Home Page Navigation Contents Contact Sitemap Search
HomeNewsThe green lock has now disappeared

The green lock has now disappeared

Up to now, a green lock symbol and the provider name evinced a website’s authen­ticity. Yet for about a month now, this has no longer been the case. The latest browser ver­sions have now elim­i­nated these impor­tant secu­rity features.

E-banking users now have to pay even closer atten­tion if they want to avoid falling victim to phishing attempts. The Chrome, Firefox and Safari browsers have removed visual web­site iden­ti­fi­ca­tion with the help of so-called EV cer­tifi­cates. Users are there­fore losing the option to quickly and easily check that a web­site provider is authentic and gen­uine. The only excep­tion amongst common browsers will be Microsoft Edge, which will retain these indicators.

To pre­vent phishing attacks, most finan­cial insti­tu­tions and many other online ser­vice providers use a so-called “extended val­i­da­tion” cer­tifi­cate (EV cer­tifi­cate for short). A cer­ti­fi­ca­tion authority will only grant one of these after exten­sive iden­tity checks of any web­site provider. This pre­vents crim­i­nals from obtaining cer­tifi­cates fraud­u­lently to then be able to run a phishing web­site dis­playing a lock symbol.

So far, web­sites with an EV cer­tifi­cate have gen­er­ally been indi­cated by common browsers by dis­playing a green lock and the name of the provider (e. g. that of a finan­cial insti­tu­tion) in the address line. This meant you were able to verify a website’s authen­ticity at first glance - although faked web­sites like those run by phishing attackers mostly also dis­play a lock nowa­days, although this is grey, not green. The provider name is not dis­played either, since there is no EV certificate.

This optical high­light has now been removed by browser providers, reput­edly since nobody ever pays it any atten­tion anyway. The lock symbol is still dis­played, but now it is grey, not green.

The good news: It only takes one click on the lock to still check whether the web­site provider has an EV cer­tifi­cate, and which com­pany is behind a website.

Chrome with EV certificate:

Chrome without EV certificate:

Firefox with EV certificate:

Firefox without EV certificate:

So to be able to still nav­i­gate the web safely in future, in par­tic­ular as far as e-banking is con­cerned, please follow these tips:

  • Take to man­u­ally entering a finan­cial institution’s URL address, and to clicking the lock symbol once the web­site has loaded to check the cer­tifi­cate owner (i.e. the finan­cial institution).
  • If you use Win­dows, you can always use the Edge browser.
  • If you are using your mobile device for e-banking and if pro­vided by your finan­cial insti­tu­tion, utilise a mobile banking app instead of a browser.

You might also be interested in these articles:

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic course

Find out about cur­rent Internet threats and some easy pro­tec­tive mea­sures, and how to securely use e-banking.

fur­ther information

Online course mobile banking/payments

Find out about mobile banking, mobile pay­ments and how to securely use these apps.

fur­ther information

Online course for the under-30s

Learn how to use your smart­phone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

fur­ther information

Course for SMEs

Is your organ­i­sa­tion suf­fi­ciently secure? Learn which mea­sures you can take to sig­nif­i­cantly strengthen your organisation’s IT security.

fur­ther information

Watch out for dubious finan­cial ser­vice providersNew partner: Neue Aar­gauer Bank