How to know if a website is secure?

Let’s face it, there’s not bullet-proof website, most companies do their best to keep intruders from getting your personal or financial information, but there’s always a way for a cracker to slide in. However it’s “safe enough” to do e-business as long as you keep the following things in mind:

1. Does the site belong to a reputable company? That’s the first thing that you should try to figure out. A well established company will invest more funds in a secure website than a newbie or amateur would. Also, in case of a security incident, most companies will alert their customers and even take liability for whatever misuse the attacker could do with their customers information, something that a one-man-show would never do.
2. Does it have a SSL certificate and use encrypted connections to transfer important information? The best way to know is to look for the small “lock” on the bottom of your browser or making sure that the URL begins with https, instead of http.
3. Does the company list full contact details in their website? Never trust a company that does only publish a toll-free number as the only way to contact them besides the internet, most companies can get portable toll free numbers in just a few minutes, so it’s always good to also have a street address, regular (non toll free) phone number and even the full name of the company backing the website.

If a website meets all 3 requirements, you can still do some further investigation before entering your personal or financial information:

1. Enter the website name (and domain name) in google and other major search engines. There’s a good chance that you’ll find references to that company posted in blogs, forums and other websites. Try to avoid those that do only show advertisements or paid press releases,  as any company can get some nice ratings in those sites by investing a few bucks.
2. Access the whois database and see the true “age” of the domain name. Most online scammers will use recently registered domain names, while reputable websites take a while to gain the reputation and therefore have domains over 1 year old.
3. Make sure that the URL, website name and logo match. Some phishing websites will use the proper logos and website names, but their URLs will be too long and sometimes even include “path” data.

I hope this helps you when conducting e-business or e-commerce transactions. At least it has helped me to conduct safe e-commerce for over 10 years without a single negative incident.