Security Directory

E

Erste Asset Management

erste-am.com

0

Erste Asset Management operates as an international asset management company serving both institutional and private investors, primarily based in Austria. The website presents a professional and well-structured digital presence targeting these investor groups with clear navigation and relevant content. Technically, the site leverages a modular GEM framework hosted on AWS CloudFront CDN, ensuring scalability and modern web practices. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, despite the presence of several security headers and a strict DMARC policy. Privacy compliance is well addressed with clear privacy and cookie policies, and GDPR adherence is evident. Overall, while the business credibility and content quality are strong, the critical lack of HTTPS is a major risk that needs immediate remediation.

V

Venionaire Capital

venionaire.com

0

Venionaire Capital is a medium-sized, globally active investment and advisory firm specializing in Private Equity and Venture Capital. The company offers a broad range of services including fund management, corporate finance, M&A, restructuring, and research products. It targets investors, entrepreneurs, and corporates, positioning itself as an entrepreneurial partner with a strong global footprint and multiple co-founded initiatives enhancing the investment ecosystem. The website content is professionally presented with clear navigation and rich service descriptions, reflecting a mature business model and market presence. Technically, the website is built on WordPress using the Enfold theme and integrates common technologies such as jQuery, Yoast SEO, and Google Analytics. However, the site suffers from critical security shortcomings, notably the absence of HTTPS and a valid SSL certificate, which severely impacts its security posture. Performance is slow, and while mobile optimization and SEO are good, accessibility is basic. Cookie consent mechanisms are present, but no explicit security or incident response policies are published. Security-wise, the lack of HTTPS and modern TLS protocols is a major vulnerability, exposing users to data interception risks. No advanced security headers or certificate transparency measures are implemented. The WHOIS data is consistent with the business claims, showing no suspicious patterns. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and enhance trust. Strategically, Venionaire Capital should prioritize obtaining and configuring a valid SSL certificate, enabling HTTPS, and implementing modern security headers and protocols. Enhancing privacy and incident response disclosures would also improve compliance and user confidence. These steps will strengthen the company's digital maturity and reduce risk exposure.

I

Inbank

inbank.eu

0

Inbank operates as an embedded financing platform focused on accelerating sales for merchants and providing tailored financing solutions to consumers across multiple European markets. The company supports a broad range of sectors including retail, eco-friendly products, and automotive financing, positioning itself as a significant player with over 872,000 active contracts and partnerships with more than 6,000 retailers. The website reflects a professional and consistent brand image with clear business information and a user-friendly design. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, styled with Tailwind CSS, and hosted on Amazon AWS infrastructure. While the site performs moderately well and is mobile optimized, it lacks a valid SSL certificate and HTTPS support, which is a critical security flaw. Additionally, no security headers or advanced TLS configurations are present, exposing the site to potential risks. From a security perspective, the absence of HTTPS and security headers significantly lowers the security posture score. Privacy and cookie policies are implemented with consent mechanisms, indicating basic GDPR compliance. Contact information is clearly available, but no explicit security or incident response policies are found. The WHOIS data is consistent with the business claims, supporting domain legitimacy. Overall, the website demonstrates good business credibility and content quality but suffers from critical security shortcomings. Immediate remediation of SSL/TLS issues and implementation of security best practices are recommended to enhance trust and protect users.

E

E-COMMERCE BROKER SIA

finlat.lv

0

Finlat.lv is a Latvian-based credit comparison and brokerage platform operated by E-COMMERCE BROKER SIA, founded in 2021. The platform offers a wide range of financial services including consumer loans, mortgage-backed loans, auto loans, business loans, refinancing, and credit consolidation. It serves individuals and businesses in Latvia, providing a convenient one-application process to access multiple lenders. The website is well-structured with clear navigation, client testimonials, and partner logos enhancing its credibility. Technically, it is built on WordPress with Elementor and uses modern web technologies, but lacks a valid SSL certificate, which is a critical security concern. The absence of a cookie consent mechanism also poses potential GDPR compliance issues. The platform integrates several analytics and marketing tools such as Google Analytics, Yandex Metrica, and Facebook Pixel, indicating moderate user tracking. Overall, the business appears legitimate with consistent WHOIS data and transparent contact information, but needs to address security and privacy compliance gaps to improve trust and security posture.

B

Banqsoft AS

banqsoft.com

0

Banqsoft AS is a medium-sized Norwegian company specializing in financial software solutions for the Nordic market, focusing on asset finance, digital banking, and credit management. The company offers comprehensive software suites and add-on services designed to digitize and optimize financial operations for its clients. Banqsoft holds recognized certifications such as ISO 14001 and ISO 27001, underscoring its commitment to sustainability and information security. The website reflects a professional and consistent brand presence with good content quality and user experience.

