Checking Web Site Security
Posted: March 05, 2009 » by Lead Architect » in E-commerce; Tips and Support
You should ALWAYS check a web site’s security before submitting sensitive information like credit card or social security numbers. You may think that just because a business is large or well known that it is safe to purchase from their web site, but that is not true. It all comes down to the web site’s security certificate. These certificates have to be renewed each year and even the best businesses sometimes mistakenly allow them to expire. We’ve even come across businesses without any security at all that are collecting sensitive information!
A Secure Site Certificate, also known as Secure Sockets Layer (SSL) is the industry standard technology used to create an encrypted link between a web server and a browser. This link protects the privacy of all data passed between the web server and a user’s browser. When information is submitted from a user’s computer, through a web site, to a web server, there are often 20-30 hops that the data makes to get from point A to point B. The data is vulnerable to interception at each of the hops unless it is secured by SSL.
Checking Security in the Browser
When a user connects to a web server location using SSL, the browser displays the following:
1. the URL in the address bar changes from ‘http://’ to ‘https://’. The “s” in the address indicates a secure connection and
2. a “lock” icon at the bottom right side corner of the browser window. (NOT an image in the web page, but an actual part of the browser program.)
 Internet Explorer Browser Lock |
 Firefox Browser Lock |
Once you notice the appearance of ‘https://’ of the lock icon, it is important to further investigate. Double click on the lock icon and check to see that (1) the certificate is issued to the same web site you browsing and (2) that the certificate validity date has not passed. Browsers often try to alert you to problems with a web site’s security (with a pop up window or on screen message), but lack of a warning is no guarantee that things are safe.
 Internet Explorer Browser Certificate |
 Firefox Browser Certificate |
 |
Additionally many SSL Certificate vendors (Verisign, GeoTrust, etc.) provide “site seals” that can be embedded and shown on web pages. These seals usually have a dynamic date/time stamp or special code on them that you can use to further verify validity. These seals are not enough alone to verify validity, but they often add to customer confidence when making online purchases. |
If your web site is taking payments or other sensitive data online, you need to be using this technology and you need to be sure that it is correctly installed and regularly renewed. Netdrafter can help with this process. Contact us right away if you need help establishing a secure connection for your business web site or if you have questions about safely submitting your own information online.