A few years ago I switched from using Thawte SSL's (a verisign company) to Verisign because of the better name recognition Verisign provides. To that end I've been happy with it and believe it gave our e-commerce visitors a better sense of security when using our sites.
Now with the EV SSL (extended validation SSL) that will show a green bar or text, depending on browser. I wonder if continuing with Verisign just for their brand recognition is the right choice vs upgrading to a EV SSL from DigiCert or GoDaddy. DigiCert and GoDaddy have good reviews from customers and both have a good root certificate that is compatible with every modern browser.
EV SSL Prices (as of June 2009)
- Verisign charges $995 yr
- DigiCert is only $488 yr
A few months ago I did some research on Digicert and GoDaddy both seem to have a good reputation and reviews. Their root certificates should be as good verisign's and DigiCert even allows you to use your domain plus the www prefix in one certificate. To get that with Verisign you must purchase two certificates.
Is having an EV SSL from DigiCert or even GoDaddy better than having a standard SSL with the verisign brand?
Your users certainly won't know (or care) the difference between an EV cert from one provider and an EV cert from another as long as their browser has the relevant root certificates such that it will accept the certificate without prompting the user that there may be a problem.
An EV cert from anyone (that the user's browser accepts certs signed by) is better than a "standard" certificate from anyone no matter how good a name. The user will see the big-green-blob-and-text or big-blue-blob (or how-ever their browsers differentiate the type of certificate) - the vast majority will never inspect the details of the certificate including who signed it.
Whether the difference between an EV cert and a non-EV cert is meaningful or your userbase is something only you can decide/answer. While education on the subject is spreading most man-in-the-street users will not know (or care) what a certificate is never mind knowing the difference between an EV cert and a non-ev one, but if your target audience is more clued up on average an EV cert might make them feel more secure using your services. Having said that some people are learning that "big green block on title bar in Firefox is more secure than the smaller blue blob which is in turn better than no colour" so maybe EV certs will become more desirable in general soon.
On customer websites, part of our marketing fluff is that we advertised our sites were secured 100% with Verisign certificates, the leaders in internet security, blab blab blab, we billed the clients for it anyway so we didn't care and everyone got the warm fuzzy.
For our external access to any of the companies internal sites, (webmail, intranet, etc), we bought the $30 GoDaddy one for ourselves.
I would use Verisign if you are going to use it as a marketing tool, client wants it, and client is billed for it, otherwise cheaper is better.
The best way to find out would be to test it. I assume you are thinking there may be a user perception difference because you are showing the SSL "badge" on your checkout page.
Set up ssl1.yourdomain.com with a verisign ssl, and ssl2.yourdomain.com with a godaddy ssl cert. When a session starts on your server (assuming you are using asp.net or php), assign the user to ssl1 or ssl2.
After a while, see if there is a statistically significant difference between the number of abandoned carts on ssl1 vs. ssl2.
Of course, if your platform makes that difficult to do, then you may spend more time doing the test than is worth it for the price difference, in which case the safest bet would be sticking with Verisign.
The easier but riskier version of the test would be to just switch to godaddy then watch your shopping cart abandon rates. If they go up, then consider switching back to verisign.
We moved our clients to Godaddy certs a while back when we realized that godaddy had enough name recognition and have seen no negative impact.
Hve you checked out Comodo? They have EV SSL certs around $360/yr, and they're the next biggest player after Verisign. EV is EV - if you get the green bar you're pretty much covered. Verisign is definitely the most recognizable brand, but you pay a premium for it...
Jes