E

Edlund A/S

edlund.dk

0

Edlund A/S is a Danish company specializing in flexible software solutions and consulting services for the life and pension insurance sector. Established in 1998, the company offers modular standard software and expert consulting to help clients modernize and optimize their insurance administration systems. The website reflects a professional and consistent brand presence targeting Danish life and pension companies. Technically, the site uses ASP.NET with Umbraco CMS, modern JavaScript modules, and is hosted behind Cloudflare. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines the site's security posture. Privacy and cookie policies are present with consent mechanisms, and contact information is comprehensive. Analytics and marketing tools are actively used, indicating a moderate level of user tracking. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

C

ConvesioPay Dashboard

convesiopay.com

0

ConvesioPay is a relatively new payment service platform, established in 2023, providing a user dashboard for payment management. The website serves primarily as a login portal, indicating a business model focused on payment processing or financial services. The domain is registered with Cloudflare, Inc. and protected against unauthorized transfer, reflecting a legitimate and consistent registration profile. Technically, the site uses modern JavaScript modules, Google Fonts, and Google Tag Manager for analytics, but suffers from slow load times and lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled and SPF records configured, but lacks important security headers, HSTS, and DMARC records. Privacy compliance is minimal with no visible privacy or cookie policies, and no GDPR indicators. Overall, the site is functional but requires significant improvements in security, privacy, and performance to enhance trust and compliance.

S

Slipcase

slipcase.com

0

Slipcase is a specialized content platform serving the global (re)insurance industry by aggregating and curating relevant news, insights, and thought leadership. The platform targets industry professionals and organizations, offering personalized dashboards, mobile app access, and organizational content distribution with reporting. The business is UK-based, established in 2000, and operates a niche service model focused on finance and insurance sectors. Technically, the website employs modern JavaScript modules, external libraries like Animate.css, and integrates marketing and analytics tools such as HubSpot and LinkedIn. Hosting is on Amazon AWS infrastructure. However, the website suffers from slow load times and lacks a valid SSL certificate, which significantly impacts security and user trust. From a security perspective, the absence of HTTPS, security headers, and domain protection measures exposes the site to risks and undermines compliance with modern security standards. Privacy compliance is basic, with policies present but lacking explicit consent mechanisms. Contact information is available, but no phone numbers are provided. Overall, Slipcase presents a professional and content-rich platform with good business credibility but requires urgent improvements in security posture and technical performance to enhance trust and compliance.

A

Aviva plc

aviva.com

0

Aviva plc is a leading diversified insurer headquartered in the United Kingdom, offering a broad range of insurance, wealth management, and retirement services primarily across the UK, Ireland, and Canada. The company targets investors, shareholders, career seekers, and socially conscious individuals, positioning itself as a trusted financial services provider with a strong market presence and extensive subsidiary network. The website reflects a professional and comprehensive corporate portal with rich investor relations content, leadership profiles, and sustainability initiatives. Technically, the website leverages modern JavaScript frameworks, Adobe Experience Manager CMS, and Akamai CDN for content delivery. It integrates advanced analytics and marketing tools such as Adobe Helix RUM and OneTrust for privacy compliance. The site is mobile-optimized, accessible, and SEO-friendly, providing a high-quality user experience. From a security perspective, while several best practices are implemented including CSP, X-Content-Type-Options, and HSTS headers, the SSL certificate is invalid and no TLS protocols are enabled, representing a critical vulnerability that undermines secure communications. No WAF or blocking mechanisms are detected, and privacy policies are comprehensive and GDPR compliant. The domain registration data aligns well with the business claims, indicating high legitimacy. Overall, the website is professional and credible but requires urgent remediation of SSL and TLS issues to ensure secure user interactions and maintain trust.

S

State Employees' Credit Union

ncsecu.org

0

State Employees' Credit Union (SECU) is a large, well-established financial cooperative serving over 2.8 million members primarily in North Carolina. The website presents a comprehensive suite of financial products including savings, loans, credit cards, mortgages, and insurance, supported by a professional and consistent brand presence. The site is built on Adobe Experience Manager and integrates Adobe marketing and analytics technologies, reflecting a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which is a significant risk for a financial institution handling sensitive member data. While security headers and privacy policies are present, the lack of cookie consent mechanisms and incident response information indicates room for improvement in privacy compliance and security transparency. Overall, the website is trustworthy and credible but requires urgent remediation of its SSL/TLS configuration to meet industry security standards.

T

TAS group

tasgroup.eu

0

TAS group is a leading Italian ICT company specializing in digital payment software and services for banks, fintechs, and corporates. The company offers a comprehensive Global Payment Platform and a suite of solutions covering digital payments, capital markets, real-time liquidity, financial networks, and PSD2 compliance. TAS is recognized in the IDC FinTech Top 100 and holds certifications such as UNI/PdR 125:2022, reflecting its commitment to social responsibility and workplace equality. The website targets financial institutions and technology providers, positioning TAS as a trusted partner in the evolving payments ecosystem. Technically, the website is built on WordPress with modern plugins and technologies including Kadence Blocks, HubSpot forms, and advanced analytics tools like Matomo and Plausible. The site is well-optimized for mobile and accessibility, with strong SEO practices and structured data markup enhancing discoverability and user experience. However, performance metrics indicate slow loading times, suggesting room for optimization. From a security perspective, the site implements several important HTTP security headers but lacks a valid SSL certificate and does not support TLS protocols, severely impacting its security posture. The absence of HTTPS and related best practices exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear privacy and cookie policies, consent mechanisms, and GDPR adherence. Overall, TAS group presents a professional and credible online presence with strong business and technical foundations. The primary risk lies in the lack of proper SSL/TLS configuration, which should be urgently addressed to secure communications and maintain trust. Strategic recommendations include implementing HTTPS, enabling modern TLS protocols, and enhancing security configurations to align with industry best practices.

