ONLINE SHOPPING WITH DEBIT/CREDIT CARDTHINGS TO REMEMBER
A USEFUL SET OF CREDIT CARD SAFETY TIPS FOR SHOPPING ONLINE
▪ The Internet has changed the way we shop.
▪ What was once done in malls and at brick and mortar stores is now down at home, on your computer or
phone (often pants-less).
▪ And while the world of e-commerce has brought with it a great deal of convenience, it’s also brought a
great number of new, often unseen threats.
▪ Cybercrime is a rapidly growing threat to our society. And while it can take many forms, one of the most
common is phishing. Phishing is a practice where cybercriminals use social engineering tactics to create a
scenario in which you will give them personal or financial information that they can then exploit for their
own personal gain.
A USEFUL SET OF CREDIT CARD SAFETY TIPS FOR SHOPPING ONLINE
▪ This can be done via email, or – as is more common than you may think – by spoofing websites so
that users mistakenly believe they are at the right place, when in fact, they’re just having their
information stolen.
▪ This is where SSL Certificates come into play. We’re going to start by giving you a brief
explanation of how SSL helps to keep people’s personal information from getting stolen (in two
ways) before offering you some online shopping tips that will help you easily identify areas of risk
when using your credit card online.
WHAT IS SSL?
▪ SSL or Secure Sockets Layer is a web security component that functions in two ways. Websites
purchase SSL Certificates that enable encrypted connection between their users and them via the
SSL/TLS protocol. The SSL Certificate also adds an additional layer of security to the site in the
form of authentication.
▪ Let’s look at how each works.
SSL ENCRYPTION
▪ In a standard connection, served over the increasingly archaic HTTP, communication between a
user and website is not secure. Rather, it’s out in the open and can be intercepted or even
manipulated by third parties.
▪ This means that without SSL, any information you send to a website (financial data, personal info,
login details) can potentially be seen and stolen by a third party. SSL prevents this from happening
by encrypting connections so that only authorized parties can read it. This prevents data from
being stolen in transmission.
SSL AUTHENTICATION
▪ Authentication is the lesser-known function of SSL, at least to the general public. In order for a trusted
Certificate Authority to issue a certificate it has to verify the identity of the recipient. There are three
levels of verification: Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV).
▪ DV offers almost no validation, one must simply prove ownership over the registered domain. OV and
EV offer what is called business validation, where the CA verifies registered corporate details to ensure
that the company or organization is a legally registered entity acting in good faith.
▪ Now that you know a little bit about SSL here are some tips for online shopping that will help you avoid
trouble.
TIPS FOR SHOPPING ONLINE WITH YOUR CREDIT CARD
1. Check the Connection
2. Click the Padlock
3. Look for the Green Address Bar
4. Keep an Eye Out for Site Seals
5. Listen to your Browser
1. CHECK THE CONNECTION
▪ The first tip is simple, look at the address bar atop your browser window and
check the connection. You can see what type of connection you have by
looking at the beginning of the URL.
▪ If there is a green HTTPS at the front of the URL, you are on a website that is
using encryption—this means that your communication with the site is
protected.
▪ If you don’t see an HTTPS but rather just HTTP, you are on an unencrypted
website. Communication is not secure. Never give out personal or financial
information over an unencrypted connection.
2. CLICK THE PADLOCK
▪ Assuming your connection is encrypted, you should also see a padlock icon in the address
bar. This is a visual indicator of SSL. This icon is also clickable. When you choose to click the
icon you will see a window appear that will show you the SSL Certificate’s details.
▪ If you see registered company information that matches the website you’re on, then you’re
safe. This is the legitimate website of said company and they are using encryption. If,
however, you don’t see those details and just the name or alias of a website owner, be very
wary.
▪ This means that the site only has DV SSL, you can’t be 100% certain of who is on the other
end. Most reputable businesses, financial institutions, insurance companies, healthcare
organizations, etc. have at least OV, or even EV, SSL.
3. LOOK FOR THE GREEN ADDRESS BAR
▪ In truth, the green address bar is no longer green. Nowadays the organization’s name just appears in green text (along with its
country of origin) beside the URL in the address bar.
▪ Still, this is a telltale sign: it means you’re in the right place. The green address bar is a feature of EV SSL certificate, the
highest level of authentication.
▪ Without even needing to click a padlock icon you can already rest assured that you’re at this company’s official website and
that you’re on a secure connection. Green means go.
4. KEEP AN EYE OUT FOR SITE SEALS
▪ Site Seals are images, some static, some dynamic, that are displayed at key points on websites to advertise encryption.
You’ve likely seen the Norton Secured checkmark before, that’s a site seal. Companies and Organizations deploy these on
homepages and checkout pages to offer customers extra assurance.
▪ While some are static and can’t be, most site seals are dynamic which means they can be clicked to display certificate details.
Learn to click on a site seal whenever you see one.
▪ If you see registered business details, make sure they match the information you saw when you clicked the padlock icon. If
everything checks out, you’re good to go. If not, be cautious.
5. LISTEN TO YOUR BROWSER
▪ While the previous four tips should be all you need to avoid getting phished when shopping
online with your debit or credit card, there’s one last tip that’s worth considering too: always
listen to your browser. The browser community makes security a top priority and is always
working to identify malicious sites that have been designed to trick or harm people and
their computers. If your browser prompts you with a warning about your safety when trying
to access a site, listen! Don’t ever click past a warning.
▪ Just skip that site for now. If it was a mistake, chances are the IT people at that company are
aware and working to fix the problem. In that case, the warning will be gone within a few
hours or days. Otherwise, there really is something wrong with that site and you need to
avoid it completely. Either way, heed your browser’s warnings. It’s not prompting you with
one to ruin your good time, it’s trying to keep you safe!
FOR MORE DETAILS ON ONLINE SAFETY
Blog: cheapsslsecurity.com/blog
Facebook: CheapSSLSecurities
Twitter: SSLSecurity
Google Plus: +Cheapsslsecurity