Rss Feed
Tweeter button
Facebook button
Technorati button
Reddit button
Myspace button
Linkedin button
Webonews button
Delicious button
Digg button
Flickr button
Stumbleupon button
Newsvine button

List of ecommerce platforms that are not secure by default

By , December 15, 2017 3:33 pm

This is one of several posts of the topic of security of websites. Inspired by my initial post on the security of UK banks.

The reason for splitting this data into multiple posts is to make it more manageable. So that data on one institution is not mixed with data on another type of institution.

The following key is used for the secure status:

Yes The site is secure, loaded via https
Dual The site can be loaded via http, or via https.
Invalid The site loads via https, but the security certificate is invalid and thus the site is insecure.
Partial The site loads via https, but loads some parts of the page without https. The site is insecure.
No The site is loaded via http, not via https.
Fixed The site is loaded via https, but at the time of first writing it was loaded via http.
?? We could not find a website to evaluate.

We tested 63 ecommerce companies. We found 9 ecommerce companies that did not have a secure home page (not https or did have https with
an invalid security certificate). That is 14% of ecommerce companies have security vulnerabilities.

Ecommerce company Secure Home Page
2C2P Yes https://www.2c2p.com/
Adyen Yes https://www.adyen.com/
Alipay Yes https://intl.alipay.com/
Amazon Pay Yes https://pay.amazon.com/uk
Apple Pay Yes https://www.apple.com/uk/apple-pay/
Atos Yes https://atos.net/en-gb/united-kingdom
Authorize.Net Yes https://www.authorize.net/
Bambora Yes https://www.bambora.com/sv/overview/#market-select
BitPay Yes https://bitpay.com/
BPAY Yes https://www.bpay.co.uk/
Braintree Yes https://www.braintreepayments.com/en-gb
CM Telecom Yes https://www.cm.com/
Creditcall Yes https://www.creditcall.com/
CyberSource Yes https://www.cybersource.com/en-EMEA/
DigiCash Yes https://www.digi.cash/
Digital River Yes https://www.digitalriver.com/
Dwolla Yes https://www.dwolla.com/
Elavon Yes https://www.elavon.co.uk/index.html
Euronet Worldwide No http://www.euronetworldwide.com/
eWAY Yes https://eway.io/uk
First Data Yes https://www.firstdata.com/en_gb/home.html
Flooz Yes https://www.flooz.me/
Fortumo Online Yes https://fortumo.com/
GoCardless Yes https://gocardless.com/
Heartland Payment Systems Yes https://www.heartlandpaymentsystems.com/about-us
Ingenico Yes https://www.ingenico.com/
Klarna Yes https://www.klarna.com/uk/
ModusLink Yes https://www.moduslink.com/
MPay No http://www.mpay.al/en
Neteller Yes https://www.neteller.com/en/
Nochex Yes https://www.nochex.com/gb/
OFX Yes https://www.ofx.com/en-gb/
PagSeguro Yes https://pagseguro.uol.com.br/
PayPal Yes https://www.paypal.com/uk/home
Payoneer Yes https://www.payoneer.com/main/
Paymentwall Yes https://www.paymentwall.com/en/
PayPoint Yes https://www.paypoint.com/en-gb/consumers/store-locator
Paysbuy Yes https://www.paysbuy.com/
Paysafe Group Yes https://www.paysafe.com/
PayStand No http://www.paystand.com/
Payzone Yes https://www.payzone.co.uk/
Qiwi Yes https://qiwi.com/
Realex Payments Yes https://www.realexpayments.com/uk/
Red Dot Payment No http://reddotpayment.com/
Sage Group Yes https://www.sage.com/en-gb/
Skrill Yes https://www.skrill.com/en/
Stripe Yes https://stripe.com/gb
Square Yes https://squareup.com/gb
SWREG Dual http://faq.swreg.org/
Tencent Yes https://www.tencent.com/en-us/
TIMWE No http://www.timwe.com/
TransferWise Yes https://transferwise.com/
True Money No http://www.truemoney.com/
Trustly Online Yes https://trustly.com/en/
Verifone No http://www.verifone.co.uk/
WebMoney Yes https://www.wmtransfer.com/
WeChat Pay Yes https://pay.weixin.qq.com/index.php/public/wechatpay
WePay Yes https://go.wepay.com/
Wirecard Yes https://www.wirecard.com/
Worldpay No http://www.worldpay.com
Xendpay Yes https://www.xendpay.com/
Xsolla Yes https://www.xsolla.com/
Yandex.Money Yes https://money.yandex.ru/

Commentary

I was surprised to see that WorldWay is not secure by default.

I was also surprised to see that SWREG, the oldest of all the ecommerce companies in the world, is also not secure by default. Longevity has no bearings on the operating standards of a business. Interestingly the company that now owns SWREG, Digital River is secure by default.

Disclaimer

I shouldn’t need to point this out, but i will, all the same, just to be clear.

The data provided on this page should taken at face value. If you’re not sure about something, please verify it yourself. Nothing reported here should be regarded as a criticism or an endorsement or recommendation of an organisations security effectiveness. I am simply passing comment on whether the home page (whatever that may be) is provided as https on not. Other security concerns are a separate matter.

If your organisation is listed here and is not marked as secure, your best course of action is to fix that, not to complain that someone is reporting a fact anyone with a web browser can discover. The security status of your home page is public information, albeit information that many people don’t understand.

Leave a Reply

Panorama Theme by Themocracy