Recognising Valid Secure Sites

This page was originally written by Donna O'Hanlon on 12 Sep 2007 as an article for Oyster Web.

There’s one major thing that every internet shopper should know about and be able to spot – If it is safe to give your credit card details to a website. How do you know it’s safe? By the ability to tell the difference between a secure and non secure website. Submitting personal and financial details online can pose a danger to a user's security. This article gives information on how to spot when it’s safe to give you details online.

A secure site operates from a secure server. A secure server will encrypt any information being sent and received by a site, making it impossible for criminals or hackers to intercept the information and steal it for their own use. So if credit card details are entered into a secure site, the data will be sent to the server in unreadable code. It is imperative for any online retailer to have a site with a secure page for make online payments. It protects customer information and the reputation of the retailer.

How can the average internet user recognise a secure page? How do they know it is safe to give their personal and financial details online?

The features of a secure webpage can slightly vary between browsers, but the main features are more or less the same. An ‘HTTP’ connection is used for a regular webpage, whereas an ‘HTTPS’ address indicates a secure connection. The ‘S’ stands for secure.

The address bar of your browser shows HTTPS instead of HTTP:

Every trusted site will have an SSL certificate. This means that any sensitive information that's given online can be trusted to go a secure server. The certificates are awarded by security bodies such as VeriSign. If an HTTPS page doesn't have a valid SSL certificate it will display this message (or a similar message, depending on your browser):

This doesn’t necessarily mean that the site is not trusted. It could mean that the certificate is no longer valid and requires renewal. However, if you decide to submit personal details to an HTTPS site with no certificate, there is no guarantee that your information will be sent to a trusted server, thus resulting in sensitive information being intercepted and stolen.

Another characteristic of an HTTPS page is the lock symbol which is a feature of every browser, although the position of the lock symbol may vary depending on which browser used.

The lock symbol on Internet Explorer 6:

The lock symbol on Firefox 2.0:

Additionally, Internet Explorer 7 highlights the browser bar in green if you are on a secure site with a verified certificate, and red if you are on a secure site that is not verified.

All of these things are definitely worth remembering when submitting personal details to a website, especially if a user is new to online shopping or banking, etc. Just because a site looks professional and the company seem reputable, do not assume that your details will arrive safely encrypted at the other end. Always check for a secure connection on the web page on which you will be submitting your credit card details.

One final note is that a whole website does not need to be on a secure connection for you to be safe, only those pages that ask you for personal data, such as your credit card information.