When browsing the web, and especially an eCommerce website, would you rather the site be secure or non-secure? The answer is a pretty obvious one. The idea of anything being non-secure online today always brings fear of hacking or identity theft.
This is nothing new: Google has been encouraging all websites to become secure (ie. encrypted) for several years now. But as of July 2018, with the launch of Chrome 68, this is becoming even more noticeable.
The buzzword here is Hypertext Transport Protocol Secure, (HTTPS for short). Basically, it means that any information sent to and from your website is encrypted and can’t be viewed by anyone besides your website visitor and you.
In previous versions of Chrome, any website that deployed HTTPS-enabled encrypted connections displayed a green lock icon next to their URL, and the word “Secure”. Now with Chrome 68, Google has decided to reverse this.
With the launch of Chrome 68, Google now will display a ‘not secure’ warning next to the URL. Here is an example to show what it looks like:
The official Google warning for visitors to a non-HTTPS site is“Your connection to this site is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.”
This can be a huge trust destroyer for visitors to any site, and especially eCommerce websites with payment functionality.
Why HTTPS is important
Google’s Search Console gives some very compelling reasons to switch to HTTPS. Data that is sent using HTTPS is secured via Transport Layer Security protocol (TLS), which, according to Google, provides three key layers of protection:
1) Encryption. Encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can ‘listen’ to their conversations, track their activities across multiple pages or steal their information.
2) Data integrity. Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
3) Authentication. Proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
Non-HTTPS can lower your Google ranking
Having the words “Not Secure” in the URL bar next to your website is not only bad for your visitor’s trust, it is also bad for SEO.
Way back in 2014, Google announced that HTTPS is a ranking signal. Dr Peter J Meyers writing for Moz in 2017, also noticed that approximately 50% of sites on Page 1 of Google were HTTPS encrypted.
In a sense, this is Google’s way of incentivizing good security practices, but more than just rewarding the good, with Chrome 68 they also punish the sites that aren’t taking the time to add HTTPS encryption.
These reasons should be compelling for any eCommerce website owner to look at adding HTTPS to their site. Fortunately, the process is not a difficult one and can take as little as a few hours.
As the web continues to evolve, so too must the business strategies that help both our customers have a better experience and help us to succeed.