It’s Time to Use HTTPS to Protect Your eCommerce Site

What’s an eCommerce site’s biggest nightmare?

Among all the bad things that could happen to your eCommerce, security issue can be the worst of the worsts. Customers typed in personal infos and payment details with trust, but hacking can make all those valuable data go away, along with your brand reputation.

You need to ensure your eCommerce safety before anything else. To begin with, implementing your site with HTTPS can be a solid first step.

 

HTTPS = HTTP + Secure

By definition, HTTPS stands for “hyper text transfer protocol secure”. Comparing to HTTP (hypertext transfer protocol), HTTPS is more secure, since it is an encrypted HTTP connection. Your browser will tell the site is HTTPS by displaying a lock.

https-example

If your site is still HTTP, here is a bad news delivered by browsers: Starting this January, new Chrome 56 began warning users that all HTTP pages are not secure.

e China Commerce security HTTPS

 

How will HTTPs protect my website?

Adopting HTTPS is great news for your clients’ data security and privacy: whether your customer is filling in shipping address or typing in credit card number, the communication will be encrypted from end to end.

Using old, unencrypted HTTP means that everything sent between you and that web server is in plain text and can be read by anyone; HTTPS has changed this situation and will protect data when they are transmitted.

Moreover, the identity of the website will be certified. Your customer will know that they are directly viewing the website, without any 3rd party being able to modify the content. This is extremely important in China market, because many Chinese-based ISPs (Internet Service Providers) are altering network packets to insert advertising and even malware!

To be more specific: China Telecom and China Unicom, two of China’s biggest ISPs set up proxy servers that will lead clients in advertisement links and malware. When users access a domain that is under these two Chinese ISPs, the initial traffic will be redirected to malicious sites serving adversities and malware. The easiest way to combat this practice is to support HTTPS for their services.

China eCommerce security HTTPS

 

Other benefits?

1. To protect your brand image.
Popular website browsers (Google Chrome, Mozilla Firefox, Apple Safari, etc.) are all planning to label HTTP pages as non-secure. Visiting a website with a warning sign is the last thing you want.

Also, as mentioned, your HTTP site can get redirected to other 3rd party sites serving ads and malware in China. These little things will definitely harm your brand image, so enabling your China eCommerce site with HTTPS is the simplest way to defend.

 

2. It’s faster.

http1-vs-http2
Some people claimed that HTTPS is slower than HTTP, but this has proved to be false and outdated. From our recent experience, all we saw is speed improvement.

This is because: HTTPS websites are running over HTTP/2, the successor protocol to HTTP/1.1. HTTP/2 brought considerable performance advantages, faster speed included. Since the old HTTP site is not supported by HTTP/2 protocol, migrating to HTTPS is the way to go.

 

Is HTTPS for login/payment page enough already?

A commonly held view is for eCommerce site, using HTTPS for login/purchase would be enough, since HTTPS will protect the user’s password/payment info during login/purchase, but HTTPS is not needed after that.

pphlm_faq_02_logging_pph

However, this assumption is wrong. User information security is so much broader than just passwords and credit card numbers: the rest of the site still contains a lot of valuable information that need to be protected. For example, hackers can easily replace software downloads with malware, which put your visitors and your site’s credit at risk. HTTPS can verify that the content you’re downloading is coming from the people you expect it to be coming from, and that’s something that a regular HTTP connection can’t do.

In addition, implanting HTTPS for only a few pages can actually be more complex than setting up whole-site HTTPS, resulting in higher development costs than the more secure solution. It only makes more sense just to encrypt the entire site, and protect the user entirely.

 

Keep in mind: HTTPs isn’t everything

Surely that HTTPS is great news for data security and privacy, but it cannot guarantee “total security” for your eCommerce.

The logic behind: HTTPS only protects data as it travels to its destination. But once your data arrives to destination, HTTPS cannot guarantees where it goes. Lots of unsafe things can still happen: data may be stored in an unencrypted manner; there may be unauthorized access to hack the data; vulnerable web server can get hacked, etc.

To sum up: Upgrading to HTTPS is important, but it’s just one part of a bigger picture of security. There are still many unrelated things that can go wrong, so HTTPS is not the cure for everything.

 

TMO Group will secure your eCommerce

Screen Shot 2017-04-07 at 上午11.55.34

Unfortunately, the importance of HTTPS in China is still underestimated. By the end of February 2017,only 10% of the total China registered websites are using HTTPS. It would be so unfortunate if you could do something to keep the danger away – but you did not.

It has been TMO’s policy since 2016 that all new client websites must fully support HTTPS to protect the users as best we can. It’s no secret that eCommerce sites contains a lot of sensitive information and it needs to be extra protected, and our mission is to help your eCommerce grow while keep your site safe.

Leave a Reply

*