Guest writer from Entrust Datacard: Verification process in foreign countries



stephen_demone(This article is published at the same time in Finnish also)

The writer of this post is Stephen Demone who is working as a verification specialist at Entrust Datacard in Ottawa, Canada. In addition to being an expert in verification Stephen is an established author with four novels and with major contribution to SBNation web site (ice hockey !) .

In this article Stephen addresses the process and challenges of verification – especially in foreign cultures and with foreign languages as well as the cooperation between Entrust Datacard and Wesentra. He states for example:

”Having a local presence in a country is the most effective method of being able to serve a specific market in the most agile fashion. … CAs who are locally plugged into their regions can also gain a better sense of the availability of information – …”

<** Stephen’s article starts after this … Read more … **>

You probably already know what identity verification is, and have gone through a vetting process at some point in your life, whether when getting your passport or purchasing an SSL Certificate. It can be a stressful event, and an awkward one, as it requires you prove the most basic fact about yourself: that you are who you say you are, and that you are worth trusting.

Identity verification probably isn’t the first thing you’re thinking of when you go online. Most of us have been told that the internet is kind of a Wild West, with only a few sheriffs in place to keep the criminals in check. I was told that my security online depended on me being vigilant, and watching what sites I visited like a hawk.

The Verification Process: 3 Steps

As a verification agent for Entrust Datacard, I have assisted with many SSL/TLS certificate requests from across the globe. The steps for successfully verifying an organization or individual to obtain an SSL/TLS certificate are always the same steps:

1 – Business/identity check: The CA checks that the identity of the business, government agency or individual requesting the certificate by obtaining proof the identity is active and accurate (e.g., business license, government Act).

2 – Domain name ownership check: The CA checks that the domain is owned and registered to the business, government agency or individual requesting the certificate.

3 – Employment check: The CA checks that the individuals listed on the certificate order are employed by the organization requesting the certificate, and thus have the right to make the request. This step is completed by having the applicant accept an electronic consent form and be reached through a third-party phone number for the organization that requested the certificate.

While these steps are always the same, and do allow for Certification Authorities to safely determine the validity of the identity of the organization or person asking for an SSL/TLS Certificate, there can be challenges in obtaining the information needed to approve any one of the three steps mentioned above.

This is more evident in countries where such information is not readily published and kept up to date. In the United States for example, databases on businesses and government agencies are mostly public and kept up to date in nearly real time. It is very easy to verify a business or government agency in the United States than it can be elsewhere.

How Local Partners Boost Agility

This does not mean that SSL/TLS security is more valuable in the United States than it is in other countries. Being able to provide a secure connections to those who visit your websites via SSL/TLS encryption is of utmost importance for any business, anywhere on the globe.

Having a local presence in a country is the most effective method of being able to serve a specific market in the most agile fashion. By being connected geographically, as well as culturally, to the region, the CA is better plugged into the region’s needs and can thus adapt with greater efficiency to what needs to be done in order to provide world-class service within a specific country. CAs who are locally plugged into their regions can also gain a better sense of the availability of information – whether business or government information is easy to find or not – and a greater ability to craft specific methods if the need be in satisfying the three-step verification process mentioned earlier.

For example, imagine you run a business in Finland and speak very little English. Most SSL/TLS certificate providers, or at least the big ones, are headquartered in primarily English countries. Obtaining the certificate in itself can be a little more difficult if you are being verified by an English-speaking CA. Additionally, obtaining technical support should the need arise would be a big challenge in this scenario. Having a local presence in Finland, with Finnish-speaking employees who not only speak your language, but also understand the business landscape, gives you greater assurance that you are obtaining ultimate value from your SSL/TLS certificate purchase.

Wesentra’s Approach to Verification

The process of being verified can be slightly uncomfortable, however, any expert verification team is trained to successfully verify identities so that if you are not misrepresenting yourself it can be an easy and pleasant experience. The only group for which this should be an uncomfortable experience are web criminals who look to use the advantage of anonymity to do bad things.

The primary goal of verification is to prove the identity of SSL/TLS certificate applicants, however, the goal of customer service is also of great importance to the best CAs. Not only do they want to ensure they only approve identities that are valid and trustworthy to use their SSL/TLS certificates, they also want to ensure that those they are verifying do not feel like they are being treated like potential criminals.

Wesentra is a company that acts locally but thinks globally. Located in Finland, Wesentra has extensive knowledge of Finnish business culture and customs, as well as a deep understanding of how to research businesses and government agencies for verification purposes. While an SSL/TLS certificate provider in North America may struggle in navigating the Finnish business environment, as well as having major difficulty in translating what is primarily information published in Finnish, Wesentra overcomes these obstacles with natural ease.

Taking advantage of their heritage and local presence allows Wesentra to bring SSL/TLS expertise to the Finnish market, partnered with Entrust Datacard which is one of the biggest SSL/TLS Certificate Authorities in the world. While Entrust Datacard supplies the product, Wesentra provides the channel through which the product can reach European customers in a manner that effectively communicates to them what they are getting, thus ensuring its customers get what they need in order to provide a secure and trusted environment to do business on the Internet.


Want to hear more? or

Lue lisää