0
$ £

Online casino safety: SSL encryption

HTTPS in address bar

As part of our guide to online safety and how it relates to play at online casinos, we take a look at Secure Sockets Layer (SSL) encryption and explain it in layman's terms. Read on to find out how and why you should protect yourself when playing online by always ensuring that your private information stays that way.

SSL: what is it and why is it important?

The Internet is, at its most simple description, a network of connected computers that spans the globe. When you ask your web browser to load a web page, or you click a button on a web page, or enter some information and submit a form, you send what is known as a "request" from your computer to the computer that hosts the site you are viewing (known as a server). In order for your request to reach the web server, it must first be routed through many other servers across the globe on its journey across the network.

When using a standard unencrypted connection to browse the web, the information contained in your request is passed from server to server on its journey across the web in plain text. This means that at any point along that journey, anyone with access to one of the servers that your request is passed through could potentially log the contents of the request and re-use the information in it. This person could be a bad guy operating the server, a hacker with remote access to a compromised server, a misconfigured server logging data that could later be discovered by a hacker, or even a snooping government department in the country that you live.

Obviously this is not an acceptable situation for people wanting to send sensitive information around the globe. Sensitive information could include a credit card number and expiry date, or an internet banking login, or indeed the password to an online casino account. Therefore it is possible for web servers to be configured to allow, or even require, web browsers to connect to them using an encrypted connection via a cryptographic protocol known as Secure Sockets Layer.

Without going into the technical detail of explaining exactly how SSL works (see further reading below), the effect of using such a connection is the difference between those intermediary servers being able to log information in an unencrypted request like this:

username=frednerk,password=letmeinplease

and an encrypted request like this:

ZNTYXsXj1gJ4BL83WUtCUpQaeM8zFfXbYPg1lMpz7ZQLV1EmNJ0Jug==

The beauty of SSL encryption is that only your browser and the web server you are contacting can read the information that you are sending each other.

How can you tell if your connection is encrypted?

The easiest way to do this is to look at the URL bar at the top of your web browser window. All major current browsers will display either a small padlock icon or a larger green coloured icon or address bar that indicates that your connection is secure.

Another thing to look for is to check the start of the URL that you are accessing. If it starts with http:// then your connection is not secure. If it starts with https:// (note the extra 's') then you can take it as a strong indication that the site is secure, providing the site's certificate is valid.

What should you do if your connection is not secure?

This situation becomes one of risk assessment that differs depending on the situation. You need to consider what kind of information you are sending to the web server and the risk associated with the loss of that information. A couple of examples might help clarify this:

  1. Logging in to an online bank account: Obviously the results of a hacker recording your login and password details for an online bank account could be financially catastrophic. You should never ever log in to an online bank account on a non-secure, unencrypted connection.
  2. Entering credit card or e-wallet details to facilitate a purchase: If the wrong person ends up with this information they could go on a spending spree using your money. Don't do it unless your connection is encrypted.
  3. Logging in to an online casino or poker account: This is almost the same situation as a bank account. Anyone intercepting the login credentials for your casino account has the ability to potentially steal your money. Never login or register at an online casino that does not operate using an encrypted connection.
  4. Submitting numbers into an online calculator: This is almost certainly not something that you really care about being intercepted, so a non-secure connection should not deter you.

The non-secure online casino hall of shame

Sadly during our review process at Casino Listings we have come across several online casinos that do not enforce the use of a secure SSL connection, putting the private information of their customers at risk. Below is a list of these casinos along with relevant notes and further information. We strongly recommend that you do not register, login, or play at any of the casinos on this list.

CasinoNotes
Casino Cash PalaceDespite showing an invalid SSL seal verification image in the bottom corner of their website which claims to be SSL protected, this casino operates completely in plain text, allowing unencrypted registration and login.
Cherry Gold CasinoInstant play section of the website allows insecure registration and login, which leaves your personal information and password transmitted in plain text.
SlotLuv CasinoAside from being run by a bunch of criminal scammers, the in-browser instant play section of this casino allows unencrypted login and registration.

