Checking that a Site is Secure

So you are considering making a payment over the internet?

To safely make a payment using the internet you need to know that your payment is being made to the correct person or company and cannot be intercepted by a third party.

So how do we know that this is the case? Our browser can tell us.

In order for your payment to be secure, the person or company that you are paying must have set their page where they ask for your credit card number on a secure site. A secure site is one that cannot be accessed by a third party who wants to steal your credit card number.

There are two things to check to make sure that the page where you are about to enter your credit card number is a secure site.

  1. The site address commences with HTTPS instead of just HTTP.
    HTTPS stands for "Hyper Text Transfer Protocol with Security" and is the first indicator that the page is on a secure site.
  2. The common browsers (Internet Explorer, Netscape, Opera) and probably many of the others also display a padlock symbol that also indicates that the page is on a secure site. Note that some browsers display this symbol with the padlock open to indicate that the site is not secure. In all cases a secure site is indicated by a closed padlock.

So now we know that the page is on a secure site, but how do we know that the page actually belongs to who we think it does and that we are not actually on a duplicate of the site that was set up by some unscrupulous person to steal our credit card details? After all, anyone can set up a secure site if they want to.

To verify that the site belongs to who we think it does, we click on the padlock symbol. This should display a security certificate issued to the person or company whose site you are on, confirming that you are actually on their site. This certificate is issued by a "trusted third party". What this means is that you are trusting the issuer of the certificate that the site belongs to who they say it does.

Verisign is a company that was specifically set up to verify that companies are who they claim to be and issues certificates to that effect. All of the major international companies and many others will have certificates issued by Verisign. Verisign goes to a great deal of trouble to ensure that they only issue certificates to the people entitled to have them. Apparently there were a couple of certificates issued incorrectly to supposed Microsoft employees who weren't but this is claimed to be the only time that Verisign has issued certificates in error.

Not all companies asking for payment on a secure site may have certificates, or they may have been issued by a different third party. You might want to check out our Checking Root Certificate Authorities page for information on how to find out which issuing authorities your browser thinks you should trust. Whatever you actually find out when you check that the page is on a secure site and that it either does or doesn't have a certificate, you have to be the one to make the final decision as to whether you will enter your credit card details.

This information is provided to assist you in determining how secure payments that you wish to make over the internet may be. Felgall Pty Ltd and its staff accept no responsibility for the results of any actions that you may take based on the information provided on this page.


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow