Once Microsoft activates the feature in version 7 of Internet Explorer in late January, a green bar for “safe” will appear when the browser sees an EV certificate, usually during a transaction or login.
But online adult companies and other small merchants could be spared from the certification process. Those companies that don’t obtain EV certification could still get the green bar, but only through third-party payment processors that are verified.
Microsoft’s new tool complements another filter recently launched that displays a red warning for known phishing sites and yellow for suspicious ones.
Companies that fail to get certification will remain white. But over time, Microsoft is hoping surfers will know to look for a green bar, just like a padlock.
Under the Microsoft plan, VeriSign Inc. and Comodo will be required to make extensive checks before approving such certificates for Internet merchants and financial institutions. They also will have to undergo independent auditing through WebTrust, a service run by trade groups for certified public accountants.
Microsoft guidelines on EV certification include proof of a physical existence, active landline telephone number, legal existence and identity, proof of domain name and authorization from owners or executives of the company.
Businesses in existence for less than three years may be required to also produce evidence they have a valid bank account.
But in many cases, general partnerships, unincorporated associations, sole proprietorships and individuals are barred from getting these certificates.
For some verifications, exemptions are permitted with a letter from a lawyer, notary or accountant. The guidelines include procedures for verifying authenticity.