How Do I Know if a WebPage is Secure??

[Marty]

I was about to send an online order when I noticed there was no padlock in the bottom right corner, and also when I right click and click on "properties" it states the connection is "not encrypted".

Though the webpage states "Our online transaction is secure", and, "Order Pages are SSL secure pages".

What do you think...?

 

[sueellen]

If you bank with AIB using their [broken link removed] service should help.

 

[rainyday]

Right-click within the page and choose 'properties'. The Address or URL should start with h-t-t-p-s instead of the usual h-t-t-p (no hyphens in your example) if it is a secure page. But remember that the page security only tells you that your data is encrypted during transmission. It tells you nothing about how they are going to handle your data once they get it. If you have any doubt, don't send credit card info (unless you are using AIB's once-off card numbering system that Sueellen mentions).

 

[w0dgah]

Marty is right though

That order page should have been encrypted as a matter of course. well done for keeping an eye on that padlock .

Transactonline gives you one use disposable credit card numbers, its the absolute biz. I have been using it for 4 years and normaly have no problems with it.

 

[Marty]

>

Thanks for the replies.

I checked another website that I know is secure, and I noticed the httpsyou mentioned. I then checked this other site again and there's no httpsand there's no padlock on the page where they expect me to enter & send my card details from!

Think I'll just order from someone else...

 

[antifraud]

security

As part of my work I've seen many examples of clever fraudulent sites. In one case the site appeared to be [broken link removed] in the address bar. In reality this was a fake site that launched javascript that displayed a fake image that lined up with the address bar. I'd recommend that you always type in any online sites you use such as aib, amazon, etc. and never follow links you receive in your mail.

 

[Marty]

> security

Thanks "antifraud"

 

[raver]

security

If you do not see https, padlock or any approval badge (such as Verisign) on the page, then its certainly NOT secure.

 

[Guest]

security

> As part of my work I've seen many examples of clever fraudulent sites.

See this site for more examples:

www.antiphishing.org/

 

[jdwexford]

Re: security

If you do not see adlock or any approval badge (such as Verisign) on the page, then its certainly NOT secure.

Not quite true. The page where you enter your order does not have to be secure. The page after that certainly does.


So hypothetically you could have a web page served using .https.,displaying the padlock, asking you for credit card details. You hit submit, and it sends the data off using http,ie in the clear..

 

[Guest]

Re: security

Yes - for some reason many web developers still don't understand that making a page containing a form that collects sensitive information secure doesn't make any difference but making the page/URL to which that form is submitted secure IS vital.

 

[jdwexford]

Re: security

You know, I was just thinking..
Perhaps web browsers should change the icon to a padlock if you move the mouse over a submit button where the target script is secure ! (or even over a secure hyper link)

 

[Guest]

Re: security

I'm sure that you could write an extension for Mozilla FireFox to do that. If you want that feature in Internet Explorer then write to Bill!