It is essential to check whether a website is secured and verified through valid security certificates so that you will not fall prey to a phishing scam

Moneylife has regularly published articles of fraudulent emails and phishing scams. The Reserve Bank of India (among other statutory bodies and financial institutions) regularly issues notices and advertisements to make the public aware of such scams which can lead to theft of confidential personal data.

Therefore it becomes essential for various e-commerce websites and online banking sites to use security certificates to establish their genuineness. With phishing attacks increasing daily—in number and sophistication—it becomes essential for one to check the authenticity of the website before sharing confidential details.

For a secured website, it is necessary for it to have a Secure Sockets Layer (SSL). “SSL encrypts the data between the server (where the site is hosted) and the client (the PC from where you are browsing the site) to ensure security of the data transferred. Even if a hacker manages to access the content, the data which he gets would be useless for him because it is encrypted,” said Zeeshan Khan, a software development engineer, at a Noida-based IT consulting company.

He further said, “SSL is mostly used where transactions must be secure like a banking site. Their address will always start with "https://..." and the normal ones are "http://..,” this is one of the easiest ways to judge if a website is secure.

A more advanced version of SSL certification is an Extended Validation SSL (EV SSL) certificate. So what’s the difference? Mr Khan told Moneylife, “The difference between SSL and EV SSL is that the latter has some added security features. If you ever noticed when you access a certain secured site, the address bar of your browser turns green—this signifies it is EV SSL certified. Even if a site is SSL encrypted ("https://..."), it may or may not turn the address bar of the browser green indicating whether or not the site is EV SSL encrypted.” An SSL certificate just validates that the website is secure whereas an EV certificate confirms company information and includes, but is not limited to: company name, domain name, government business registration number and business address. These details can be viewed by clicking the padlock in the address bar of the browser.

EV SSL certificates work with high security Web browsers to clearly identify a website’s organisational identity. EV certificates require that organisations go through a rigorous validation process that meets the Extended Validation guidelines established by the CA/Browser Forum, a voluntary organisation of certification authorities (CAs) and Web browser vendors, to combat these threats. In addition to confirming domain name ownership, the process includes authenticating the authority of the contact person requesting the certificate, verification of the business with government or third-party business registries, and other methods to assure the legal and physical existence of the business.

Therefore EV certificates give the consumer an added level of trust and confidence. But how many e-commerce sites and banking sites actually use EV SSL certificates? Surprisingly, not many. What could be the reason? Mr Khan says, “EV certificates are costlier compared to normal certificates. One would prefer the cheaper version as the task of securing your data is accomplished by both certificates except that EV certificates give the user more confidence that he/she is at the right place and that no one is phishing.” Therefore if you visit an EV-certified secured site, it just shows that the entity has gone a step ahead to enhance customer satisfaction.

WHAT THE COLOUR OF A SECURITY STATUS BAR INDICATES

The colour of the Security Status bar tells you whether the certificate is valid or not, and it displays the level of validation that was performed by the certifying organisation.

The following table describes what the Security Status bar colours mean.

Colour    What it means

 Red         The certificate is out of date, not valid, or has an error.

Yellow    The authenticity of the certificate or certification authority that issued it cannot be verified. This might indicate a problem with the certification authority’s website.

White      The certificate has normal validation. This means that communication between your browser and the website is encrypted. The certification authority makes no assertion about the business practices of the website.

Green     The certificate uses extended validation. This means that communication between your browser and website is encrypted and that the certification authority has confirmed the website is owned or operated by a business that is legally organised under the jurisdiction shown in the certificate and on the Security Status bar. The certification authority makes no assertion about the business practices of the website.

(Box Sourced from Microsoft)