B

Blackstone

blackstone.com

0

Blackstone is a leading global alternative asset manager with a strong market position and diversified investment offerings including private equity, real estate, credit, and energy sectors. The website reflects a mature digital presence with comprehensive business information, professional design, and clear navigation targeting institutional and individual investors as well as financial advisors. The technical infrastructure leverages WordPress VIP, Cloudflare CDN, and modern analytics tools such as New Relic and Google Tag Manager, indicating a robust digital maturity. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses risks to user trust and data security. Privacy compliance is generally good with a clear privacy policy and GDPR considerations, but the absence of a cookie consent mechanism is a gap. Overall, the site is credible and professional but requires urgent remediation of SSL issues to enhance security and trust.

C

Cryptex

cryptex.com

0

Cryptex is a cryptocurrency exchange platform offering secure and user-friendly services for buying, selling, and exchanging popular cryptocurrencies such as Bitcoin, Ethereum, and Ripple. The platform targets both beginners and professional traders, providing an intuitive interface and immediate account funding options. The website demonstrates a consistent branding approach and basic content quality, though it lacks comprehensive privacy and cookie policies. Technically, the site is built on modern technologies like React and uses Google Analytics for tracking, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The absence of essential security headers and incomplete privacy compliance further impact its security posture. Overall, while the business model and market positioning are clear, the platform requires significant improvements in security and privacy to enhance trust and compliance.

The website exmo.com is currently inaccessible due to a Cloudflare Turnstile human verification challenge page that blocks direct content access. This prevents a full analysis of the website's business offerings and user-facing content. The domain is mature, registered since 2002, and uses Cloudflare for DNS and security services. However, the SSL certificate is invalid or missing, resulting in no HTTPS availability at the time of analysis. No privacy, cookie, or terms of service policies are visible, nor is any contact information or business details exposed on the challenge page. Performance is poor with a very slow load time and no actual page content beyond the security challenge.

О

ООО «Айкюсофт»

guarantee.money

0

The website guarantee.money operates as an escrow service platform primarily targeting Russian-speaking users. It facilitates secure transactions between buyers and sellers by acting as a trusted third party holding funds in escrow until transaction conditions are met. The business is positioned as a medium-sized technology and finance service founded in 2017, with a focus on online marketplaces, arbitration, and payment link generation. The company behind the service is ООО «Айкюсофт», based in Russia. Technically, the site is built on a modern React and Next.js stack with Material-UI for UI components, indicating a contemporary digital infrastructure. However, the site suffers from a critical security shortcoming: the absence of a valid SSL certificate and proper HTTPS support, which undermines user trust and data security. While HSTS headers are configured, they are ineffective without valid SSL. Privacy and terms of service pages exist but cookie consent mechanisms are missing, indicating partial privacy compliance. Contact information is limited to an email address at iqsoft.company, with no phone or physical address provided. Overall, the site is functional and content-rich but requires urgent security improvements to meet industry standards and user expectations.

L

Luminor

luminorcareers.ee

0

LuminorCareers.ee is a professional career portal for Luminor bank, primarily targeting job seekers in Estonia and the Baltic region. The website offers detailed job listings, employee testimonials, and career-related information, positioning Luminor as an employer of choice in the banking sector. The site leverages modern web technologies and a CMS platform to deliver content but suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support. Privacy compliance is well addressed through OneTrust cookie consent and a comprehensive privacy policy. However, the lack of visible contact information and security policies limits transparency. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

B

Banqup Group

banqup.com

0

Banqup Group operates a sophisticated digital platform focused on streamlining invoicing, payments, and compliance for a wide range of business customers including professionals, accountants, SMEs, and large enterprises. The company holds a strong market position in Europe, supported by its parent company Unifiedpost Group, and offers key services such as e-invoicing, compliance management, and integration with existing business software. The platform is designed to reduce administrative overhead and accelerate financial workflows. Technically, the website leverages modern web technologies including React and Next.js, with content managed via Storyblok CMS and hosted through a combination of Webflow and cloud services. While the site is content-rich and well-structured with good SEO and accessibility practices, performance is somewhat slow, and the SSL/TLS configuration is currently invalid, which poses a significant security risk. Security posture is moderate; the site employs HSTS and DMARC policies but lacks a valid SSL certificate and modern TLS support, which are critical for secure communications. Privacy compliance is strong, with a comprehensive privacy policy and cookie consent mechanism in place. Business credibility is high, supported by clear contact information, leadership announcements, and investor relations presence. Overall, Banqup presents a professional and trustworthy digital presence with room for improvement in security infrastructure. Addressing SSL/TLS issues and enhancing security headers would significantly improve the security posture and user trust.

