High-Tech Bridge believes that leading retailers are not doing enough to protect buyers from identity theft and phishing attacks.

The statement is a result of research by the information security services company into the Top 100 global e-commerce websites, which revealed that 98% of the websites failed to automatically protect users by directing them to the highly secure HTTPS version of their sites. Among other key findings, only 27% of websites have a secure HTTPS version for all customer facing pages, leaving critical details such as passwords and billing information openly available to identity thieves.

Positive findings of the research:

– 0/100 websites have expired or untrusted SSL certificates.

– Only 1/100 of website certificates expire in less than one month.

– 99/100 of websites have 2048-bit or even stronger encryption certificate.

Negative findings of the research:

– 2/100 websites do not have SSL certificate at all, leaving their customers totally unprotected.

– An extremely low 2/100 websites protect users by automatically using a secure HTTPS version (SSL) by default.

– 7/100 websites are putting customer information at risk by failing to enforce the use of HTTPS for the most sensitive operations such as login, checkout and payment.

– 73/100 websites do not have a secure HTTPS version at all for some “non-critical” online activities of their customers, such as shopping cart management for example.

– Only 25/100 websites have SSL EV certificates.

– 33/100 websites display non-SSL content together with SSL content on their pages.

Please visit High-Tech Bridge to find the full article.

Subscribe
Notify of
guest

0 Expert Comments
Inline Feedbacks
View all comments
Information Security Buzz
0
Would love your thoughts, please comment.x
()
x