Online Security and Trust Indicators

Search by Drug or Product Name

Now that your computer and browser are secure and you know some of the ways to identify legitimate pharmacies, it’s time to learn about the final step in making sure that you are shopping safely online.

Legitimate sites will keep your personal information private by using secure connections and obtaining certifications to prove that they are using your information responsibly.

Security Certifications

Certain online companies will certify websites that are dedicated to keeping your information private and secure. VeriSign by Norton is perhaps the most famous of these, and you may have noticed their logo on highly reputable sites such as PayPal and eBay. Other well-known security certifications and trust seals include McAfee, BBB Accredited, TRUSTe, Safety Check, Thawte, Trustwave, Geotrust, and Comodo. Online pharmacy trust seals to look for include CIPA, MIPA,,, and (in the U.S. only) VIPPS.

Trust seals and SSL certificates verify different aspects of a websites’ trustworthiness and security. Trust seals are awarded by companies that verify that the business is who they say they are and that they are meeting a standard set by the awarding company for good business practices. Companies awarding trust seals do not verify the technical security of the website.

SSL certification is awarded based on the actual technical security of the website. The certifying company will test the website in question prior to certification to ensure that a certain level of safety and security is achieved, usually through encryption of private information. The certification company verifies that the company seeking certification is in fact who they say they are and that they are conducting business in the manner they describe.

If you’d like to know the standards set by the awarding agency, you can click on the seal to see more detail. If the image of the seal is not clickable, this is an indication that the image has been copied off the Internet and is not a legitimate certification. This is a common practice of shady websites.

SSL Connections

When a company has been verified, they will use an SSL connection to indicate that you can trust your information to the company. It will also ensure that the data you entered will be encrypted and inaccessible by anyone. SSL stands for “secure sockets layer” and identifies specific protocols have been set to ensure your information is not visible to any “bystanders” who may be on the connection.

Whenever you are asked to enter personal information, from your medical history to your credit card number, you will need to check that you are on a secure connection.

In the address bar of your browser, you will notice that the first four letters displayed are typically “http.” These letters are then followed by the Web address of the site you are on. When you enter a secure area of the website, these letters will change to “https.” The “s” indicates that you are in a part of the website with an SSL connection.

Another way to identify that you are using a secure connection is with a lock icon that may appear in the address bar or at the bottom of your browser. This will depend on the type of browser you are running, as well as the version you have. Some sites may also show a pop-up window or run a temporary page to let you know that you are now moving to a secure area of the website.

Certification Warnings

Occasionally, you may navigate to a site and have a box pop up with a warning about the site’s security certification. The warning may say the site is self-certified, the certificate cannot be verified, or the certificate is expired. What do these different warnings mean?

A self-signed certificate is an SSL program the site owner can download that will encrypt personal information and allow the address bar to show https. Because the certificate has not been verified by a third-party vendor, you have to trust the website is what it claims to be and that the owner is honest. It’s safer to stick with third-party verified websites when you are giving out health and financial information.

An agreement between a website and a third-party verification company is a business transaction, and the website must pay the verification company for the service they are offering and the privilege of certification. If the website fails to provide payment for the service or lets their agreement with the certification company lapse, their certificate will expire, triggering a warning when you try to navigate to a part of their site that was once certified secure. While this could simply be an oversight on the part of the website, you should be aware that there’s no longer a guarantee that your information will be secure.

In some cases, the problem may be between your browser and the site that issued the certificate. When this occurs, you will be given the option to view the certificate and either continue to the site or turn back. Your information is not guaranteed to be encrypted and secure in this situation.