, password, and the unique security code.

It can be downloaded from https://vipmobile.verisign.com

6. Can you tell us about the Green browser?

A:The green bar shows site visitors that the transaction is encrypted and the organization has been authenticated according to the most rigorous industry standard. The address bar turning green signifies the website has an EVSSL certification.  Extended Validation SSL gives Web site visitors an easy and reliable way to establish trust online. Only SSL Certificates with Extended Validation (EV) will trigger high security Web browsers to display a green address bar with the name of the organization that owns the SSL Certificate and the name of the Certificate Authority that issued it.