How do you know a web site is secure?

As cyber crime continues to rise, how can you tell when you are on a safe / secure web site?   While browsing the Internet, you often come across sites that ask you for private information such as credit card details.  If you ever suspect that the site is not legitimate, DO NOT give any private information.  This is becoming more popular as identity thieves create web sites with the sole purpose of stealing your information.  They go to great lengths to design sites that look just like the authentic site. These fake sites are called “phishing” sites and the criminals lure their victims to these sites through all sorts of creative methods.  As the mobile Internet grows, mobile phishing sites will appear more often.

Web sites that need you to provide information (such as banking sites or e-commerce sites where you can buy things online) must have a valid SSL Certificate (issued by a an authorised Certificate Authority (CA) such as Thawte, VeriSign or GoDaddy) which does the following:

1. It shows that the site you are on really belongs to the domain owner (and not someone else).  This information is checked by the CA.

2. It encrypts (jumbles up) the information shared between you and the website for the time that you are communicating so that no one can intercept that information.

If you have decided that you would like to give your information, there are things you can look for to make sure that the site has a valid SSL Certificate.

When you are on a normal web site, you will see a prefix of http:// before the web site’s address in your web browser’s address bar. (HTTP stands for Hyper Text Transfer Protocol – and is the standard language method used to send information across the Internet).

As soon as you enter any section of the site where you need to give private information (such as a log in page, shopping cart or payment page) then the you will see the security features activated.  Look for 3 things:

1.  The HTTP:// prefix turns to HTTPS:// (The S means SECURE).

2. A lock will appear in the address bar or at the bottom of the screen. Sometimes it appears in both. (This depends on which Internet browser you are using).

3. Somewhere on the page you should see a seal issued by the CA that shows that the site is secure.  In this example, you will see the thawte seal displayed.

NOTE: If you click on the seal or the lock, it should open a little window with all the certificate details and you can check that the owner is valid and that the certificate is still valid (hasn’t expired) and whether or not it was issued by a reliable CA.

The most secure certificates available at present are called Extended Validation (EV) Certificates.  These require even more stringent criteria before being issued and they offer the consumer additional security because they turn the whole address bar GREEN.  If you see GREEN you can rest assured the site is secure.  If it is blue or red, be careful. The certificate may have expired (blue) or if RED then you are being warned that there is a problem on this site – DO NOT give your private information.

The good news is that mobile phones display SSL Security in the same way.  Although EV may render slightly differently (depending on the  type of phone), you can still look for the SSL, the lock and the site seal.  You can also click on the lock or seal to check the certificate.

This is a mobile site with SSL Certificate (as it shows on an iPhone):

This is a mobile site with EV SSL Certificate (as it shows on an iPhone):

Identity theft (where criminals steal your private information) is a fast growing threat.  You wouldn’t let a stranger look over your shoulder as you enter your PIN number into an ATM, so don’t let strangers watch as you share your private information on the Internet.  If the site is not encrypted, DO NOT give any information.

A great resource for more information: www.trustthecheck.com