About 98% of the Top 100 e-Commerce websites leave shoppers vulnerable to cyber hacking attacks, a new report has revealed.
High-Tech Bridge's research into the implementation of SSL certificates uncovered that only two of the top 100 e-commerce sites involuntarily protect consumers by directing them to extremely safe HTTPS versions that implement always-on SSL.
High-Tech Bridge chief research officer Marsel Nizamutdinov said that only 2% of leading global online retailers automatically ensure their customers use the secure HTTPS version of their website when making orders or adding goods to their shopping carts.
"Also, 7% of websites are failing to enforce their customers to use HTTPS for the most sensitive operations such as login, checkout and payment, while 27% of websites don't even have an HTTPS version for "non-critical" sections of their website, such as shopping cart management or search for goods," Nizamutdinov said.
Only a quarter of websites possess SSL extended validation (EV) certificates, with a third of them displaying non-SSL content along with SSL content on their pages.
"Unfortunately these websites seriously underestimate the importance of encrypting user-transmitted data beyond logins and passwords, and this is a very dangerous approach to privacy management," Nizamutdinov added.
"In many cases, if such "non-critical" data is stolen by third-parties, it may not just harm the buyer, but the online store as well.
"Always-on SSL is a very useful security practice, HTTPS versions of websites are supported by all modern web browsers today (including mobile device browsers), and I don't see any reason, why only two of the 100 largest web retailers deploy this option."
Established in 1957, BCS, The Chartered Institute for IT, promotes wider social and economic progress through the advancement of information...