Your Credit Card Company’s Website is NOT Secure!

October 10th, 2006

I’ve heard this a few times recently: that the homepage of your credit card company is not secure because the URL doesn’t begin with https://

Unfortunately, this rumor has been perpetuated by people who know just enough to be dangerous, but not enough to be right 100% of the time.

While it’s true that looking for the ‘https’ is a quick way to check for an SSL (Secure-Socket Layer) certificate, it’s not the end-all way of finding out which sites are secure, and which are not. Technically, https only indicates that the information was sent to you over a secure connection, not that you are sending over a secure connection. What really happens is that the form into which you enter your login ID and password encrypts your information before it leaves your computer.

In layman’s terms: the web page doesn’t need to be secure because they’re not sending you anything yet, but your information is scrambled and encoded before you send it to them.

If you are ever suspicious of a website’s security claim, and you are using the FireFox browser (which you should be anyway, more below*) you can go to Tools > Page Info then click the ‘Security’ tab. This page will tell you if the URL is secure, and what level of security they are using (companies that handle credit cards will use at least a 128-bit encryption level, if not 256).

* FireFox is a much more secure browser than Internet Explorer. It blocks pop ups, refuses the automatic installation of software, and just generally does a better job of keeping the web clean. Plus, you can get all kinds of nifty (free) extensions to enhance the browser features. FireFox works on both Windows and Macintosh machines, and it’s free!

To download the FireFox browser, you can use any of the links in the footer of this website.

Entry Filed under: Financial Myths
Related Topics: