When you need to care about Online Payment
Often times we need to pay using our credit/debit card to many E-Commerce portal. We must verify if the site is PCI compliant. But how a normal user would know? There are cases we easily fall into the trap. We need to be more careful and understand the complexity and save our hard earned money.
I was trying to pay in a portal where I got this screen and I wanted to ensure.
So I checked the SSL in https://www.ssllabs.com/ssltest/ and got the below output
This seems fine to me but few areas needs little attention
What worried me here that they are using SHA1 which is kind of not recommended anymore. Following are the few points about SHA-1
- SHA-1 is breakable and almost 10 year OLD, please refer https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
- Expert Bruce Schneier discussed in his blog about SHA-1 is insecure and suggested to move to SHA-2/SHA-3 here https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html. I wanted to share his recommendation
- Notable that Microsoft is also retiring SHA-1 at Microsoft Security Advisory 2880823. This was published back in 2013.
- Even Google asked to move SHA-1 . Refer their blog at https://googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html
SHA-1 is not a major concern now but eventually will be.
As per the test web website's guide documentation https://www.ssllabs.com/projects/rating-guide/index.html, this seems manageable.
Now, I wanted to check their Certificate too,
Good thing is that they are using SHA256
As an end user you need to keep your money safe. There is a huge list of sites being compromised. You must check https://haveibeenpwned.com/PwnedWebsites
PCI DSS Quick Reference Guide v3.0
Be safe and play safe.
Namoskar!!!
Comments
Anonymous
April 04, 2015
helloAnonymous
April 04, 2015
BE SMART AND BECOME RICH IN LESS THAN 3 DAYS....It all depends on how fast you can be to get the new PROGRAMMED blank ATM card that is capable of hacking into any ATM machine,anywhere in the world. I got to know about this BLANK ATM CARD when I was searching for job online about a month ago..It has really changed my life for good and now I can say I'm rich and I can never be poor again. The least money I get in a day with it is about $2,000.(two thousand USD) Every now and then I keeping pumping money into my account. Though is illegal,there is no risk of being caught ,because it has been programmed in such a way that it is not traceable,it also has a technique that makes it impossible for the CCTVs to detect you..For details on how to get yours today, email the hackers on : (atmmachinehackes@gmail.com). Tell your loved once too, and start to live large. That's the simple testimony of how my life changed for good...Love you all ...the email address again is atmmachinehackes@gmail.com