Security in online payments is very important, as is recognizing secure sites from non secure sites. Thankfully there are some signs which help indicate whether or not a site is secure.
The first thing we are told to look for to make sure we are dealing with a secure website is the green padlock (as in the image) – we look for this sign as it tells us that the connection is secure and that the sites identity has been verified by a trusted third party.
We are also told to look for https:// in the address bar. This is highlighted in the screen grab below
To understand what this is first we need to understand a couple of basic terms:
Http is the name of a protocol (computer rule) which governs how messages are formatted and transmitted.
SSL/TLS(Secure Sockets Layer/Transfer Layer Security) – encryption protocols which provide communication security over the internet. It allows for message/data confidentiality.
https (Hypertext Transfer Protocol Secure) is the layering of http on top of SSL protocol – essentially adding the security capabilities of SSL to HTTP.
But why? Simply put it is to increase security and prevent hacking, primarily man-in-the-middle attacks and wiretapping. HTTPS allows encrypted communication during transmission over the Internet so that an unauthorised party cannot read or tamper with the communication.
When completing transactions online, looking for these basic signs and making sure the site is a reputable one can give us peace of mind.
Man-in-the-middle attacks – these are attacks whereby communications between two systems are intercepted e.g. client & server. The original connection is split into 2, one between the server and the attacker and the second between the client and the attacker – this means the attacker can see the entire conversation and can input new messages. [put simple illustration in to explain]
Wiretapping – this is the monitoring of conversations and can be done passively, whereby conversations are monitored or actively, whereby the conversation is affected or altered by the attacker.
Next up we’ll deal with terms we often hear in discussions on payments such as PCI Compliance…