Up to now, a green lock symbol and the provider name evinced a website’s authenticity. Yet the latest browser versions eliminate these important security features.
E-banking users will have to pay even closer attention if they want to avoid falling victim to phishing attempts. The Chrome, Firefox and Safari browsers have removed visual website identification with the help of so-called EV certificates. Users are therefore losing the option to quickly and easily check that a website provider is authentic and genuine. The only exception amongst common browsers will be Microsoft Edge, which will retain these indicators.
To prevent phishing attacks, most financial institutions and many other online service providers use a so-called “extended validation” certificate (EV certificate for short). A certification authority will only grant one of these after extensive identity checks of any website provider. This prevents criminals from obtaining certificates fraudulently to then be able to run a phishing website displaying a lock symbol.
So far, websites with an EV certificate have generally been indicated by common browsers by displaying a green lock and the name of the provider (e. g. that of a financial institution) in the address line. This meant you were able to verify a website’s authenticity at first glance - although faked websites like those run by phishing attackers mostly also display a lock nowadays, although this is grey, not green. The provider name is not displayed either, since there is no EV certificate.
This optical highlight has now been removed by browser providers, reputedly since nobody ever pays it any attention anyway. The lock symbol is still displayed, but now it is grey, not green.
The good news: It only takes one click on the lock to still check whether the website provider has an EV certificate, and which company is behind a website.
Chrome with EV certificate:
Chrome without EV certificate:
Firefox with EV certificate:
Firefox without EV certificate:
So to be able to still navigate the web safely in future, in particular as far as e-banking is concerned, please follow these tips:
- Take to manually entering a financial institution’s URL address, and to clicking the lock symbol once the website has loaded to check the certificate owner (i.e. the financial institution).
- If you use Windows, you can always use the Edge browser.
- If you are using your mobile device for e-banking and if provided by your financial institution, utilise a mobile banking app instead of a browser.