Use secure websites for safer online shopping

08 November 2010

Secure websites for safer online shoppingOnline shopping may be your fastest and easiest way of getting what you want, when you want it. But, if you're not using a secure website when you type in your personal information, including your banking details, then you're at risk of becoming a victim of online theft, writes Steff Hughes of ICTS.

Sarah forgot her husband's birthday and has just found something for him on a website that offers online orders and same-day-delivery. All she needs to do is register with her name, telephone number, physical address and credit card details before 12h00. She decides to submit the requested information, hoping to have the gift delivered later that afternoon.

What Sarah doesn't realise is that she has just sent all her personal information via a non-secure website, and a cybercriminal can now make purchases using her credit card. If Sarah had known how to spot a secure website, she could have avoided becoming a victim of online theft. Secure websites use authentication, encryption codes and third-party verification to protect your personal information from being stolen when you send it via the Internet.

Here are five things that Sarah could have checked to see if she was on a secure website:

  • Does the URL of the website start with "https"? Most of the websites you visit will start with "http", which is okay if you're doing general browsing. But if you want to order and pay for something via the Internet, you need to make sure that the URL starts with "https" so that you are know that you're using a secure website.

  • Is there a closed padlock icon in the browser window? Some fraudulent websites imitate this padlock by inserting a fake icon. To check if a padlock icon is real and that you are on a secure website, click the padlock to view details of the website's security certificate.

  • Is there a security certificate or trust seal on the website? You should be able to obtain detailed information about the security level of a website by clicking on its site seal or by hovering over it with your mouse. These seals are supplied by certifying authorities such as Verisign, GeoTrust, or Thawte. If there is no contact information for a certifying authority on a website, then the security certificate is probably not legitimate and the website is not secure.

  • Firefox 3.6 and Internet Explorer 8 have nifty tools to show you if a website has a valid security certificate or trust seal or not - especially when you don't see one on the website. In Internet Explorer 8 go to the Command Bar, click Safety and then Security Report. In Firefox 3.6, click the Site Identity button located to the left of the URL in the Location bar. If the Site Identity button is grey, then no site information is available from that website; if it is blue, then basic information is provided; and if the Site identity button is green, then full site information is available.

  • Is the latest Internet browser version installed on the computer? Built-in security checks and updated protection features will protect you against online theft tactics. The new browser will also detect if a website's security certificate has expired or the certifying authority is not recognised, and show you a security warning recommending that you don't open the website.

Remember to check that you are on a secure website before you submit any of your personal information to make for a safer online experience.

Creative Commons License This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Please view the republishing articles page for more information.