The Company

VeriSign’s certificate authority technology was created in 1994 under the leadership of D. James Bidzos at RSA. In 1995 Bidzos realized the need for an independent organization to carry forth the technology and related services, and VeriSign was formed with current VeriSign CEO Stratton Sclavos at the helm. The company is headquartered in Mountain View, California, and has 300 employees. With $15.6 million in revenues in the quarter ending Mar. 31, 1999, VeriSign is an investor favorite with a market capitalization of $3.2 billion (5/17/99), more than $10 million per employee (ticker: VRSN). The company has issued 3.5 million individual certificates issued and certified 125,000 Web sites.

Target Markets: Businesses and consumers.

Business Model: VeriSign charges license fees to individuals, organizations, and enterprises for the use and registration of digital IDs. In addition it markets public key infrastructures (PKIs) to service organizations that wish to independently implement its verification and registration capability.

Partners: Visa, EDS, Intuit, Netscape, Microsoft, Reuters, AT&T, First Data Corp., RSA, Merrill Lynch, Oracle, and America Online are among many of the companies working with VeriSign.

Customers: Customers include: 100% of the top 40 electronic commerce sites; 98 of the Fortune 100 and 400 of the Fortune 500; example clients include Bank of America, Diner’s Club, Dow Jones, The Federal Reserve Bank of NY, NationsBank, Novus/Discover, Royal Bank of Canada, Hewlett-Packard, Ameritech, British Telecommunications (BT), First Union, and Morgan Stanley Dean Witter.

Contacts: (650) 961-7500
Stratton Sclavos is CEO
Richard Yanowitch is VP Marketing
Mary Anderson is VP Enterprise Marketing Quentin Gallivan is VP Sales
Ethel Daly is VP Strategic Alliances
Tom Honey is Dir. Financial Services Marketing

Products

The company has created the most widely recognized digital certificate or digital ID for authentication of parties in ecommerce and other electronic interaction. In a Jan. 1999 survey of 315 adults, Cheskin Research found that 53% of those familiar with VeriSign rated it one of the two best online trust builders; a score twice as high as its nearest competitor (OBR 1/99).

Part product and part service, the company creates software to authenticate users and then provides validation and registration capabilities (also known as Public Key Infrastructures, or PKIs) to provide a dynamic library of digital identities.

VeriSign Digital Certificate Product Line

The Authentic Site logo is available to all organizations that use VeriSign’s class 3 certificate to authenticate their Web destination.

The CPA WebTrust criterion examines three principles: business practices disclosures, transaction integrity, and information protection. VeriSign provides a list of participating accounting firms at www.cpawebtrust.org

Cost (end-user): Consumer Digital IDs cost $9.95 per year and may be obtained directly through the VeriSign Web site and through distribution partners, such as Microsoft, which packages VeriSign certificates in IE 5.0.

Cost (enterprise): Companies can purchase Web site certificates for $349 to $1,295 depending on which product bundle is chosen. The certificates are bundled with various levels of insurance against hackers. CPA Web Trust fees are paid to individual accounting organizations which establish their own fees.

How It Works

Digital certificates authenticate one or both parties in electronic commerce or communication. Essentially, when an online financial institution or other Web site uses a digital ID, it can be proven that it is authentic and not an impostor. End-users can similarly employ a digital ID on their end to guarantee that they are who they claim to be, alleviating the concern that others are “spoofing” their identity to rob their online accounts.

As a form of authentication, digital IDs are often compared or contrasted to fingerprints and other methods of biometrics. Given today’s extended length encryption techniques, digital ID’s are thought by many to be “virtually unbreakable.”
But they can still be compromised if the crook
gets a hold of the certificate and its password.

Digital certificates use the public key encryption method, which consists of a matching public key and private key. Only the keyholder knows the private key, while the corresponding public key is distributed to anyone who seeks it. In this system, the holder of the private key has the exclusive ability to use or show their electronic identification, but anyone retrieving the public key can check the validity of this ID.

This system works well as long as users have easy access to the other party’s public certificates and the privacy of the private key (also called the secret key) is maintained. Because Web sites could use this to check the end-user’s electronic ID, this method could conceivably be used to eliminate the need for passwords, especially for read-only access to data.

How to Put VeriSign on Your Web: Web certification can be acquired through either VeriSign’s Web www.verisign.com or through the co-managed Security Center on Netscape Netcenter. Certificates can be delivered within two days. CPA WebTrust certifications must be obtained from various accounting organizations; refer to the VeriSign Web for complete details

Financial Services Usage

Business Banking: In Feb. 1999, Bank of America announced a digital certificate program for corporate clients www.bofa.com/news/news571.html The bank claims to have “raised the bar for Internet security by becoming the first bank to successfully complete a large-scale deployment of digital certificates to its corporate clients.”

Consumers: Ease of use and major industry wins are often the bellwether of widespread adoption. Could VeriSign’s progress suggest that a major bank will soon align with VeriSign or some other CA to successfully deploy digital IDs to a large consumer audience? VeriSign believes that “stronger applications will eventually drive consumer adoption.” When pressed for a prediction of how long it will be before consumers begin widespread certificate use, company representatives postulated a period 18 months into the future.

Smart Cards: VeriSign also sees smart card technology being incorporated with digital IDs, where a bank-branded card is embedded with a personal certificate in order to bind the relationship between the consumer and the financial institution. This is a way for a recognized, respected organization to stand behind an individual’s signature, giving the cardholder instant authentication and, therefore, economic power. And the future may not be as far off as it seems: an implementation is currently underway with the University of Pittsburgh that gives all students a digital signature, in order to allow private, authenticated access to student information and records.

Analysis

There’s no such as too much perceived security. But you need to be careful not to implement security measures that hurt ease of use and drive customer service costs up. We believe Web site certification will have little negative impact on customer service, while significantly improving security perceptions. Furthermore, we believe you should consider both the VeriSign program for brand recognition and the ABAecom service for the banking linkages. The adoption of more advanced VeriSign services will depend on your strategic needs.

Financial Institution Opportunities

Source: Online Banking Report, 4/99

Summary: VeriSign has done an admirable job of maintaining primary mindshare in the certificate authority world. The company’s products are accepted by industry opinion leaders as mature and proven, and with the growth of ecommerce and particularly financial ecommerce they stand a good chance of gaining a firm hold on their market space.

In terms of competition, VeriSign has superior brand recognition at the end-user level and claims to have a greater depth of managed services. While there may be choices in the area of differing technology approaches, the company has a huge lead in consumer brand preference at the moment.

VeriSign is a supercharged, stock-option fed Internet company. Sometimes, this can make them difficult to pin down to work out the details of a strategic partnership. But if you are persistent, and/or big enough, or if you can structure a deal that will increase VeriSign’s market capitalization, you’ll have an enthusiastic and capable partner in VeriSign.