Recognizing a Secured Site
I was working on a site audit for a client as a part of a transition to a new CMS and server arrangement. As I started poking around to see how everything functioned, I noticed that their shopping cart's checkout screen -- the one that takes the customer's credit card info -- is completely unsecured. The site was launched late last year and it's amazing to me that in that time no one has noticed. They've done plenty of sales through their site, so what this says to me is that people still don't know how to tell if a site is secure.
I'll skip the technical details on what and how of site security and go right to how to detect its presence. Internet Explorer is by far the most used browser, so that's the example I'll provide. On any page that is asking you to provide sensitive information (credit cards, Social Security numbers, etc), look for these things:
In the address bar of your browser window, look for the "s" in the http:// prefix.
In the status bar at the bottom of your browser window, look for a little lock icon. This can be helpful if the site you're using has used a method to display a window without the address bar.
The address bar example translates pretty directly to other browsers, and all browsers give you some sort of lock icon on secured pages. If you don't see these things, you really shouldn't go any further. If you're feeling like a good citizen, call the company and let them know that there seem to be a problem with their site security.
If you've sent sensitive info over the web through unsecured pages in the past, I wouldn't panic. With the volume of traffic online, the chances that someone was able to intercept that info is pretty slim. You should probably keep an eye out for mysterious activity on your account, but you were already doing that anyway, right?
Phil Hertzler | 06.06.06 | 0 comment(s)
Reader Comments
No comments on this entry right now.
