Online casino safety: SSL encryption
As part of our guide to online safety and how it relates to play at online casinos, we take a look at Secure Sockets Layer (SSL) encryption and explain it in layman's terms. Read on to find out how and why you should protect yourself when playing online by always ensuring that your private information stays that way.
SSL: what is it and why is it important?
The Internet is, at its most simple description, a network of connected computers that spans the globe. When you ask your web browser to load a web page, or you click a button on a web page, or enter some information and submit a form, you send what is known as a "request" from your computer to the computer that hosts the site you are viewing (known as a server). In order for your request to reach the web server, it must first be routed through many other servers across the globe on its journey across the network.
When using a standard unencrypted connection to browse the web, the information contained in your request is passed from server to server on its journey across the web in plain text. This means that at any point along that journey, anyone with access to one of the servers that your request is passed through could potentially log the contents of the request and re-use the information in it. This person could be a bad guy operating the server, a hacker with remote access to a compromised server, a misconfigured server logging data that could later be discovered by a hacker, or even a snooping government department in the country that you live.
Obviously this is not an acceptable situation for people wanting to send sensitive information around the globe. Sensitive information could include a credit card number and expiry date, or an internet banking login, or indeed the password to an online casino account. Therefore it is possible for web servers to be configured to allow, or even require, web browsers to connect to them using an encrypted connection via a cryptographic protocol known as Secure Sockets Layer.
Without going into the technical detail of explaining exactly how SSL works (see further reading below), the effect of using such a connection is the difference between those intermediary servers being able to log information in an unencrypted request like this:
and an encrypted request like this:
The beauty of SSL encryption is that only your browser and the web server you are contacting can read the information that you are sending each other.
How can you tell if your connection is encrypted?
The easiest way to do this is to look at the URL bar at the top of your web browser window. All major current browsers will display either a small padlock icon or a larger green coloured icon or address bar that indicates that your connection is secure.
Another thing to look for is to check the start of the URL that you are accessing. If it starts with http:// then your connection is not secure. If it starts with https:// (note the extra 's') then you can take it as a strong indication that the site is secure, providing the site's certificate is valid.
What should you do if your connection is not secure?
This situation becomes one of risk assessment that differs depending on the situation. You need to consider what kind of information you are sending to the web server and the risk associated with the loss of that information. A couple of examples might help clarify this:
- Logging in to an online bank account: Obviously the results of a hacker recording your login and password details for an online bank account could be financially catastrophic. You should never ever log in to an online bank account on a non-secure, unencrypted connection.
- Entering credit card or e-wallet details to facilitate a purchase: If the wrong person ends up with this information they could go on a spending spree using your money. Don't do it unless your connection is encrypted.
- Logging in to an online casino or poker account: This is almost the same situation as a bank account. Anyone intercepting the login credentials for your casino account has the ability to potentially steal your money. Never login or register at an online casino that does not operate using an encrypted connection.
- Submitting numbers into an online calculator: This is almost certainly not something that you really care about being intercepted, so a non-secure connection should not deter you.
The non-secure online casino hall of shame
Sadly during our review process at Casino Listings we have come across several online casinos that do not enforce the use of a secure SSL connection, putting the private information of their customers at risk. Below is a list of these casinos along with relevant notes and further information. We strongly recommend that you do not register, login, or play at any of the casinos on this list.
|Casino Cash Palace||Despite showing an invalid SSL seal verification image in the bottom corner of their website which claims to be SSL protected, this casino operates completely in plain text, allowing unencrypted registration and login.|
|Cherry Gold Casino||Instant play section of the website allows insecure registration and login, which leaves your personal information and password transmitted in plain text.|
Real Deal Bet
|These "skinned" sites all owned by the same operator Comfortlink N.V., allow unencrypted registration and login. Banking is secure but anyone gaining access to your unsecured login credentials can use them to login and access the banking department.|
If your casino is on this list and you have fixed the problem, please contact us and we will gladly remove it, pending verification. Similarly, if you discover an unencrypted casino that we do not have on this list, please let us know and we will credit your account with some CLchips as a reward.
This is intended only as a basic guide to online safety and SSL encryption. If you would like to know more about the technical details of how encryption and SSL itself works, I recommend reading the following resources: