Scotiabank SSL misconfigured?

Written by Zaki Usman on June 8, 2013.

Did Scotiabank misconfigure their SSL settings? Check yourself by visiting
https://www.scotiabank.com (use HTTPS to force a secure session.)

You should see the following error:

Low Security Grade

I rechecked using a third-party SSL Checking tool. The tool gives Scotiabank a pretty low grade.

Online Banking is Secure

Even though their website is misconfigured, their online banking is setup correctly (meaning the actual banking transactions are protected, just the marketing/web content isn’t.)

Bad User Experience

Regardless, this gives a bad user experience. Imagine as visitors try to go to a secure version of the website, only to find a warning message instead. Scotiabank must have a good reason to have it setup like this – I’d love to find out why.

By the way, I just checked 3 other banking websites – they’re all configured properly.

Trackback from your site.

Zaki Usman

Hello, I'm the founder and CEO at ShoutEx. I like to blog about marketing, mobile and web topics. Feel free to connect with me on LinkedIn.

Comments (2)

Correction

April 26, 2013 at 8:35 pm | #

scotiabank.com is not an HTTPS site….

Reply
- Zaki Usman
  
  May 8, 2013 at 12:35 pm | #
  
  Most banks allow for SSL access to their corporate site, so why would Scotia be any different?
  
  It seems ScotiaBank is using a CDN to streamline content delivery and aren’t forcing SSL properly across the entire constellation.
  
  Reply