Ს

სს “საკრედიტო საინფორმაციო ბიურო კრედიტინფო საქართველო”

mycreditinfo.ge

0

Mycreditinfo.ge is a Georgian finance sector website operated by სს “საკრედიტო საინფორმაციო ბიურო კრედიტინფო საქართველო”, providing credit information services including free and premium credit reports, credit score monitoring, and educational content. The site targets individuals and legal entities in Georgia seeking to manage and improve their credit profiles. The business model includes both free access and paid premium services, positioning it as a key player in the local credit information market. Technically, the website is built on Angular 13 and integrates common analytics and marketing tools such as Google Analytics and Facebook Pixel. It is hosted on Microsoft Azure, indicating a modern cloud infrastructure. However, the site suffers from slow performance due to large page size and load times, which could impact user experience. From a security perspective, the site has significant weaknesses: it lacks a valid SSL certificate and does not support any TLS protocols, severely limiting secure communications. While HSTS is enabled, its benefits are negated by the missing SSL. The site implements SPF and DMARC for email security and has basic security headers, but lacks advanced features like OCSP stapling and session resumption. Privacy and cookie policies are present with a consent mechanism, but GDPR compliance is not clearly demonstrated. Overall, the site is functional and content-rich but requires urgent improvements in SSL/TLS configuration to ensure user data protection and trust. Performance optimization and enhanced privacy compliance would further strengthen its digital maturity and security posture.

A

AS CREDITINFO EESTI

e-krediidiinfo.ee

0

AS CREDITINFO EESTI operates the e-krediidiinfo.ee website, providing comprehensive credit and business information services primarily for Estonian, Lithuanian, and Finnish companies. The platform offers services such as credit risk assessments, monitoring, payment default management, and sanctions screening, targeting businesses seeking to evaluate their partners and clients. The website demonstrates a professional design with clear navigation and relevant content tailored to its target audience. However, the technical infrastructure shows room for improvement, particularly in security and performance aspects. The absence of a valid SSL certificate and HTTPS support is a critical vulnerability that undermines user trust and data security. The site employs modern web technologies and integrates multiple analytics and marketing tools with a compliant cookie consent mechanism, reflecting a moderate level of digital maturity.

L

Luminor Bank AS

luminor.ee

0

Luminor Bank AS operates as a leading financial institution in the Baltic region, offering a comprehensive suite of banking services including payments, loans, savings, investments, and private banking. The website targets both retail and business customers and positions itself as the third largest financial services provider in the Baltics. The digital presence is built on modern web technologies such as React and integrates tools like Google Tag Manager and LiveChat for enhanced user engagement. However, the website suffers from a critical security flaw due to the absence of a valid SSL certificate, exposing users to potential data interception risks. Privacy and cookie policies are well implemented and GDPR compliant, reflecting a strong commitment to user data protection. Overall, while the business credibility and content quality are high, the security posture requires urgent improvement to meet industry standards and protect customer data effectively.

U

Unifiedpost

rekini.lv

0

Rekini.lv operates as a Latvian digital invoicing and payment platform affiliated with Unifiedpost. It provides services for invoice receipt, payment, and invoice preparation via a partner platform Banqup. The website targets businesses and individuals in Latvia requiring invoicing solutions. Technically, the site uses a modern frontend stack including jQuery, Bootstrap, and multiple tracking and analytics services, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security. The security posture is weak due to missing HTTPS, absence of DMARC, DNSSEC, and domain protection locks. Privacy compliance is basic with a cookie consent modal and privacy policy present but no terms of service or incident response information. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

SEB Eesti operates as a major banking institution in Estonia, providing a broad spectrum of financial services including retail, corporate, and private banking. The website reflects a mature and professional digital presence with comprehensive content targeting private individuals and business clients. The technical infrastructure is based on Drupal CMS with modern frontend technologies, offering good mobile optimization and accessibility. However, the security posture is significantly weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability for a financial services website. Privacy compliance is well addressed with clear cookie and privacy policies, and the domain registration is consistent and trustworthy. Strategic improvements in SSL/TLS configuration and security headers are urgently recommended to protect user data and maintain trust.

A

AS Kredītinformācijas Birojs

kib.lv

0

AS Kredītinformācijas Birojs is a Latvian credit information bureau providing credit data and reporting services to individuals and businesses. The company is positioned as a trusted entity in the Latvian financial sector, supported by ISO 27001 certification and memberships in recognized organizations such as Creditinfo and the Latvian Chamber of Commerce (LTRK). Their services focus on promoting responsible lending and credit transparency. Technically, the website is built on WordPress with common libraries like jQuery and uses Cookiebot for GDPR-compliant cookie consent. The site is moderately performant and mobile-optimized, though page load times could be improved. Security posture is adequate with HTTPS and SPF/DMARC email protections, but lacks advanced SSL features like HSTS and OCSP stapling. Privacy policies and terms of service are clearly presented and GDPR compliant. Overall, the website reflects a professional and credible business with room for technical and security enhancements.

C

Creditinfo

creditinfo.is

0

Creditinfo is a leading Icelandic company specializing in the provision of financial and business information services, including credit scoring, business data, and media monitoring. The company targets both individuals and businesses in Iceland, offering subscription-based and service-oriented products to support informed decision-making. The website reflects a mature and professional business with a clear market position and a comprehensive range of services. Technically, the site is built on Webflow and integrates modern marketing and analytics tools such as Google Tag Manager, Cookiebot, and Weglot for multilingual support. However, the website suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy and cookie policies are well-presented and GDPR compliant, with active consent mechanisms. Overall, while the business credibility and content quality are strong, the security posture requires urgent improvement to protect user data and maintain trust.

