HTTP or HTTPS: What’s the difference and why should I care?

By Sandra Clitter  

(Another question from one of our readers…thanks for helping me with ideas!)

I don’t know about you, but as each day passes, I find that more and more of my daily financial transactions occur on the web. I check my bank balances online. I write checks online. I get my statements online. I order books online. I rent movies online. The list goes on and on and on. We all hear horror stories about people whose identity has been compromised. Without getting overly paranoid, and worrying every time you press the ‘submit’ button, how can you make sure that the information you enter is safe?

You may or may not notice when you go to a website that typically, the URL (the web address) begins with ‘HTTP’ (which, for those of you who care [I’m not one of those people] stands for ‘HyperText Transfer Protocol’), but there are a few along the way that begin with ‘HTTPS’ (the ‘S’ standing for ‘SSL’).

There is a basic rule that I try to follow: Before entering personal information (particularly financial or credit card info), make sure that the website you are on begins with ‘HTTPS’. When the site begins with ‘HTTPS’, it means that there is a ‘combination lock’ put on the information you enter, and only the bank/merchant has the combination to unlock the information. A more technical term for this is that the data is sent in an ‘encrypted’ format.

When you go to a secure site (one on which your information is sent via encrypted mode), the URL switches from ‘http’ to ‘https’. I’ll use a popular bank’s website as the example. Here is what the URL looks like on the Home Page:

image of an HTTP URL

This is an UNSECURE site – it is presenting information, rather than gathering ‘sensitive’ information.

Now, when I click on the ‘login’ area, the URL switches to this:

image of an HTTPS URL

Additionally, in the lower-right corner of your browser window, there will be a little security padlock on an HTTPS URL icon (it’s a little, gold padlock). I always look for the padlock, as opposed to the ‘https’ (no reason, just what I pay attention to).

That little gold padlock means that you can enter sensitive information – like SS #, Credit Card #’s, etc. here and it can’t be ‘read’ without the combination to decode it.

There are sites which are not secure (i.e. those which begin with a simple ‘HTTP’) which ask for Credit Card info or SS #’s. That doesn’t necessarily mean that they are bad, but those sites are NOT encrypted, and people (i.e. hackers) CAN intercept the information and ‘pluck’ your personal info and use it for evil (I have no idea how they do it, but they can and do). That doesn’t mean that they WILL do that…just that they CAN do it. I have given my CC over non-secure sites when I’m fairly sure that that site is not a major target of hackers, and I have entered the site from the browser by entering the URL (as opposed to clicking on a link in an e-mail). I know that I take a calculated risk by doing this, but I admit that I have done it.

I’ll give you an example. I’ve been a nut for Lucy the Elephant in Margate, NJ since I was 5-years-old and gave money to ‘save’ her with change from candy purchases at the penny-candy store.

Lucy the Elephant, Margate, NJ

(Sidenote: “Lucy” was a novelty hotel in the early part of the 20th century. She has been restored and is now a wonderful museum…make sure you visit her if you’re at the Jersey Shore.)

When I heard that some of her ‘skin’ had blown off during a storm, I wanted to donate to help repair her. I went to this link on the “Lucy” site to donate:

You can see that it is NOT a secure site (no ‘HTTPS’). Anyone (well, anyone with a certain skill-set) could have plucked my CC # and Security Code from the ether. I thought about mailing the check, but wasn’t at home. Instead, I took the calculated risk that there wasn’t anyone ‘camping out’ on that site to harvest my info, and hit the ‘submit’ button. Nothing bad happened, but it COULD have and it would have been my fault. I try to make that kind of an event a rarity, rather than the norm.

Bottom line: Just because a site is NOT secure doesn’t mean that your information WILL be compromised, it just means that it CAN be harvested. THINK before you CLICK!!!


  1. Posted September 24, 2014 at 7:48 am | Permalink | Reply

    Of course these will all be within legal means,
    as these people are criminals, intent on doing malicious types of damage to a computer network.
    All you need to know is their email address and you’ll be able to gain access to the users account.
    After all, now that hackers have created a career niche for themselves, it’s best to make use
    of the available resources.

  2. Posted February 28, 2011 at 11:32 am | Permalink | Reply

    Very helpful info Sandy! Thanks!

  3. Becky Michael
    Posted February 28, 2011 at 8:55 am | Permalink | Reply

    All very interesting information. Thanks!

  4. Posted February 27, 2011 at 8:34 am | Permalink | Reply

    Nicely presented, Sandy.

    One of the recent reasons people should look for secure sites is because so many of us use our laptops in cafes and meeting areas.

    Those with “special skill sets” are able to crack into our computers if we work on unsecured site.

    One of the most vulnerable lately was Facebook. Many people are on it for such long periods and often leave it open in the background while working on other sites. Anyone else in the area “could” (with that special skill set) get into your computer, find your passwords, hack into other sites pretending to be you, and more.

    Though I thought this was mostly hype and only a very small risk, the chance did exist. But not now (at least for Facebook).

    Facebook just started using secure-server techniques as standard procedure… but you must “turn it on.”

    So… in Facebook go to the upper right corner and click Account, Account Settings, Account Security, and then check the box that says “Browse Facebook on a secure connection (https) whenever possible.”

    You’ll notice, when using Facebook after doing this, that sometimes you’ll click on something (like when trying to add a new App) that you cannot go to unless you temporarily change the setting to the unsecured setting. This is NOT always a bad thing to do… just keep your eyes and mind open when you do.

    Always enjoy your content, Sandy… and how well you express it.

    Charlie Seymour Jr

    • Posted February 27, 2011 at 1:30 pm | Permalink | Reply

      Thanks for the Facebook insight, Charlie. I didn’t know that that was an alternative, so I’ll head on over now and update my settings. Great euphemism in ‘special skill sets’ 🙂

Post a Comment

Your email is never shared. Required fields are marked *