Top 100 e-Commerce websites leave customers vulnerable to phishing

E-commerce

by CBR Staff Writer| 05 December 2013

Only 2% of them automatically ensure their consumers use the secure HTTPS version of their website when making purchases.

About 98% of the Top 100 e-Commerce websites leave shoppers vulnerable to cyber hacking attacks, a new report has revealed.

High-Tech Bridge's research into the implementation of SSL certificates uncovered that only two of the top 100 e-commerce sites involuntarily protect consumers by directing them to extremely safe HTTPS versions that implement always-on SSL.

High-Tech Bridge chief research officer Marsel Nizamutdinov said that only 2% of leading global online retailers automatically ensure their customers use the secure HTTPS version of their website when making orders or adding goods to their shopping carts.

"Also, 7% of websites are failing to enforce their customers to use HTTPS for the most sensitive operations such as login, checkout and payment, while 27% of websites don't even have an HTTPS version for "non-critical" sections of their website, such as shopping cart management or search for goods," Nizamutdinov said.

Only a quarter of websites possess SSL extended validation (EV) certificates, with a third of them displaying non-SSL content along with SSL content on their pages.

"Unfortunately these websites seriously underestimate the importance of encrypting user-transmitted data beyond logins and passwords, and this is a very dangerous approach to privacy management," Nizamutdinov added.

"In many cases, if such "non-critical" data is stolen by third-parties, it may not just harm the buyer, but the online store as well.

"Always-on SSL is a very useful security practice, HTTPS versions of websites are supported by all modern web browsers today (including mobile device browsers), and I don't see any reason, why only two of the 100 largest web retailers deploy this option."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.