New Google security warnings to impact e-commerce sites

Internet Retailing

11th Sep 2017

Google’s new security warnings could cause online retailers to start losing sales from October 2017, according to Jim Stewart, CEO of digital marketing agency StewArt Media.

The search engine giant has announced that Chrome will display ‘Not Secure’ warnings on all HTTP pages featuring text input fields, such as login pages, as part of their long-term plan to improve cyber security.

Many Australian businesses, including e-commerce sites, will be affected by the change, and Stewart has urged online retailers to act now to avoid a drop in conversions.

“If you have a site that is transacting in any way and customers start seeing ‘Not Secure,’ not only in your browser but in your forms, they are not going to hang about, they are going to run a million miles. That’s going to drop your conversions through the floor,” he said.

“Many major Australian retailers such as David Jones, Harvey Norman, and Vodafone; publishers like Sydney Morning Herald, Fairfax, Herald Sun; and government bodies such as the High Court of Australia and the Defence Department have been affected. They are all insecure, and they’re all going to get hit by this update.”

To avoid having ‘Not Secure’ warnings appear on their site, retailers must migrate all pages that collect data from users from HTTP to HTTPS. However, this can be a challenging process, especially for large websites.

“If you have a massive site, this is going to be a huge undertaking for your organisation. It’s quite complex, there’s a lot to do, and there are little things that can trip you up along the way,” Stewart said.

Here, he shares his tips for migrating sites to HTTPS:

• Don’t do it for the ranking boost. In 2014 Google promised a ranking boost to all websites updating to HTTPS. However, the boost is marginal.
• Be ready for your site to slow. Using HTTPS slows down your website somewhat, (about 100 to 200 milliseconds.) This is due to the time it takes to look up the certificate.
• Redirect everything. Make sure all the HTTP individual pages are redirected to their equivalent on the HTTPS site and all your other assets, (JavaScript, CSS and images,) are also at HTTPS. Don’t forget your 404 pages.
• Check, and check again. Do a crawl after you’ve gone live with HTTPS to make sure you don’t have any HTTP URL’s left in the site and make sure that HTTP does actually redirect.
• Be prepared for a lot of turmoil. Changing all URLs is going to take a lot of time and small mistakes can stall your online business.
• Don’t duplicate your site. Some hosting companies just switch HTTPS on, while leaving the HTTP as is. This duplicates your site, which will confuse your customers.