Kathleen G. Kane  - Pennsylvania Office of Attorney General - Protecting Pennsylvania Consumers

 Click for the Spanish Translation

ssl graphicOn-Line Shopping (SSL)

How can I tell if a web page is secure?
Any time a web page asks you for sensitive information, you need to be able to identify if the page is secure or not.  The ability to recognize a secure web connection is extremely important as online fraud cases have increased substantially from year to year.  This FAQ is intended to guide you to safer online shopping.

What exactly do we mean by "secure"?
Any time you view a website, information is sent from your computer to the web server and from the web server to your computer.  The transmission of this information is normally sent in "plain text", meaning anyone would be able to read it should they see it.  Now consider this.  Each piece of information transmitted traverses many computers (servers) to reach its destination.

Each listing in the window is a different computer/router/switch (a "node" in networking terms).  Each "node" represents a point at which any data you send might be recorded.  It is not uncommon to see 20-30 listings.
Big deal, right?  Consider this the next time you type in a password or your credit card number.  This is the problem.  The solution to this problem is to encrypt this data for transmission.  Secure Sockets Layer (SSL) was created for this very purpose.

SSL uses a complex system of key exchanges between your browser and the server you are communicating with in order to encrypt the data before transmitting it across the web.  A web page with an active SSL session is what we mean when we say a web page is "secure."

ALL WEB PAGES ASKING YOU FOR SENSITIVE INFORMATION SHOULD BE SECURED USING SSL

How can I tell if a web page is secured?
There are two general indications of a secured web page:

1) Check the web page URL
Normally, when browsing the web, the URLs (web page addresses) begin with the letters "http."  However, over a secure connection the address displayed should begin with "https" - note the "s" at the end.

2) Check for the "Lock" icon
There is a de facto standard among web browsers to display a "lock" icon somewhere in the window of the browser (NOT in the web page display area)  For example, Microsoft Internet Explorer displays the lock icon in the lower-right of the browser window:

ssl lock icon IE

As another example, Mozilla's FireFox Web Browser displays the lock icon in the lower-left corner:

ssl lock icon firefox


THE LOCK ICON IS NOT JUST A PICTURE!  Click (or double-click) on it to see details of the site's security.  This is important to know because some fraudulent web sites are built with a bar at the bottom of the web page to imitate the lock icon of your browser.  Therefore, it is necessary to test the functionality built into this lock icon.  Furthermore, it is very important to KNOW YOUR BROWSER!  Check your browser's help file or contact the makers of your browser software if you are unsure how to use this functionality.