It has emerged today that tvlicensing.co.uk could be processing millions of customers’ data insecurely.
In an article by Mark Cook, an SEO and developer from Norwich, it was revealed that not all of the website is secure.
Despite the denials of TV Licensing itself, Cook noticed that Google Chrome had marked the website as “Not Secure” while trying to make a payment.
Essentially, having this warning notice pop up while viewing this particular part of the site means that it is not on HTTPS, and any information sent to it from a user can be intercepted.
As noted by Cook, even after numerous stages of interaction, and up until the point of being able to set up a direct debit, users aren’t being offered a secure connection.
He also found that although TV Licensing does in fact have a secure version of its website, you are actually required to type in the “s” after http.
This is due to the website telling search engines to use the insecure version over the secure version by using a canonical tag.
A few lines of code is all that is needed to fix the issue.
Although TV Licensing repeatedly told Cook and other Twitter users that the entire site was secure at one point, at of the time at writing, the site has gone down for “scheduled maintenance”.