A Bermuda company is amongst the first in the world to provide a new breed of high security internet validation certificates that turn red to warn a user they may be visiting a fake or scam web site.

The new certificates will show "green for go" or red for danger if a scam or phishing attack is suspected. Major companies including eBay, Travelocity, Charles Schwab are already using the heightened safeguards on their websites.

QuoVadis has been working with Microsoft and other internet browsers and certification authorities to develop a high quality validation certificate that will make it much harder for scammers to trick the unsuspecting into revealing financial or other confidential information when using the internet.

At least 17 scam websites have been uncovered in recent years attempting to lure Bermudians into revealing bank account details and other such information by directing them to replicated web sites.

Now a new breed of security validation certificates that have been developed by QuoVadis and others has been rolled out to increase online security in the new Internet Explorer 7 web browser.

The Extended Validation (EV) certificates will give customers an easier way to confirm if they are visiting their intended web site (such as their bank) and not a fake site.

And as the new security system goes live, one of the first users is Boxoffice.bm, the online ticketing service on the Island.

Stephen Davidson, of QuoVadis, which employs ten people on the Island, explained why the new higher standard validation certificates have been created.

He said the old SSL certificates featuring a "yellow padlock" in the user's browser are being increasingly compromised by issuers not validating the credentials of the person who buys the certificate. This has led to situations where scam site operators buy an unvalidated SSL certificate and use it to add a false veneer of legitimacy to fake websites as a further tactic to confuse and trick the unwary.

"SSL certificates were intended to provide encryption and identify the operator of the web site but there were no standards about how they operated, so some SSL issuers did not verify the certificate buyer," Mr. Davidson said.

"This created a situation where high quality certificates, such as those of QuoVadis, were displayed in the same way as the cheap 'junk' certificates."

To combat the problem and improve security and customer confidence a certificate authority/browser forum was created from a number of SSL providers, web browsers and others in the industry to develop the new EV certificates. Any certification authority wishing to issue the new EV certificates must pass special audits and show they can enforce the EV guidelines.

QuoVadis has been approved by Microsoft as one of the first certification authorities in the world to issue the new EV certificates.

The internet browsers have agreed to display the new EVs in a different format to the old SSL certificates. The browser address bar will turn green while a security report "toggles" between the identity of the site and the name of the certificate authority that conducted the EV vetting.

Internet Explorer 7 is the first browser compatible with the new EVs and if it detects a self-signed or non-trusted certificate or a suspected phishing site, the address bar in the EV turns red.

Other major browsers including Mozilla, Opera and Safari are expected to support EV during 2007.

Mr. Davidson is hoping many of Bermuda's international and financial institutions will see the value of investing in the new EV certificates.

The EV certificates are currently only available to incorporated and government entities. In Bermuda one of the first to adopt the new measure is Boxoffice.bm

Director Steve Watts said: "Our web site sells thousands of tickets to hundreds of different local events. While buyers want convenience and speed of online purchasing, they also demand comfort that they are dealing with a legitimate vendor.

"We believe that EV will become an important security feature for e-commerce websites."