Ს

სს საკრედიტო საინფორმაციო ბიურო კრედიტინფო საქართველო

creditinfo.ge

0

Creditinfo Georgia is a mature credit information bureau operating since 2006, providing a range of credit-related services including credit reports, scoring, monitoring, and business risk databases. The company targets individuals and legal entities in Georgia, leveraging its affiliation with the international Creditinfo Group to maintain a strong market position. The website is built on WordPress and uses common plugins and scripts to deliver content and interactive forms. While the site is professionally designed with good content relevance and navigation, it lacks a valid SSL certificate, which severely impacts its security posture. Contact information is clearly presented, and privacy policy exists, but cookie policy and terms of service are missing. Overall, the site demonstrates moderate trustworthiness but requires urgent security improvements.

A

AS Creditinfo Eesti

creditinfo.ee

0

AS Creditinfo Eesti operates Estonia's largest and most trusted business information database, offering comprehensive credit information, payment default registers, credit ratings, and business lists. As part of the international Creditinfo Group, it serves a broad audience including businesses and individuals seeking to manage credit risks and make informed financial decisions. The company is well-established with a domain age of 9 years and recognized certifications such as ISO 27001, underscoring its commitment to information security. Technically, the website is built on WordPress with modern JavaScript libraries like jQuery and Slick Carousel, integrated with analytics and marketing tools including Google Tag Manager, Hotjar, and Facebook Pixel. The site demonstrates good SEO and mobile optimization, though performance is moderate and could benefit from further optimization. The hosting and DNS infrastructure is stable but lacks advanced security features like DNSSEC and domain protection locks. Security posture reveals critical issues, notably the absence of a valid SSL certificate, which severely impacts user trust and data protection. While DMARC policies and some best practices are in place, the lack of HTTPS and HSTS headers exposes the site to potential risks. Privacy compliance is strong, with clear cookie consent mechanisms and GDPR adherence. Business credibility is high, supported by clear contact information, social media presence, and trust signals. Overall, the site is functional and professional but requires urgent remediation of SSL/TLS issues to ensure secure communications and maintain trust. Strategic improvements in DNS security and domain management would further enhance its security posture.

C

Creditinfo Group

creditinfosolutions.com

0

Creditinfo Group operates as a global leader in credit information and risk management solutions, providing software and credit bureau services across mature and emerging markets worldwide. The company focuses on facilitating access to finance through innovative software solutions tailored for financial institutions and lenders. Their market position is strong, supported by over 19 years of domain maturity and a presence in multiple countries, including a headquarters in the Czech Republic. The website content reflects a professional and consistent brand with clear business messaging and case studies highlighting their global impact. Technically, the website is built on WordPress and leverages common web technologies such as jQuery and Google Analytics for tracking. Hosting and CDN services are provided by Cloudflare, enhancing performance and security at the network edge. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate, serving content over unencrypted HTTP, which exposes users to potential interception risks. From a security perspective, while some security headers are present, the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including consent mechanisms aligned with GDPR requirements. Contact information is clearly provided, enhancing business credibility and user trust. Overall, the site is functional and professional but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include implementing HTTPS, enabling HSTS, and enhancing security headers to align with best practices.

SEB.lv is the official website of SEB bank in Latvia, a major financial institution offering comprehensive banking services to private individuals, businesses, and large enterprises. The website provides extensive information on daily banking, loans, investments, insurance, and private banking, supported by a professional and well-structured Drupal-based platform. Multilingual support and clear navigation enhance user experience. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. DNS configurations show good email security practices with SPF and DMARC policies in place. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting strong privacy awareness. Overall, the site demonstrates a mature digital presence but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

PricewaterhouseCoopers Italy operates a mature, well-branded professional services website targeting businesses seeking consulting, auditing, tax, and advisory services. The site demonstrates a strong market position consistent with PwC's global reputation, offering a wide range of services and localized content for the Italian market. Technically, the site uses modern frameworks such as AngularJS and Adobe Experience Manager, but suffers from slow load times and lacks a valid SSL certificate and modern security headers, which are critical for trust and compliance. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent improvements in security posture to meet industry standards.

ilMioDono is a donation platform operated by UniCredit S.p.A., focused on facilitating donations to non-profit organizations and social projects primarily in Italy. The platform showcases multiple projects and organizations, providing a community engagement space for donors and beneficiaries. The website is built on Adobe Experience Manager and hosted via Akamai, with moderate performance and good mobile and accessibility features. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. The site implements DMARC with a reject policy, enhancing email security. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, the business credibility is strong due to the UniCredit brand and mature domain age, but security improvements are urgently needed.

J

JSC Credit Information Bureau

manakreditvesture.lv

0

JSC Credit Information Bureau (KIB) operates the website manakreditvesture.lv, providing credit information and risk management services in Latvia. As part of the global Creditinfo Group and backed by major Latvian banks, it offers individuals and companies access to credit reports, credit scores, dispute management, and profile monitoring. The business model includes free and subscription-based services, targeting Latvian consumers and financial institutions. The website is built on a modern React and Gatsby stack, offering a good user experience and clear navigation, though performance is somewhat slow. Security posture is weak due to the absence of a valid SSL certificate and lack of security headers, which poses a significant risk. Privacy compliance is basic but present, with a privacy policy aligned with GDPR. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional but requires urgent security improvements to protect user data and build trust.

