creditcard security

A useful set of credit card safety tips for shopping online

The Internet has changed the way we shop.

What was once done in malls and at brick and mortar stores is now down at home, on your computer or phone (often pants-less). And while the world of e-commerce has brought with it a great deal of convenience, it’s also brought a great number of new, often unseen threats.

Cybercrime is a rapidly growing threat to our society. And while it can take many forms, one of the most common is phishing. Phishing is a practice where cybercriminals use social engineering tactics to create a scenario in which you will give them personal or financial information that they can then exploit for their own personal gain.

This can be done via email, or – as is more common than you may think – by spoofing websites so that users mistakenly believe they are at the right place, when in fact, they’re just having their information stolen.

This is where SSL Certificates come into play. We’re going to start by giving you a brief explanation of how SSL helps to keep people’s personal information from getting stolen (in two ways) before offering you some online shopping tips that will help you easily identify areas of risk when using your credit card online.

What is SSL?

SSL or Secure Sockets Layer is a web security component that functions in two ways. Websites purchase SSL Certificates that enable encrypted connection between their users and them via the SSL/TLS protocol. The SSL Certificate also adds an additional layer of security to the site in the form of authentication.

Let’s look at how each works.

SSL Encryption

In a standard connection, served over the increasingly archaic HTTP, communication between a user and website is not secure. Rather, it’s out in the open and can be intercepted or even manipulated by third parties. This means that without SSL, any information you send to a website (financial data, personal info, login details) can potentially be seen and stolen by a third party. SSL prevents this from happening by encrypting connections so that only authorized parties can read it. This prevents data from being stolen in transmission.

SSL Authentication

Authentication is the lesser-known function of SSL, at least to the general public. In order for a trusted Certificate Authority to issue a certificate it has to verify the identity of the recipient. There are three levels of verification: Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV). DV offers almost no validation, one must simply prove ownership over the registered domain. OV and EV offer what is called business validation, where the CA verifies registered corporate details to ensure that the company or organization is a legally registered entity acting in good faith.

Now that you know a little bit about SSL here are some tips for online shopping that will help you avoid trouble.

Tips for Shopping Online with your Credit Card

These tips will help you shop safely via the process of elimination. If certain things don’t check out, you should stop what you’re doing and leave the website immediately. It’s better to be safe than sorry when it comes to things like phishing, and by extension financial losses and identity theft.

Check the Connection

The first tip is simple, look at the address bar atop your browser window and check the connection. You can see what type of connection you have by looking at the beginning of the URL. If there is a green HTTPS at the front of the URL, you are on a website that is using encryption—this means that your communication with the site is protected. If you don’t see an HTTPS but rather just HTTP, you are on an unencrypted website. Communication is not secure. Never give out personal or financial information over an unencrypted connection.

Click the Padlock

Assuming your connection is encrypted, you should also see a padlock icon in the address bar. This is a visual indicator of SSL. This icon is also clickable. When you choose to click the icon you will see a window appear that will show you the SSL Certificate’s details. If you see registered company information that matches the website you’re on, then you’re safe. This is the legitimate website of said company and they are using encryption. If, however, you don’t see those details and just the name or alias of a website owner, be very wary. This means that the site only has DV SSL, you can’t be 100% certain of who is on the other end. Most reputable businesses, financial institutions, insurance companies, healthcare organizations, etc. have at least OV, or even EV, SSL.

Look for the Green Address Bar

In truth, the green address bar is no longer green. Nowadays the organization’s name just appears in green text (along with its country of origin) beside the URL in the address bar. Still, this is a telltale sign: it means you’re in the right place. The green address bar is a feature of EV SSL certificate, the highest level of authentication. Without even needing to click a padlock icon you can already rest assured that you’re at this company’s official website and that you’re on a secure connection. Green means go.

Keep an Eye Out for Site Seals

Site Seals are images, some static, some dynamic, that are displayed at key points on websites to advertise encryption. You’ve likely seen the Norton Secured checkmark before, that’s a site seal. Companies and Organizations deploy these on homepages and checkout pages to offer customers extra assurance. While some are static and can’t be, most site seals are dynamic which means they can be clicked to display certificate details. Learn to click on a site seal whenever you see one. If you see registered business details, make sure they match the information you saw when you clicked the padlock icon. If everything checks out, you’re good to go. If not, be cautious.

Listen to your Browser

While the previous four tips should be all you need to avoid getting phished when shopping online with your debit or credit card, there’s one last tip that’s worth considering too: always listen to your browser. The browser community makes security a top priority and is always working to identify malicious sites that have been designed to trick or harm people and their computers. If your browser prompts you with a warning about your safety when trying to access a site, listen! Don’t ever click past a warning. Just skip that site for now. If it was a mistake, chances are the IT people at that company are aware and working to fix the problem. In that case, the warning will be gone within a few hours or days. Otherwise, there really is something wrong with that site and you need to avoid it completely. Either way, heed your browser’s warnings. It’s not prompting you with one to ruin your good time, it’s trying to keep you safe!

Important Reading Documents

  1. Tips for Safe Shopping this Holiday Season
  2. Why Trust Seals Play a Vital Role on E-commerce Websites
  3. Top Financial Benefits of the Green Address Bar

Comodo SSLYou understand how the SSL Certificate encryption helps us to keep the website and ecommerce transactiosn secured against the data breaches and cyber attacks.

Author

Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.