While there has been a campaign to educate online shoppers and eCommerce sites about the importance of proper security, there continues to be some confusion and perhaps a misunderstanding about the different signs and symbols of a website using SSL certificate security.
It can also be confusing as different web site browsers will have different symbols or slightly different formats in displaying the secure SSL padlock. As this is an essential component of cyber security for anyone using the internet and for business owners to understand consumer shopping patterns, going over the basics will be important.
The Use of a Secure SSL Certificate
Any eCommerce site where there is the option to collect payment by debit or credit cards through the website is required to have a secure SSL connection. The Payment Card Industry Data Security Standard requirements stipulate this type of connection.
The use of an SSL certificate provides complete internet security for transmitting data through the use of encryption. The encryption occurs through a pair of keys. One key is public and used to encrypt the data from the browser, and the other key is private and is installed and secured on the server.
Only the matching private key on the server can decrypt the data encrypted by the corresponding public key. In this way, it is very much like a secure cipher with only one pair of people holding the keys to the encryption and decryption of the code. As long as the private key remains private and secure on the server, there is a full cyber security of the data transmitted between the client and the server.
Only a Certificate Authority can provide recognized, trusted and accepted SSL certificate. A Certificate Authority is an approved company that validates or verifies the information submitted by the website owner to obtain the security cert. With this third-party validation, computer security is trusted through the use of an SSL certificate. In other words, the Certificate Authority is responsible for saying,
“I am a trusted source (because of the auditing and industry standards required), I have verified the website is valid. Therefore the website can be trusted.”
To allow consumers and users to easily see a website is using this type of cyber security, a standard and recognizable symbol was chosen to represent security. That as the padlock, which is used on all kinds of websites using a secure SSL certificate. You may also see a site seal, which is provided by the Certificate Authority and used on the web page to help the consumer to identify the Certificate Authority issuing the certificate.
Typically, with many of these trust seals, you will have the ability to hover or mouse over or perhaps click on the seal to see more information about the certificate.
For greater clarification, let’s take a closer look at the various symbols you can see in the address bar. Remember, the HTTP on a standard and unsecured website will also change to HTTPS when the SSL certificate is present.
When using the Firefox browser website viewers will see a green padlock that is closed at the front of the address bar when a valid and current secure SSL certificate is in use. It shows a safe site using data encryption to send your personal and financial information.
A grey triangle at the bottom of the green padlock means the site itself is secure, but there may be components that are not secure (often images or links), which the browser is blocking.
A grey padlock is a warning in any form. Gray with a yellow warning triangle in the bottom means the site itself is not safe, but some elements may be. It is never recommended to transmit any data of type through these sites as it may open for hackers to see and capture.
The same applies to the grey padlock with a red strike through a line. It is only evident when your browser as been manually set to prevent Firefox from automatically blocking mixed security sites.
Chrome and Internet Explorer Browser
The green browser on Chrome (as on all other browsers) represents cybersecurity best practices with an SSL certificate in place. If you see the padlock with a yellow triangle, it is an indication that the SSL security is weak, usually because of mixed security issues on the site. Do not provide personal information through these pages. Anything in red means that the site is using an invalid or non-trusted certificate or that there is a problem with the security certificate. You will also get a browser warning on Chrome and other browsers as well.
Any padlock that is open or that has any additional symbol on or through the padlock should be treated as an unsafe site to share personal information. It doesn’t mean that browsing the website is dangerous, but if you do get a warning popup you may well be on a fraudulent or spoofing site, so never download or click on anything on those sites.
If you are not sure about a padlock symbol in the address bar on any browser, just hover the mouse pointer over the symbol, it will provide additional information. In the event you see an all green address bar with the green padlock, you are on the most secure site available, providing additional confidence and trust as well as cyber security protection.
Ashraf is a Technical Blog Writer from Comodo. He writes about information security, focusing on web security, operating system security and endpoint protection systems.