ECFMG (IWA) online application security?

This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.
A

Adam_K

Indentured
10+ Year Member
5+ Year Member
15+ Year Member
Joined
Nov 28, 2004
Messages
289
Reaction score
0
I started an ECFMG online application until I discovered that the website does not seem to use a secure format like SSL. I'm a little concerned about sending personal information like my SSN, DOB, address to an unsecure website.

So halfway through I stopped and thought that I'd ask here.

Am I being paranoid or is there a security mechanism that I don't know about?
Members don't see this ad.
 
Adam_K said:
I started an ECFMG online application until I discovered that the website does not seem to use a secure format like SSL. I'm a little concerned about sending personal information like my SSN, DOB, address to an unsecure website.

So halfway through I stopped and thought that I'd ask here.

Am I being paranoid or is there a security mechanism that I don't know about?
Click to expand...

Its secure. Go ahead and apply.
If you are still paranoid, use the privacy service of whatever anti virus suite you are using ( mcafee or norton). That would make it even more secure.
 
Why do you think it is not using SSL? If you are using Internet Explorer, look for a lock at the bottom right area. Also look at the URL in the address window, it should say https://...
 
Members don't see this ad :)
anatolyk said:
Why do you think it is not using SSL? If you are using Internet Explorer, look for a lock at the bottom right area. Also look at the URL in the address window, it should say https://...
Click to expand...

Nope. Tried both Firefox and Internet Explorer. Both will only show http, not https. No lock, no security certificate.

I stopped when I got to contact info and IWA asked me for my SSN and DOB. I pulled up the page info from Firefox. It says that "The website iwa.ecfmg.org does not support encryption for the page you are viewing. Information sent over the internet without encryption can be seen by other people while in transit."

Try it out.
 
I decided to call the ECFMG and ask for myself. After spending what I thought was a long time on hold at international direct dial rates, all the representative could tell me was that the website was secure. When I told her that there was no encryption, she suggested that I use the paper application which takes eight weeks to process.

I get the feeling that the ECFMG has been a monopoly for too long and seems only to be good at collecting fees.

I looked up the terms and conditions of service for IWA.

10. Assumption of Risk. Use of the Internet and this Site is solely at your own risk and is subject to all applicable local, state, national, and international laws and regulations. While ECFMG has endeavored to create a secure and reliable Site, please be advised that the confidentiality of any communication or material transmitted to/from this Site over the Internet cannot be guaranteed. Accordingly, ECFMG and its employees, agents, directors, officers, proprietors, partners, representatives, shareholders, servants, attorneys, predecessors, successors, and assigns are not responsible for the security of any information transmitted via the Internet. The User assumes sole and complete risk for using this Site and must make his or her own determination as to these matters.

Cool, huh?
 
What a shame, it really is unsecure!

I suggest everybody sends them an e-mail at: [email protected]

To whom it may concern:

We just tried to schedule USMLE Step at the IWA site and found out that it isn't secure. All the information passed to the ECFMG during application process gets transferred over the Internet without any protection. It makes work of thieves and phishers very easy.

It also raises a privacy and liability question in case if the information gets stolen. Even though applicants sign Terms And Conditions statement, there is not enough effort made by the ECFMG to protect client information.

Secure Socket Layer or HTTPS is an industry standard for collecting sensitive data.

Firstly it ensures the client that he/she is connected to a correct web site and not a phony phishing one.

Secondly it encrypts all the data transferred to and from the site.

Best regards
XXXXX XXXXXXXX
www.imgresidency.com
 
anatolyk said:
What a shame, it really is unsecure!

I suggest everybody sends them an e-mail at: [email protected]

To whom it may concern:

We just tried to schedule USMLE Step at the IWA site and found out that it isn't secure. All the information passed to the ECFMG during application process gets transferred over the Internet without any protection. It makes work of thieves and phishers very easy.

It also raises a privacy and liability question in case if the information gets stolen. Even though applicants sign Terms And Conditions statement, there is not enough effort made by the ECFMG to protect client information.

Secure Socket Layer or HTTPS is an industry standard for collecting sensitive data.

Firstly it ensures the client that he/she is connected to a correct web site and not a phony phishing one.

Secondly it encrypts all the data transferred to and from the site.

Best regards
XXXXX XXXXXXXX
www.imgresidency.com
Click to expand...


Nice letter.

-Skip
 
I am writing in response to your messages, below, regarding ECFMG's Interactive Web Application (IWA).

ECFMG strives consistently to enhance the services it offers. A recent enhancement to IWA was encryption of the on-line application via Secure Sockets Layer (SSL).

Good job everyone!
 
You must log in or register to reply here.
Next unread thread

Similar threads

Y
ECFMG Changed Pathways Deadline for IMGs
Replies
0
Views
475
yandorio
Y
D
ECFMG help
Replies
7
Views
894
stethan
S
M
Online md programs/ off campsus
Replies
3
Views
635
Hollow Knight
Hollow Knight
S
Online Pre-Reqs for Caribbean School?
Replies
1
Views
578
wxman
wxman
K
Germany and ECFMG Pathways
Replies
1
Views
2K
Tangerine123
Tangerine123
Top