C

CREDITREFORM Rating SIA

crediweb.lv

0

CrediWeb.lv is a Latvian-based business information platform operated by CREDITREFORM Rating SIA, providing comprehensive credit and business reports for companies primarily in Latvia, Europe, and China. The platform targets businesses and registered users seeking detailed company and private person credit information, offering services such as company reports, family trees, monitoring, and foreign credit reports. The website demonstrates a professional design with consistent branding and clear navigation, supporting multiple languages and user authentication methods including bank link authentication. Technically, the site uses modern JavaScript libraries like jQuery, Flatpickr, Tippy.js, and Chart.js, and integrates Google Tag Manager for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts user security and trust. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. WHOIS data confirms the domain is actively maintained and consistent with the business's Latvian operations, though domain protection locks are not enabled. Overall, while the business model and content quality are strong, the security posture requires urgent improvement to protect users and enhance credibility.

T

Trustly, Inc.

paywithmybank.com

0

Trustly, Inc. is a leading Pay by Bank payment solution provider with a global Open Banking network spanning over 30 countries and 110 million consumers. Their platform offers guaranteed payments, risk management, and consumer insights, targeting businesses in financial services, gaming, retail, and subscription sectors. The website demonstrates strong market positioning with trusted partnerships and comprehensive product offerings. Technically, the site is built on modern frameworks like Webflow and HubSpot, integrating various marketing and analytics tools. However, performance is hindered by slow load times and a large page size. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, exposing the site to significant risks. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and credible but requires urgent security improvements to protect users and enhance trust.

T

Trustly, Inc.

trustly.one

0

Trustly, Inc. is a leading Pay by Bank payment service provider leveraging a proprietary Open Banking technology stack to deliver guaranteed payments, risk management, and consumer insights. The company targets businesses across financial services, gaming, retail, and subscription sectors, offering a global network with over 110 million consumers in 30+ countries. Their business model focuses on enabling faster, more secure, and cost-effective bank payments compared to traditional card payments. The website reflects a mature digital presence with excellent content quality and professional branding, supported by modern marketing and analytics tools such as HubSpot, Google Tag Manager, and Weglot for multilingual support. Technically, the site is built on Webflow CMS and hosted on Amazon AWS, utilizing various JavaScript libraries and integrations. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in a critical security deficiency. Accessibility and mobile optimization are good, and SEO practices are well implemented. The absence of HTTPS and security headers significantly impacts the site's security posture, exposing users to potential risks. From a security perspective, the lack of HTTPS and essential security headers, combined with no evidence of incident response or vulnerability disclosure policies, indicates a need for urgent improvements. Privacy and cookie policies are present and comprehensive, supporting GDPR compliance. The WHOIS data shows the domain is privacy-protected but consistent with the company's US presence and age, supporting legitimacy. Overall, while Trustly's business and website demonstrate strong market positioning and professional quality, the critical absence of SSL/TLS encryption and security best practices poses a significant risk. Immediate remediation of these issues is recommended to enhance user trust and secure sensitive transactions.

B

BKN301 S.p.A.

bkn301.sm

0

BKN301 S.p.A. is a fintech company based in San Marino, offering a range of digital payment services including payment accounts, POS solutions, credit and prepaid cards, and e-commerce payment acceptance. The company targets private individuals, businesses, and merchants, positioning itself as an innovative payment institute with international reach. The website is professionally designed using WordPress and Elementor, with good SEO and mobile optimization. However, the technical security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which poses risks to secure communications. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Contact information and company registration details are clearly presented, enhancing business credibility.

B

Banca Agricola Commerciale

baclife.sm

0

Banca Agricola Commerciale (BAC) is a well-established financial institution based in San Marino, providing a broad range of banking, investment, and insurance services to both private individuals and businesses. The website reflects a mature and professional presence with comprehensive business information, news updates, and customer resources. The company operates subsidiaries such as BAC Life S.p.A. and BAC Investments, indicating a diversified financial services group. The target audience is primarily local customers in San Marino, with services tailored to their needs including online and mobile banking solutions. Technically, the website is built on WordPress with modern plugins like Yoast SEO and Cookiebot for compliance and marketing. It integrates Google Tag Manager and Google Maps API, showing a moderate level of digital maturity. However, performance metrics are missing, and some technical debt is evident, especially in the SSL/TLS configuration. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability exposing users to potential data interception. While some security headers are present, the absence of HTTPS and DNSSEC reduces the overall security posture significantly. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is credible and professional but requires urgent improvements in SSL/TLS security to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing DNS and domain protections.

T

Team23 Srl

dcredit.it

0

DCredit is a specialized ERP software solution designed for credit recovery agencies, developed and operated by Team23 Srl, an Italian company. The platform offers a fully web-based system integrating CRM, AI-driven analytics, compliance automation, and invoicing modules to streamline business processes and improve productivity. The website presents a professional and consistent brand image targeting financial service providers in Italy. Technically, the site uses modern frontend technologies such as Bootstrap and Google Fonts, hosted behind Cloudflare DNS with a dedicated IP server. However, the absence of a valid SSL certificate and HTTPS implementation significantly undermines the security posture. The site lacks essential compliance documents such as privacy and cookie policies, which is a notable gap given GDPR requirements. Contact information is limited to email addresses without phone or physical address details, reducing direct communication channels. Overall, the website is functional and informative but requires urgent security and compliance improvements.

