I’m sure many of you have viewed the Supercon series of videos from Barclays; a great idea for teaching the general public website security but very badly implemented and misleading.
Take this video specifically:
The robot says:
“Ah, you know what. I can’t do this, it’s all rubbish, it’s a scam, if you order me you’ll get nothing, look… in there [points to web address in browser] you’ll need a padlock, when you pay for stuff. If there isn’t one then the website could be fake.”
Technically what the robot says is true in that a website could be fake if it doesn’t have a padlock. But what it doesn’t mention is that having a padlock doesn’t guarantee that it’s not fake. In fact the padlock has no relationship to the legitimacy of the website at all. Yes, every genuine online shop should have one, but so could fraudsters.
What the padlock does is essentially encrypt (scramble) sensitive data between the user and the merchant so that other people can’t ‘listen in’. Imagine a movie where James Bond asks for a secure line so the villains can’t intercept his message to HQ. This is essentially what a padlock should do, it should stop hackers sitting next to you in a coffee shop and stealing your credit card details.
So just because you see a green padlock, do not assume that you’re safe.
You need to ask yourself whether you trust the website at the other end. You’re probably safe to trust the official website for a high street shop (providing it’s the real one) but if you’re in any doubt do not give them your card details.
Unfortunately there is no hard and fast way to determine a legitimate seller, but look for a UK address, decent looking website, padlock, offsite customer reviews, phone numbers, check the address and make your own judgement. If in doubt, leave it.
There are other adverts in Barclays’ series which are also misleading so please take these with a pinch of salt and remember; a padlock does not mean that a website can be trusted even if a major high street bank tells you that it does.
Barclays – I invite you to comment and I’ll post your reply here.
We are Webbed Feet; we are experts in website security