Here are answers to some common questions about online transactions.
A secure connection is an encrypted exchange of information between the website you are visiting and Internet Explorer. Encryption is provided through a document the website provides called a certificate. When you send information to the website, it is encrypted at your computer and decrypted at the website. Under normal circumstances, the information cannot be read or tampered with while it is being sent, but it's possible that someone might find a way to decode the encryption.
Even if the connection between your computer and the website is encrypted, it does not guarantee that the website is trustworthy. Your privacy can still be compromised by the way the website uses or distributes your information.
Not necessarily. Even though the information you are sending and receiving is encrypted (encoded), an intermediate party might be able to see the website you are connecting to. By knowing the website you are connecting to, the other party might have a pretty good idea what you are doing on that site. For example, if you're looking for a new job using a computer at work, your company might watch for key words in websites or keep a log of visited sites. If you upload a resume to a job website, the document might be encrypted, but your company would still know you're looking for a new job.
The certificate that is used to encrypt the connection also contains information about the identity of the website owner or organization. You can click the lock to view the identity of the website.
When you visit a website that uses a secure connection, the color of the Security Status bar tells you whether the certificate is valid or not, and it displays the level of validation that was performed by the certifying organization.
The following table describes what the Security Status bar colors mean.
The certificate is out of date, not valid, or has an error. For more information see About certificate errors.
The authenticity of the certificate or certification authority that issued it cannot be verified. This might indicate a problem with the certification authority's website.
The certificate has normal validation. This means that communication between your browser and the website is encrypted. The certification authority makes no assertion about the business practices of the website.
The certificate uses extended validation. This means that communication between your browser and website is encrypted and that the certification authority has confirmed the website is owned or operated by a business that is legally organized under the jurisdiction shown in the certificate and on the Security Status bar. The certification authority makes no assertion about the business practices of the website.
No, you never need to update your online account or information to use EV certificates. Some phishing e-mails try to trick you into giving personal or financial information by claiming that you need to upgrade your account for better security with an EV certificate.
Internet Explorer already supports EV certificates, so you don't have to do anything. If your bank is using an EV certificate, your Address bar will be green. If you don't see a green Address bar, then the website does not use an Extended Validation certificate.
If you believe that the site is attempting to mislead you about its identity, you should contact the certification authority whose name appears in the certificate and in the Security Status bar.
Not necessarily. The secure (encrypted) connection is not a guarantee that it is safe to use. A secure connection only assures you of the identity of the website, based on the information provided by the certifying organization. You should only consider giving personal information to a website that you know and trust. To learn how to decide if you can trust a website, see When to trust a website.
While there is no guarantee of safety on the web, you can minimize online privacy or security problems by using websites you know and trust. Internet Explorer cannot tell if a website owner is trustworthy. Try to use sites you've used previously or that are recommended by trusted friends or family. You should also turn on Internet Explorer's SmartScreen Filter to help identify fraudulent websites. For more information about SmartScreen Filter, see SmartScreen Filter: frequently asked questions.
Secure and non-secure content, or mixed content, means that a webpage is trying to display elements using both secure (HTTPS/SSL) and non-secure (HTTP) web server connections. This often happens with online stores or financial sites that display images, banners, or scripts that are coming from a server that is not secured.
The risk of displaying mixed content is that a non-secure webpage or script might be able to access information from the secure content.
Internet Explorer uses an encrypted protocol called Secure Sockets Layer (SSL) to access secure webpages. These pages use the prefix HTTPS, while regular webpages use HTTP.