B

Banca Agricola Commerciale

bacinvestments.sm

0

Banca Agricola Commerciale (BAC) is a well-established financial institution based in San Marino, providing a broad range of banking and financial services to both private individuals and businesses. The website reflects a mature and professional organization with a strong local presence and a history dating back to 1920. The business model focuses on traditional banking services complemented by digital tools such as mobile apps and online account management. BAC maintains a consistent brand image and offers comprehensive information about its products, subsidiaries, and news updates. Technically, the website is built on WordPress with modern web technologies and includes SEO and accessibility features, although performance is moderate. Security posture is a significant concern due to the absence of a valid SSL certificate and HTTPS support, which exposes users to risks and undermines trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the domain registration data supports the legitimacy of the business, but technical security improvements are urgently needed.

M

M.M.Warburg & CO

warburg-bank.de

0

M.M.Warburg & CO operates a professional online banking platform targeting banking customers primarily in Germany. The website offers secure login mechanisms including electronic TAN authentication and provides clear customer support phone contacts. The technical infrastructure is based on AngularJS with custom JavaScript and CSS, delivering a good user experience and mobile optimization. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent critical security vulnerabilities that undermine trust and data protection. Security headers are well implemented, but the SSL/TLS configuration requires urgent remediation. Privacy compliance is strong with a clear cookie consent mechanism and a comprehensive privacy policy. Overall, the website is functional and professional but needs immediate security improvements to meet industry standards.

M

M.M.Warburg & CO Gruppe GmbH

mmwarburggruppe.com

0

The Warburg Gruppe website represents a well-established financial holding company specializing in private banking, asset management, and investment banking services. The group operates multiple subsidiaries, each with a clear market focus, serving high-net-worth individuals and institutional clients primarily in Germany. The website content is professionally presented, targeting a sophisticated audience with detailed information about the group and its subsidiaries. Technically, the site uses a Java-based CMS (OpenCms) and integrates modern marketing and analytics tools such as Usercentrics for consent management and Google Tag Manager. However, a critical security gap exists due to the absence of HTTPS/SSL, exposing users to potential risks. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent security improvements.

M

M.M.Warburg & CO (AG & Co.) KGaA

mmwarburg.com

0

M.M.Warburg & CO is a well-established independent private bank in Germany with a history dating back to 1798. The bank offers a broad range of financial services including private banking, asset management, corporate and investment banking, and institutional client services. The website targets private clients, business customers, and institutional investors, emphasizing personalized service and long-term client relationships. Technically, the website uses modern web technologies such as Apache server, UserCentrics consent management, Google Analytics, and Google Tag Manager, and is built on OpenCms. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism. The website is professionally designed with consistent branding and rich content, including reports and multimedia. Overall, the site reflects a reputable financial institution but urgently needs to address its SSL/TLS configuration to ensure secure communications.

O

One Srl

oneinfo.it

0

One Srl is an Italian credit management and debt recovery agency based in Treviso, operating nationally with over 35 years of experience. The company offers a range of services including contractual consultancy, courtesy calls, out-of-court and judicial debt recovery, and credit assignment solutions. The business is positioned as a trusted and certified player in the finance sector, leveraging IT solutions for client transparency and efficiency. Technically, the website uses a traditional LAMP stack with Apache and PHP 5.6, complemented by modern front-end libraries and Google marketing tools. However, the absence of HTTPS and use of outdated PHP versions represent significant security weaknesses. The company maintains comprehensive legal and privacy documentation, demonstrating good privacy compliance and business credibility. Overall, the website is professional and content-rich but requires urgent security upgrades to meet modern standards.

T

Traderlink Italia s.r.l.

traderlink.it

0

Traderlink Italia s.r.l. operates a mature and comprehensive financial information website focused on stock market quotes, news, analysis, and educational content primarily for the Italian and international financial markets. The platform targets investors, traders, and financial professionals, offering a wide range of services including market data, trading signals, video analysis, and portfolio management tools. The business model is based on providing valuable financial content supported by advertising and possibly subscription services. The company is well-established with a domain age of 28 years and clear legal presence in Italy. Technically, the website uses a modern tech stack including Bootstrap, jQuery, Vue.js, and integrates Google Tag Manager, Google Ads, and Matomo analytics. Hosting and DNS services are provided by Cloudflare, ensuring reliable performance, although the site suffers from slow load times and lacks a valid SSL certificate, which is a critical security flaw. The site is mobile-optimized and SEO-friendly with good navigation and content structure. From a security perspective, the site has SPF and DMARC records configured properly, indicating good email security practices. However, the absence of a valid SSL certificate and HTTPS support severely undermines the security posture, exposing users to risks such as data interception. Other security best practices like HSTS, OCSP stapling, and modern TLS protocols are missing. Privacy compliance is strong, with comprehensive GDPR-compliant privacy and cookie policies implemented via Iubenda, including consent mechanisms. Overall, the website is trustworthy and professional in its business presentation and content quality but requires urgent improvements in SSL/TLS security to protect user data and maintain credibility. Strategic recommendations include immediate installation of a valid SSL certificate, enabling HTTPS, and enhancing security headers and DNS security features.

