I was about to pay online with my debit card, but now I'm not sure, is it safe ?
Asked
Active
Viewed 3,120 times
4
-
12No it is not safe, your browser is advising you it is not safe. It's hard to tell from your post exactly why this is, this could be because of mixed content, it also depends on your browser. – iainpb Dec 14 '17 at 16:16
-
Thank you! I'm in a hotel booking site, and it is strange, because when I'm choosing a room, https is green, but then when I click "next" to make the payment with my card info, https goes grey. I'm using chrome btw. – Rafa Dec 14 '17 at 17:59
-
1@iainpb That should really be an answer, shouldn't it? You're missing out on *points*! – Xen2050 Dec 14 '17 at 20:36
-
2"Is it safe ?" "You should not enter any sensitive information on this site (for example, passwords or credit cards)". Well it says nothing about debit cards! /s – forest Dec 15 '17 at 00:55
-
1I've just contacted to the Cloudbeds team and now the HTTPS is green. ;) – Rafa Dec 14 '17 at 19:12
-
Some of the html content is being delivered to you from an unencrypted domain. You can see in **uBlockOrigin** which domains are connected to that site. Attacker can modify those unencrypted contents and can inject its own malicious javascript code to steal your credentials along with OTP. – defalt Dec 15 '17 at 15:24
1 Answers
7
Note: this question is a few years old and browsers are changing how they report issues with secure sites over time. The below answer still describes why some problems may exist but the way the browsers show it may have changed. For example, sometimes browsers may block non-secure elements on a secure page instead of loading them and showing a warning.
The little "i" in a circle contains important information regarding why the HTTPS or site name is not green or shows no padlock. In this case the explanation is that the connection is not secure - a suitably vague warning intended for average users, but nonetheless correct and worth trusting. The "security" tab in the developer tools accessible by F12 key can often give more info if you are that way inclined.|
Why is it not secure even though it says it's using HTTPS?
Based on the notice it's giving, in this case the likely (but not definite; this is an educated guess) explanation is that while the page itself uses HTTPS, the page contains items on it which are fetched separately over plain HTTP.
This may sound like it's not a big security issue, but if any of the fetched items have been modified by an attacker it is possible for them to modify the page in misleading ways or even read and steal private information from the page, even though the rest of the page was initially fetched over HTTPS. Scripts included in the page may read anything you type into forms or text fields. CSS may modify the page to trick you into pressing something or submitting something. Images may make the page appear to be something it isn't or try to exploit bugs.
Browsers respond to this problem in varying ways, but at minimum they indicate that the page is "not secure" in the location bar somehow. They may display a warning and they may also block loading some elements on the page.
Why is it sometimes green but sometimes not?
This issue is usually an accident on the part of whoever built the website: they forgot to ensure some of the items on the page are using HTTPS. Different pages can fetch different items: images, scripts, styles. Sometimes one of the scripts fetched by a page can in turn fetch scripts of its own, and then the page is marked insecure due to a fault by a third party script that the owner of the website may not have anticipated.
What's an appropriate response?
On any page that is not marked as secure by your browser, you might choose to avoid entering personal or credit card information. You could report the problem to whoever owns the site (as it could be losing them sales).
thomasrutter
- 1,465
- 11
- 16