As we all know (well, all internet savvy people know) you should never submit personal details of any kind over clear HTTP connections. You should always look for the padlock that signifies HTTPS ( e.g. ). For the people that go the extra mile, you should also verify the validity of the SSL certificate associated with the page you are on.
This information has been standard advice for years so i’m not teaching anyone anything new here.
This is all fine in theory. However, I have been amazed by the number of sites recently that seem to have URLs that bear no resemblence to the site that you have accessed. For example, one of my credit cards is issued by a major UK supermarket. However, when trying to sign into their online banking, the URL that I am presented with is “https://cardsonline-consumer.com”. Without some digging into the properties of the X.509 certificate, it is not obvious that I am on the correct site and that I haven’t been redirected to some hacking site. Similarly, today I went to purchase a gift for a friends birthday from http://www.frangrancedirect.co.uk and in order to pay online I was redirected to “https://www.ecgb.com”. As with the previous example, there was no obvious indication that this was the correct site until I traced it back to a UK bank. I realise that many of these services are hosted by third parties, however, there are a number of ways that this problem could be overcome easily.
You would have thought that with all the hype about the security of internet transactions that there have been in the last few years, companies providing these transactions would put a bit more thought into making the process of confidently shopping online, easier for Joe Public.