The green lock has now disappeared

Up to now, a green lock symbol and the provider name evinced a website’s authen­ticity. Yet for about a month now, this has no longer been the case. The latest browser ver­sions have now elim­i­nated these impor­tant secu­rity features.

E-banking users now have to pay even closer atten­tion if they want to avoid falling victim to phishing attempts. The Chrome, Firefox and Safari browsers have removed visual web­site iden­ti­fi­ca­tion with the help of so-called EV cer­tifi­cates. Users are there­fore losing the option to quickly and easily check that a web­site provider is authentic and gen­uine. The only excep­tion amongst common browsers will be Microsoft Edge, which will retain these indicators.

To pre­vent phishing attacks, most finan­cial insti­tu­tions and many other online ser­vice providers use a so-called “extended val­i­da­tion” cer­tifi­cate (EV cer­tifi­cate for short). A cer­ti­fi­ca­tion authority will only grant one of these after exten­sive iden­tity checks of any web­site provider. This pre­vents crim­i­nals from obtaining cer­tifi­cates fraud­u­lently to then be able to run a phishing web­site dis­playing a lock symbol.

So far, web­sites with an EV cer­tifi­cate have gen­er­ally been indi­cated by common browsers by dis­playing a green lock and the name of the provider (e. g. that of a finan­cial insti­tu­tion) in the address line. This meant you were able to verify a website’s authen­ticity at first glance - although faked web­sites like those run by phishing attackers mostly also dis­play a lock nowa­days, although this is grey, not green. The provider name is not dis­played either, since there is no EV certificate.

This optical high­light has now been removed by browser providers, reput­edly since nobody ever pays it any atten­tion anyway. The lock symbol is still dis­played, but now it is grey, not green.

The good news: It only takes one click on the lock to still check whether the web­site provider has an EV cer­tifi­cate, and which com­pany is behind a website.

Chrome with EV certificate:

Chrome without EV certificate:

Firefox with EV certificate:

Firefox without EV certificate:

So to be able to still nav­i­gate the web safely in future, in par­tic­ular as far as e-banking is con­cerned, please follow these tips:

• Take to man­u­ally entering a finan­cial institution’s URL address, and to clicking the lock symbol once the web­site has loaded to check the cer­tifi­cate owner (i.e. the finan­cial institution).
• If you use Win­dows, you can always use the Edge browser.
• If you are using your mobile device for e-banking and if pro­vided by your finan­cial insti­tu­tion, utilise a mobile banking app instead of a browser.