Adam_K

Indentured
10+ Year Member
5+ Year Member
Nov 28, 2004
289
0
Off to the plantation
Status
Resident [Any Field]
I started an ECFMG online application until I discovered that the website does not seem to use a secure format like SSL. I'm a little concerned about sending personal information like my SSN, DOB, address to an unsecure website.

So halfway through I stopped and thought that I'd ask here.

Am I being paranoid or is there a security mechanism that I don't know about?
 

Santiago

Catheter Jockey
7+ Year Member
15+ Year Member
Apr 23, 2003
252
0
Neverland
Visit site
Status
Adam_K said:
I started an ECFMG online application until I discovered that the website does not seem to use a secure format like SSL. I'm a little concerned about sending personal information like my SSN, DOB, address to an unsecure website.

So halfway through I stopped and thought that I'd ask here.

Am I being paranoid or is there a security mechanism that I don't know about?
Its secure. Go ahead and apply.
If you are still paranoid, use the privacy service of whatever anti virus suite you are using ( mcafee or norton). That would make it even more secure.
 

anatolyk

Junior Member
10+ Year Member
5+ Year Member
Feb 15, 2005
15
0
Status
Why do you think it is not using SSL? If you are using Internet Explorer, look for a lock at the bottom right area. Also look at the URL in the address window, it should say https://...
 
OP
A

Adam_K

Indentured
10+ Year Member
5+ Year Member
Nov 28, 2004
289
0
Off to the plantation
Status
Resident [Any Field]
anatolyk said:
Why do you think it is not using SSL? If you are using Internet Explorer, look for a lock at the bottom right area. Also look at the URL in the address window, it should say https://...
Nope. Tried both Firefox and Internet Explorer. Both will only show http, not https. No lock, no security certificate.

I stopped when I got to contact info and IWA asked me for my SSN and DOB. I pulled up the page info from Firefox. It says that "The website iwa.ecfmg.org does not support encryption for the page you are viewing. Information sent over the internet without encryption can be seen by other people while in transit."

Try it out.
 
OP
A

Adam_K

Indentured
10+ Year Member
5+ Year Member
Nov 28, 2004
289
0
Off to the plantation
Status
Resident [Any Field]
I decided to call the ECFMG and ask for myself. After spending what I thought was a long time on hold at international direct dial rates, all the representative could tell me was that the website was secure. When I told her that there was no encryption, she suggested that I use the paper application which takes eight weeks to process.

I get the feeling that the ECFMG has been a monopoly for too long and seems only to be good at collecting fees.

I looked up the terms and conditions of service for IWA.

10. Assumption of Risk. Use of the Internet and this Site is solely at your own risk and is subject to all applicable local, state, national, and international laws and regulations. While ECFMG has endeavored to create a secure and reliable Site, please be advised that the confidentiality of any communication or material transmitted to/from this Site over the Internet cannot be guaranteed. Accordingly, ECFMG and its employees, agents, directors, officers, proprietors, partners, representatives, shareholders, servants, attorneys, predecessors, successors, and assigns are not responsible for the security of any information transmitted via the Internet. The User assumes sole and complete risk for using this Site and must make his or her own determination as to these matters.

Cool, huh?
 

anatolyk

Junior Member
10+ Year Member
5+ Year Member
Feb 15, 2005
15
0
Status
What a shame, it really is unsecure!

I suggest everybody sends them an e-mail at: [email protected]

To whom it may concern:

We just tried to schedule USMLE Step at the IWA site and found out that it isn't secure. All the information passed to the ECFMG during application process gets transferred over the Internet without any protection. It makes work of thieves and phishers very easy.

It also raises a privacy and liability question in case if the information gets stolen. Even though applicants sign Terms And Conditions statement, there is not enough effort made by the ECFMG to protect client information.

Secure Socket Layer or HTTPS is an industry standard for collecting sensitive data.

Firstly it ensures the client that he/she is connected to a correct web site and not a phony phishing one.

Secondly it encrypts all the data transferred to and from the site.

Best regards
XXXXX XXXXXXXX
www.imgresidency.com
 

Skip Intro

Registered User
15+ Year Member
Apr 29, 2002
3,377
954
Status
Attending Physician
anatolyk said:
What a shame, it really is unsecure!

I suggest everybody sends them an e-mail at: [email protected]

To whom it may concern:

We just tried to schedule USMLE Step at the IWA site and found out that it isn't secure. All the information passed to the ECFMG during application process gets transferred over the Internet without any protection. It makes work of thieves and phishers very easy.

It also raises a privacy and liability question in case if the information gets stolen. Even though applicants sign Terms And Conditions statement, there is not enough effort made by the ECFMG to protect client information.

Secure Socket Layer or HTTPS is an industry standard for collecting sensitive data.

Firstly it ensures the client that he/she is connected to a correct web site and not a phony phishing one.

Secondly it encrypts all the data transferred to and from the site.

Best regards
XXXXX XXXXXXXX
www.imgresidency.com

Nice letter.

-Skip
 

anatolyk

Junior Member
10+ Year Member
5+ Year Member
Feb 15, 2005
15
0
Status
I am writing in response to your messages, below, regarding ECFMG's Interactive Web Application (IWA).

ECFMG strives consistently to enhance the services it offers. A recent enhancement to IWA was encryption of the on-line application via Secure Sockets Layer (SSL).

Good job everyone!