High-Tech Bridge believes that leading retailers are not doing enough to protect buyers from identity theft and phishing attacks.
The statement is a result of research by the information security services company into the Top 100 global e-commerce websites, which revealed that 98% of the websites failed to automatically protect users by directing them to the highly secure HTTPS version of their sites. Among other key findings, only 27% of websites have a secure HTTPS version for all customer facing pages, leaving critical details such as passwords and billing information openly available to identity thieves.
Positive findings of the research:
– 0/100 websites have expired or untrusted SSL certificates.
– Only 1/100 of website certificates expire in less than one month.
– 99/100 of websites have 2048-bit or even stronger encryption certificate.
Negative findings of the research:
– 2/100 websites do not have SSL certificate at all, leaving their customers totally unprotected.
– An extremely low 2/100 websites protect users by automatically using a secure HTTPS version (SSL) by default.
– 7/100 websites are putting customer information at risk by failing to enforce the use of HTTPS for the most sensitive operations such as login, checkout and payment.
– 73/100 websites do not have a secure HTTPS version at all for some “non-critical” online activities of their customers, such as shopping cart management for example.
– Only 25/100 websites have SSL EV certificates.
– 33/100 websites display non-SSL content together with SSL content on their pages.
Please visit High-Tech Bridge to find the full article.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.