Home Page Navigation Contents Contact Sitemap Search

The green lock has now dis­ap­peared

Up to now, a green lock symbol and the provider name evinced a website’s authen­ticity. Yet for about a month now, this has no longer been the case. The latest browser ver­sions have now elim­i­nated these impor­tant secu­rity fea­tures.

E-banking users now have to pay even closer atten­tion if they want to avoid falling victim to phishing attempts. The Chrome, Firefox and Safari browsers have removed visual web­site iden­ti­fi­ca­tion with the help of so-called EV cer­tifi­cates. Users are there­fore losing the option to quickly and easily check that a web­site provider is authentic and gen­uine. The only excep­tion amongst common browsers will be Microsoft Edge, which will retain these indi­ca­tors.

To pre­vent phishing attacks, most finan­cial insti­tu­tions and many other online ser­vice providers use a so-called “extended val­i­da­tion” cer­tifi­cate (EV cer­tifi­cate for short). A cer­ti­fi­ca­tion authority will only grant one of these after exten­sive iden­tity checks of any web­site provider. This pre­vents crim­i­nals from obtaining cer­tifi­cates fraud­u­lently to then be able to run a phishing web­site dis­playing a lock symbol.

So far, web­sites with an EV cer­tifi­cate have gen­er­ally been indi­cated by common browsers by dis­playing a green lock and the name of the provider (e. g. that of a finan­cial insti­tu­tion) in the address line. This meant you were able to verify a website’s authen­ticity at first glance - although faked web­sites like those run by phishing attackers mostly also dis­play a lock nowa­days, although this is grey, not green. The provider name is not dis­played either, since there is no EV cer­tifi­cate.

This optical high­light has now been removed by browser providers, reput­edly since nobody ever pays it any atten­tion anyway. The lock symbol is still dis­played, but now it is grey, not green.

The good news: It only takes one click on the lock to still check whether the web­site provider has an EV cer­tifi­cate, and which com­pany is behind a web­site.

Chrome with EV cer­tifi­cate:

Chrome without EV cer­tifi­cate:

Firefox with EV cer­tifi­cate:

Firefox without EV cer­tifi­cate:

So to be able to still nav­i­gate the web safely in future, in par­tic­ular as far as e-banking is con­cerned, please follow these tips:

  • Take to man­u­ally entering a finan­cial institution’s URL address, and to clicking the lock symbol once the web­site has loaded to check the cer­tifi­cate owner (i.e. the finan­cial insti­tu­tion).
  • If you use Win­dows, you can always use the Edge browser.
  • If you are using your mobile device for e-banking and if pro­vided by your finan­cial insti­tu­tion, utilise a mobile banking app instead of a browser.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic courses

This basic course will point out cur­rent threats on the Internet and con­veys mea­sures as to how you can pro­tect your­self by taking some simple mea­sures.

fur­ther infor­ma­tion

Prac­tical courses

Learn and prac­tice the most impor­tant mea­sures for your com­puter and e-banking secu­rity on com­puters pro­vided by us.

fur­ther infor­ma­tion

Send this to a friend