Website Security Facts for Inirgee and ImaginaryColours.com
Our site is secure. Shop with confidence.
In
order to give you full confidence in shopping with Imaginary
Colours
(also known as Inirgee), we have purchased SSL internet security
certificate
from Thawte,
which is renown for its thorough security certificates.
In
order to receive our security certificate we had to submit proof of
website ownership, proof of business location by providing a business
utility bill, a check from our company's checking account, and a copy
of the proprietor's Driver License for verification of identity. We
also have to pay a significant annual fee.
You will see the "Secured by Thawte" security seal on the upper right
corner of our online store web pages.
Thawte is recognized by all major browsers including Internet Explorer,
Firefox, Google Chrome, Netscape and many others.
About Security Certificates (SSL Certificates)
Occasionally, a store you're familiar with may have an occasional glitch. That is, the internet browser you're using may say the store's Security Certificate is invalid or expired or whatever. Bear in mind that even if a browser reports that a store's Security Certificate may be invalid (or expired or whatever), this does not necessarily affect the actual security of our store.
If you have shopped at the store before, and you're certain you are at the same website (like you typed in the web address (URL) yourself and not just clicked a link in an email), you should not worry about any browser warnings because you already know the store.Back to our topic at hand. A Security Certificate (GeoTrust, Thawte, GoDaddy, Comodo, etc. etc. etc.) is simply a Certificate obtained by the e-store owner to add a "stamp of verification" to their secure (encrypted) site. This is done to help the consumers have greater confidence in purchasing at that particular online store.
Besides verifying legitimacy of a business and its online store, the companies offering SSL Security Certificates also provide site encryption, which, in brief terms, scrambles data you've entered into a website before sending it to the proper places in order to complete your online purchase. A secure site will encrypt info like your name, address and credit card number, for example.
The encrypted data cannot be simply intercepted and read by the Snidely Whiplash's out there. It must be decoded by the secret method(s) created by the companies providing the encryption services.A Security Seal is a visible logo provided by the companies offering security certificates. As you can imagine, the seals could easily be copied and pasted into any website, making it appear to be certified secure. However, a genuine seal will typically have some other content associated with it. That is, when you click the seal, it may indicate an expiration date, website address (this should be the same address as the site the seal is on), and maybe contact info for the online store. Each company's seal is different in content.
The SSL certificates also differ quite a bit, though it may not be apparent to the common internet user. For instance, did you know that there are different levels of security?
Perhaps you have seen the ads for "Free SSL Certificates". How secure do you think a free certificate really is? Basically, the only verification done in the issuance of a free certificate is to verify that the website is the website. These certificates can be obtained for free, via internet, in usually about ten minutes.
A step up from there would be a better option for both purchasers and store owners. Higher certification requires actual manpower to do, so they do cost money, generally from $50-$300 depending on the vendor and the services they provide.
To get one of these certificates usually requires the site owner or administrator to submit various documents which validate the authenticity of the website, as well as its physical address, business name, business license, sales tax license, etc. This validation process usually takes about 48 hours, but the result is that the shopper can feel very confident that he is not dealing with a fly-by-night business.
Of course, better locks breeds more skillful criminals, so no amount of certification can be 100%. This is where the warranty comes in. Most certification companies offer a warranty--usually $10,000 or more--as an added assurance to the customer that they are protected against fraudulent operators.
I think the warranty amount is just listed in order to build consumer confidence--a store with a $10,000 warranty on its certificate is just as unlikely to be fraudulent as one with a $100,000 warranty.
Words to the Wise
If your web browser (Internet Explorer, Firefox, etc.) pops up a warning saying that there is a problem with a certificate, you should not take the warning as a dire threat. Stop and think about whether it's truly likely that the store you're at is operating a fraudulent website or not. If your gut tells you to stay away, then stay away until you've done more research (like try phoning the company in question--they may not even know that some browsers are putting up warnings when on their site. You could be doing the business a favor by letting them know of the problem!
Here's another common problem. Sometimes, a web browser will indicate that "Some items on this website are not secure. Show the non-secure items anyway? Yes or No"
This warning box (and ones like it) are a bit overzealous. For instance, a "non-secure" item or element may simply be a photograph or company logo which is stored on a non-secure part of the server. A non-secure photo on a secure web page does not affect the security of your credit card info, but may trigger the dire-sounding browser warning.
Don't forget this very important fact: Encrypting (securing) information on a website is a process which takes up time, and slows down the loading times of web pages. Most stores have their regular website pages which state information about their company, their store hours, the employees, and of course the products they sell. None of these pages need to be encrypted, so they usually aren't. But when a customer goes to the online store's Checkout page, it, and its subsequent pages will be securely encrypted. Thus, the website continues to run fast, but the checkout process is secure.
Look at the chart below to see indicators that a site is secure. Note that these indicators are NOT universal, so you may not see each of them on every browser. Also, the indicators do change now and again as new ideas and technology develop: You will get the general idea, though.
| Where to look | If it is Secure | If it is Not Secure |
| In the address bar at the top of your browser where you
type in the web address:
www.imaginarycolours.com
Look for the first few characters in the address bar, beginning with "http" or "https". The "s" means secure. |
https:// | http:// |
| On the lower edge of your browser window, usually on the right, look for a padlock icon. Note that in Internet Explorer, the padlock does not always show up even if the site is a secure "https" site. | you will see a "locked" padlock | you will see an "unlocked" padlock, or none at all |
| Sometimes, a padlock is found near the top of your browser window, to the right of the address bar (where you type in the www address). | you will see a "locked" padlock | you will see an "unlocked" padlock, or none at all |
| On some browsers, the background color of address bar will change to yellow or green | yellow or green | white |
| Sometimes, an exclamation point is shown to the right of the address bar. | No exclamation point | An exclamation point is shown |
Common Pop-up Security Messages
| In Internet Explorer: |
| Security Alert Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate. *The security certificate is from a trusted certifying authority. *The security certificate has expired or is not yet valid. *The security certificate has a valid name matching the name of the page you are trying to view. Do you want to proceed? Yes No View Certificate
|
| In
this case, you can safely click Yes.
Note that the first line tells you that the site is, indeed secure, just that the Certificate has a problem. The first bullet point states that the Certificate is from a reputable company. This is good. The second bullet states that the Certificate has expired. This is not necessarily bad, and in any case does not affect the security of the site. The third point states that the name registered on the Certificate matches the name of the web page you're trying to view. This is good. The names should match. |
| You may get another information window such as: |
| Security Information This page contains both secure and nonsecure items. Do you want to display the nonsecure items? Yes No More Info |
| It
is safe to click Yes here.
A warning about "nonsecure items" sounds unreasonably threatening. Nonsecure items have nothing to do with your security on the site. Nonsecure items are usually things like graphics or photos, which are stored in a separate, non-secure folder on the server, then pulled up from there for use on a web page. There is no reason to store graphics in a secure folder. |
| In Firefox: |
| "www.imaginarycolours.com"
is a site that uses a security certificate to encrypt data during
transmission, but its certificate expired on [date][time].
You should check to make sure that your computer's time ([date][time]) is correct. Would you like to continue anyway? View Certificate Continue Cancel |
| In
this case you can click Continue.
The wording in this message is a bit misleading. An "https" page is secure, whether a Certificate is there to say so or not. The Certificate is purchased by the store simply to build customer confidence in what already exists. Think of it like putting an alarm on your car. If you lock your car, the car is secure. If you put an alarm on it, you feel more confident in its security, but the car is actually still locked with the same locks. You didn't add a magic forcefield around your car. |
| Back to ImaginaryColours.com storefront |
| updated 8-12-09 |