Starting in January 2017, Google Chrome will begin labeling HTTP (Hypertext Transfer Protocol) connections as insecure. The first phase involves applying a “Not Secure” label to pages that collect passwords or credit card information but are insecure. To avoid being labeled as insecure, Google recommends that websites migrate over to HTTPS (Hypertext Transport Protocol Secure).
“Beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure,” said Chrome Security Team member Emily Schechter. The first step in the plan is to display a “Not secure” label in the address bar.
Previously, Chrome displayed a green lock icon in the website address bar for sites that are secure, but Chrome did not specifically call out insecure websites. Insecure websites were badged with a neutral indicator, which didn’t truly reflect the lack of security for HTTP connections. HTTP websites pose a major security risk since they do not use any encryption methods, which leaves the possibility that other parties may intercept private data. This is exceptionally relevant for eCommerce websites where personal information and credit card data is constantly being transmitted.
In following releases of Chrome, HTTP warnings will be extended to all HTTP pages, including those viewed in incognito mode. The warning will also become more visible, moving from a simple text warning to a warning in red with a red triangle symbol currently used for broken HTTPS.
As the warnings become more forceful, shoppers on eCommerce sites will become increasingly concerned about the safety of their personal information. This could lead to increased customer service calls asking about the security of your website and, in the worst case scenario, lost sales due to lack to trust. The good news is that all of those negatives can easily be prevented by applying an SSL certificate to your entire website as soon as possible. Your customers will feel more at ease shopping on your website and, as a brand, you will be creating a stronger customer experience and preserving your business legitimacy. At a time when security breaches are at an all-time high, an HTTPS migration is critical for all eCommerce businesses.