Webpage Security

In this electronic age, more and more content is being placed online and due to the lower overheads, online shopping is showing no signs of slowing in popularity. Because of the surge of online shopping and electronic transactions, there has been an equal increase in online fraud and data theft.

Recently, I had to provide information to someone to help them identify a legitimate website after they were tricked into thinking they had found a very healthy discount on items of jewellery from a brand who rarely discount their items. Unfortunately, the site was a fake, selling counterfeit goods and who subsequently sold personal data which led to unauthorised transactions on this individual's bank account.

I would like to help give you a few tips how to stay safer while shopping or sending financial information online.

 

The first thing to understand is how a web address is formed. In particular, the initial 'http' or 'https'. The small but significant difference is the 's'. This 's' stands for 'secure'. When a website displays any personal information such as account details, a log in page or a page where you enter payment information, you should always see this 's' in the address bar at the top of the page.

If you encounter a website without a secure connection for personal information, do not use it.

The two main browsers are Google Chrome and Microsoft Edge. These are the programs you use to view webpages. 

Take a look at this image, you will see a small '!' in a circle next to the web address. This is Google Chrome Alerting you to the fact the website is using a mixture of secure and insecure content.

Once you get to the page which asks for your details, in this case, your Internet Banking logon for HSBC, you will that the bar has changed. You will notice a name appears to the left of the address where the '!' was.

This name is the name associated with a special security certificate. A security certificate informs you who the true owner of the connection is who is requesting your information. In this instance, you can see the owner is HSBC Holdings and the name appears in green. This not only tells you the person requesting your information is HSBC but it also says that because the name is green, that it has been verified by a certificate authority to help assure its safety.

Using Microsoft Edge, you will see a similar thing when the certificate is verified. Edge does not inform you that the content is mixed however, it will only inform you if the site is secure. For this reason, I think Chrome is personally more informative.
The certificates can provide you with a host of information to ensure that you are in fact buying from who you think you are, you are logging into a website which you expect and that you data is secure.

Obviously, you must ensure you have up to date antivirus to prevent unwanted programs getting onto your machine which can harvest information but antivirus does not stop you from unwittingly entering your information into illegitimate websites so you must use your own intelligence to check these things.

These website can be very cleaver, they can even go to the extent of 'cloning' a website where a fake website copies the real thing to a high level of detail so you think you are using the legitimate website. Checking the security of pages will help you protect yourself.

In Chrome, if you see the '!' you can click on it to provide you with more information about what is going and what information is being used. You will see a popup which tells you if the website is using information, which information is being used and how.

You will see here that the site is using secure information and we want to find out more, so click the blue link which says 'details'...

 

 

 

When you click Details, you will see a new panel appear in Chrome. Click the 'View Certificate' button and you will see the full breakdown.

The Security Overview tells you that the page is secure which is reassuring but to be doubly sure, when you view the certificate, you can see that a company called Verisign has examined the certificate and it is a legitimate certificate owned by HSBC and that it is a valid one. 

This assures you that you are safe to use this website. 

In this example from Sainsbury, the page is not secure. What this means is that you need to use caution. As you can see, you need to be careful because it is 'Mixed Content' however, the site is using a 'Valid Certificate'.

What this means is that the content on the page such as photos, text etc are coming from a source this is not secure. By 'not secure' we mean that the connection is not encrypted or protected. This is actually safe. You only need a fully secure connection where the information being used is your secure data. Secure connections are slightly slower than a normal 'http' connection so many sites only use secure connections for the really important stuff.

Clicking on the 'View Certificate' button again shows that in fact, Sainsbury is using a valid certificate, authenticated by VeriSign. So, you are safe to use the website.

 

On Microsoft Edge, clicking on the green site name will give you a small popup which informs you of similar information and that the site is safe. Edge does not provide the level of detail about security that Chrome does. If you would like Chrome, we can install it and explain how to use it for you.

 

Now you know how to check a website for safety.

There are a couple of other things I would recommend all my customers to to keep their money safer online:

  • Have a credit card which you use for buying things online. Do not use a debit card. Banks are under no obligation to refund money taken on debit cards. In the case of fake goods or goods not delivered, or a refund not issued, they also have no obligation. With a credit card, the credit company is legally obliged to issue you the refund under certain circumstances and they then attempt to recover the money.
    • Keep the limit low on this card, for example £500
      • By keeping the limit low, if anyone takes money illegally, you will minimise the losses. If this is your debit card, you could potentially lose the entire contents of your current account.
    • Use this card for PayPal
      • PayPal is another level of security. If you can pay using PayPal, use your credit card and pay using PayPal so you have two levels of security on that single transaction.
    • Never make a payment if the site informs you it will make a number of transactions under the excuse they will charge you fees, no legitimate website will do this, this is usually a way of fraudsters to test your bank for successful transactions.
  • Use your bank to transfer the money after you have purchased on your credit card to pay off your credit card. If you buy an item on your card for £10.99, use internet or telephone banking to send £10.99 from your current account to your credit card so you don't accrue any interest for using your credit card. This way it doesn't cost any more but you are safer online.
  • Never store card details on websites. Never allow them to save the details for faster checkout in future.

About the Author

flummoxed