View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Networks
December 5, 2013

Top 100 e-Commerce websites leave customers vulnerable to phishing

Only 2% of them automatically ensure their consumers use the secure HTTPS version of their website when making purchases.

By CBR Staff Writer

About 98% of the Top 100 e-Commerce websites leave shoppers vulnerable to cyber hacking attacks, a new report has revealed.

High-Tech Bridge’s research into the implementation of SSL certificates uncovered that only two of the top 100 e-commerce sites involuntarily protect consumers by directing them to extremely safe HTTPS versions that implement always-on SSL.

High-Tech Bridge chief research officer Marsel Nizamutdinov said that only 2% of leading global online retailers automatically ensure their customers use the secure HTTPS version of their website when making orders or adding goods to their shopping carts.

"Also, 7% of websites are failing to enforce their customers to use HTTPS for the most sensitive operations such as login, checkout and payment, while 27% of websites don’t even have an HTTPS version for "non-critical" sections of their website, such as shopping cart management or search for goods," Nizamutdinov said.

Only a quarter of websites possess SSL extended validation (EV) certificates, with a third of them displaying non-SSL content along with SSL content on their pages.

"Unfortunately these websites seriously underestimate the importance of encrypting user-transmitted data beyond logins and passwords, and this is a very dangerous approach to privacy management," Nizamutdinov added.

"In many cases, if such "non-critical" data is stolen by third-parties, it may not just harm the buyer, but the online store as well.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"Always-on SSL is a very useful security practice, HTTPS versions of websites are supported by all modern web browsers today (including mobile device browsers), and I don’t see any reason, why only two of the 100 largest web retailers deploy this option."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.