The first question I ask myself whenever there is a new website especially when it involves sharing personal data and payment details is; Can I trust this website?
That very question usually involves a series of mini investigation and questions. Let's take Winner's supermarkets for example.
- Do I know this brand? Does it have a strong reputation?
- Does this website really belong to Winner's?
- Is the website secure?
- Can I share my personal data? What will they do with it?
- Wait! Let me check the buying policies and FAQs section.
- Do I get a refund if I don't get my item? Who do I contact for the refund?
So, here I am writing about it especially now, because I can see all these new mobile apps and websites bouncing out of nowhere ready for business and it's pretty scary because I know I am not the only one asking these questions.
How do I know if the website secure?
To be honest, you will never really know but the easiest way to figure it out is by following these 3 steps.
1) Look for the https:// in the address bar
The "s" is very important as it means that the website is secured using an SSL Certificate. SSL Certificates secure all of your data as it is passed from your browser to the website’s server. Any company website that has an SSL certificate has gone through a validation process and can be trusted.
2) Look for the green padlock
The green padlock means that the SSL certificate is valid. Certificates are issued once the site owner's identity has be validated. ( Read more about this at love2dev. )
A green padlock indicates:
- You are definitely connected to the website whose address is shown in the address bar; the connection has not been intercepted.
- The connection between the browser and the web server is encrypted to prevent eavesdropping (i.e someone cannot steal information during transmission).
3) Check the issuer name (also known as CA)
A Certificate Authority (CA) (or Certification Authority) is an entity that issues digital certificates.
An example would be the below picture where I checked mcb.mu, lexpress.mu and asos.com websites' certificate issuer. All three of them have been verified by DigiCert.com and the DigiCert certification is among the top 10 in the industry.
Note that, the best certification are expensive but that's because they provide higher encryption level and conduct more verification on the organisation requesting an SSL certificate.
I checked the online shopping websites following the communique issued by the Government on the 26th of March 2020, which can also be found on the MCCI website.
What I learned about Let's encrypt certificates?
It is a free certificate and anyone can have it. So, I am a little disappointed with winners.mu because they could have invested a little more and get a recommended SSL/TLS certificate for their e-commerce website.
ordermanzer.mu and theshop.mu use Let's Encrypt as well. I have an account on ordermanzer.mu, I have ordered food and I like their service because they have a pay on delivery system. However, I would personally not be comfortable sharing my personal information especially when it involves banking information with an online website that uses a free SSL certificate or which is not secure.
Here are some screenshots:
It is a nice initiative but I don't understand why eshops.mu has websites such as MoKouran, CWA, espacemaison, ordermanzer.mu, ceb.mu, mysurprisebox.mu and caritas listed on its website when it doesn't host them. Wait, eshops.mu shows 11 websites and only 3 of are its clients. Help me here!
Anyway, there will be a lot of websites out there. Please be careful while doing online shopping. I received phishing/scam emails asking me for my personal banking informatil etc. Please be careful !
I hope that this blogpost will be useful to you.