A techie friend of mine walked up to my office and told me how he was skeptical about using most online banking portals. He had noticed that some are not secure at all. I brushed him off and went on with my work as usual. But not so long ago, it occurred to me again and i thought to myself; So what if it is true? So what if these portals are not any secure? What does that mean? I then set out on a ‘investigation’ of sorts to see whether his claims had any water.

After a little look through the banks’ websites in Uganda, I was actually shocked when most websites of these Banks were unsecure. It hit me hard about how many folks I know of that would rather login onto a bank website and freely give their information than haggle with the long cues in the bank. I know a few people that hold online banking with high esteem and feel the need for all the convenience they can use.

A screenshot of an insecure website that has no SSL certificate enabled.

It’s should be noted that Websites that require so much information from a user ought to have an SSL certificate which guarantees a certain level of security for their users. Websites with SSL certificates have the url starting with https:// with an ‘s’ that actually stands for secure. This means that the traffic to the website is encrypted and ISPs may not actually track the particular section of the website you are visiting.

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details.

SSL certificates also help users identify websites since they can differentiate them from those of scammers. Most big corporations and banks worldwide even have EV SSL certificates that actually show the organisation’s name in green before the URL. It’s a shame that many banks in Uganda do not have this layer of security enabled for their public websites.

Here are a few Banks that we dug up that didn’t have SSL certificates and users’ data might not necessarily be safe from attackers;

Stanbic Bank, Centenary Bank, Tropical Bank, GTBank, Orient Bank, NC Bank, Exim Bank, Commercial Bank of Africa, Citi Bank, Bank of India, Bank of Baroda, Bank Of Africa, ABC Capital Bank

We noticed that some banks only have SSL certificates for their online banking which should reduce the worries of some customers such as Stanbic’s iBanking and GT Bank’s iBank. The risk is the that the informatory section of the website can be attacked and information altered in the event of an attack. However, Banks are institutions that ought to have EV SSL certificates across the entire website for security of user data.

We can neither confirm wether the above listed banks plan to secure their websites or not. However one thing for sure is that people who subscribe to these banks and are transacting through these portals are not safe with their information.

How do I know a website is not secure?

Most businesses and in this case banks have a website that serves as the hub of their marketing ventures. It’s the digital billboard and brochure that allows them to reach their target audience on an international scale, but more often than not, those websites are like sitting ducks: susceptible and unprotected.

A screenshot of a secure website using an SSL certificate and the url begins with HTTPS

It’s the job of banks to protect the data that you gave them, so it’s important that you be careful who you trust with your information online. But how do you know who to trust? How do you know if a site is legitimate and if you should give them your data?

Why do I need a secure website

You may ask what’s with all the fuss and banks not having secure websites but until you are entangled in cyber theft and you walk to an empty bank account on a Monday morning, then it will dawn to you that your bank didn’t take you as a customer seriously.

With all of the increased online shopping, online payments and transactions et el, lots of personal information—phone numbers, home addresses, and credit cards are flying around the Internet. This personal data translates to dollars for cyber criminals who are ready to earn as much without dropping a sweat but just pressing a few buttons here and there and emptying your account.

Websites rely on certificates. And those certificates are protected by encryption, which turns plain text into jumbled code. But encryption algorithms need to improve to stay one step ahead of hackers, who want to spoof certificates. If a bank doesn’t have these certificates, this is a pie to eat for hackers and trust me your information is out there in the open.

However, according to a report released by the CIA, It’s important to note that, as of today, hackers can’t crack the weaker version these banks are using. Bank customers aren’t exposed — yet. But cyber security experts all say it’s only a matter of time.

How to know if a website is secure?

Before giving any information to a website, you should make sure it is secure. Most websites are merely data mining tools and even if they may not be selling your personal information, if they are not secure websites, your information may be available to hackers.

Check the SSL Certificate: Look at the URL of the website. If it begins with “https” instead of “http” it means the site is secured using an SSL Certificate (the s stands for secure). SSL Certificates secure all of your data as it is passed from your browser to the website’s server. To get an SSL Certificate, the company must go through a validation process. 

Look at the Domain: Cyber attackers will sometimes create websites that mimic existing websites and try to trick people into purchasing something on or logging into their phishing site. These sites often look exactly like the existing website.

For website owners..

To get an SSL Certificate, Visit SSL reseller’s website like: Cheap SSL Shop, where you can get stunning discounts on SSL certificates and your company will go through a validation process then your certificate will be issued and you can now secure the data of your users.

Disclaimer: Guru8.net is no way a supporter and promoter of hacking and related malicious acts of unscrupulous individuals but seeks to be a platform of disembarking vital information and advice to potential victims.