Products > Security

Secure URLs

(1/2) > >>


I was just renewing my Direct Line car insurance online.

This involves a automatically popping up chat window from a HTTPS URL. During this chat he opens another pop up window that appears next to the original chat window into which I am supposed to enter my card details.

Are these pop up windows covered by the original HTTPS certificate?

I do realise that everyone should know stuff like this but I didn't so I refused to enter my details. The chat guy kept telling me it is secure but so did the Nigerian that told me an African prince had left me millions of £.

A good browser will show the address bar even on popups. Or you can right click on title bar and check "show address bar" , "show menu bar" etc

For example, here's the "Manage attachments" on forums ... I see the address bar and I can click on the I logo to get information about security :

Bob Moore:
I usually check for the domain, if it's the same as the one on the main page it should be okay. I've never seen any attempt on stealing someone's information on a chat window, on pop-ups that redirect to other sites yes.

Seriously? They expected you to enter credit card numbers in a pop up window?


--- Quote from: Mjolinor on June 22, 2019, 09:40:46 am ---
Are these pop up windows covered by the original HTTPS certificate?

--- End quote ---

who cares? you are covered to max £50 liability on your CC, by law. most issuers extend that to £0.

nobody is stealing CC data in transit, they are stealing stored data. https isn't protecting you, and neither does it matter if it's the same site/cert or not. your insurer's stored data is just as likely to get popped (actually more so) than an independent CC processor's.

if you must, have 2 CC. One for recurring payments only, one for all others. That way when the main one is compromised, at least you don't have to re-do your recurring payments.

it's just misplaced worry.


[0] Message Index

[#] Next page

There was an error while thanking
Go to full version