How Can You Tell if a Website is Secure?

• in categories: advice • by: Michelle Balestrat

With the ever-increasing amount of fraud online, the pages you visit might not always be as they seem. More than ever, identifying whether or not you’re connected securely to a website has become an essential skill.

A combination lock guards a wooden door.

Thankfully, there’s really not much to it. Once you know what to look for, your trained eye can save you (and your wallet) from a world of hurt.

Here’s our guide to sussing out website security like a pro.

What’s “secure”, anyway?

We’ll admit, the concept of a ‘secure’ website can be a little lofty. Put simply, a secure web site is one with an active SSL connection. Let’s delve into exactly what this means, and why you need to insist on it.

When you view a web page, information is sent from your computer to the web server, and from the server to your computer. When this connection is made without security, the information you’re sending and getting will be in plain text – and thus, openly readable by anyone who happens to intercept it.

But, the plot gets thicker! In our initial example, we were a little too simplistic. Instead of just communicating with a single server, your computer is actually connecting to many servers in order to reach its destination.

Want to see this in action? If you’re a Windows user, hit the Windows key and letter R on your keyboard. In ‘Run’, type ‘cmd’ and hit enter. From the command prompt, type in:

tracert www.google.com

What your computer then spits out is a list – each entry on this list is a computer, router or switch that your computer has just sent information to. At any of these points, your data might have been saved. It’s not unheard of to see up to 30 entries in this list, so this should give you an idea of just how far away from home your data might be venturing.

tracert command running on Windows CMD.
tracert command running at Windows' command line.

We really can’t (and don’t) want to stop this data from travelling, as this would mean the end of the Internet as we know it. So, what can we do? The answer lies in encrypting the data, so that anyone who happens to see it won’t be able to read it. (Don’t know what encryption is? Click here to get up to speed!)

The encryption created for this task is called SSL, short for Secure Sockets Layer. It makes use of a complex system of key exchanges between your browser and the server it’s communicating with, and encrypts the data before any of it is actually sent. Thus, to have a secure connection to a site, you’ll need an active SSL connection.

Alright, got it. So what do I need to do?

1. Check the Page’s URL.

A really easy way to tell if you’ve got yourself a secure connection is to take a look at the address bar. Non-secure sites will begin with ‘http://’.

However, a secure site will begin with ‘https://’. Make a note of that final ‘s’ – it’s important!

You need to insist on this ‘s’ whenever you’re shopping, using social media, banking or entering any information about yourself into any website, anywhere. Take no chances. Period.

2. Look for the Lock.

An industry standard in web browsers is to display a ‘lock’ icon whenever you’re securely connected to a site.

The position of this lock will depend on which browser you’re using, however in Google Chrome, Firefox and IE, you’ll find it on the left-most point of the address bar.

Other – perhaps older – browsers might display it on the bottom left or right-hand corner.

3. Investigate the SSL Certificate

You also need to know that not all SSL Certificates are created equal. Some types are easier to get than others – for example, Domain Validation (DV) is the easiest to get, and only validates ownership of the domain, rather than the company that’s requesting the certificate.

If crooks decided to buy ‘bank0famerica.com’, they’d be able to get a DV certificate, simply for owning the domain. However, the highest level of validation, Extended Validation (EV) is the most secure. Sites with this type of certificate will need to prove their identity as a business as well as ownership of the domain.

Depending on your browser, sites with EV certificates will also cause your address bar to display in green, along with the lock icon. That little lock isn’t just a pretty picture, either. Click on it to display information about the company, and who’s securing the connection.

Remember: some fraudulent sites will try to emulate this lock icon on their own page, so know where yours is on your browser and your eyes won’t be fooled.

4. Think about your Payment Method

On any e-Commerce site, it’s important to be mindful of which payment method you’re using, and whether it gives you the best chance of a chargeback in the case of a dispute.

If the site you’re purchasing from is taking your credit card information over an insecure connection, this is a red flag. Also be careful with bank transfers if you’re purchasing for the first time from a website – it can make getting your money back a difficult prospect.

Methods like PayPal and even your credit card will offer an extra layer of protection to your purchase should anything go wrong.

PayPal in particular has a money-back guarantee and doesn’t require you to reveal personal financial details. Due to strong buyer protection, disputes are often stacked in favour of the shopper, rather than the seller. This makes it relatively easy to get your money back.

Your debit card, on the other hand, is probably best left alone – credit cards provide much better protection against fraud, since it’s not your money that’s being used. In the event of a problem, it’s far easier to get your money back via a credit card.

Boost your breach protection!

Email Watchdog

Guard your online accounts.
  • 10 and 50 email packs available.
  • Detailed breach notifications.
  • Watchdog Update email newsletter.
  • Priority email support.
Learn More

Business Watchdog

Protect your company’s accounts.
  • Protect all email addresses in your domain.
  • Detailed breach notifications.
  • Exclusive access to your domain’s breach status.
  • Watchdog Update email newsletter.
  • Priority Email Support.
Learn More