About 98% of the Top 100 e-Commerce websites leave shoppers vulnerable to cyber hacking attacks, a new report has revealed.
High-Tech Bridge's research into the implementation of SSL certificates uncovered that only two of the top 100 e-commerce sites involuntarily protect consumers by directing them to extremely safe HTTPS versions that implement always-on SSL.
High-Tech Bridge chief research officer Marsel Nizamutdinov said that only 2% of leading global online retailers automatically ensure their customers use the secure HTTPS version of their website when making orders or adding goods to their shopping carts.
"Also, 7% of websites are failing to enforce their customers to use HTTPS for the most sensitive operations such as login, checkout and payment, while 27% of websites don't even have an HTTPS version for "non-critical" sections of their website, such as shopping cart management or search for goods," Nizamutdinov said.
Only a quarter of websites possess SSL extended validation (EV) certificates, with a third of them displaying non-SSL content along with SSL content on their pages.
"Unfortunately these websites seriously underestimate the importance of encrypting user-transmitted data beyond logins and passwords, and this is a very dangerous approach to privacy management," Nizamutdinov added.
"In many cases, if such "non-critical" data is stolen by third-parties, it may not just harm the buyer, but the online store as well.
"Always-on SSL is a very useful security practice, HTTPS versions of websites are supported by all modern web browsers today (including mobile device browsers), and I don't see any reason, why only two of the 100 largest web retailers deploy this option."