List of UK online casinos that are not secure by default
This is one of several posts of the topic of security of websites. Inspired by my initial post on the security of UK banks.
The reason for splitting this data into multiple posts is to make it more manageable. So that data on one institution is not mixed with data on another type of institution.
The following key is used for the secure status:
|Yes||The site is secure, loaded via https|
|Invalid||The site loads via https, but the security certificate is invalid and thus the site is
|Partial||The site loads via https, but loads some parts of the page without https. The site is
|No||The site is loaded via http, not via https.|
|Fixed||The site is loaded via https, but at the time of first writing it was loaded via
|??||We could not find a website to evaluate.|
We tested 75 online casinos. We found 12 online casinos that did not have a secure home page (not https or did have https with an invalid security certificate). That is 16% of UK online casinos have security vulnerabilities.
Just as with wealth management, there are some big names in this list, that spend lots of money on advertising, and yet they are not secure. You cannot rely on a trusted brand name to mean that you get a secure website.
Downloading from a non secure site
One site in particular deserves a special mention. 50 Stars Casino. This is not secure, but for you to gamble with them you need to download a software package from their non-secure website and then install the software. I did download it. The download is digitally signed, but given that it’s downloading off a non-secure page, the download could, technically be anything, not necessarily the software the casino wants you to download. This is not good. Not only is the website not secure, but it could potentially attack your computer if the download is compromised.
I shouldn’t need to point this out, but i will, all the same, just to be clear.
The data provided on this page should taken at face value. If you’re not sure about something, please verify it yourself. Nothing reported here should be regarded as a criticism or an endorsement or recommendation of an organisations security effectiveness. I am simply passing comment on whether the home page (whatever that may be) is provided as https on not. Other security concerns are a separate matter.
If your organisation is listed here and is not marked as secure, your best course of action is to fix that, not to complain that someone is reporting a fact anyone with a web browser can discover. The security status of your home page is public information, albeit information that many people don’t understand.