Follow these tips to keep data confidential.
When logging on to bank online or submit an order in an online shop, you enter sensitive information on the provider’s website.
Naturally, you want to be sure that the data lands in the right place, so you should know how to recognize a secure data transfer.
If confidential information – such as the numbers on a credit card – is entered, there are two potential risks.
- One is that the website conceals criminals that link you to a fake but seemingly genuine site for the provider, such as a bank or an online shop. This is how phishing attacks work, for example.
- The data you enter, in this example a credit card number, is intercepted and read online on the way from your computer or smartphone to the provider’s server. Unbeknown to you, the information falls into the hands of the criminals.
Make sure that the data transferred between your browser and the provider’s server is secured with a so-called certificate, and that the certificate is up to date. It is like certifying that a document is genuine. At the same time, it provides a basis for encrypted communication. The data is coded rather than sent in plain text. This process makes use of the SSL protocol.
These characters signal that a website is trusted
- Check the address line in your browser. If the connection is secure, “https” will appear, rather than “http”.
- The browser will also display a lock icon in the address field, indicating an encrypted and therefore secure connection. Some programs also signal this type of connection with a green color or the word “SECURE”.
- If you click on the lock icon, you can see details about the connection and the certificate used. You will also find information about the security level and type of certificate there.
If the browser does not display this information, the connection between your computer and the provider’s server is not encrypted. Under no circumstances should you enter any confidential information.
More about the topic: What you need to know about certificates
Certificates are issued by authorities approved to do so. The browser saves the issuer certificates (“root certificates”) of approved companies. This allows the browser to check later whether the certificate of a website is valid and correct.
Certificates for websites have different security levels. They indicate how thorough the scanning process will be ahead of display.
The highest level is “extended validation” certificates. These check the commercial register and the registered office of the company, among other things. If you find this kind of certificate, the browser will not only show a secure connection; it will also show the name of the company in the address line.
The second-highest level is “organizationally validated” certificates. They are only issued to applicants that are listed in the commercial register. This gives users reliable information about who is operating the sites.
The lowest level is “domain-validated SSL certificates”. Applying for them involves jumping through fewer bureaucratic hoops. They verify whether the certificate applicant has technical access to the server.