Another development in the on going saga of insecure websites; as of January 1st 2017, if your website asks for credit card details or transmits passwords and does not use a HTTPS connection, you will be flagged as 'insecure' to your customers by Google Chrome.
What does this mean for HTTP Websites?
Hopefully this will highlight the need for security considerations, building on SAQ requirements and encouraging more eCommerce websites to become secure. Giving customers an easy way of detecting the company's security standpoint may shift the view of companies considering becoming secure to needing to be secure, in order to maintain a good reputation.
As HTTPS alone does not provide certainty of security, further needs to be done by large organisations such as Google to prompt businesses to take action. Cyber Security shouldn't just be an 'ideal', or something that seems unobtainable by smaller companies.
I'm a very small online retailer - what can I do?
Other than being HTTPS certified, it's also important to factor in a comprehensive security solution. Luckily, this doesn't need to cost an extortionate amount.
Starting New Year's Day, Google will begin labeling as "insecure" all websites that transmit passwords or ask for credit card details. If you use the ad giant's Chrome browser, and a lot of people do, in its 56th build and onwards any website that does not use a security certificate will feature a red exclamation mark and the text "Not secure," also in red, at the start of the web address. Those that do use certificates and so have an HTTPS connection will continue to get a nice little green padlock icon.