B

B Consulting

bconsulting.org

0

B Consulting is a specialized financial operations consulting firm serving high-growth startups, offering services in finance, accounting, HR, and business management. The company positions itself as a trusted partner from early-stage funding rounds through IPO, focusing on operational excellence and investor readiness. The website is built on Squarespace and integrates HubSpot for analytics and marketing automation. While the site is professionally designed and content-rich, it suffers from critical security issues including an invalid SSL certificate and lack of security headers. Privacy and cookie policies are absent, which impacts compliance posture. Contact information is limited to an email and LinkedIn profile, with no phone or physical address provided. Overall, the business appears legitimate and mature, but security and privacy improvements are necessary to enhance trust and compliance.

BHW Bausparkasse AG is a well-established financial institution specializing in mortgage and loan services primarily for the Italian market. The company operates with a mature domain registered since 1999 and offers a range of services including credit management and administrative support, some of which are outsourced to reputable partners like Cerved Credit Management Group. The website provides clear contact information and legal references, supporting its credibility in the finance sector. Technically, the website employs legacy technologies such as jQuery and Modernizr and demonstrates moderate performance with good mobile optimization. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. The lack of security headers and cookie consent mechanisms further highlights compliance and security gaps. From a security perspective, while SPF and DMARC records are properly configured, the missing HTTPS and security headers expose users to potential risks. The domain's WHOIS data is consistent with the business claims, showing a low expiry risk and no privacy protection, which supports legitimacy. Overall, the site requires urgent security improvements to protect user data and comply with privacy regulations. Strategic recommendations include implementing HTTPS with a valid SSL certificate, enabling security headers and HSTS, introducing cookie consent mechanisms to comply with GDPR, and enhancing domain protection. These measures will improve trust, security, and compliance, aligning the website with industry best practices.

P

Pacific Investment Management Company LLC

pimco.com

0

PIMCO is a globally recognized investment management firm specializing in providing investment solutions to institutions, financial professionals, and individual investors. The website reflects a mature and enterprise-level business with a strong focus on sustainable investing and ETFs. The company operates under multiple regulatory jurisdictions, demonstrating a high level of compliance and trustworthiness. Technically, the website employs modern technologies such as Sitecore CMS, Coveo search, and marketing tools like Marketo and Google Tag Manager, indicating a mature digital infrastructure. However, a critical security issue is the invalid or missing SSL certificate and lack of modern TLS protocols, which significantly impacts the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. Overall, the website is professional, well-branded, and trustworthy but requires urgent remediation of SSL and TLS configurations to ensure secure user interactions.

P

Professional Provident Society Insurance Company

pps.co.za

0

PPS (Professional Provident Society Insurance Company) is a mature South African financial services provider specializing in insurance, investment, and healthcare solutions tailored for graduate professionals. The company operates on a mutuality model, allowing members to share in profits, and maintains a strong market position supported by professional associations and comprehensive service offerings. The website is built on Drupal 10 with modern frontend libraries and hosted behind Cloudflare, demonstrating a moderate level of digital maturity. However, the absence of a valid SSL/TLS certificate and lack of HTTPS significantly undermine the security posture. While security headers are partially implemented, critical vulnerabilities exist due to missing encryption and lack of advanced security features. Privacy compliance is basic, with no explicit cookie consent mechanism and limited GDPR indicators. Overall, the site presents professional content and good business credibility but requires urgent security improvements to protect user data and enhance trust.

C

CAD IT S.p.A.

caditgroup.com

0

CAD IT S.p.A. is an established Italian company specializing in software solutions for the banking, finance, public administration, and industrial sectors. Controlled by Cedacri S.p.A., a leading IT services provider for financial institutions in Italy, CAD IT holds a strong market position with a focus on financial instrument brokerage software and IT outsourcing services. The website reflects a professional business model targeting banks, financial institutions, and public entities, offering a broad portfolio of software products and services. The company is mature with over 24 years of domain registration and a large operational size.

N

NatWest Group

rbs.com

0

NatWest Group is a mature, UK-focused banking institution serving over 19 million customers across retail, commercial, and private banking sectors. The website reflects a strong commitment to sustainability, governance, and investor transparency, positioning the group as a trusted financial partner. The digital infrastructure is built on Adobe Experience Manager with integrations for cookie consent and Adobe Launch for analytics, indicating a modern and enterprise-grade platform. However, the website's security posture is significantly weakened by an invalid SSL certificate and lack of enabled TLS protocols, which poses a critical risk to user data and trust. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the site is professional and content-rich but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

M

M.M.Warburg & CO (AG & Co.) KGaA

bankhaus-plump.de

0

M.M.Warburg & CO is an established independent private bank in Germany, founded in 1798, offering a broad range of financial services including private banking, asset management, corporate finance, and institutional client services. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding consistency. Technically, the site uses Apache server, OpenCms CMS, and integrates modern marketing and analytics tools with user consent management. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. The security posture is weak due to lack of TLS protocols and incomplete security headers. Privacy compliance is well addressed through UserCentrics CMP and a comprehensive privacy policy. Overall, the site is credible and professional but requires urgent security improvements.