If your casino is on this list and you have fixed the problem, please contact us and we will gladly remove it, pending verification. Similarly, if you discover an unencrypted casino that we do not have on this list, please let us know and we will credit your account with some CLchips as a reward.

Further reading

This is intended only as a basic guide to online safety and SSL encryption. If you would like to know more about the technical details of how encryption and SSL itself works, I recommend reading the following resources:

5 replies • Last post

Comments

usbarbadosslim93
Forum Angel
barbadosslim93's picture
Location: Michigan
Joined: 28 Jan 2011
Posts: 9417
Thanks given: 561
Thanks received: 695
29 October 2015 - 12:28pm
#1

Thanks for the knowledge, Ed. I would think that sites would want to protect their customers, and it doesn't seem like the SSL would be that hard to put in there. As we see more and more hackers coming out with ways to rip people off I think it is only sensible to play at sites that have some sort of protection for player information.

1 member gave thanks for this useful post: lpangborn76

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7204
Thanks given: 3359
Thanks received: 2722
29 October 2015 - 11:22pm
#2

No it isn't hard. Purchasing a SSL certificate costs the casino a small amount of money and, considering the simple nature of most casino websites, a minimal amount of testing and configuration. As they are asking for their customers' personal and financial information, there really is no excuse for them not to secure its transport.

It is not only hackers you have to be concerned about. These days in many countries it is the governments doing the spying. It certainly is the case here in Australia now, and everyone knows about what the authorities in America have been up to in recent times.

Operating an online casino without SSL is lazy, unprofessional, and dangerous.

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

gbthemeatylass
FreerollerFreeroller
Location: uk
Joined: 30 Oct 2015
Posts: 7
Thanks given: 1
Thanks received: 3
30 October 2015 - 9:30pm
#3

i play casinos mostly everyday on mobile my main site i use is ladbrokes have been a vip for a few years i have noticed that there mobile site certificate changes it has 3 one of which says premium ssl wildcard and is only valid for 1 year dont know much about certificates but mostly all are valid gor 10/20 year also the layout on mobile site can and has changed during play could be my mobile browser but thought id share it with use see if anyone else gets the same

1 member gave thanks for this useful post: CL-Ed

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7204
Thanks given: 3359
Thanks received: 2722
1 November 2015 - 11:53pm
#4

You shouldn't read anything into the length of time that the certificate is valid for. If there is only 1 year remaining, that just means they have to renew it soon. They could have paid for it 10 years ago.

Looking at Ladbrokes they have a few issues with their SSL:
- Chrome browser says that they are using what is regarded as an obsolete encryption method. But I ran a SSL test using the Qualys website tool and it is not a major problem.
- They have the "mixed content warning" problem which is what you get when you run a secure site but include things on the page that are not served using a secure connection (eg. images or scripts from third party websites). This is usually a problem encountered by sites like ours that have a lot of user-contributed content, such as people linking to off-site images that may not be available on a secure connection (we're working through the problem here before making our whole site SSL encrypted, hopefully soon). However this should not be an excuse for casino websites as they almost always have total control over all the content that goes onto them.
- Their various casino subdomains all run on a non-encrypted connection. However when you login the request is posted via a secure connection which is safe.

So they have a few things that need improving but I would not say they are unsafe like the others on the list above.

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

gbthemeatylass
FreerollerFreeroller
Location: uk
Joined: 30 Oct 2015
Posts: 7
Thanks given: 1
Thanks received: 3
4 November 2015 - 5:45pm
#5

iv tryed and played alot of online casinos and to be fair ladbrokes is the site i feel safest on perhaps its because i have been with them for so long and have really not had any issues with there site although like u have said the mobile site can and has had a few issues regarding the secure connection and i do think they have the capability to do more but i think that goes for most if not all mobile sites.

Post new comment

Have something to say? Agree or disagree? Tell us what you think!

Login using your social network account
Or log in with a Casino Listings account

Login or register to post comments

Registering for an account takes less than a minute and you will be brought right back here to comment afterwards.

Share this