Before you order online from any company, there are a few things that you need to check. And if it's a new company, or one that you've never ordered from in the past, a few checks that may surprise you with their results.
First of all, is the site secure? Does it have a valid SSL certificate? Is it valid just for their shopping cart or the entire site? (Look for the green padlock in your browser's URL bar.) If you don't see the green padlock, the site isn't secured with a SSL certificate. Browsing should be fine, but I personally wouldn't enter any information on a page that wasn't showing a valid SSL certificate.
If this is a new site, or one that you've never ordered from before, you may want to do a couple of other security checks just to put your mind at rest.
The first check is from SSL Labs.
SSL Server Test (Powered by Qualys SSL Labs)
It takes a couple of minutes to run, and will give you a resulting grade. Anything below C should be an immediate indicator to flee the site and never return. A grade of A or B is OK. Technically, a grade of C isn't something I'd condemn outright, but personally, I wouldn't submit personal information. It depends on why the check came back with that grade. That's just me.
For example: Let's say you plug in site "xyz.com" and it comes back with a grade of F, and the reason for the failure is they're running a vulnerable version of OpenSSL (yes, even today there are some incompetent admins who shouldn't be administering servers that talk to the Internet).
A failing grade in this case has a couple of worrying issues. First and foremost, it's obvious your information isn't secure on this server. But the most worrying aspect would be that the server is most likely compromised and has been for some time. And until a full blown security audit has been accomplished on that server, it's doubtful it can be trusted for anything until it's taken offline and fixed.
Another good site you can use to run a quick check is Sucuri.
Sucuri Security
This check scans for some of the more common issues found on some sites and will even let you know if it's showing up on email blacklists. If Sucuri thinks the site is compromised, it'll tell you as well. If that shows up, flee. Do not return.
Obviously, there's no way to tell if a site is really secure without some serious pen testing and for the average user, that's not a realistic expectation. But the online tools I mentioned above can give you a pretty decent idea of how well the company treats its online presence.
First of all, is the site secure? Does it have a valid SSL certificate? Is it valid just for their shopping cart or the entire site? (Look for the green padlock in your browser's URL bar.) If you don't see the green padlock, the site isn't secured with a SSL certificate. Browsing should be fine, but I personally wouldn't enter any information on a page that wasn't showing a valid SSL certificate.
If this is a new site, or one that you've never ordered from before, you may want to do a couple of other security checks just to put your mind at rest.
The first check is from SSL Labs.
SSL Server Test (Powered by Qualys SSL Labs)
It takes a couple of minutes to run, and will give you a resulting grade. Anything below C should be an immediate indicator to flee the site and never return. A grade of A or B is OK. Technically, a grade of C isn't something I'd condemn outright, but personally, I wouldn't submit personal information. It depends on why the check came back with that grade. That's just me.
For example: Let's say you plug in site "xyz.com" and it comes back with a grade of F, and the reason for the failure is they're running a vulnerable version of OpenSSL (yes, even today there are some incompetent admins who shouldn't be administering servers that talk to the Internet).
A failing grade in this case has a couple of worrying issues. First and foremost, it's obvious your information isn't secure on this server. But the most worrying aspect would be that the server is most likely compromised and has been for some time. And until a full blown security audit has been accomplished on that server, it's doubtful it can be trusted for anything until it's taken offline and fixed.
Another good site you can use to run a quick check is Sucuri.
Sucuri Security
This check scans for some of the more common issues found on some sites and will even let you know if it's showing up on email blacklists. If Sucuri thinks the site is compromised, it'll tell you as well. If that shows up, flee. Do not return.
Obviously, there's no way to tell if a site is really secure without some serious pen testing and for the average user, that's not a realistic expectation. But the online tools I mentioned above can give you a pretty decent idea of how well the company treats its online presence.
