The holiday season from November to December corresponds with the largest shopping season of the year. Starting on Black Friday—November 25, 2016—and gaining momentum on Cyber Monday—November 28—the biggest online shopping day in the U.S.—the opportunity for cyber crime will increase exponentially during the holiday season1.
More and more shoppers are expected to shop online versus visit stores, and online sales are predicted to come close to $95 billion this holiday season, making it the first time eCommerce is expected to surpass the 10% mark of total holiday sales2. Consumer credit card details, addresses, telephone numbers, logins, and passwords are all handed over during online transactions. “Buyer beware” is an understatement. Customers won’t shop at online retailers who aren’t protected.
Is your website protected?
Secure Sockets Layer (SSL) certificates are the first line of defense in thwarting cyber crime, and still one of the best defenses.
Statistics show that 75% of consumers won’t do business with a company that has been hacked3. A report on customer confidence revealed that 77% of internet users are concerned about their data being intercepted or misused online, and that 84% would abandon a purchase if data was sent over an unsecure connection. Over 50% of customers understand security indicators, and close to 30% are looking for that telltale green address bar4.
In 2014, Google® announced that it would incorporate HTTPS as a ranking signal, meaning that sites secured with SSL certificates would be prioritized in the search engine5. They recently announced that starting January 2017, users of its ChromeTM browser will be warned when accessing non-secure websites with a “not secure” label against all HTTP pages6. Websites reliant on HTTPS connections will suffer during this online shopping season if certificates expire7.
Keeping track of SSL certificates is a big challenge
SSLs are issued by numerous providers, and they’re easy and cheap to outsource. Our experience shows that responsibility for SSLs is often spread across global businesses, and a common hardship for companies is having disparate technology groups with no standards or processes for SSLs. We understand how difficult it can be for brands to keep track.
We recommend that clients consolidate their digital certificates for easy management and renewal in a platform that provides:
- One set of credentials secured by IP validation and two-factor authentication.
- One point of contact and one invoice for domains, DNS, and SSLs.
- Easy administration of renewals with reminders sent automatically to avoid expired certificates.
- Flexibility to choose from a range of certificates and certificate authorities, but all managed centrally.
- Weekly renewal reports that list expiring certificates, with easy renewing processes on the portal.
Some questions to ask to assess your preparedness
Online shopping is soon to be at its highest for year.
- Does your website show consumers that your online retail space is unsecure?
- Do you have a complete inventory of your SSL certificates?
- Who are the staff responsible for managing your SSLs, and will they be on holiday during this period?
- Will any certificate be expiring and are plans in place to replace them?
The bottom line is, get a thorough accounting of all your existing certificates, and cross-reference SSLs with live sites. Have a policy and process to ensure that all certificates are managed correctly going forward, which includes auditing the contacts in the system for SSL renewals regularly. Request an SSL audit from your service provider today.
>> Learn more about CSC Digital Brand Services SSL management solutions.
1https://www.statista.com/topics/1103/holiday-season-e-commerce/
2http://fortune.com/2016/09/27/ecommerce-sites-holiday-season/
3http://www.scmagazineuk.com/75-of-uk-consumers-wont-do-biz-with-a-company-that-has-been-hacked/article/501677/
4http://downloads.globalsign.com/acton/attachment/2674/f-0360/1/-/-/-/-/increase-conversions-with-SSL.pdf
5https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
6http://money.cnn.com/2016/09/08/technology/google-chrome-flag-non-secure-sites/index.html
7http://www.pcworld.com/article/2906216/expired-google-certificate-temporarily-disrupts-gmail-service.html