First Direct upgrades banking security with VeriSign

Internet banking customers from telephone and internet based bank First Direct now have an extra level of verification security.

From the beginning of this month, Internet Explorer 7 users logging in to internet banking on the First Direct website will have noticed a green address bar with the VeriSign label and a padlock icon.

This shows that First Direct has protected the website with Extended Validation Secure Sockets Layer (EV SSL) certificates, so that customers have visual confirmation they are using a legitimate banking site.

EV SSL is better secured than previous versions of SSL certification as it has to undergo stricter checks, with more information visible to the user. Internet Explorer 7 is the first browser to work with EV SSL.

"The primary purpose of SSL is to make things secure, and it still does that. EV SSL just takes it a step further. Not only does it make sure that actual link is not being intercepted but also it makes sure who you are talking to is who you think it is," said head of e-futures at First Direct Jonathan Etheridge.

"The key to this is to make sure the company is purchasing the certificate, in this case us, is identified by VeriSign. Although we are part of HSBC we have to go through very stringent checks, to make sure with the vendor we are who we say we are."

Most browsers don't differentiate between less secure sites and more vigorously tested ones, so fraudsters have started to use SSL to add credibility to their own web pages. With the better secured EV SSL confirmation, users will be able to see the organisation that owns the site as well as the security provider who issued the certification - in this case, VeriSign.

"The traditional padlock symbol enabled on our website by VeriSign's SSL Certificates have been a key part of the internet banking experience for our customers for many years," said Etheridge.

"Sophisticated phishing scams and stories of online fraud can create doubt and concerns for internet users. This enhanced protection will help maintain a relationship of trust with our customers, and is a further step in our fight against online fraud."

At the start of February half of First Direct's 885,000 customers were using Internet Explorer 7, so the other half with browsers like Mozilla Firefox and Opera will have to wait for future releases of their browsers to see full EV SSL validation features.

"We have to make sure that what we do works for the customer. We don't want to make things so difficult for the customer that they can't use the system, but you have to make life difficult for the person who wants to attack you," said Etheridge.