One of the problems people are facing as they look for Health Insurance Exchange websites is that not all Health Insurance Exchange sites are using digital certificates. This means if you’re talking with a site that doesn’t have a digital certificate, it’s impossible for you to be sure it is who you think it is. This is one thing that makes the current situation around Health Insurance Exchange sites potentially dangerous.
There are some sites that do use digital certificates. And on those sites that do, you can and should use that to help verify that site. As people start to learn how to sign up for health insurance online, understanding how to verify a site using its digital certificate is an important skill to help keep you safe and away from possible scam and phishing sites.
Many people don’t know what digital certificates are. But you’ve likely used them for years even if you don’t know what they are. Digital certificates provide the “lock” in the address bar of your browser that we should all be looking for when we’re doing things like shopping or banking online:
Most people know that the lock means it’s OK to send information like credit card numbers: the lock tells them the information is encrypted. What many people don’t know is that the lock also tells them they can use the digital certificate to verify the identity of the site they’re talking with.
The lock acts like a driver’s license or passport. And you check it just like someone checks your passport or driver’s license to verify you are who you say you are.
To verify a site using its digital certificate, you first have to make sure you’re going to the site using HTTPS. Actually type the URL in the address bar starting with “HTTPS.”
If the site doesn’t come up or you get an error, that means it either doesn’t have a digital certificate or doesn’t have one you can be sure of. If this happens you won’t be able to check that site and be sure. Unfortunately many legitimate Health Insurance Exchange websites don’t have good certificates you can check: that means you have to be extra careful with those sites. Instead of continuing online, consider calling your state insurance agency for help finding the resources that you need instead.
If the website does come up with no errors, the next thing you want to do is bring up the digital certificate. This is where you basically ask the site to show you its driver’s license or passport. On most browsers you can click the lock and it will bring up information from the certificate.
You want to find the website name on the certificate and make sure it matches the name of the site you wanted to talk with. In the example below you can see the name of the website highlighted.
If you want additional information, you can bring up the full digital certificate itself by. In the example below, you click “certificate information” to bring up the full digital certificate.
The full digital certificate contains a lot of information you don’t need to worry about. The main items you want to check are the “Issued to” and the “Valid from/to” dates. Just someone checks the name and dates on your driver’s license or passport; these are the key things that tell you the site is who it says it is and that the digital certificate itself is valid.
As online Health Insurance Exchanges mature, it’s almost certain that they’ll all be required to have digital certificates so you can verify them. For now, though, if a site doesn’t give you that option, you should be wary and consider not using it. Most importantly, though, it’s important to get into the habit of looking for the lock not just to protect your information through encryption but to know if there’s a digital certificate you can check. And then, it’s important that you check the digital certificate and verify the site before you start entering any data. When dealing with personal information around healthcare, it’s critical you make sure you don’t give it to the wrong person and find that you, a family member or even your entire family are the victims of identity theft.