Should I Buy from This Site? How to Know if a Website is Secure
The majority of consumers shop online to save money and avoid crowds. In fact, 196 million Americans shopped online in 2014; lots of personal information—phone numbers, credit card number, and addresses made their way on the Internet. This personal information that you type into a web browser is converted to binary data and this data translates to dollars for cyber criminals.
Protecting your data
Online eCommerce transactions are to hacking and attacks; online shoppers are vulnerable to scams like phishing or fraudulent websites, Man-in-the-Middle attacks, spam/phishing emails, pop-ups, and social engineering attacks.
Once you give an online eCommerce retailer your information, it’s their job to protect the data that you gave them, so it’s important that you be careful who you trust with your information online. But how do you know who to trust? How do you know if a site is legitimate and if you should give them your data?
How to know if a Website Is Secure
Before giving any information to a website, you should make sure it is secure. Below are some quick tips that you can use to tell if a site is secure.
Check the SSL Certificate
When you vist a website where you are going to purchase something online or conduct a banking transaction, you will want to look at the URL of the website (Address Bar where you type the website name: often types you have have click on a bookmarked website). If the address bar contains “https” instead of “http” it means the site is secured using an SSL Certificate (the “S” stands for secure). SSL Certificates secure all of your data as it is passed from your browser to the website’s server. In order for an entity that conducts business online will get an SSL Certificate, the company must go through a validation process.
However, not all SSL Certificates are equal; there are a few different levels of validation; the lowest level of validation, is a Domain Validation (DV) certificate. DV simply validates ownership of the domain and not the legitimacy of the organization requesting the certificate. In other words, if you visit a website with the domain “amazon.com” and it contained a DV certificate the website would contain a very secure connection, but the business has not been verified to be legitimate in conducting business. You want the connection to be fully secured (Data Encrypted and Trusted)
The highest level of validation, Extended Validation (EV), is the safest and most reliable. With Extended Validation the company requesting the certificate has to prove their identity as well as their legitimacy as a business. You can tell if a site has an EV certificate by looking at the address bar. Browsers show a green address bar with the company name and a lock icon for websites with EV certificates, as shown in the picture below. These are the sites that you will want to pass your personal information to; however, not all websites and business will have an EV certificate. Just be cautious when conducting transactions with websites that are only using DV Certificates.
<img class="aligncenter size-full wp-image-2113" src="http://www.artelisys.com/wp-content/uploads/2015/07/ev21.jpg" alt="ev21" width="672" height="291" srcset="http://www.artelisys.com/wp-content/uploads/2015/07/ev21 next page.jpg 672w, http://www.artelisys.com/wp-content/uploads/2015/07/ev21-300×130.jpg 300w” sizes=”(max-width: 672px) 100vw, 672px” />
Hackers will sometimes create websites that mimic existing websites and try to trick people into purchasing something on their phishing website site; these sites often look exactly like the existing website.
For example, a hacker would purchase the domain name “amaz0n.com” (the zero is used to trick you) and sets up a website at that location that looks exactly like the amazon.com website. They buy a basic certificate for their newly created website; the idea is to send you emails on promos or merchandise at discounted rates (Some may even appear to be too good to be true) and try to trick the consumer to purchase items or log into their accounts on the mimic phishing site.
To avoid these types of hacking attempts, always look at the domain of the site you are on. If you get an email from your bank or other online vendor, don’t click the link in the email. Type the domain into your browser to make sure you are connecting to the website where you intend to be.