Do you need an all-in-one online payment solution?sign up
Web security should be one of the very highest priorities for any manager of an e-commerce business, and it is particularly important to ensure the security standards of Google’s Chrome browser are met. Why Chrome in particular? Because the browser boasts an increasingly dominant share of internet users.
According to web developer site w3schools.com, in 2015 Chrome’s market share grew from an already respectable 61.9 per cent to 68 per cent. As data losses and breaches continually make headlines, internet users are becoming more familiar with, and comforted by, the green padlock symbol in the address bar. If your site does not show the green padlock, customers will not be as confident to share their details and, as of recently, you’ll also notice your search engine ranking beginning to slip.
“It means three things,” says internet security expert, author and speaker Troy Hunt from troyhunt.com. “First of all it indicates confidentiality, meaning nobody is able to view the contents of the page when it is in transit.
“It also means integrity. Without it, how would you know that your sensitive information – when you send it back to the server – is actually going to go where it should go?
“Finally, it means authenticity. You can have confidence that the site’s content has actually been loaded from a legitimate site and is not from somewhere else. It is not somebody that has managed to hijack the domain or your own computer. These are the three most important messages you can get from the green padlock.”
Earning a green padlock, Hunt says, in most cases is fairly uncomplicated. It is a matter of going to a certificate authority (a CA) such as VeriSign, GeoTrust, Comodo or DigiCert and following their recommended steps to prove that you own the domain.
Once that is completed, usually in a commercial arrangement involving an annual renewal fee, the CA will issue a certificate that is then loaded into your website. Once it is properly configured, you can make an HTTPS request and your green padlock appears.
The process is becoming easier and more common; so much so that Google has announced it will use HTTPS as a ranking indicator, Hunt says.
“If you have HTTPS you’ll be bumped up the search rankings,” he says. “This makes sense because the search engine has a greater degree of confidence in the legitimacy of your site. That is a very interesting by-product of having a secure site.”
As businesses and customers become more knowledgeable about site security, e-commerce site managers should consider looking into the next step of security known as an EV (extended validation) certificate, Hunt recommends.
“EVs are particularly used by financial institutions but also often in e-commerce scenarios,” he says. “When a site has an EV instead of just a green padlock in Chrome, you see a big green bar containing the name of the organisation. This gives consumers increased confidence around who they are actually talking to.”
The validation process, which often includes checking a business’s contact details, costs a little more each year but means a great deal more to consumers.
Services such as CA and EV certifications are becoming increasingly affordable, usually a few hundred dollars annually. In fact, Hunt says, they’re well on their way to becoming free.
“This is primarily because we’re moving rapidly towards a web that is encrypted by default,” he says. “The rates of adoption of secured connections are going up very rapidly. This is a very positive development.”
Site security boosts consumer confidence, assists search engine ranking and helps to protect a business from the serious, brand-damaging and expensive ramifications of data loss, which is an increasingly common scenario, Hunt says.
“What you are protecting against is someone getting into the middle of your communications,” Hunt says. “The current surge towards site security is a bit of a rising-tide-lifting-all-boats scenario. But if you’re the e-commerce site that doesn’t bother taking security too seriously, don’t be surprised if you’re sunk.”
Looking for more industry insights? Sign up for SecurePay’s newsletter to get fresh content delivered straight to your inbox.