New browser versions: Does this make e-banking more insecure?
How can I tell if a website is secure before I enter my password? Until now, a green lock symbol and the name of the provider in the address bar testified to the authenticity of a website. But as of last week, Firefox is one of the last of the major browsers to eliminate these important security features. For users, this means: Look even more closely.
E-banking users will have to be even more careful in the future to avoid falling victim to phishing attacks: The Chrome, Firefox, and Safari browsers have enhanced the visual labeling of websites with so-called EV Certificates by a green lock symbol and the name of the provider. Users would thus lose the possibility to quickly and easily verify the authenticity or authenticity of a website operator, writes Lucerne University of Applied Sciences and Arts (HSLU) in its media release dated October 28, 2019. As the only exception among the common browsers, Microsoft Edge remains with the previous display.
The good news: The encryption is not lost with it. And with a click on the now gray lock, you can still check whether the operator of the website has an EV certificate and which company is behind a website.
In order to continue to be safe on the Net and, in particular, to use e-banking in a secure manner, Oliver Hirschi, lecturer and head of platform "eBanking - but secure!" of the Lucerne University of Applied Sciences and Arts:
- Get into the habit of manually entering the URL address of the financial institution and clicking the lock icon after the website loads to verify the certificate owner (i.e. the financial institution).
- As a Windows user, you alternatively use the Edge browser.
- Use a mobile banking app on your mobile device for e-banking instead of a browser, if offered by your financial institution.
Strict EV certificate
To prevent phishing attacks, most financial institutions as well as many other online service providers use a so-called "Extended Validation" certificate (EV certificate for short), as Hirschi points out. A certification authority would only issue such a certificate after an extended check of the website operator's identity. This prevents criminals from obtaining certificates under false names in order to operate a phishing website with a lock symbol.
Source: HSLU / EBAS