Whew! The busy season for online holiday shopping has finally ended. Now it’s time to analyze the results and figure out how to handle the process better for next year.

No doubt one of the metrics that online retailers will be taking a hard look at is shopping cart abandonment. According to Marketing Sherpa, 59.8% of online shoppers abandon their cart without ever making a purchase. The reasons for this vary – “I was comparison shopping,” “Shipping costs were too high” – but doubts about the Web site’s security certainly ranks among the top five reasons for cart abandonment. Many shoppers just don’t feel comfortable entering their credit card information to make a purchase from some Web sites. I know I’ve had that sixth sense telling me not to trust an unfamiliar site.

Shoppers are told to look for the little yellow lock at the bottom of the screen to be sure their Web session is secure before entering confidential information. Unfortunately, the yellow lock might be giving a false sense of security. While it does indicate that the data transmission between the shopper’s browser and the e-commerce Web site is secured with SSL (i.e., it's encrypted), it doesn’t tell the shopper if the Web site that owns the SSL certificate is actually a legitimate business. So the shopper might be giving his credit card information to some phisher who set up a pretty nice Web site and paid 20 bucks to acquire an SSL certificate. (I bet if more shoppers knew this, the abandonment rate would be a lot higher than 59.8%.)

To combat this problem, a number of companies that issue the SSL certificates (known as certificate authorities) joined with Internet browser vendors to form the Certificate Authorities & Browsers Forum, or CA/B Forum. The purpose of the forum is to raise the bar on standard SSL validation processes through the Extended Validation SSL (EV SSL) Certificate. The EV SSL helps to establish the legitimacy of online businesses. Basically, it’s a detailed background check for anyone applying for an EV SSL Certificate.

Here’s how it works. When a private organization, business entity or government agency approaches a certificate authority (CA) to request an EV SSL, the CA does a pretty thorough check to confirm the authenticity and ownership of the Web site. There are specific guidelines of the systematic authentication process. The CA is obligated to:

Linda Musthaler is a principal analyst with Essential Solutions Corporation.