Are you losing customers due to security concerns?
Non secure websites can deter customers
Payments by credit card have always been protected by encryption and most people know to steer clear of websites that do not indicate a secure payment page. Retailers for example could create websites to showcase their products and leave the security and encryption requirements to other companies. With a simple link on a web page you can open a window to a secure payment gateway such as SagePay or PayPal. The traditional customer journey looks something like this.
Only the payment page is secure with all the pages leading up to it as standard non encrypted content. The page before the payment page however may ask for personal information, such as name, address, telephone number, in fact everything about the customer other than the payment itself. With identity theft increasingly prevalent, these details should be secure too. People are waking up to this and many buyers will walk away from sites that ask for personal details without being secure. Some sites go so far as let you create an account with passwords on a non encrypted page. Anybody listening in to a transaction, can obtain the password as well as all the personal details. If that password has been on other sites (55% of people admitted using the same password more than once) they may be able to access additional sites with an assumed identity.
Google aims for a more secure web
Google wants the whole of the internet to be encrypted via HTTPS, not just the payment pages. This is because as part of implementing the encryption it ensures that the user really is connecting to the right web site and not an imposter one. This is a good thing. The rise of phishing and online scams necessitate a higher level of security for every transaction. The new customer journey looks like this.
The pressure to implement higher security is increasing, web browsers will increasingly highlight web pages that have not adopted secure encryption. This could deter your customers. From January 2017 Google’s Chrome Browser will show standard websites as unsecure, a red flag to potential customers.
Google’s move is laudable and securing an entire website is not as daunting (or expensive) a task as it may seem. The simplest level of authentication can be had at minimal cost both in money and implementation time. Sadly SagePay and similar payment protection schemes are no longer enough. If your site is not secure from the outset, speak to your web developers or hosting providers before you start to lose customers. For further assistance, speak to us.