Online dangers are growing with our love of online shopping. In fact, 79% of U.S. consumers say that they shop online more frequently now than they did before the COVID-19 pandemic. Although, it also has some risks and challenges, especially when it comes to paying with your credit card.
How can you tell if a website is trustworthy and secure for online payments? What does it mean when a website has HTTP or HTTPS in its web address? How does it affect your online security and privacy?
We'll get to those questions. Let's start by answering this one from Margaret from Fort Lauderdale, Florida.
"Does https mean the site takes credit cards and http is okay if they don’t take credit cards?" – Margaret Jane, Fort Lauderdale, Florida.
Margaret Jane raises an excellent question. Let's go over the difference between "HTTP" and "HTTPS" and whether it matters or not when you're paying with a credit card online.
What's the difference between "HTTP" and "HTTPS"?
The difference between HTTP and HTTPS is that HTTPS uses a SSL (Secure Sockets Layer) certificate to encrypt all data transfer while HTTP is not secured with an SSL certificate and is much more open to hackers stealing sensitive information.
HTTPS is internet security geek-speak for Hypertext Transfer Protocol Secure, and it functions similarly to HTTP, except that it works to protect communication between web servers and browsers when transporting data. A website that begins with HTTP does not have this same layer of protection.
It’s all about the letter "S"
In the simplest of terms, imagine you are sending a letter to your friend through the mail. HTTP is like sending a letter in a normal envelope. It is not very secure, and anyone who intercepts the letter can open it and read your message.
HTTPS is like sending a letter in a locked envelope. It is very secure, and only you and the recipient can open it and read your message.
Why is HTTPS more secure than HTTP?
HTTPS is more secure than HTTP because it uses an SSL certificate to encrypt the data that is transferred between the web server and the browser. This means that anyone who tries to intercept or tamper with the data will not be able to read or modify it.
How HTTPS protects your data with SSL certificates
MORE: DON’T FALL FOR THIS NEW BANKING SCAM
SSL certificates also verify the identity of the website, so you can be sure that you are dealing with a legitimate site and not a fake one. An SSL certificate is a digital document that contains information about the website, such as its domain name, owner and expiration date.
It also has a public key and a private key, which are used to encrypt and decrypt data. The public key is shared with anyone who wants to communicate with the website while the private key is kept secret by the website owner.
How your browser verifies and encrypts data with HTTPS
When you visit a website that uses HTTPS, your browser will check the SSL certificate and make sure that it is valid and matches the website’s domain name.
If everything is OK, your browser will establish a secure connection with the website and exchange encryption keys.
Then, all the data that is sent and received will be encrypted using these keys.
How to identify HTTPS websites in your browser
You can tell if a website is using HTTPS by looking at the web address in your browser.
MORE: HOW THIS SAFE BROWSING FEATURE IS USING AI TO STAY AHEAD OF SCAMMERS
If it starts with https://, then it means the website is secure.
You may also see a padlock icon or a green bar next to the web address, which indicates the website has a valid SSL certificate.
Why you should avoid paying with credit cards on HTTP websites
Whether a site takes credit cards or not has nothing to do with whether it uses HTTP or HTTPS. However, if a site does take credit cards, it’s important that it uses HTTPS to protect the sensitive information being transferred.
If you're on a website that uses HTTP, and it's telling you to pay for something with a credit card, you should probably steer clear of it.
The website could be a phishing page or be infected with some sort of malware that could hand your credit card information over to a hacker, and then they could do whatever they want with it.
MORE: PROTECT YOUR BACON: THE RISE OF PIG BUTCHERING SCAMS AND HOW TO AVOID THEM
What can I do to protect myself from a keylogging attack
There are a number of precautions that you can take to avoid becoming the next victim of a keylogging attack.
Have good antivirus software on all your devices
Keeping hackers out of your devices can often be prevented when you have good antivirus protection installed on all your devices. Having antivirus software on your devices will help make sure you are stopped from clicking on any known malicious links, attachments or images that may install malware on your devices and thus allow hackers to gain access to your personal information.
MORE: HOW YOUR BROWSER COULD BE EXPOSED TO A SECURITY RISK
Use a password manager
Keyloggers can’t record what you don’t type, so using a password manager that automatically fills in your login credentials can help you avoid typing them. You should also use strong and unique passwords for each account and change them frequently.
Keep your software and apps updated
Updating your operating system, browser, antivirus software and other applications can patch any security vulnerabilities that hackers can exploit to install keyloggers. I know I sound like a broken record here. You should avoid clicking on suspicious links or attachments that may contain malware.
Use a Virtual Private Network (VPN)
We recommend using a VPN to protect against hackers snooping on your device. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit.
Kurt's key takeaways
Always keep a watchful eye out when you're visiting websites that you have never seen before. Check the URL and make sure that it begins with HTTPS, especially when you are dealing with sensitive information such as passwords, credit card numbers, personal details, etc. This way, you can protect yourself from hackers who may try to steal your information or harm your cellphone or computer.
What else do you wish websites could do to prove that they are safe and secure? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
ARE YOU PROTECTED? SEE MY 2023 BEST ANTIVIRUS PROTECTION WINNERS
Copyright 2023 CyberGuy.com. All rights reserved.