/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
/socialsamosa/media/member_avatars/uFf1SrIk167BQ4yXdoHx.png )
Follow UsGENEVA, SWITZERLAND: After a number of media revelations about the interception of private and confidential data, many large organizations, including Google and Yahoo, have recognized the importance of and adopted Always-on SSL encryption to assure the protection of traffic between their web servers and clients' devices.
While an SSL certificate on an e-commerce website does not have any direct impact on web application security, it is a very important security measure to confirm website identity and assure encryption of data transferred between web application and user browser. High-Tech Bridge believes that e-commerce websites, whether large or small, handling customer data should use a HTTPS version of their website by default.
Positive findings of the research:
* 0/100 websites have expired or untrusted SSL certificates.
* Only 1/100 of website certificates expire in less than one month.
* 99/100 of websites have 2048-bit or even stronger encryption certificate.
Negative findings of the research:
* 2/100 websites do not have SSL certificate at all, leaving their customers totally unprotected.
* An extremely low 2/100 websites protect users by automatically using a secure HTTPS version (SSL) by default.
* 7/100 websites are putting customer information at risk by failing to enforce the use of HTTPS for the most sensitive operations such as login, checkout and payment.
* 73/100 websites do not have a secure HTTPS version at all for some "non-critical" online activities of their customers, such as shopping cart management for example.
* Only 25/100 websites have SSL EV certificates.
* 33/100 websites display non-SSL content together with SSL content on their pages.
Marsel Nizamutdinov, chief research officer at High-Tech Bridge, comments on the findings: "Alarmingly, only 2 percent of leading global online retailers automatically ensure their customers use the secure HTTPS version of their website when making orders or adding goods to their shopping carts. Also, 7 percent of websites are failing to enforce their customers to use HTTPS for the most sensitive operations such as login, checkout and payment, while 27 percent of websites don't even have an HTTPS version for "non-critical" sections of their website, such as shopping cart management or search for goods.
"Unfortunately these websites seriously underestimate the importance of encrypting user-transmitted data beyond logins and passwords, and this is a very dangerous approach to privacy management. In many cases, if such "non-critical" data is stolen by third-parties, it may not just harm the buyer, but the online store as well. Always-on SSL is a very useful security practice, HTTPS versions of websites are supported by all modern web browsers today (including mobile device browsers), and I don't see any reason, why only two of the 100 largest web retailers deploy this option."
Craig Spiezle, executive director and president of Online Trust Alliance (OTA), says: "All sites and mobile apps must recognize the importance of securing the data transmitted between users and their sites. Banking, social, government and e-commerce share this responsibility to implement these best practices to better protect consumers from harm. Always on SSL and HTTPs are effective measures to enhance the security and privacy of users. Failure to adopt unnecessarily puts users in harm's way."