Wriju's BLOG

.NET, Cloud and everything

When you need to care about Online Payment

Often times we need to pay using our credit/debit card to many E-Commerce portal. We must verify if the site is PCI compliant.  But how a normal user would know? There are cases we easily fall into the trap. We need to be more careful and understand the complexity and save our hard earned money.

I was trying to pay in a portal where I got this screen and I wanted to ensure.

image

So I checked the SSL in https://www.ssllabs.com/ssltest/ and got the below output

This seems fine to me but few areas needs little attention

image

What worried me here that they are using SHA1 which is kind of not recommended anymore. Following are the few points about SHA-1

image

image

image

SHA-1 is not a major concern now but eventually will be.

As per the test web website’s guide documentation https://www.ssllabs.com/projects/rating-guide/index.html, this seems manageable.

image

Now, I wanted to check their Certificate too,

image

Good thing is that they are using SHA256

As an end user you need to keep your money safe. There is a huge list of sites being compromised. You must check https://haveibeenpwned.com/PwnedWebsites

image

PCI DSS Quick Reference Guide v3.0

Be safe and play safe.

Namoskar!!!