KOMU 8 News tests security for websites that ask for personal info
COLUMBIA - Many people now pay bills of some sort online. Scammers often find ways to get personal information entered into bill-paying sites.
KOMU 8 tested 20 local mid-Missouri websites, including banks, utility companies, Internet and television providers, along with city, county and state websites where residents can pay for anything from taxes to parking tickets.
The tests were run using a free online service, Qualys SSL Labs, which gives each website a letter grade like in school. Most sites tested got A's, some B's and only a handful of C's. No site tested received a failing grade.
Brandon Hough, information security officer at the University of Missouri, said vulnerabilities within the last year have caused companies to reassess their site's security.
"I think, in general, anybody that is paying attention to security at all has gone in, in the last year here and made sure that things are up-to-date," Hough said.
KOMU 8 News found a commonality within the sites that received C's. All four were given to Internet and television providers including CenturyLink, Charter, Dish Network and Socket. Hough said users should hesitate before entering personal information into sites that receive C's or worse.
Greg Baker, market development manager at CenturyLink, said the company has administrative and technical controls to safeguard against online security vulnerabilities.
"We use secure technologies to transfer sensitive information and comply with a variety of industry standards, and federal and state laws regarding the protection of customer information," Baker said.
Baker said the websites are monitored 24-7 with different technologies as well as people.
Customers often enter some basic information into most of the sites tested, such as name, address and phone numbers for a change of address or parking tickets. To apply for online banking though, customers potentially might also enter more sensitive information, such as a social security or account number.
While Hough said it's a personal choice whether or not to enter personal information online, there are some things to use caution on.
"Make sure you're looking for the padlock up at the 'http' link where the address is, and then if that padlock doesn't exist, for sure, don't enter your private information into that website," Hough said.
If the padlock does exist (as in the image below), you can use websites like Qualys SSL Labs to further check the security of said site.
With Internet use in general,Hough said he encourages people to keep an eye out for warnings from Internet browsers that tell users the website they're trying to go to is not secure.
Another issue Hough said he has seen lately is something called phishing. It's when users receive an email asking them to click on a link and enter their private information. The problem is the link is not what users are led to believe it is.
"It's better to go to the actual website, and type the link in directly so that you know that you're going to that company's website," Hough said.
Free online programs like Qualys SSL Labs are mainly used for consumers. Companies use more complicated systems to ensure security.