In recent years, a number of high-profile businesses have been subjected to attacks where large amounts of customer data have been stolen. Many web users also complain about the invasive and disruptive effect that pop-up ads and other unwanted content has on their browsing experience.
In this blog post, David Midgley, Head of Operations at payment gateway provider Total Processing, outlines why making the move to HTTPS protocol will help to eliminate these problems and also help to improve a website’s trustworthiness.
For the uninitiated, HTTPS is a way of securing all of the information sent between a website and a browser, and works by adding a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption layer to the basic HTTP protocol. This means the website and the browser still speak the same ‘language’ to each other, but all requests and responses are encrypted before being sent and are then decrypted before being presented to the person viewing the web page.
This means that there is less chance of the information being intercepted and exploited by unscrupulous parties. Ensuring this information is secure is very important, as more and more people now use online services to do their banking, buy their shopping, book holidays and make other transactions. Therefore, a lot of sensitive financial information and the sort of personal information that can be used to steal a person’s identity is being sent and received.
However, it is a mistake to think only businesses processing personal and financial details needs to protect the communications that take place between their sites and a user’s browser. All the information a site sends to a browser, whether it’s cookies, HTML code or scripts, can also be intercepted and tampered with.
Thus, HTTPS also helps to prevent other users from being able to intercept and tamper with this other information too. These users can range from wholly malicious parties seeking to install malware, ransomware and spyware or trick users into giving them sensitive information all the way to perfectly reputable companies seeking to insert their own adverts onto the webpage that is presented to the user.
While the latter is pretty harmless and there is no ill intention other than trying to sell a product or promote a service, inserting adverts into a user’s experience is an intrusive practice that can be very disconcerting. This, along with the more malicious practices, can mean users lose trust in sites where their experience has been interrupted by pop-up ads or fraudulent attempts to take their personal information. Ultimately, users want to know that their information is secure, and are also becoming increasingly concerned that their privacy is being invaded, and this includes the privacy of their browsing sessions.
Arguably, this also means it is harmful to the reputation of whoever runs the website if they have not secured their site with HTTPS, as users will lose trust in them as well as their website.
Furthermore, Google has also revealed that it gives a ranking boost to those who secure their website with HTTPS protocol. According to Moz, unless your site is listed in the top four of a search engine results page, it will have a click-through rate of less than 2%. Given that Google accounts for over 80% of all searches, you are essentially putting your site at a disadvantage straight away if you only use HTTP protocol. Even worse, you’ve also given up ground to competitors who are using HTTPS.
Therefore, it makes sense to secure your site using HTTPS – sensitive information is safe, but other information that can be used to track user, such as their browsing history, is also secured away from the prying eyes of unscrupulous people. Furthermore, using HTTPS protocol will also help to instil trust in your site too.
Finally, Google will also give you a boost in their rankings, effectively saying to its’ users ‘this is a relevant and trustworthy site’. This then should help you to gain more traffic received via search engines, which in turn should lead to increased sales, enquiries or whatever the measurement of success is for your site.
Of course, HTTPS won’t protect from every single threat though. It isn’t without its’ issues either, with some people arguing a site that uses HTTPS is slower than one that uses HTTP protocol. However, the effect is barely noticeable for most users. Some also point out that having to buy and renew SSL or TLS certificates is a further cost to running a website too. Again though, the reputational and security benefits far outweigh any financial cost in the long run.
For these and many more reasons, you need to move your website over to HTTPS protocol if you haven’t already.
Short bio: David Midgley is Head of Operations at Total Processing. Prior to this, he spent nine years working for HSBC from 2004 and also spent two and a half years at Axcess Merchant Services before taking up his current role at Total Processing in February 2016.