Skip to main content

Bank details protected in online purchases
with Extended Validation (EV) SSL certificates

The Holiday season is around the corner, and with it, the time for big purchases. How to make sure that your bank details will not end up in the wrong hands when we buy online?

On the occasion of World Cybersecurity Day, Victoria Hernández, CISO of the Spanish Qualified Trust Services Provider, Víntegris, explains how to avoid being a victim of techniques such as phishing and protect your data.

Back in the day, to protect ourselves from phishing when shopping online, it was only necessary to validate the web and verify that the URL had the SSL certificate and used a secure data transfer protocol HTTPS.

This situation has changed, and in our purchases, we can find phishing sites with unvalidated SSL certificates that use the HTTPS protocol, which can mislead us and cause our bank details to end up in cybercriminals’ hands.

How to avoid it?

To avoid this type of complication, it is recommended that before making any purchase, we verify that the page in question has an extended validation (EV) SSL certificate, an effective defence to avoid phishing scams.

How do I check it?
Knowing if the page where you are buying has an EV SSL certificate is easy. All you have to do is check that the company’s name is indicated when accessing the padlock that identifies the secure connection in the browser’s address bar.

Let’s see some examples:

  • The Iberia website has an Extended Validation SSL certificate that allows us to verify its authenticity:
  • In the same way, the Bank Sabadell website has a certificate with these characteristics, ensuring verified access to our bank accounts:
  • On the contrary, other websites do not establish this type of Extended Validation certificates, so even though they are considered secure connections, there is no certainty of the website performance before a reliable manner:

The Extended Validation certificate gives customers the confidence that they are interacting with a trusted website and that their information is secure. It also allows encrypted information communications between an Internet browser user and a website, in addition to identifying the entity.

Likewise, it must be considered that the Certification Authority for the issuance of this type of certificate verifies the applicant’s right to use the domain name and validates the legal documentation against public records to verify its authenticity.

This article has been published in the following media:

Leave a Reply