High-Tech Bridge believes that leading retailers are not doing enough to protect buyers from identity theft and phishing attacks.
The statement is a result of research by the information security services company into the Top 100 global e-commerce websites, which revealed that 98% of the websites failed to automatically protect users by directing them to the highly secure HTTPS version of their sites. Among other key findings, only 27% of websites have a secure HTTPS version for all customer facing pages, leaving critical details such as passwords and billing information openly available to identity thieves.
Positive findings of the research:
– 0/100 websites have expired or untrusted SSL certificates.
– Only 1/100 of website certificates expire in less than one month.
– 99/100 of websites have 2048-bit or even stronger encryption certificate.
Negative findings of the research:
– 2/100 websites do not have SSL certificate at all, leaving their customers totally unprotected.
– An extremely low 2/100 websites protect users by automatically using a secure HTTPS version (SSL) by default.
– 7/100 websites are putting customer information at risk by failing to enforce the use of HTTPS for the most sensitive operations such as login, checkout and payment.
– 73/100 websites do not have a secure HTTPS version at all for some “non-critical” online activities of their customers, such as shopping cart management for example.
– Only 25/100 websites have SSL EV certificates.
– 33/100 websites display non-SSL content together with SSL content on their pages.
Please visit High-Tech Bridge to find the full article.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
